TrueCloudLab/certificates
17
0
Fork 2
Code Issues 1 Pull requests 1 Releases Activity Actions

Use x5cInsecure token for /ssh/check-host endpoint

Browse source
This commit is contained in:
max furman 2019-12-09 23:14:56 -08:00
parent 2676d525c4
commit 1e17ec7d33
6 changed files with 32 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

5
api/ssh.go
View file

@ -25,7 +25,7 @@ type SSHAuthority interface {
GetSSHRoots() (*authority.SSHKeys, error)
GetSSHFederation() (*authority.SSHKeys, error)
GetSSHConfig(typ string, data map[string]string) ([]templates.Output, error)
CheckSSHHost(principal string) (bool, error)
CheckSSHHost(ctx context.Context, principal string, token string) (bool, error)
GetSSHHosts(cert *x509.Certificate) ([]sshutil.Host, error)
GetSSHBastion(user string, hostname string) (*authority.Bastion, error)
}
@ -199,6 +199,7 @@ type SSHConfigResponse struct {
type SSHCheckPrincipalRequest struct {
Type string `json:"type"`
Principal string `json:"principal"`
Token string `json:"token,omitempty"`
}
// Validate checks the check principal request.
@ -431,7 +432,7 @@ func (h *caHandler) SSHCheckHost(w http.ResponseWriter, r *http.Request) {
return
}
exists, err := h.Authority.CheckSSHHost(body.Principal)
exists, err := h.Authority.CheckSSHHost(r.Context(), body.Principal, body.Token)
if err != nil {
WriteError(w, InternalServerError(err))
return