metacrypt/web/templates/sshca.html

{{define "title"}} - SSH CA: {{.MountName}}{{end}}
{{define "content"}}
<div class="page-header">
    <h2>SSH CA: {{.MountName}}</h2>
    <div class="page-meta">
        <a href="/dashboard">&larr; Dashboard</a>
    </div>
</div>

{{if .Error}}<div class="error">{{.Error}}</div>{{end}}

<div class="card">
    <div class="card-title">CA Public Key</div>
    {{if .CAPublicKey}}
    <textarea rows="3" class="pem-input" readonly>{{.CAPublicKey}}</textarea>
    <p style="margin-top: 0.5rem; margin-bottom: 0;">
        <a href="/v1/sshca/{{.MountName}}/ca" download="ca.pub">Download CA Public Key</a>
    </p>
    {{else}}
    <p>CA public key not available.</p>
    {{end}}
</div>

<div class="card">
    <div class="card-title">Sign User Certificate</div>
    {{if .SignUserResult}}
    <div class="success">
        <p>User certificate signed. Serial: <code>{{.SignUserResult.Serial}}</code> &mdash; Expires: {{.SignUserResult.ExpiresAt}}</p>
        <div class="form-group">
            <label>Certificate</label>
            <textarea rows="6" class="pem-input" readonly>{{.SignUserResult.CertData}}</textarea>
        </div>
    </div>
    {{else}}
    <form method="post" action="/sshca/sign-user">
        {{csrfField}}
        <div class="form-row">
            <div class="form-group">
                <label for="sign_user_profile">Profile</label>
                <select id="sign_user_profile" name="profile">
                    <option value="">(default)</option>
                    {{range .Profiles}}<option value="{{.Name}}">{{.Name}}</option>{{end}}
                </select>
            </div>
            <div class="form-group">
                <label for="sign_user_ttl">TTL <small style="text-transform:none;letter-spacing:0;">(optional)</small></label>
                <input type="text" id="sign_user_ttl" name="ttl" placeholder="24h">
            </div>
        </div>
        <div class="form-group">
            <label for="sign_user_key">Public Key <small style="text-transform:none;letter-spacing:0;">(authorized_keys format)</small></label>
            <textarea id="sign_user_key" name="public_key" rows="3" class="pem-input" placeholder="ssh-ed25519 AAAA..." required></textarea>
        </div>
        <div class="form-group">
            <label for="sign_user_principals">Principals <small style="text-transform:none;letter-spacing:0;">(one per line, blank = your username)</small></label>
            <textarea id="sign_user_principals" name="principals" rows="2" placeholder="kyle"></textarea>
        </div>
        <div class="form-actions">
            <button type="submit">Sign User Certificate</button>
        </div>
    </form>
    {{end}}
</div>

<div class="card">
    <div class="card-title">Sign Host Certificate</div>
    {{if .SignHostResult}}
    <div class="success">
        <p>Host certificate signed. Serial: <code>{{.SignHostResult.Serial}}</code> &mdash; Expires: {{.SignHostResult.ExpiresAt}}</p>
        <div class="form-group">
            <label>Certificate</label>
            <textarea rows="6" class="pem-input" readonly>{{.SignHostResult.CertData}}</textarea>
        </div>
    </div>
    {{else}}
    <form method="post" action="/sshca/sign-host">
        {{csrfField}}
        <div class="form-row">
            <div class="form-group">
                <label for="sign_host_hostname">Hostname</label>
                <input type="text" id="sign_host_hostname" name="hostname" placeholder="server.example.com" required>
            </div>
            <div class="form-group">
                <label for="sign_host_ttl">TTL <small style="text-transform:none;letter-spacing:0;">(optional)</small></label>
                <input type="text" id="sign_host_ttl" name="ttl" placeholder="720h">
            </div>
        </div>
        <div class="form-group">
            <label for="sign_host_key">Public Key <small style="text-transform:none;letter-spacing:0;">(authorized_keys format)</small></label>
            <textarea id="sign_host_key" name="public_key" rows="3" class="pem-input" placeholder="ssh-ed25519 AAAA..." required></textarea>
        </div>
        <div class="form-actions">
            <button type="submit">Sign Host Certificate</button>
        </div>
    </form>
    {{end}}
</div>

<div class="card">
    <div class="card-title">Signing Profiles</div>
    {{if .Profiles}}
    <div class="table-wrapper">
        <table>
            <thead>
                <tr>
                    <th>Name</th>
                    <th>Actions</th>
                </tr>
            </thead>
            <tbody>
            {{range .Profiles}}
            <tr>
                <td><a href="/sshca/profile/{{.Name}}">{{.Name}}</a></td>
                <td><a href="/sshca/profile/{{.Name}}">View</a></td>
            </tr>
            {{end}}
            </tbody>
        </table>
    </div>
    {{else}}
    <p>No signing profiles configured.</p>
    {{end}}

    {{if .IsAdmin}}
    <details style="margin-top: 1rem;">
        <summary>Create Profile</summary>
        <form method="post" action="/sshca/profile/create">
            {{csrfField}}
            <div class="form-row">
                <div class="form-group">
                    <label for="profile_name">Name</label>
                    <input type="text" id="profile_name" name="name" placeholder="engineering" required>
                </div>
                <div class="form-group">
                    <label for="profile_max_ttl">Max TTL</label>
                    <input type="text" id="profile_max_ttl" name="max_ttl" placeholder="8760h">
                </div>
            </div>
            <div class="form-group">
                <label for="profile_principals">Allowed Principals <small style="text-transform:none;letter-spacing:0;">(one per line, blank = any)</small></label>
                <textarea id="profile_principals" name="allowed_principals" rows="2" placeholder="*"></textarea>
            </div>
            <div class="form-group">
                <label>Extensions</label>
                <div class="checkbox-group">
                    <label class="checkbox-label"><input type="checkbox" name="extensions" value="permit-pty" checked> permit-pty</label>
                    <label class="checkbox-label"><input type="checkbox" name="extensions" value="permit-agent-forwarding"> permit-agent-forwarding</label>
                    <label class="checkbox-label"><input type="checkbox" name="extensions" value="permit-port-forwarding"> permit-port-forwarding</label>
                    <label class="checkbox-label"><input type="checkbox" name="extensions" value="permit-X11-forwarding"> permit-X11-forwarding</label>
                    <label class="checkbox-label"><input type="checkbox" name="extensions" value="permit-user-rc"> permit-user-rc</label>
                </div>
            </div>
            <details>
                <summary>Critical Options</summary>
                <div class="form-row">
                    <div class="form-group">
                        <label for="profile_force_cmd">Force Command</label>
                        <input type="text" id="profile_force_cmd" name="force_command" placeholder="(none)">
                    </div>
                    <div class="form-group">
                        <label for="profile_source_addr">Source Address</label>
                        <input type="text" id="profile_source_addr" name="source_address" placeholder="(none)">
                    </div>
                </div>
            </details>
            <div class="form-actions">
                <button type="submit">Create Profile</button>
            </div>
        </form>
    </details>
    {{end}}
</div>

<div class="card">
    <div class="card-title">Certificates</div>
    {{if .Certs}}
    <div class="table-wrapper">
        <table>
            <thead>
                <tr>
                    <th>Serial</th>
                    <th>Type</th>
                    <th>Key ID</th>
                    <th>Principals</th>
                    <th>Issued By</th>
                    <th>Expires</th>
                    <th></th>
                </tr>
            </thead>
            <tbody>
            {{range .Certs}}
            <tr>
                <td><a href="/sshca/cert/{{.Serial}}"><code>{{.Serial}}</code></a></td>
                <td>{{.CertType}}</td>
                <td>{{.KeyID}}</td>
                <td>{{.Principals}}</td>
                <td>{{.IssuedBy}}</td>
                <td>{{.ExpiresAt}}</td>
                <td>{{if .Revoked}}<span class="badge badge-danger">revoked</span>{{end}}</td>
            </tr>
            {{end}}
            </tbody>
        </table>
    </div>
    {{else}}
    <p>No certificates issued.</p>
    {{end}}
</div>

{{if .IsAdmin}}
<div class="card">
    <div class="card-title">Key Revocation List</div>
    <p><a href="/v1/sshca/{{.MountName}}/krl" download="krl.bin">Download KRL</a></p>
</div>
{{end}}
{{end}}