11package api
22
33import (
4+ "bytes"
45 "context"
56 "crypto"
67 "crypto/dsa" //nolint:staticcheck // support legacy algorithms
@@ -20,6 +21,8 @@ import (
2021
2122 "github.com/go-chi/chi"
2223 "github.com/pkg/errors"
24+ "go.step.sm/crypto/sshutil"
25+ "golang.org/x/crypto/ssh"
2326
2427 "github.com/smallstep/certificates/api/log"
2528 "github.com/smallstep/certificates/api/render"
@@ -469,7 +472,7 @@ func logOtt(w http.ResponseWriter, token string) {
469472 }
470473}
471474
472- // LogCertificate add certificate fields to the log message.
475+ // LogCertificate adds certificate fields to the log message.
473476func LogCertificate (w http.ResponseWriter , cert * x509.Certificate ) {
474477 if rl , ok := w .(logging.ResponseLogger ); ok {
475478 m := map [string ]interface {}{
@@ -501,6 +504,30 @@ func LogCertificate(w http.ResponseWriter, cert *x509.Certificate) {
501504 }
502505}
503506
507+ // LogSSHCertificate adds SSH certificate fields to the log message.
508+ func LogSSHCertificate (w http.ResponseWriter , cert * ssh.Certificate ) {
509+ if rl , ok := w .(logging.ResponseLogger ); ok {
510+ mak := bytes .TrimSpace (ssh .MarshalAuthorizedKey (cert ))
511+ certType := "user"
512+ if cert .CertType == ssh .HostCert {
513+ certType = "host"
514+ }
515+ m := map [string ]interface {}{
516+ "serial" : cert .Serial ,
517+ "principals" : cert .ValidPrincipals ,
518+ "valid-from" : time .Unix (int64 (cert .ValidAfter ), 0 ).Format (time .RFC3339 ),
519+ "valid-to" : time .Unix (int64 (cert .ValidBefore ), 0 ).Format (time .RFC3339 ),
520+ "certificate" : string (mak ),
521+ "certificate-type" : certType ,
522+ }
523+ fingerprint , err := sshutil .FormatFingerprint (mak , sshutil .DefaultFingerprint )
524+ if err == nil {
525+ m ["public-key" ] = fingerprint
526+ }
527+ rl .WithFields (m )
528+ }
529+ }
530+
504531// ParseCursor parses the cursor and limit from the request query params.
505532func ParseCursor (r * http.Request ) (cursor string , limit int , err error ) {
506533 q := r .URL .Query ()
0 commit comments