From bca26e06f42b522fb8f678499c33fe7cd31a488c Mon Sep 17 00:00:00 2001
From: Nic Klaassen <nic@goteleport.com>
Date: Wed, 24 Jul 2024 08:09:25 -0700
Subject: [PATCH] add signature algorithm suite to ping response (#44567)

* add signature algorithm suite to ping response

* type fix

Co-authored-by: Tiago Silva <tiago.silva@goteleport.com>

---------

Co-authored-by: Tiago Silva <tiago.silva@goteleport.com>
---
 api/client/webclient/webclient.go    |  3 +++
 api/types/signaturealgorithmsuite.go |  4 ++--
 lib/web/apiserver.go                 |  1 +
 lib/web/apiserver_ping_test.go       | 11 +++++++++++
 4 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/api/client/webclient/webclient.go b/api/client/webclient/webclient.go
index 215b4c61d7d91..858ef4b347da3 100644
--- a/api/client/webclient/webclient.go
+++ b/api/client/webclient/webclient.go
@@ -420,6 +420,9 @@ type AuthenticationSettings struct {
 	// DefaultSessionTTL is the TTL requested for user certs if
 	// a TTL is not otherwise specified.
 	DefaultSessionTTL types.Duration `json:"default_session_ttl"`
+	// SignatureAlgorithmSuite is the configured signature algorithm suite for
+	// the cluster.
+	SignatureAlgorithmSuite types.SignatureAlgorithmSuite `json:"signature_algorithm_suite,omitempty"`
 }
 
 // LocalSettings holds settings for local authentication.
diff --git a/api/types/signaturealgorithmsuite.go b/api/types/signaturealgorithmsuite.go
index 10f2ef032b5e7..091e84b05aa81 100644
--- a/api/types/signaturealgorithmsuite.go
+++ b/api/types/signaturealgorithmsuite.go
@@ -22,8 +22,8 @@ import (
 
 // MarshalText marshals a SignatureAlgorithmSuite value to text. This gets used
 // by json.Marshal.
-func (s *SignatureAlgorithmSuite) MarshalText() ([]byte, error) {
-	switch *s {
+func (s SignatureAlgorithmSuite) MarshalText() ([]byte, error) {
+	switch s {
 	case SignatureAlgorithmSuite_SIGNATURE_ALGORITHM_SUITE_LEGACY:
 		return []byte("legacy"), nil
 	case SignatureAlgorithmSuite_SIGNATURE_ALGORITHM_SUITE_BALANCED_V1:
diff --git a/lib/web/apiserver.go b/lib/web/apiserver.go
index e25b0569ab9c4..5679d2dcc3201 100644
--- a/lib/web/apiserver.go
+++ b/lib/web/apiserver.go
@@ -1326,6 +1326,7 @@ func getAuthSettings(ctx context.Context, authClient authclient.ClientI) (webcli
 	}
 	as.LoadAllCAs = pingResp.LoadAllCAs
 	as.DefaultSessionTTL = authPreference.GetDefaultSessionTTL()
+	as.SignatureAlgorithmSuite = authPreference.GetSignatureAlgorithmSuite()
 
 	return as, nil
 }
diff --git a/lib/web/apiserver_ping_test.go b/lib/web/apiserver_ping_test.go
index e4c8d7a57c90f..ea9021f074390 100644
--- a/lib/web/apiserver_ping_test.go
+++ b/lib/web/apiserver_ping_test.go
@@ -75,6 +75,17 @@ func TestPing(t *testing.T) {
 				webCfg, _ := cap.GetWebauthn()
 				require.NotNil(t, resp.Auth.Webauthn)
 				assert.Equal(t, webCfg.RPID, resp.Auth.Webauthn.RPID)
+
+				assert.Equal(t, types.SignatureAlgorithmSuite_SIGNATURE_ALGORITHM_SUITE_UNSPECIFIED, resp.Auth.SignatureAlgorithmSuite)
+			},
+		},
+		{
+			name: "OK signature algorithm suite",
+			spec: &types.AuthPreferenceSpecV2{
+				SignatureAlgorithmSuite: types.SignatureAlgorithmSuite_SIGNATURE_ALGORITHM_SUITE_BALANCED_V1,
+			},
+			assertResp: func(cap types.AuthPreference, resp *webclient.PingResponse) {
+				assert.Equal(t, types.SignatureAlgorithmSuite_SIGNATURE_ALGORITHM_SUITE_BALANCED_V1, resp.Auth.SignatureAlgorithmSuite)
 			},
 		},
 		{