Add Certificate Authority UI to settings and peer pages

src/app/(dashboard)/peer/page.tsx

@@ -43,6 +43,7 @@ import {
   NetworkIcon,
   PencilIcon,
   RadioTowerIcon,
+  ShieldCheckIcon,
 } from "lucide-react";
 import Link from "next/link";
 import { useRouter, useSearchParams } from "next/navigation";
@@ -72,6 +73,7 @@ import ReverseProxiesProvider, {
   useReverseProxies,
 } from "@/contexts/ReverseProxiesProvider";
 import { ReverseProxyFlatTargetsTabContent } from "@/modules/reverse-proxy/targets/flat/ReverseProxyFlatTargetsTabContent";
+import { PeerCertificatesSection } from "@/modules/peer/PeerCertificatesSection";
 import { PeerSSHToggle } from "@/modules/peer/PeerSSHToggle";
 import { RDPButton } from "@/modules/remote-access/rdp/RDPButton";
 import { SSHButton } from "@/modules/remote-access/ssh/SSHButton";
@@ -374,6 +376,13 @@ const PeerOverviewTabs = () => {
             Remote Jobs
           </TabsTrigger>
         )}
+
+        {peer?.id && permission.certificate_authority?.read && (
+          <TabsTrigger value={"certificates"}>
+            <ShieldCheckIcon size={16} />
+            Certificates
+          </TabsTrigger>
+        )}
       </TabsList>
 
       <TabsContent value={"overview"} className={"pb-8"}>
@@ -411,6 +420,12 @@ const PeerOverviewTabs = () => {
           <PeerRemoteJobsSection peerID={peer.id} />
         </TabsContent>
       )}
+
+      {peer?.id && permission.certificate_authority?.read && (
+        <TabsContent value={"certificates"} className={"pb-8"}>
+          <PeerCertificatesSection peerId={peer.id} />
+        </TabsContent>
+      )}
     </Tabs>
   );
 };

src/app/(dashboard)/settings/page.tsx

@@ -9,6 +9,7 @@ import {
   LockIcon,
   MonitorSmartphoneIcon,
   NetworkIcon,
+  ShieldCheckIcon,
   ShieldIcon,
 } from "lucide-react";
 import { useSearchParams } from "next/navigation";
@@ -23,6 +24,7 @@ import DangerZoneTab from "@/modules/settings/DangerZoneTab";
 import IdentityProvidersTab from "@/modules/settings/IdentityProvidersTab";
 import NetworkSettingsTab from "@/modules/settings/NetworkSettingsTab";
 import PermissionsTab from "@/modules/settings/PermissionsTab";
+import CertificateAuthorityTab from "@/modules/settings/CertificateAuthorityTab";
 import GroupsSettings from "@/modules/settings/GroupsSettings";
 
 export default function NetBirdSettings() {
@@ -78,6 +80,12 @@ export default function NetBirdSettings() {
                 <MonitorSmartphoneIcon size={14} />
                 Clients
               </VerticalTabs.Trigger>
+              {permission.certificate_authority?.read && (
+                <VerticalTabs.Trigger value="certificate-authority">
+                  <ShieldCheckIcon size={14} />
+                  Certificate Authority
+                </VerticalTabs.Trigger>
+              )}
             </>
           )}
 
@@ -95,6 +103,9 @@ export default function NetBirdSettings() {
             {account && <GroupsSettings account={account} />}
             {account && <NetworkSettingsTab account={account} />}
             {account && <ClientSettingsTab account={account} />}
+            {account && permission.certificate_authority?.read && (
+              <CertificateAuthorityTab account={account} />
+            )}
             {account && <DangerZoneTab account={account} />}
           </div>
         </RestrictedAccess>

src/interfaces/Account.ts

@@ -12,6 +12,7 @@ export interface Account {
     peer_login_expiration_enabled: boolean;
     peer_expose_enabled?: boolean;
     peer_expose_groups?: string[];
+    cert_wildcard_allowed?: boolean;
     peer_login_expiration: number;
     peer_inactivity_expiration_enabled: boolean;
     peer_inactivity_expiration: number;

src/interfaces/CertificateAuthority.ts

@@ -0,0 +1,24 @@
+export interface CACertificate {
+  id: string;
+  fingerprint: string;
+  display_name?: string;
+  organization?: string;
+  is_active: boolean;
+  not_before: string;
+  not_after: string;
+  created_at: string;
+  certificate_pem?: string;
+}
+
+export interface IssuedCertificate {
+  id: string;
+  peer_id: string;
+  serial_number: string;
+  dns_names: string[];
+  has_wildcard: boolean;
+  signing_type: string;
+  not_before: string;
+  not_after: string;
+  created_at: string;
+  revoked: boolean;
+}

src/interfaces/Permission.ts

@@ -20,6 +20,7 @@ export interface Permissions {
     events: Permission;
 
     settings: Permission;
+    certificate_authority: Permission;
     accounts: Permission;
     billing: Permission;
     identity_providers: Permission;