Make identity duration the same as the SSH cert.

This commit is contained in:
Mariano Cano 2019-11-26 17:45:32 -08:00 committed by max furman
parent db1b7a7f8f
commit 3a16835cdd

View file

@ -6,6 +6,7 @@ import (
"encoding/base64"
"encoding/json"
"net/http"
"time"
"github.com/pkg/errors"
"github.com/smallstep/certificates/authority"
@ -306,8 +307,8 @@ func (h *caHandler) SSHSign(w http.ResponseWriter, r *http.Request) {
var identityCertificate []Certificate
if cr := body.IdentityCSR.CertificateRequest; cr != nil {
opts := provisioner.Options{
NotBefore: body.ValidAfter,
NotAfter: body.ValidBefore,
NotBefore: provisioner.NewTimeDuration(time.Unix(int64(cert.ValidAfter), 0)),
NotAfter: provisioner.NewTimeDuration(time.Unix(int64(cert.ValidBefore), 0)),
}
ctx := authority.NewContextWithSkipTokenReuse(context.Background())
ctx = provisioner.NewContextWithMethod(ctx, provisioner.SignMethod)