Move options to provisioner so we can set the duration of the cert.
This commit is contained in:
Mariano Cano
parent
aa8385b8ba
commit
a97ea87caa
6 changed files with 35 additions and 44 deletions
11
api/api.go
11
api/api.go
|
|
@ -18,7 +18,6 @@ import (
|
|||
|
||||
"github.com/go-chi/chi"
|
||||
"github.com/pkg/errors"
|
||||
"github.com/smallstep/certificates/authority"
|
||||
"github.com/smallstep/certificates/authority/provisioner"
|
||||
"github.com/smallstep/certificates/logging"
|
||||
"github.com/smallstep/cli/crypto/tlsutil"
|
||||
|
|
@ -29,7 +28,7 @@ type Authority interface {
|
|||
Authorize(ott string) ([]provisioner.SignOption, error)
|
||||
GetTLSOptions() *tlsutil.TLSOptions
|
||||
Root(shasum string) (*x509.Certificate, error)
|
||||
Sign(cr *x509.CertificateRequest, signOpts authority.SignOptions, extraOpts ...provisioner.SignOption) (*x509.Certificate, *x509.Certificate, error)
|
||||
Sign(cr *x509.CertificateRequest, opts provisioner.Options, signOpts ...provisioner.SignOption) (*x509.Certificate, *x509.Certificate, error)
|
||||
Renew(peer *x509.Certificate) (*x509.Certificate, *x509.Certificate, error)
|
||||
GetProvisioners(cursor string, limit int) (provisioner.List, string, error)
|
||||
GetEncryptedKey(kid string) (string, error)
|
||||
|
|
@ -166,7 +165,7 @@ type ProvisionersResponse struct {
|
|||
NextCursor string `json:"nextCursor"`
|
||||
}
|
||||
|
||||
// ProvisionerKeyResponse is the response object that returns the encryptoed key
|
||||
// ProvisionerKeyResponse is the response object that returns the encrypted key
|
||||
// of a provisioner.
|
||||
type ProvisionerKeyResponse struct {
|
||||
Key string `json:"key"`
|
||||
|
|
@ -267,18 +266,18 @@ func (h *caHandler) Sign(w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
signOpts := authority.SignOptions{
|
||||
opts := provisioner.Options{
|
||||
NotBefore: body.NotBefore,
|
||||
NotAfter: body.NotAfter,
|
||||
}
|
||||
|
||||
extraOpts, err := h.Authority.Authorize(body.OTT)
|
||||
signOpts, err := h.Authority.Authorize(body.OTT)
|
||||
if err != nil {
|
||||
WriteError(w, Unauthorized(err))
|
||||
return
|
||||
}
|
||||
|
||||
cert, root, err := h.Authority.Sign(body.CsrPEM.CertificateRequest, signOpts, extraOpts...)
|
||||
cert, root, err := h.Authority.Sign(body.CsrPEM.CertificateRequest, opts, signOpts...)
|
||||
if err != nil {
|
||||
WriteError(w, Forbidden(err))
|
||||
return
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue