Make identity duration the same as the SSH cert.
This commit is contained in:
Mariano Cano
parent
02dd66e2a9
commit
bf3b557bad
1 changed files with 3 additions and 2 deletions
|
|
@ -6,6 +6,7 @@ import (
|
||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"time"
|
||||||
|
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
"github.com/smallstep/certificates/authority"
|
"github.com/smallstep/certificates/authority"
|
||||||
|
|
@ -306,8 +307,8 @@ func (h *caHandler) SSHSign(w http.ResponseWriter, r *http.Request) {
|
||||||
var identityCertificate []Certificate
|
var identityCertificate []Certificate
|
||||||
if cr := body.IdentityCSR.CertificateRequest; cr != nil {
|
if cr := body.IdentityCSR.CertificateRequest; cr != nil {
|
||||||
opts := provisioner.Options{
|
opts := provisioner.Options{
|
||||||
NotBefore: body.ValidAfter,
|
NotBefore: provisioner.NewTimeDuration(time.Unix(int64(cert.ValidAfter), 0)),
|
||||||
NotAfter: body.ValidBefore,
|
NotAfter: provisioner.NewTimeDuration(time.Unix(int64(cert.ValidBefore), 0)),
|
||||||
}
|
}
|
||||||
ctx := authority.NewContextWithSkipTokenReuse(context.Background())
|
ctx := authority.NewContextWithSkipTokenReuse(context.Background())
|
||||||
ctx = provisioner.NewContextWithMethod(ctx, provisioner.SignMethod)
|
ctx = provisioner.NewContextWithMethod(ctx, provisioner.SignMethod)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue