From e0fee84694be3ef42972e7261c38f6c94cc1b405 Mon Sep 17 00:00:00 2001 From: Mariano Cano Date: Fri, 3 Dec 2021 15:24:42 -0800 Subject: [PATCH] Add comment about public key validator. --- authority/provisioner/sign_ssh_options.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/authority/provisioner/sign_ssh_options.go b/authority/provisioner/sign_ssh_options.go index 01634dad..a2ca78b1 100644 --- a/authority/provisioner/sign_ssh_options.go +++ b/authority/provisioner/sign_ssh_options.go @@ -414,6 +414,10 @@ func (v *sshCertDefaultValidator) Valid(cert *ssh.Certificate, o SignSSHOptions) type sshDefaultPublicKeyValidator struct{} // Valid checks that certificate request common name matches the one configured. +// +// TODO: this is the only validator that checks the key type. We should execute +// this before the signing. We should add a new validations interface or extend +// SSHCertOptionsValidator with the key. func (v sshDefaultPublicKeyValidator) Valid(cert *ssh.Certificate, o SignSSHOptions) error { if cert.Key == nil { return errs.BadRequest("ssh certificate key cannot be nil")