change sign + authorize authority api | add provisioners
* authorize returns []interface{}
- operators in this list can conform to any interface the user decides
- our implementation has a combination of certificate claim validators
and certificate template modifiers.
* provisioners can set and enforce tls cert options
This commit is contained in:
max furman
parent
d7c31c3133
commit
ee7db4006a
20 changed files with 620 additions and 430 deletions
|
|
@ -45,7 +45,7 @@ func generateOTT(subject string) string {
|
|||
Issuer: "mariano",
|
||||
NotBefore: jwt.NewNumericDate(now),
|
||||
Expiry: jwt.NewNumericDate(now.Add(time.Minute)),
|
||||
Audience: []string{"step-certificate-authority"},
|
||||
Audience: []string{"https://127.0.0.1:0/sign"},
|
||||
}
|
||||
raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize()
|
||||
if err != nil {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue