Add backdate support on ssh rekey.

This commit is contained in:
Mariano Cano 2020-01-03 18:30:17 -08:00 committed by max furman
parent 84ff172093
commit 74b5d7f984

View file

@ -496,9 +496,12 @@ func (a *Authority) RekeySSH(oldCert *ssh.Certificate, pub ssh.PublicKey, signOp
if oldCert.ValidAfter == 0 || oldCert.ValidBefore == 0 { if oldCert.ValidAfter == 0 || oldCert.ValidBefore == 0 {
return nil, errors.New("rekeySSH: cannot rekey certificate without validity period") return nil, errors.New("rekeySSH: cannot rekey certificate without validity period")
} }
dur := time.Duration(oldCert.ValidBefore-oldCert.ValidAfter) * time.Second
va := time.Now() backdate := a.config.AuthorityConfig.Backdate.Duration
vb := va.Add(dur) duration := time.Duration(oldCert.ValidBefore-oldCert.ValidAfter) * time.Second
now := time.Now()
va := now.Add(-1 * backdate)
vb := now.Add(duration - backdate)
// Build base certificate with the key and some random values // Build base certificate with the key and some random values
cert := &ssh.Certificate{ cert := &ssh.Certificate{