forked from TrueCloudLab/certificates
Add backdate support on ssh rekey.
This commit is contained in:
parent
84ff172093
commit
74b5d7f984
1 changed files with 6 additions and 3 deletions
|
@ -496,9 +496,12 @@ func (a *Authority) RekeySSH(oldCert *ssh.Certificate, pub ssh.PublicKey, signOp
|
||||||
if oldCert.ValidAfter == 0 || oldCert.ValidBefore == 0 {
|
if oldCert.ValidAfter == 0 || oldCert.ValidBefore == 0 {
|
||||||
return nil, errors.New("rekeySSH: cannot rekey certificate without validity period")
|
return nil, errors.New("rekeySSH: cannot rekey certificate without validity period")
|
||||||
}
|
}
|
||||||
dur := time.Duration(oldCert.ValidBefore-oldCert.ValidAfter) * time.Second
|
|
||||||
va := time.Now()
|
backdate := a.config.AuthorityConfig.Backdate.Duration
|
||||||
vb := va.Add(dur)
|
duration := time.Duration(oldCert.ValidBefore-oldCert.ValidAfter) * time.Second
|
||||||
|
now := time.Now()
|
||||||
|
va := now.Add(-1 * backdate)
|
||||||
|
vb := now.Add(duration - backdate)
|
||||||
|
|
||||||
// Build base certificate with the key and some random values
|
// Build base certificate with the key and some random values
|
||||||
cert := &ssh.Certificate{
|
cert := &ssh.Certificate{
|
||||||
|
|
Loading…
Reference in a new issue