Fix tests.

api/api.go

@@ -39,6 +39,11 @@ type Authority interface {
 // TimeDuration is an alias of provisioner.TimeDuration
 type TimeDuration = provisioner.TimeDuration
 
+// NewTimeDuration returns a TimeDuration with the defined time.
+func NewTimeDuration(t time.Time) TimeDuration {
+	return provisioner.NewTimeDuration(t)
+}
+
 // ParseTimeDuration returns a new TimeDuration parsing the RFC 3339 time or
 // time.Duration string.
 func ParseTimeDuration(s string) (TimeDuration, error) {

api/api_test.go

@@ -397,8 +397,8 @@ func TestSignRequest_Validate(t *testing.T) {
 			s := &SignRequest{
 				CsrPEM:    tt.fields.CsrPEM,
 				OTT:       tt.fields.OTT,
-				NotAfter:  tt.fields.NotAfter,
+				NotAfter:  NewTimeDuration(tt.fields.NotAfter),
-				NotBefore: tt.fields.NotBefore,
+				NotBefore: NewTimeDuration(tt.fields.NotBefore),
 			}
 			if err := s.Validate(); (err != nil) != tt.wantErr {
 				t.Errorf("SignRequest.Validate() error = %v, wantErr %v", err, tt.wantErr)

authority/tls_test.go

@@ -89,8 +89,8 @@ func TestSign(t *testing.T) {
 
 	nb := time.Now()
 	signOpts := provisioner.Options{
-		NotBefore: nb,
+		NotBefore: provisioner.NewTimeDuration(nb),
-		NotAfter:  nb.Add(time.Minute * 5),
+		NotAfter:  provisioner.NewTimeDuration(nb.Add(time.Minute * 5)),
 	}
 
 	// Create a token to get test extra opts.
@@ -171,8 +171,8 @@ func TestSign(t *testing.T) {
 		"fail provisioner duration claim": func(t *testing.T) *signTest {
 			csr := getCSR(t, priv)
 			_signOpts := provisioner.Options{
-				NotBefore: nb,
+				NotBefore: provisioner.NewTimeDuration(nb),
-				NotAfter:  nb.Add(time.Hour * 25),
+				NotAfter:  provisioner.NewTimeDuration(nb.Add(time.Hour * 25)),
 			}
 			return &signTest{
 				auth:      a,
@@ -229,8 +229,8 @@ func TestSign(t *testing.T) {
 				}
 			} else {
 				if assert.Nil(t, tc.err) {
-					assert.Equals(t, leaf.NotBefore, signOpts.NotBefore.UTC().Truncate(time.Second))
+					assert.Equals(t, leaf.NotBefore, signOpts.NotBefore.Time().Truncate(time.Second))
-					assert.Equals(t, leaf.NotAfter, signOpts.NotAfter.UTC().Truncate(time.Second))
+					assert.Equals(t, leaf.NotAfter, signOpts.NotAfter.Time().Truncate(time.Second))
 					tmplt := a.config.AuthorityConfig.Template
 					assert.Equals(t, fmt.Sprintf("%v", leaf.Subject),
 						fmt.Sprintf("%v", &pkix.Name{
@@ -300,13 +300,13 @@ func TestRenew(t *testing.T) {
 	nb1 := now.Add(-time.Minute * 7)
 	na1 := now
 	so := &provisioner.Options{
-		NotBefore: nb1,
+		NotBefore: provisioner.NewTimeDuration(nb1),
-		NotAfter:  na1,
+		NotAfter:  provisioner.NewTimeDuration(na1),
 	}
 
 	leaf, err := x509util.NewLeafProfile("renew", a.intermediateIdentity.Crt,
 		a.intermediateIdentity.Key,
-		x509util.WithNotBeforeAfterDuration(so.NotBefore, so.NotAfter, 0),
+		x509util.WithNotBeforeAfterDuration(so.NotBefore.Time(), so.NotAfter.Time(), 0),
 		withDefaultASN1DN(a.config.AuthorityConfig.Template),
 		x509util.WithPublicKey(pub), x509util.WithHosts("test.smallstep.com,test"),
 		withProvisionerOID("Max", a.config.AuthorityConfig.Provisioners[0].(*provisioner.JWK).Key.KeyID))
@@ -318,7 +318,7 @@ func TestRenew(t *testing.T) {
 
 	leafNoRenew, err := x509util.NewLeafProfile("norenew", a.intermediateIdentity.Crt,
 		a.intermediateIdentity.Key,
-		x509util.WithNotBeforeAfterDuration(so.NotBefore, so.NotAfter, 0),
+		x509util.WithNotBeforeAfterDuration(so.NotBefore.Time(), so.NotAfter.Time(), 0),
 		withDefaultASN1DN(a.config.AuthorityConfig.Template),
 		x509util.WithPublicKey(pub), x509util.WithHosts("test.smallstep.com,test"),
 		withProvisionerOID("dev", a.config.AuthorityConfig.Provisioners[2].(*provisioner.JWK).Key.KeyID),

ca/ca_test.go

@@ -209,8 +209,8 @@ ZEp7knvU2psWRw==
 			body, err := json.Marshal(&api.SignRequest{
 				CsrPEM:    api.CertificateRequest{CertificateRequest: csr},
 				OTT:       raw,
-				NotBefore: now,
+				NotBefore: api.NewTimeDuration(now),
-				NotAfter:  leafExpiry,
+				NotAfter:  api.NewTimeDuration(leafExpiry),
 			})
 			assert.FatalError(t, err)
 			return &signTest{
@@ -242,8 +242,8 @@ ZEp7knvU2psWRw==
 			body, err := json.Marshal(&api.SignRequest{
 				CsrPEM:    api.CertificateRequest{CertificateRequest: csr},
 				OTT:       raw,
-				NotBefore: now,
+				NotBefore: api.NewTimeDuration(now),
-				NotAfter:  leafExpiry,
+				NotAfter:  api.NewTimeDuration(leafExpiry),
 			})
 			assert.FatalError(t, err)
 			return &signTest{

ca/client_test.go

@@ -257,8 +257,8 @@ func TestClient_Sign(t *testing.T) {
 	request := &api.SignRequest{
 		CsrPEM:    api.CertificateRequest{CertificateRequest: parseCertificateRequest(csrPEM)},
 		OTT:       "the-ott",
-		NotBefore: time.Now(),
+		NotBefore: api.NewTimeDuration(time.Now()),
-		NotAfter:  time.Now().AddDate(0, 1, 0),
+		NotAfter:  api.NewTimeDuration(time.Now().AddDate(0, 1, 0)),
 	}
 	unauthorized := api.Unauthorized(fmt.Errorf("Unauthorized"))
 	badRequest := api.BadRequest(fmt.Errorf("Bad Request"))

ca/tls_test.go

@@ -95,8 +95,8 @@ func signDuration(srv *httptest.Server, domain string, duration time.Duration) (
 	}
 
 	if duration > 0 {
-		req.NotBefore = time.Now()
+		req.NotBefore = api.NewTimeDuration(time.Now())
-		req.NotAfter = req.NotBefore.Add(duration)
+		req.NotAfter = api.NewTimeDuration(req.NotBefore.Time().Add(duration))
 	}
 
 	client, err := NewClient(srv.URL, WithRootFile("testdata/secrets/root_ca.crt"))