Move options to provisioner so we can set the duration of the cert.

2026-01-27 10:18:34 +00:00 · 2019-03-07 15:14:18 -08:00
parent aa8385b8ba
commit a97ea87caa
6 changed files with 35 additions and 44 deletions
--- a/api/api.go
+++ b/api/api.go
@@ -18,7 +18,6 @@ import (

 	"github.com/go-chi/chi"
 	"github.com/pkg/errors"
-	"github.com/smallstep/certificates/authority"
 	"github.com/smallstep/certificates/authority/provisioner"
 	"github.com/smallstep/certificates/logging"
 	"github.com/smallstep/cli/crypto/tlsutil"
@@ -29,7 +28,7 @@ type Authority interface {
 	Authorize(ott string) ([]provisioner.SignOption, error)
 	GetTLSOptions() *tlsutil.TLSOptions
 	Root(shasum string) (*x509.Certificate, error)
-	Sign(cr *x509.CertificateRequest, signOpts authority.SignOptions, extraOpts ...provisioner.SignOption) (*x509.Certificate, *x509.Certificate, error)
+	Sign(cr *x509.CertificateRequest, opts provisioner.Options, signOpts ...provisioner.SignOption) (*x509.Certificate, *x509.Certificate, error)
 	Renew(peer *x509.Certificate) (*x509.Certificate, *x509.Certificate, error)
 	GetProvisioners(cursor string, limit int) (provisioner.List, string, error)
 	GetEncryptedKey(kid string) (string, error)
@@ -166,7 +165,7 @@ type ProvisionersResponse struct {
 	NextCursor   string           `json:"nextCursor"`
 }

-// ProvisionerKeyResponse is the response object that returns the encryptoed key
+// ProvisionerKeyResponse is the response object that returns the encrypted key
 // of a provisioner.
 type ProvisionerKeyResponse struct {
 	Key string `json:"key"`
@@ -267,18 +266,18 @@ func (h *caHandler) Sign(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	signOpts := authority.SignOptions{
+	opts := provisioner.Options{
 		NotBefore: body.NotBefore,
 		NotAfter:  body.NotAfter,
 	}

-	extraOpts, err := h.Authority.Authorize(body.OTT)
+	signOpts, err := h.Authority.Authorize(body.OTT)
 	if err != nil {
 		WriteError(w, Unauthorized(err))
 		return
 	}

-	cert, root, err := h.Authority.Sign(body.CsrPEM.CertificateRequest, signOpts, extraOpts...)
+	cert, root, err := h.Authority.Sign(body.CsrPEM.CertificateRequest, opts, signOpts...)
 	if err != nil {
 		WriteError(w, Forbidden(err))
 		return
--- a/api/api_test.go
+++ b/api/api_test.go
@@ -24,7 +24,6 @@ import (
 	"time"

 	"github.com/go-chi/chi"
-	"github.com/smallstep/certificates/authority"
 	"github.com/smallstep/certificates/authority/provisioner"
 	"github.com/smallstep/certificates/logging"
 	"github.com/smallstep/cli/crypto/tlsutil"
@@ -414,7 +413,7 @@ type mockAuthority struct {
 	authorize       func(ott string) ([]provisioner.SignOption, error)
 	getTLSOptions   func() *tlsutil.TLSOptions
 	root            func(shasum string) (*x509.Certificate, error)
-	sign            func(cr *x509.CertificateRequest, signOpts authority.SignOptions, extraOpts ...provisioner.SignOption) (*x509.Certificate, *x509.Certificate, error)
+	sign            func(cr *x509.CertificateRequest, opts provisioner.Options, signOpts ...provisioner.SignOption) (*x509.Certificate, *x509.Certificate, error)
 	renew           func(cert *x509.Certificate) (*x509.Certificate, *x509.Certificate, error)
 	getProvisioners func(nextCursor string, limit int) (provisioner.List, string, error)
 	getEncryptedKey func(kid string) (string, error)
@@ -443,9 +442,9 @@ func (m *mockAuthority) Root(shasum string) (*x509.Certificate, error) {
 	return m.ret1.(*x509.Certificate), m.err
 }

-func (m *mockAuthority) Sign(cr *x509.CertificateRequest, signOpts authority.SignOptions, extraOpts ...provisioner.SignOption) (*x509.Certificate, *x509.Certificate, error) {
+func (m *mockAuthority) Sign(cr *x509.CertificateRequest, opts provisioner.Options, signOpts ...provisioner.SignOption) (*x509.Certificate, *x509.Certificate, error) {
 	if m.sign != nil {
-		return m.sign(cr, signOpts, extraOpts...)
+		return m.sign(cr, opts, signOpts...)
 	}
 	return m.ret1.(*x509.Certificate), m.ret2.(*x509.Certificate), m.err
 }