mirror of
https://github.com/smallstep/certificates.git
synced 2024-10-31 03:20:16 +00:00
Change CommonName validator in JWK
This commit changes the common name validator in the JWK provisioner to accept either the token subject or any of the sans in the token.
This commit is contained in:
parent
ef2b43d888
commit
49045a1150
@ -190,7 +190,7 @@ func (p *JWK) AuthorizeSign(ctx context.Context, token string) ([]SignOption, er
|
||||
newProvisionerExtensionOption(TypeJWK, p.Name, p.Key.KeyID).WithControllerOptions(p.ctl),
|
||||
profileDefaultDuration(p.ctl.Claimer.DefaultTLSCertDuration()),
|
||||
// validators
|
||||
commonNameValidator(claims.Subject),
|
||||
commonNameSliceValidator(append([]string{claims.Subject}, claims.SANs...)),
|
||||
defaultPublicKeyValidator{},
|
||||
newDefaultSANsValidator(ctx, claims.SANs),
|
||||
newValidityValidator(p.ctl.Claimer.MinTLSCertDuration(), p.ctl.Claimer.MaxTLSCertDuration()),
|
||||
|
@ -309,8 +309,8 @@ func TestJWK_AuthorizeSign(t *testing.T) {
|
||||
assert.Len(t, 0, v.KeyValuePairs)
|
||||
case profileDefaultDuration:
|
||||
assert.Equals(t, time.Duration(v), tt.prov.ctl.Claimer.DefaultTLSCertDuration())
|
||||
case commonNameValidator:
|
||||
assert.Equals(t, string(v), "subject")
|
||||
case commonNameSliceValidator:
|
||||
assert.Equals(t, []string(v), append([]string{"subject"}, tt.sans...))
|
||||
case defaultPublicKeyValidator:
|
||||
case *validityValidator:
|
||||
assert.Equals(t, v.min, tt.prov.ctl.Claimer.MinTLSCertDuration())
|
||||
|
Loading…
Reference in New Issue
Block a user