Change CommonName validator in JWK

This commit changes the common name validator in the JWK provisioner to
accept either the token subject or any of the sans in the token.
This commit is contained in:
Mariano Cano 2023-10-31 16:44:18 -07:00
parent ef2b43d888
commit 49045a1150
No known key found for this signature in database
2 changed files with 3 additions and 3 deletions

View File

@ -190,7 +190,7 @@ func (p *JWK) AuthorizeSign(ctx context.Context, token string) ([]SignOption, er
newProvisionerExtensionOption(TypeJWK, p.Name, p.Key.KeyID).WithControllerOptions(p.ctl),
profileDefaultDuration(p.ctl.Claimer.DefaultTLSCertDuration()),
// validators
commonNameValidator(claims.Subject),
commonNameSliceValidator(append([]string{claims.Subject}, claims.SANs...)),
defaultPublicKeyValidator{},
newDefaultSANsValidator(ctx, claims.SANs),
newValidityValidator(p.ctl.Claimer.MinTLSCertDuration(), p.ctl.Claimer.MaxTLSCertDuration()),

View File

@ -309,8 +309,8 @@ func TestJWK_AuthorizeSign(t *testing.T) {
assert.Len(t, 0, v.KeyValuePairs)
case profileDefaultDuration:
assert.Equals(t, time.Duration(v), tt.prov.ctl.Claimer.DefaultTLSCertDuration())
case commonNameValidator:
assert.Equals(t, string(v), "subject")
case commonNameSliceValidator:
assert.Equals(t, []string(v), append([]string{"subject"}, tt.sans...))
case defaultPublicKeyValidator:
case *validityValidator:
assert.Equals(t, v.min, tt.prov.ctl.Claimer.MinTLSCertDuration())