|
|
|
@ -183,7 +183,7 @@ func (p *JWK) AuthorizeSign(ctx context.Context, token string) ([]SignOption, er
|
|
|
|
|
defaultPublicKeyValidator{},
|
|
|
|
|
defaultSANsValidator(claims.SANs),
|
|
|
|
|
newValidityValidator(p.ctl.Claimer.MinTLSCertDuration(), p.ctl.Claimer.MaxTLSCertDuration()),
|
|
|
|
|
newX509NamePolicyValidator(p.ctl.GetPolicy().GetX509()),
|
|
|
|
|
newX509NamePolicyValidator(p.ctl.getPolicy().getX509()),
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
@ -266,7 +266,7 @@ func (p *JWK) AuthorizeSSHSign(ctx context.Context, token string) ([]SignOption,
|
|
|
|
|
// Require and validate all the default fields in the SSH certificate.
|
|
|
|
|
&sshCertDefaultValidator{},
|
|
|
|
|
// Ensure that all principal names are allowed
|
|
|
|
|
newSSHNamePolicyValidator(p.ctl.GetPolicy().GetSSHHost(), p.ctl.GetPolicy().GetSSHUser()),
|
|
|
|
|
newSSHNamePolicyValidator(p.ctl.getPolicy().getSSHHost(), p.ctl.getPolicy().getSSHUser()),
|
|
|
|
|
), nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|