diff --git a/api/api.go b/api/api.go index a4d09f91..3f5b54ab 100644 --- a/api/api.go +++ b/api/api.go @@ -39,6 +39,11 @@ type Authority interface { // TimeDuration is an alias of provisioner.TimeDuration type TimeDuration = provisioner.TimeDuration +// NewTimeDuration returns a TimeDuration with the defined time. +func NewTimeDuration(t time.Time) TimeDuration { + return provisioner.NewTimeDuration(t) +} + // ParseTimeDuration returns a new TimeDuration parsing the RFC 3339 time or // time.Duration string. func ParseTimeDuration(s string) (TimeDuration, error) { diff --git a/api/api_test.go b/api/api_test.go index 80879ef5..e78b370e 100644 --- a/api/api_test.go +++ b/api/api_test.go @@ -397,8 +397,8 @@ func TestSignRequest_Validate(t *testing.T) { s := &SignRequest{ CsrPEM: tt.fields.CsrPEM, OTT: tt.fields.OTT, - NotAfter: tt.fields.NotAfter, - NotBefore: tt.fields.NotBefore, + NotAfter: NewTimeDuration(tt.fields.NotAfter), + NotBefore: NewTimeDuration(tt.fields.NotBefore), } if err := s.Validate(); (err != nil) != tt.wantErr { t.Errorf("SignRequest.Validate() error = %v, wantErr %v", err, tt.wantErr) diff --git a/authority/tls_test.go b/authority/tls_test.go index 47ac7966..eb1793e2 100644 --- a/authority/tls_test.go +++ b/authority/tls_test.go @@ -89,8 +89,8 @@ func TestSign(t *testing.T) { nb := time.Now() signOpts := provisioner.Options{ - NotBefore: nb, - NotAfter: nb.Add(time.Minute * 5), + NotBefore: provisioner.NewTimeDuration(nb), + NotAfter: provisioner.NewTimeDuration(nb.Add(time.Minute * 5)), } // Create a token to get test extra opts. @@ -171,8 +171,8 @@ func TestSign(t *testing.T) { "fail provisioner duration claim": func(t *testing.T) *signTest { csr := getCSR(t, priv) _signOpts := provisioner.Options{ - NotBefore: nb, - NotAfter: nb.Add(time.Hour * 25), + NotBefore: provisioner.NewTimeDuration(nb), + NotAfter: provisioner.NewTimeDuration(nb.Add(time.Hour * 25)), } return &signTest{ auth: a, @@ -229,8 +229,8 @@ func TestSign(t *testing.T) { } } else { if assert.Nil(t, tc.err) { - assert.Equals(t, leaf.NotBefore, signOpts.NotBefore.UTC().Truncate(time.Second)) - assert.Equals(t, leaf.NotAfter, signOpts.NotAfter.UTC().Truncate(time.Second)) + assert.Equals(t, leaf.NotBefore, signOpts.NotBefore.Time().Truncate(time.Second)) + assert.Equals(t, leaf.NotAfter, signOpts.NotAfter.Time().Truncate(time.Second)) tmplt := a.config.AuthorityConfig.Template assert.Equals(t, fmt.Sprintf("%v", leaf.Subject), fmt.Sprintf("%v", &pkix.Name{ @@ -300,13 +300,13 @@ func TestRenew(t *testing.T) { nb1 := now.Add(-time.Minute * 7) na1 := now so := &provisioner.Options{ - NotBefore: nb1, - NotAfter: na1, + NotBefore: provisioner.NewTimeDuration(nb1), + NotAfter: provisioner.NewTimeDuration(na1), } leaf, err := x509util.NewLeafProfile("renew", a.intermediateIdentity.Crt, a.intermediateIdentity.Key, - x509util.WithNotBeforeAfterDuration(so.NotBefore, so.NotAfter, 0), + x509util.WithNotBeforeAfterDuration(so.NotBefore.Time(), so.NotAfter.Time(), 0), withDefaultASN1DN(a.config.AuthorityConfig.Template), x509util.WithPublicKey(pub), x509util.WithHosts("test.smallstep.com,test"), withProvisionerOID("Max", a.config.AuthorityConfig.Provisioners[0].(*provisioner.JWK).Key.KeyID)) @@ -318,7 +318,7 @@ func TestRenew(t *testing.T) { leafNoRenew, err := x509util.NewLeafProfile("norenew", a.intermediateIdentity.Crt, a.intermediateIdentity.Key, - x509util.WithNotBeforeAfterDuration(so.NotBefore, so.NotAfter, 0), + x509util.WithNotBeforeAfterDuration(so.NotBefore.Time(), so.NotAfter.Time(), 0), withDefaultASN1DN(a.config.AuthorityConfig.Template), x509util.WithPublicKey(pub), x509util.WithHosts("test.smallstep.com,test"), withProvisionerOID("dev", a.config.AuthorityConfig.Provisioners[2].(*provisioner.JWK).Key.KeyID), diff --git a/ca/ca_test.go b/ca/ca_test.go index d5fc17f7..cbbd6d48 100644 --- a/ca/ca_test.go +++ b/ca/ca_test.go @@ -209,8 +209,8 @@ ZEp7knvU2psWRw== body, err := json.Marshal(&api.SignRequest{ CsrPEM: api.CertificateRequest{CertificateRequest: csr}, OTT: raw, - NotBefore: now, - NotAfter: leafExpiry, + NotBefore: api.NewTimeDuration(now), + NotAfter: api.NewTimeDuration(leafExpiry), }) assert.FatalError(t, err) return &signTest{ @@ -242,8 +242,8 @@ ZEp7knvU2psWRw== body, err := json.Marshal(&api.SignRequest{ CsrPEM: api.CertificateRequest{CertificateRequest: csr}, OTT: raw, - NotBefore: now, - NotAfter: leafExpiry, + NotBefore: api.NewTimeDuration(now), + NotAfter: api.NewTimeDuration(leafExpiry), }) assert.FatalError(t, err) return &signTest{ diff --git a/ca/client_test.go b/ca/client_test.go index 68fefd09..bfac97a4 100644 --- a/ca/client_test.go +++ b/ca/client_test.go @@ -257,8 +257,8 @@ func TestClient_Sign(t *testing.T) { request := &api.SignRequest{ CsrPEM: api.CertificateRequest{CertificateRequest: parseCertificateRequest(csrPEM)}, OTT: "the-ott", - NotBefore: time.Now(), - NotAfter: time.Now().AddDate(0, 1, 0), + NotBefore: api.NewTimeDuration(time.Now()), + NotAfter: api.NewTimeDuration(time.Now().AddDate(0, 1, 0)), } unauthorized := api.Unauthorized(fmt.Errorf("Unauthorized")) badRequest := api.BadRequest(fmt.Errorf("Bad Request")) diff --git a/ca/tls_test.go b/ca/tls_test.go index c71e839d..b88e825a 100644 --- a/ca/tls_test.go +++ b/ca/tls_test.go @@ -95,8 +95,8 @@ func signDuration(srv *httptest.Server, domain string, duration time.Duration) ( } if duration > 0 { - req.NotBefore = time.Now() - req.NotAfter = req.NotBefore.Add(duration) + req.NotBefore = api.NewTimeDuration(time.Now()) + req.NotAfter = api.NewTimeDuration(req.NotBefore.Time().Add(duration)) } client, err := NewClient(srv.URL, WithRootFile("testdata/secrets/root_ca.crt"))