From 71b3f65df12d532b26be8532d3264931da8b47bb Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Sat, 7 Aug 2021 01:33:08 +0200 Subject: [PATCH] Add processing of RequireEAB through Linked CA --- authority/provisioners.go | 13 +++++++------ docs/provisioners.md | 4 ++++ 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/authority/provisioners.go b/authority/provisioners.go index d2581e76..0117e037 100644 --- a/authority/provisioners.go +++ b/authority/provisioners.go @@ -510,12 +510,13 @@ func ProvisionerToCertificates(p *linkedca.Provisioner) (provisioner.Interface, case *linkedca.ProvisionerDetails_ACME: cfg := d.ACME return &provisioner.ACME{ - ID: p.Id, - Type: p.Type.String(), - Name: p.Name, - ForceCN: cfg.ForceCn, - Claims: claims, - Options: options, + ID: p.Id, + Type: p.Type.String(), + Name: p.Name, + ForceCN: cfg.ForceCn, + RequireEAB: cfg.RequireEab, + Claims: claims, + Options: options, }, nil case *linkedca.ProvisionerDetails_OIDC: cfg := d.OIDC diff --git a/docs/provisioners.md b/docs/provisioners.md index 7ee9af50..e3770023 100644 --- a/docs/provisioners.md +++ b/docs/provisioners.md @@ -346,6 +346,7 @@ Below is an example of an ACME provisioner in the `ca.json`: "type": "ACME", "name": "my-acme-provisioner", "forceCN": true, + "requireEAB": false, "claims": { "maxTLSCertDuration": "8h", "defaultTLSCertDuration": "2h", @@ -361,6 +362,9 @@ Below is an example of an ACME provisioner in the `ca.json`: * `forceCN` (optional): force one of the SANs to become the Common Name, if a common name is not provided. +* `requireEAB` (optional): require clients to provide External Account Binding + credentials when creating an ACME Account. + * `claims` (optional): overwrites the default claims set in the authority, see the [top](#provisioners) section for all the options.