|
|
|
@ -93,7 +93,7 @@ func withDefaultASN1DN(def *x509util.ASN1DN) x509util.WithOption {
|
|
|
|
|
func (a *Authority) Sign(csr *x509.CertificateRequest, signOpts provisioner.Options, extraOpts ...provisioner.SignOption) (*x509.Certificate, *x509.Certificate, error) {
|
|
|
|
|
var (
|
|
|
|
|
errContext = context{"csr": csr, "signOptions": signOpts}
|
|
|
|
|
mods = []x509util.WithOption{}
|
|
|
|
|
mods = []x509util.WithOption{withDefaultASN1DN(a.config.AuthorityConfig.Template)}
|
|
|
|
|
certValidators = []provisioner.CertificateValidator{}
|
|
|
|
|
)
|
|
|
|
|
for _, op := range extraOpts {
|
|
|
|
@ -102,7 +102,7 @@ func (a *Authority) Sign(csr *x509.CertificateRequest, signOpts provisioner.Opti
|
|
|
|
|
certValidators = append(certValidators, k)
|
|
|
|
|
case provisioner.CertificateRequestValidator:
|
|
|
|
|
if err := k.Valid(csr); err != nil {
|
|
|
|
|
return nil, nil, err
|
|
|
|
|
return nil, nil, &apiError{err, http.StatusUnauthorized, errContext}
|
|
|
|
|
}
|
|
|
|
|
case provisioner.ProfileModifier:
|
|
|
|
|
mods = append(mods, k.Option(signOpts))
|
|
|
|
@ -140,7 +140,7 @@ func (a *Authority) Sign(csr *x509.CertificateRequest, signOpts provisioner.Opti
|
|
|
|
|
// FIXME: This should be before creating the certificate.
|
|
|
|
|
for _, v := range certValidators {
|
|
|
|
|
if err := v.Valid(serverCert); err != nil {
|
|
|
|
|
return nil, nil, err
|
|
|
|
|
return nil, nil, &apiError{err, http.StatusUnauthorized, errContext}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|