Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add handling of
cnf
claim #1092Add handling of
cnf
claim #1092Changes from 2 commits
c85690b
4616c58
e207f94
3eb2564
2f0500a
8a2d36e
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
Check warning on line 178 in command/ca/sign.go
command/ca/sign.go#L178
Check warning on line 261 in command/ca/token.go
command/ca/token.go#L259-L261
Check warning on line 275 in command/ca/token.go
command/ca/token.go#L274-L275
Check warning on line 338 in command/ca/token.go
command/ca/token.go#L321-L338
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Instead of passing the CSR or SSH public key, the claim itself could be calculated here, and just pass it as the fingerprint directly? Or is there some flow in which to defer calculation of the fingerprint is necessary?
step ca sign
, maybe?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
step ca sign
usecautils.WithCertificateRequest(csr)
andstep ssh certificate
usecautils.WithSSHPublicKey(sshPub)
, although the SSH one is currently totally ignored. These fields go to the shared context of thecautils
package and end up in thetoken
package, which takes care of calculating the fingerprint and adding the proper attribute to the final token. Right now, only the CSR gets into the token package, but sending the type allows us to specify the right attribute now that we don't share justkid
.Check warning on line 342 in command/ca/token.go
command/ca/token.go#L340-L342
Check warning on line 376 in command/ca/token.go
command/ca/token.go#L376
Check warning on line 141 in command/certificate/fingerprint.go
command/certificate/fingerprint.go#L137-L141
Check warning on line 145 in command/certificate/fingerprint.go
command/certificate/fingerprint.go#L143-L145
Check warning on line 119 in token/options.go
token/options.go#L118-L119