Add processing of RequireEAB through Linked CA

3 years ago · 71b3f65df1
parent 7dad7038c3
commit 71b3f65df1
2 changed files with 11 additions and 6 deletions
--- a/authority/provisioners.go
+++ b/authority/provisioners.go
@ -510,12 +510,13 @@ func ProvisionerToCertificates(p *linkedca.Provisioner) (provisioner.Interface,
 	case *linkedca.ProvisionerDetails_ACME:
 		cfg := d.ACME
 		return &provisioner.ACME{
-			ID:      p.Id,
-			Type:    p.Type.String(),
-			Name:    p.Name,
-			ForceCN: cfg.ForceCn,
-			Claims:  claims,
-			Options: options,
+			ID:         p.Id,
+			Type:       p.Type.String(),
+			Name:       p.Name,
+			ForceCN:    cfg.ForceCn,
+			RequireEAB: cfg.RequireEab,
+			Claims:     claims,
+			Options:    options,
 		}, nil
 	case *linkedca.ProvisionerDetails_OIDC:
 		cfg := d.OIDC
--- a/docs/provisioners.md
+++ b/docs/provisioners.md
@ -346,6 +346,7 @@ Below is an example of an ACME provisioner in the `ca.json`:
    "type": "ACME",
    "name": "my-acme-provisioner",
    "forceCN": true,
+    "requireEAB": false,
    "claims": {
        "maxTLSCertDuration": "8h",
        "defaultTLSCertDuration": "2h",
@ -361,6 +362,9 @@ Below is an example of an ACME provisioner in the `ca.json`:
 * `forceCN` (optional): force one of the SANs to become the Common Name, if a
  common name is not provided.

+* `requireEAB` (optional): require clients to provide External Account Binding 
+  credentials when creating an ACME Account.
+
 * `claims` (optional): overwrites the default claims set in the authority, see
  the [top](#provisioners) section for all the options.