Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add backdate support on ssh rekey.

Browse Source
pull/166/head^2
Mariano Cano 4 years ago committed by max furman
parent 84ff172093
commit 74b5d7f984
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File

9
authority/ssh.go
Unescape Escape View File

@ -496,9 +496,12 @@ func (a *Authority) RekeySSH(oldCert *ssh.Certificate, pub ssh.PublicKey, signOp
if oldCert.ValidAfter == 0 || oldCert.ValidBefore == 0 {
return nil, errors.New("rekeySSH: cannot rekey certificate without validity period")
}
dur := time.Duration(oldCert.ValidBefore-oldCert.ValidAfter) * time.Second
va := time.Now()
vb := va.Add(dur)
backdate := a.config.AuthorityConfig.Backdate.Duration
duration := time.Duration(oldCert.ValidBefore-oldCert.ValidAfter) * time.Second
now := time.Now()
va := now.Add(-1 * backdate)
vb := now.Add(duration - backdate)
// Build base certificate with the key and some random values
cert := &ssh.Certificate{

Write Preview
Loading…
Cancel
Save