-
Notifications
You must be signed in to change notification settings - Fork 35
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
refactor: ca and cert packages #79
refactor: ca and cert packages #79
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good. Thanks for the tests. A couple questions.
e7b3e8a
to
666dc9b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have one comment, but it isn't a blocker as the original CA didn't do any verification of the PK Token. You are welcome to address it or not.
The PR oidcClaim struct this adds will be very nice to have.
Not a code review comment just curious. Is there a name for this pattern you are using here? type Alias OidcClaims
aux := &struct {
Audience any `json:"aud"`
*Alias
}{
Alias: (*Alias)(id),
} |
Not sure if there is a name for it but it is necessary to avoid recursive unmarshaling of |
Summary
ca
andcert
packages into oneca
package with testsCreateX509Cert(pkToken *pktoken.PKToken, signer crypto.Signer) ([]byte, error)
for thecert
packageThis PR doesn't meet any goals for the smuggler interface but moves us in the right direction. The main motivation for this change is to move this common reusable
CreateX509Cert()
from thesigned-attestation
repo intoopenpubkey