Skip to content

Fixing expired cert generation #286

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
cviecco merged 1 commit into from
Dec 7, 2025
Merged

Fixing expired cert generation #286

cviecco merged 1 commit into from
Dec 7, 2025

Conversation

@cviecco
Copy link
Contributor

@cviecco cviecco commented Dec 7, 2025

During the addition of the new auth method I forgot to also reset the certgentime.
This PR fixes this and add a test case so that we dont regress

@cviecco
Fixing expired cert generation
c333198 
During the addition of the new auth method I forgot to also reset the
certgentime.
This PR fixes this and add a test case so that we dont regress
@cviecco cviecco mentioned this pull request Dec 7, 2025
Closed
@cviecco cviecco linked an issue Dec 7, 2025 that may be closed by this pull request
1.17.1 generating invalid x509 certs #285
Closed
@cviecco cviecco requested a review from Copilot December 7, 2025 03:28
Copilot AI reviewed Dec 7, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes a bug where certificate expiration times were not being properly extracted from JWT tokens, causing generated certificates to have incorrect expiry dates. The fix adds the missing assignment of CertNotAfter from the JWT and updates the backwards compatibility logic accordingly, along with test coverage to prevent regression.

  • Added missing CertNotAfter extraction from JWT tokens in authentication flow
  • Updated backwards compatibility check to properly handle the newly extracted field
  • Added test validation to ensure generated certificates have valid time ranges

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
cmd/keymasterd/jwt.go Fixed missing CertNotAfter assignment from JWT and updated backwards compatibility check from zero-value to time comparison
cmd/keymasterd/certgen.go Enhanced debug logging to include full authData structure for troubleshooting
cmd/keymasterd/main_test.go Added certificate validity time checks to test generated X.509 certificates have proper NotBefore and NotAfter values

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@cviecco cviecco merged commit 77cfeac into Cloud-Foundations:master Dec 7, 2025
15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@erikespinoza erikespinoza Awaiting requested review from erikespinoza

@rgooch rgooch Awaiting requested review from rgooch

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1.17.1 generating invalid x509 certs

1 participant

@cviecco