diff --git a/app/vmmp_ca.ml b/app/vmmp_ca.ml index 9e3d65d..f4e9de8 100644 --- a/app/vmmp_ca.ml +++ b/app/vmmp_ca.ml @@ -39,8 +39,7 @@ let sign dbname cacert key csr days = Logs.app (fun m -> m "signing certificate with subject %s" (X509.distinguished_name_to_string ri.X509.CA.subject)) ; let issuer = X509.subject cacert in - (* TODO: handle version mismatch of the delegation cert specially here *) - (* TODO: check delegation! *) + (* TODO: check delegation! verify whitelisted commands!? *) match albatross_extension csr with | Ok (ext, v) -> Vmm_asn.cert_extension_of_cstruct v >>= fun (version, cmd) -> @@ -48,9 +47,12 @@ let sign dbname cacert key csr days = Ok () else Error (`Msg "unknown version in request")) >>= fun () -> - (* TODO l_exts / d_exts trouble *) + let exts = match cmd with + | `Policy_cmd (`Policy_add _) -> d_exts () + | _ -> l_exts + in Logs.app (fun m -> m "signing %a" Vmm_commands.pp cmd) ; - Ok (ext :: l_exts) >>= fun extensions -> + Ok (ext :: exts) >>= fun extensions -> Vmm_provision.sign ~dbname extensions issuer key csr (Duration.of_day days) | Error e -> Error e