token-server: Make machine token minter config apply to subdomains.

tokenserver/appengine/impl/machinetoken/machinetoken_test.go

Index: tokenserver/appengine/impl/machinetoken/machinetoken_test.go
diff --git a/tokenserver/appengine/impl/machinetoken/machinetoken_test.go b/tokenserver/appengine/impl/machinetoken/machinetoken_test.go
index fa03b019d8994005a783532a0d2b6784cdf51265..dc254a7710e0275b895ee7d3ed8bf0017a1997d6 100644
--- a/tokenserver/appengine/impl/machinetoken/machinetoken_test.go
+++ b/tokenserver/appengine/impl/machinetoken/machinetoken_test.go
@@ -43,6 +43,11 @@ func TestMintParamsValidation(t *testing.T) {
 			So(params.Validate(), ShouldBeNil)
 		})
 
+		Convey("good params with subdomain", func() {
+			params.FQDN = "host.subdomain.domain"
+			So(params.Validate(), ShouldBeNil)
+		})
+
 		Convey("bad FQDN case", func() {
 			params.FQDN = "HOST.domain"
 			So(params.Validate(), ShouldErrLike, "expecting FQDN in lowercase")
@@ -53,11 +58,6 @@ func TestMintParamsValidation(t *testing.T) {
 			So(params.Validate(), ShouldErrLike, "not a valid FQDN")
 		})
 
-		Convey("bad char in FQDN", func() {
-			params.FQDN = "host@.domain"
-			So(params.Validate(), ShouldErrLike, "forbidden character")
-		})
-
 		Convey("not whitelisted", func() {
 			params.FQDN = "host.blah"
 			So(params.Validate(), ShouldErrLike, "not whitelisted in the config")