Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove some duplicate and unnecessary logic

Browse Source
pull/599/head
Herman Slatman 4 years ago committed by max furman
parent 75cd3ab0ac
commit 017e56c9fb
3 changed files with 12 additions and 24 deletions
Show Stats Download Patch File Download Diff File

9
scep/api/api.go
Unescape Escape View File

@ -16,6 +16,7 @@ import (
"github.com/smallstep/certificates/api" "github.com/smallstep/certificates/api"
"github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/authority/provisioner"
"github.com/smallstep/certificates/scep" "github.com/smallstep/certificates/scep"
"go.mozilla.org/pkcs7"
microscep "github.com/micromdm/scep/scep" microscep "github.com/micromdm/scep/scep"
) )
@ -269,16 +270,24 @@ func (h *Handler) PKIOperation(ctx context.Context, request SCEPRequest) (SCEPRe
response := SCEPResponse{Operation: opnPKIOperation} response := SCEPResponse{Operation: opnPKIOperation}
// parse the message using microscep implementation
microMsg, err := microscep.ParsePKIMessage(request.Message) microMsg, err := microscep.ParsePKIMessage(request.Message)
if err != nil { if err != nil {
return SCEPResponse{}, err return SCEPResponse{}, err
} }
p7, err := pkcs7.Parse(microMsg.Raw)
if err != nil {
return SCEPResponse{}, err
}
// copy over properties to our internal PKIMessage
msg := &scep.PKIMessage{ msg := &scep.PKIMessage{
TransactionID: microMsg.TransactionID, TransactionID: microMsg.TransactionID,
MessageType: microMsg.MessageType, MessageType: microMsg.MessageType,
SenderNonce: microMsg.SenderNonce, SenderNonce: microMsg.SenderNonce,
Raw: microMsg.Raw, Raw: microMsg.Raw,
P7: p7,
} }
if err := h.Auth.DecryptPKIEnvelope(ctx, msg); err != nil { if err := h.Auth.DecryptPKIEnvelope(ctx, msg); err != nil {

25
scep/authority.go
Unescape Escape View File

@ -198,27 +198,7 @@ func (a *Authority) GetCACertificates() ([]*x509.Certificate, error) {
// DecryptPKIEnvelope decrypts an enveloped message // DecryptPKIEnvelope decrypts an enveloped message
func (a *Authority) DecryptPKIEnvelope(ctx context.Context, msg *PKIMessage) error { func (a *Authority) DecryptPKIEnvelope(ctx context.Context, msg *PKIMessage) error {
data := msg.Raw p7c, err := pkcs7.Parse(msg.P7.Content)
p7, err := pkcs7.Parse(data)
if err != nil {
return err
}
var tID microscep.TransactionID
if err := p7.UnmarshalSignedAttribute(oidSCEPtransactionID, &tID); err != nil {
return err
}
var msgType microscep.MessageType
if err := p7.UnmarshalSignedAttribute(oidSCEPmessageType, &msgType); err != nil {
return err
}
msg.p7 = p7
//p7c, err := pkcs7.Parse(p7.Content)
p7c, err := pkcs7.Parse(p7.Content)
if err != nil { if err != nil {
return err return err
} }
@ -253,7 +233,6 @@ func (a *Authority) DecryptPKIEnvelope(ctx context.Context, msg *PKIMessage) err
CSR: csr, CSR: csr,
ChallengePassword: cp, ChallengePassword: cp,
} }
//msg.Certificate = p7.Certificates[0] // TODO: check if this is necessary to add (again)
return nil return nil
case microscep.GetCRL, microscep.GetCert, microscep.CertPoll: case microscep.GetCRL, microscep.GetCert, microscep.CertPoll:
return fmt.Errorf("not implemented") //errNotImplemented return fmt.Errorf("not implemented") //errNotImplemented
@ -355,7 +334,7 @@ func (a *Authority) SignCSR(ctx context.Context, csr *x509.CertificateRequest, m
return nil, err return nil, err
} }
e7, err := pkcs7.Encrypt(deg, msg.p7.Certificates) e7, err := pkcs7.Encrypt(deg, msg.P7.Certificates)
if err != nil { if err != nil {
return nil, err return nil, err
} }

2
scep/scep.go
Unescape Escape View File

@ -35,7 +35,7 @@ type PKIMessage struct {
Raw []byte Raw []byte
// parsed // parsed
p7 *pkcs7.PKCS7 P7 *pkcs7.PKCS7
// decrypted enveloped content // decrypted enveloped content
pkiEnvelope []byte pkiEnvelope []byte

Write Preview
Loading…
Cancel
Save