diff --git a/authority/authority.go b/authority/authority.go index 8be23ed3..4318246b 100644 --- a/authority/authority.go +++ b/authority/authority.go @@ -262,7 +262,7 @@ func (a *Authority) ReloadAdminResources(ctx context.Context) error { a.config.AuthorityConfig.Admins = adminList a.admins = adminClxn - // update the SCEP service with the currently active SCEP + // update the SCEP Authority with the currently active SCEP // provisioner names and revalidate the configuration. if a.scepAuthority != nil { a.scepAuthority.UpdateProvisioners(a.getSCEPProvisionerNames()) @@ -651,10 +651,10 @@ func (a *Authority) init() error { } // The SCEP functionality is provided through an instance of - // scep.Service. It is initialized once when the CA is started. - // TODO(hs): should the SCEP service support reloading? For example, + // scep.Authority. It is initialized once when the CA is started. + // TODO(hs): should the SCEP Authority support reloading? For example, // when the admin resources are reloaded, specifically the provisioners, - // it can happen that the SCEP service is no longer required and can + // it can happen that the SCEP Authority is no longer required and can // be destroyed, or that it needs to be instantiated. It may also need // to be revalidated, because not all SCEP provisioner may have a // valid decrypter available. @@ -674,7 +674,7 @@ func (a *Authority) init() error { } // TODO(hs): instead of creating the decrypter here, pass the - // intermediate key + chain down to the SCEP service / authority, + // intermediate key + chain down to the SCEP authority, // and only instantiate it when required there. Is that possible? // Also with entering passwords? // TODO(hs): if moving the logic, try improving the logic for the diff --git a/scep/api/api.go b/scep/api/api.go index 1615313f..b618607c 100644 --- a/scep/api/api.go +++ b/scep/api/api.go @@ -18,6 +18,7 @@ import ( "github.com/smallstep/certificates/api" "github.com/smallstep/certificates/api/log" + "github.com/smallstep/certificates/authority" "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/scep" ) @@ -208,7 +209,7 @@ func lookupProvisioner(next http.HandlerFunc) http.HandlerFunc { } ctx := r.Context() - auth := scep.MustFromContext(ctx) + auth := authority.MustFromContext(ctx) p, err := auth.LoadProvisionerByName(provisionerName) if err != nil { fail(w, err) diff --git a/scep/provisioner.go b/scep/provisioner.go index a1796b5b..e9b9c30f 100644 --- a/scep/provisioner.go +++ b/scep/provisioner.go @@ -4,17 +4,15 @@ import ( "context" "crypto" "crypto/x509" - "time" "github.com/smallstep/certificates/authority/provisioner" ) -// Provisioner is an interface that implements a subset of the provisioner.Interface -- -// only those methods required by the SCEP api/authority. +// Provisioner is an interface that embeds the +// provisioner.Interface and adds some SCEP specific +// functions. type Provisioner interface { - AuthorizeSign(ctx context.Context, token string) ([]provisioner.SignOption, error) - GetName() string - DefaultTLSCertDuration() time.Duration + provisioner.Interface GetOptions() *provisioner.Options GetCapabilities() []string ShouldIncludeRootInChain() bool