Reorganize parsing target

1 year ago · 5ceed08ae0
parent 83ba0bdc51
commit 5ceed08ae0
4 changed files with 68 additions and 28 deletions
--- a/acme/api/order.go
+++ b/acme/api/order.go
@ -1,7 +1,6 @@
 package api

 import (
-	"bytes"
 	"context"
 	"crypto/x509"
 	"encoding/base64"
@ -9,7 +8,6 @@ import (
 	"net"
 	"net/http"
 	"strings"
-	"text/template"
 	"time"

 	"github.com/go-chi/chi/v5"
@ -280,36 +278,27 @@ func newAuthorization(ctx context.Context, az *acme.Authorization) error {
 			wireId, err := wire.ParseID([]byte(az.Identifier.Value))
 			if err != nil {
 				if err != nil {
-					return acme.NewError(acme.ErrorMalformedType, "DeviceId cannot be parsed")
+					return acme.NewError(acme.ErrorMalformedType, "WireID cannot be parsed")
 				}
 			}
-			clientID := wireId.ClientID
-			deviceId := strings.Split(strings.Split(clientID, "@")[0], "/")[1]
+			clientID, err := wire.ParseClientID(wireId.ClientID)
+			if err != nil {
+				return acme.NewError(acme.ErrorMalformedType, "DeviceID cannot be parsed")
+			}

-			var targetTemplate string
+			var targetProvider interface{ GetTarget(string) (string, error) }
 			switch typ {
 			case acme.WIREOIDC01:
-				targetTemplate = prov.GetOptions().GetOIDCOptions().GetProviderIssuerURL()
+				targetProvider = prov.GetOptions().GetOIDCOptions()
 			case acme.WIREDPOP01:
-				targetTemplate = prov.GetOptions().GetDPOPOptions().GetDPOPTarget()
+				targetProvider = prov.GetOptions().GetDPOPOptions()
 			default:
 			}

-			tmpl, err := template.New("DeviceId").Parse(targetTemplate)
+			target, err = targetProvider.GetTarget(clientID.DeviceID)
 			if err != nil {
-				return acme.NewError(acme.ErrorMalformedType, "Misconfigured target template configuration")
-			}
-			type ClientIdTmpl struct {
-				DeviceId string
-			}
-			clientIdTmpl := ClientIdTmpl{deviceId}
-
-			var buff bytes.Buffer
-			if err := tmpl.Execute(&buff, clientIdTmpl); err != nil {
 				return acme.NewError(acme.ErrorMalformedType, "Invalid Go template registered for 'target'")
 			}
-			target = buff.String()
-
 		default:
 		}

--- a/authority/provisioner/dpop_options.go
+++ b/authority/provisioner/dpop_options.go
@ -1,5 +1,11 @@
 package provisioner

+import (
+	"bytes"
+	"fmt"
+	"text/template"
+)
+
 type DPOPOptions struct {
 	// ValidationExecPath is the name of the executable to call for DPOP
 	// validation.
@ -30,3 +36,14 @@ func (o *DPOPOptions) GetDPOPTarget() string {
 	}
 	return o.DpopTarget
 }
+
+func (o *DPOPOptions) GetTarget(deviceID string) (string, error) {
+	if o == nil {
+		return "", fmt.Errorf("Misconfigured target template configuration")
+	}
+	targetTemplate := o.GetDPOPTarget()
+	tmpl, err := template.New("DeviceId").Parse(targetTemplate)
+	buf := new(bytes.Buffer)
+	err = tmpl.Execute(buf, struct{ DeviceId string }{deviceID})
+	return buf.String(), err
+}
--- a/authority/provisioner/oidc_options.go
+++ b/authority/provisioner/oidc_options.go
@ -1,7 +1,10 @@
 package provisioner

 import (
+	"bytes"
 	"context"
+	"fmt"
+	"text/template"
 	"time"

 	"github.com/coreos/go-oidc/v3/oidc"
@ -38,13 +41,6 @@ func (o *OIDCOptions) GetProvider(ctx context.Context) *oidc.Provider {
 	return toProviderConfig(o.Provider).NewProvider(ctx)
 }

-func (o *OIDCOptions) GetProviderIssuerURL() string {
-	if o == nil {
-		return ""
-	}
-	return o.Provider.IssuerURL
-}
-
 func (o *OIDCOptions) GetConfig() *oidc.Config {
 	if o == nil {
 		return &oidc.Config{}
@ -53,6 +49,17 @@ func (o *OIDCOptions) GetConfig() *oidc.Config {
 	return &config
 }

+func (o *OIDCOptions) GetTarget(deviceID string) (string, error) {
+	if o == nil {
+		return "", fmt.Errorf("Misconfigured target template configuration")
+	}
+	targetTemplate := o.Provider.IssuerURL
+	tmpl, err := template.New("DeviceId").Parse(targetTemplate)
+	buf := new(bytes.Buffer)
+	err = tmpl.Execute(buf, struct{ DeviceId string }{deviceID})
+	return buf.String(), err
+}
+
 func toProviderConfig(in ProviderJSON) *oidc.ProviderConfig {
 	return &oidc.ProviderConfig{
 		IssuerURL:   in.IssuerURL,
--- a/wire/id.go
+++ b/wire/id.go
@ -1,6 +1,10 @@
 package wire

-import "encoding/json"
+import (
+	"encoding/json"
+	"fmt"
+	"strings"
+)

 type WireIDJSON struct {
 	Name     string `json:"name,omitempty"`
@ -13,3 +17,26 @@ func ParseID(data []byte) (wireID WireIDJSON, err error) {
 	err = json.Unmarshal(data, &wireID)
 	return
 }
+
+type ClientID struct {
+	Username string
+	DeviceID string
+	Domain   string
+}
+
+func ParseClientID(clientID string) (ClientID, error) {
+	at := strings.SplitN(clientID, "@", 2)
+	if len(at) != 2 {
+		return ClientID{}, fmt.Errorf("could not match client ID format: %s", clientID)
+	}
+	comp := at[0]
+	slash := strings.SplitN(comp, "/", 2)
+	if len(slash) != 2 {
+		return ClientID{}, fmt.Errorf("could not match client ID format: %s", clientID)
+	}
+	return ClientID{
+		Username: slash[0],
+		DeviceID: slash[1],
+		Domain:   at[1],
+	}, nil
+}