mirror of
https://github.com/smallstep/certificates.git
synced 2024-10-31 03:20:16 +00:00
Make API responses aware of the new SCEP decrypter properties
This commit is contained in:
parent
3ade92f8d5
commit
5fd70af2c8
@ -1569,7 +1569,6 @@ func mustCertificate(t *testing.T, pub, priv interface{}) *x509.Certificate {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func TestProvisionersResponse_MarshalJSON(t *testing.T) {
|
func TestProvisionersResponse_MarshalJSON(t *testing.T) {
|
||||||
|
|
||||||
k := map[string]any{
|
k := map[string]any{
|
||||||
"use": "sig",
|
"use": "sig",
|
||||||
"kty": "EC",
|
"kty": "EC",
|
||||||
@ -1581,9 +1580,14 @@ func TestProvisionersResponse_MarshalJSON(t *testing.T) {
|
|||||||
}
|
}
|
||||||
key := squarejose.JSONWebKey{}
|
key := squarejose.JSONWebKey{}
|
||||||
b, err := json.Marshal(k)
|
b, err := json.Marshal(k)
|
||||||
assert.FatalError(t, err)
|
require.NoError(t, err)
|
||||||
err = json.Unmarshal(b, &key)
|
err = json.Unmarshal(b, &key)
|
||||||
assert.FatalError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
var encodedPassword bytes.Buffer
|
||||||
|
enc := base64.NewEncoder(base64.StdEncoding, &encodedPassword)
|
||||||
|
_, err = enc.Write([]byte("super-secret-password"))
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
r := ProvisionersResponse{
|
r := ProvisionersResponse{
|
||||||
Provisioners: provisioner.List{
|
Provisioners: provisioner.List{
|
||||||
@ -1593,9 +1597,12 @@ func TestProvisionersResponse_MarshalJSON(t *testing.T) {
|
|||||||
ChallengePassword: "not-so-secret",
|
ChallengePassword: "not-so-secret",
|
||||||
MinimumPublicKeyLength: 2048,
|
MinimumPublicKeyLength: 2048,
|
||||||
EncryptionAlgorithmIdentifier: 2,
|
EncryptionAlgorithmIdentifier: 2,
|
||||||
|
IncludeRoot: true,
|
||||||
|
ExcludeIntermediate: true,
|
||||||
DecrypterCertificate: []byte{1, 2, 3, 4},
|
DecrypterCertificate: []byte{1, 2, 3, 4},
|
||||||
DecrypterKey: "softkms:path=/path/to/private.key",
|
DecrypterKeyPEM: []byte{5, 6, 7, 8},
|
||||||
DecrypterKeyPassword: "super-secret-password",
|
DecrypterKeyURI: "softkms:path=/path/to/private.key",
|
||||||
|
DecrypterKeyPassword: encodedPassword.Bytes(),
|
||||||
},
|
},
|
||||||
&provisioner.JWK{
|
&provisioner.JWK{
|
||||||
EncryptedKey: "eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4R0NNIiwicDJjIjoxMDAwMDAsInAycyI6IlhOdmYxQjgxSUlLMFA2NUkwcmtGTGcifQ.XaN9zcPQeWt49zchUDm34FECUTHfQTn_.tmNHPQDqR3ebsWfd.9WZr3YVdeOyJh36vvx0VlRtluhvYp4K7jJ1KGDr1qypwZ3ziBVSNbYYQ71du7fTtrnfG1wgGTVR39tWSzBU-zwQ5hdV3rpMAaEbod5zeW6SHd95H3Bvcb43YiiqJFNL5sGZzFb7FqzVmpsZ1efiv6sZaGDHtnCAL6r12UG5EZuqGfM0jGCZitUz2m9TUKXJL5DJ7MOYbFfkCEsUBPDm_TInliSVn2kMJhFa0VOe5wZk5YOuYM3lNYW64HGtbf-llN2Xk-4O9TfeSPizBx9ZqGpeu8pz13efUDT2WL9tWo6-0UE-CrG0bScm8lFTncTkHcu49_a5NaUBkYlBjEiw.thPcx3t1AUcWuEygXIY3Fg",
|
EncryptedKey: "eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4R0NNIiwicDJjIjoxMDAwMDAsInAycyI6IlhOdmYxQjgxSUlLMFA2NUkwcmtGTGcifQ.XaN9zcPQeWt49zchUDm34FECUTHfQTn_.tmNHPQDqR3ebsWfd.9WZr3YVdeOyJh36vvx0VlRtluhvYp4K7jJ1KGDr1qypwZ3ziBVSNbYYQ71du7fTtrnfG1wgGTVR39tWSzBU-zwQ5hdV3rpMAaEbod5zeW6SHd95H3Bvcb43YiiqJFNL5sGZzFb7FqzVmpsZ1efiv6sZaGDHtnCAL6r12UG5EZuqGfM0jGCZitUz2m9TUKXJL5DJ7MOYbFfkCEsUBPDm_TInliSVn2kMJhFa0VOe5wZk5YOuYM3lNYW64HGtbf-llN2Xk-4O9TfeSPizBx9ZqGpeu8pz13efUDT2WL9tWo6-0UE-CrG0bScm8lFTncTkHcu49_a5NaUBkYlBjEiw.thPcx3t1AUcWuEygXIY3Fg",
|
||||||
@ -1612,9 +1619,13 @@ func TestProvisionersResponse_MarshalJSON(t *testing.T) {
|
|||||||
{
|
{
|
||||||
"type": "scep",
|
"type": "scep",
|
||||||
"name": "scep",
|
"name": "scep",
|
||||||
|
"forceCN": false,
|
||||||
|
"includeRoot": true,
|
||||||
|
"excludeIntermediate": true,
|
||||||
"challenge": "*** REDACTED ***",
|
"challenge": "*** REDACTED ***",
|
||||||
"decrypterCertificate": "*** REDACTED ***",
|
"decrypterCertificate": "*** REDACTED ***",
|
||||||
"decrypterKey": "*** REDACTED ***",
|
"decrypterKey": "*** REDACTED ***",
|
||||||
|
"decrypterKeyPEM": "*** REDACTED ***",
|
||||||
"decrypterKeyPassword": "*** REDACTED ***",
|
"decrypterKeyPassword": "*** REDACTED ***",
|
||||||
"minimumPublicKeyLength": 2048,
|
"minimumPublicKeyLength": 2048,
|
||||||
"encryptionAlgorithmIdentifier": 2,
|
"encryptionAlgorithmIdentifier": 2,
|
||||||
@ -1652,9 +1663,12 @@ func TestProvisionersResponse_MarshalJSON(t *testing.T) {
|
|||||||
ChallengePassword: "not-so-secret",
|
ChallengePassword: "not-so-secret",
|
||||||
MinimumPublicKeyLength: 2048,
|
MinimumPublicKeyLength: 2048,
|
||||||
EncryptionAlgorithmIdentifier: 2,
|
EncryptionAlgorithmIdentifier: 2,
|
||||||
|
IncludeRoot: true,
|
||||||
|
ExcludeIntermediate: true,
|
||||||
DecrypterCertificate: []byte{1, 2, 3, 4},
|
DecrypterCertificate: []byte{1, 2, 3, 4},
|
||||||
DecrypterKey: "softkms:path=/path/to/private.key",
|
DecrypterKeyPEM: []byte{5, 6, 7, 8},
|
||||||
DecrypterKeyPassword: "super-secret-password",
|
DecrypterKeyURI: "softkms:path=/path/to/private.key",
|
||||||
|
DecrypterKeyPassword: encodedPassword.Bytes(),
|
||||||
},
|
},
|
||||||
&provisioner.JWK{
|
&provisioner.JWK{
|
||||||
EncryptedKey: "eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4R0NNIiwicDJjIjoxMDAwMDAsInAycyI6IlhOdmYxQjgxSUlLMFA2NUkwcmtGTGcifQ.XaN9zcPQeWt49zchUDm34FECUTHfQTn_.tmNHPQDqR3ebsWfd.9WZr3YVdeOyJh36vvx0VlRtluhvYp4K7jJ1KGDr1qypwZ3ziBVSNbYYQ71du7fTtrnfG1wgGTVR39tWSzBU-zwQ5hdV3rpMAaEbod5zeW6SHd95H3Bvcb43YiiqJFNL5sGZzFb7FqzVmpsZ1efiv6sZaGDHtnCAL6r12UG5EZuqGfM0jGCZitUz2m9TUKXJL5DJ7MOYbFfkCEsUBPDm_TInliSVn2kMJhFa0VOe5wZk5YOuYM3lNYW64HGtbf-llN2Xk-4O9TfeSPizBx9ZqGpeu8pz13efUDT2WL9tWo6-0UE-CrG0bScm8lFTncTkHcu49_a5NaUBkYlBjEiw.thPcx3t1AUcWuEygXIY3Fg",
|
EncryptedKey: "eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4R0NNIiwicDJjIjoxMDAwMDAsInAycyI6IlhOdmYxQjgxSUlLMFA2NUkwcmtGTGcifQ.XaN9zcPQeWt49zchUDm34FECUTHfQTn_.tmNHPQDqR3ebsWfd.9WZr3YVdeOyJh36vvx0VlRtluhvYp4K7jJ1KGDr1qypwZ3ziBVSNbYYQ71du7fTtrnfG1wgGTVR39tWSzBU-zwQ5hdV3rpMAaEbod5zeW6SHd95H3Bvcb43YiiqJFNL5sGZzFb7FqzVmpsZ1efiv6sZaGDHtnCAL6r12UG5EZuqGfM0jGCZitUz2m9TUKXJL5DJ7MOYbFfkCEsUBPDm_TInliSVn2kMJhFa0VOe5wZk5YOuYM3lNYW64HGtbf-llN2Xk-4O9TfeSPizBx9ZqGpeu8pz13efUDT2WL9tWo6-0UE-CrG0bScm8lFTncTkHcu49_a5NaUBkYlBjEiw.thPcx3t1AUcWuEygXIY3Fg",
|
||||||
|
@ -19,17 +19,17 @@ type SCEP struct {
|
|||||||
ID string `json:"-"`
|
ID string `json:"-"`
|
||||||
Type string `json:"type"`
|
Type string `json:"type"`
|
||||||
Name string `json:"name"`
|
Name string `json:"name"`
|
||||||
ForceCN bool `json:"forceCN,omitempty"`
|
ForceCN bool `json:"forceCN"`
|
||||||
ChallengePassword string `json:"challenge,omitempty"`
|
ChallengePassword string `json:"challenge"`
|
||||||
Capabilities []string `json:"capabilities,omitempty"`
|
Capabilities []string `json:"capabilities,omitempty"`
|
||||||
IncludeRoot bool `json:"includeRoot,omitempty"`
|
IncludeRoot bool `json:"includeRoot"`
|
||||||
ExcludeIntermediate bool `json:"excludeIntermediate,omitempty"`
|
ExcludeIntermediate bool `json:"excludeIntermediate"`
|
||||||
MinimumPublicKeyLength int `json:"minimumPublicKeyLength,omitempty"`
|
MinimumPublicKeyLength int `json:"minimumPublicKeyLength"`
|
||||||
DecrypterCertificate string `json:"decrypterCertificate"`
|
DecrypterCertificate string `json:"decrypterCertificate"`
|
||||||
DecrypterKeyPEM string `json:"decrypterKeyPEM"`
|
DecrypterKeyPEM string `json:"decrypterKeyPEM"`
|
||||||
DecrypterKeyURI string `json:"decrypterKey"`
|
DecrypterKeyURI string `json:"decrypterKey"`
|
||||||
DecrypterKeyPassword string `json:"decrypterKeyPassword"`
|
DecrypterKeyPassword string `json:"decrypterKeyPassword"`
|
||||||
EncryptionAlgorithmIdentifier int `json:"encryptionAlgorithmIdentifier,omitempty"`
|
EncryptionAlgorithmIdentifier int `json:"encryptionAlgorithmIdentifier"`
|
||||||
Options *provisioner.Options `json:"options,omitempty"`
|
Options *provisioner.Options `json:"options,omitempty"`
|
||||||
Claims *provisioner.Claims `json:"claims,omitempty"`
|
Claims *provisioner.Claims `json:"claims,omitempty"`
|
||||||
}
|
}
|
||||||
|
@ -990,7 +990,8 @@ func ProvisionerToCertificates(p *linkedca.Provisioner) (provisioner.Interface,
|
|||||||
}
|
}
|
||||||
if decrypter := cfg.GetDecrypter(); decrypter != nil {
|
if decrypter := cfg.GetDecrypter(); decrypter != nil {
|
||||||
s.DecrypterCertificate = decrypter.DecrypterCertificate
|
s.DecrypterCertificate = decrypter.DecrypterCertificate
|
||||||
s.DecrypterKey = decrypter.DecrypterKey
|
s.DecrypterKeyPEM = decrypter.DecrypterKey
|
||||||
|
s.DecrypterKeyURI = decrypter.DecrypterKeyUri
|
||||||
s.DecrypterKeyPassword = decrypter.DecrypterKeyPassword
|
s.DecrypterKeyPassword = decrypter.DecrypterKeyPassword
|
||||||
}
|
}
|
||||||
return s, nil
|
return s, nil
|
||||||
@ -1250,6 +1251,12 @@ func ProvisionerToLinkedca(p provisioner.Interface) (*linkedca.Provisioner, erro
|
|||||||
IncludeRoot: p.IncludeRoot,
|
IncludeRoot: p.IncludeRoot,
|
||||||
ExcludeIntermediate: p.ExcludeIntermediate,
|
ExcludeIntermediate: p.ExcludeIntermediate,
|
||||||
EncryptionAlgorithmIdentifier: int32(p.EncryptionAlgorithmIdentifier),
|
EncryptionAlgorithmIdentifier: int32(p.EncryptionAlgorithmIdentifier),
|
||||||
|
Decrypter: &linkedca.SCEPDecrypter{
|
||||||
|
DecrypterCertificate: p.DecrypterCertificate,
|
||||||
|
DecrypterKey: p.DecrypterKeyPEM,
|
||||||
|
DecrypterKeyUri: p.DecrypterKeyURI,
|
||||||
|
DecrypterKeyPassword: p.DecrypterKeyPassword,
|
||||||
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
Loading…
Reference in New Issue
Block a user