mirror of
https://github.com/smallstep/certificates.git
synced 2024-10-31 03:20:16 +00:00
Make API responses aware of the new SCEP decrypter properties
This commit is contained in:
parent
3ade92f8d5
commit
5fd70af2c8
@ -1569,7 +1569,6 @@ func mustCertificate(t *testing.T, pub, priv interface{}) *x509.Certificate {
|
||||
}
|
||||
|
||||
func TestProvisionersResponse_MarshalJSON(t *testing.T) {
|
||||
|
||||
k := map[string]any{
|
||||
"use": "sig",
|
||||
"kty": "EC",
|
||||
@ -1581,9 +1580,14 @@ func TestProvisionersResponse_MarshalJSON(t *testing.T) {
|
||||
}
|
||||
key := squarejose.JSONWebKey{}
|
||||
b, err := json.Marshal(k)
|
||||
assert.FatalError(t, err)
|
||||
require.NoError(t, err)
|
||||
err = json.Unmarshal(b, &key)
|
||||
assert.FatalError(t, err)
|
||||
require.NoError(t, err)
|
||||
|
||||
var encodedPassword bytes.Buffer
|
||||
enc := base64.NewEncoder(base64.StdEncoding, &encodedPassword)
|
||||
_, err = enc.Write([]byte("super-secret-password"))
|
||||
require.NoError(t, err)
|
||||
|
||||
r := ProvisionersResponse{
|
||||
Provisioners: provisioner.List{
|
||||
@ -1593,9 +1597,12 @@ func TestProvisionersResponse_MarshalJSON(t *testing.T) {
|
||||
ChallengePassword: "not-so-secret",
|
||||
MinimumPublicKeyLength: 2048,
|
||||
EncryptionAlgorithmIdentifier: 2,
|
||||
IncludeRoot: true,
|
||||
ExcludeIntermediate: true,
|
||||
DecrypterCertificate: []byte{1, 2, 3, 4},
|
||||
DecrypterKey: "softkms:path=/path/to/private.key",
|
||||
DecrypterKeyPassword: "super-secret-password",
|
||||
DecrypterKeyPEM: []byte{5, 6, 7, 8},
|
||||
DecrypterKeyURI: "softkms:path=/path/to/private.key",
|
||||
DecrypterKeyPassword: encodedPassword.Bytes(),
|
||||
},
|
||||
&provisioner.JWK{
|
||||
EncryptedKey: "eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4R0NNIiwicDJjIjoxMDAwMDAsInAycyI6IlhOdmYxQjgxSUlLMFA2NUkwcmtGTGcifQ.XaN9zcPQeWt49zchUDm34FECUTHfQTn_.tmNHPQDqR3ebsWfd.9WZr3YVdeOyJh36vvx0VlRtluhvYp4K7jJ1KGDr1qypwZ3ziBVSNbYYQ71du7fTtrnfG1wgGTVR39tWSzBU-zwQ5hdV3rpMAaEbod5zeW6SHd95H3Bvcb43YiiqJFNL5sGZzFb7FqzVmpsZ1efiv6sZaGDHtnCAL6r12UG5EZuqGfM0jGCZitUz2m9TUKXJL5DJ7MOYbFfkCEsUBPDm_TInliSVn2kMJhFa0VOe5wZk5YOuYM3lNYW64HGtbf-llN2Xk-4O9TfeSPizBx9ZqGpeu8pz13efUDT2WL9tWo6-0UE-CrG0bScm8lFTncTkHcu49_a5NaUBkYlBjEiw.thPcx3t1AUcWuEygXIY3Fg",
|
||||
@ -1612,9 +1619,13 @@ func TestProvisionersResponse_MarshalJSON(t *testing.T) {
|
||||
{
|
||||
"type": "scep",
|
||||
"name": "scep",
|
||||
"forceCN": false,
|
||||
"includeRoot": true,
|
||||
"excludeIntermediate": true,
|
||||
"challenge": "*** REDACTED ***",
|
||||
"decrypterCertificate": "*** REDACTED ***",
|
||||
"decrypterKey": "*** REDACTED ***",
|
||||
"decrypterKeyPEM": "*** REDACTED ***",
|
||||
"decrypterKeyPassword": "*** REDACTED ***",
|
||||
"minimumPublicKeyLength": 2048,
|
||||
"encryptionAlgorithmIdentifier": 2,
|
||||
@ -1652,9 +1663,12 @@ func TestProvisionersResponse_MarshalJSON(t *testing.T) {
|
||||
ChallengePassword: "not-so-secret",
|
||||
MinimumPublicKeyLength: 2048,
|
||||
EncryptionAlgorithmIdentifier: 2,
|
||||
IncludeRoot: true,
|
||||
ExcludeIntermediate: true,
|
||||
DecrypterCertificate: []byte{1, 2, 3, 4},
|
||||
DecrypterKey: "softkms:path=/path/to/private.key",
|
||||
DecrypterKeyPassword: "super-secret-password",
|
||||
DecrypterKeyPEM: []byte{5, 6, 7, 8},
|
||||
DecrypterKeyURI: "softkms:path=/path/to/private.key",
|
||||
DecrypterKeyPassword: encodedPassword.Bytes(),
|
||||
},
|
||||
&provisioner.JWK{
|
||||
EncryptedKey: "eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4R0NNIiwicDJjIjoxMDAwMDAsInAycyI6IlhOdmYxQjgxSUlLMFA2NUkwcmtGTGcifQ.XaN9zcPQeWt49zchUDm34FECUTHfQTn_.tmNHPQDqR3ebsWfd.9WZr3YVdeOyJh36vvx0VlRtluhvYp4K7jJ1KGDr1qypwZ3ziBVSNbYYQ71du7fTtrnfG1wgGTVR39tWSzBU-zwQ5hdV3rpMAaEbod5zeW6SHd95H3Bvcb43YiiqJFNL5sGZzFb7FqzVmpsZ1efiv6sZaGDHtnCAL6r12UG5EZuqGfM0jGCZitUz2m9TUKXJL5DJ7MOYbFfkCEsUBPDm_TInliSVn2kMJhFa0VOe5wZk5YOuYM3lNYW64HGtbf-llN2Xk-4O9TfeSPizBx9ZqGpeu8pz13efUDT2WL9tWo6-0UE-CrG0bScm8lFTncTkHcu49_a5NaUBkYlBjEiw.thPcx3t1AUcWuEygXIY3Fg",
|
||||
|
@ -19,17 +19,17 @@ type SCEP struct {
|
||||
ID string `json:"-"`
|
||||
Type string `json:"type"`
|
||||
Name string `json:"name"`
|
||||
ForceCN bool `json:"forceCN,omitempty"`
|
||||
ChallengePassword string `json:"challenge,omitempty"`
|
||||
ForceCN bool `json:"forceCN"`
|
||||
ChallengePassword string `json:"challenge"`
|
||||
Capabilities []string `json:"capabilities,omitempty"`
|
||||
IncludeRoot bool `json:"includeRoot,omitempty"`
|
||||
ExcludeIntermediate bool `json:"excludeIntermediate,omitempty"`
|
||||
MinimumPublicKeyLength int `json:"minimumPublicKeyLength,omitempty"`
|
||||
IncludeRoot bool `json:"includeRoot"`
|
||||
ExcludeIntermediate bool `json:"excludeIntermediate"`
|
||||
MinimumPublicKeyLength int `json:"minimumPublicKeyLength"`
|
||||
DecrypterCertificate string `json:"decrypterCertificate"`
|
||||
DecrypterKeyPEM string `json:"decrypterKeyPEM"`
|
||||
DecrypterKeyURI string `json:"decrypterKey"`
|
||||
DecrypterKeyPassword string `json:"decrypterKeyPassword"`
|
||||
EncryptionAlgorithmIdentifier int `json:"encryptionAlgorithmIdentifier,omitempty"`
|
||||
EncryptionAlgorithmIdentifier int `json:"encryptionAlgorithmIdentifier"`
|
||||
Options *provisioner.Options `json:"options,omitempty"`
|
||||
Claims *provisioner.Claims `json:"claims,omitempty"`
|
||||
}
|
||||
|
@ -990,7 +990,8 @@ func ProvisionerToCertificates(p *linkedca.Provisioner) (provisioner.Interface,
|
||||
}
|
||||
if decrypter := cfg.GetDecrypter(); decrypter != nil {
|
||||
s.DecrypterCertificate = decrypter.DecrypterCertificate
|
||||
s.DecrypterKey = decrypter.DecrypterKey
|
||||
s.DecrypterKeyPEM = decrypter.DecrypterKey
|
||||
s.DecrypterKeyURI = decrypter.DecrypterKeyUri
|
||||
s.DecrypterKeyPassword = decrypter.DecrypterKeyPassword
|
||||
}
|
||||
return s, nil
|
||||
@ -1250,6 +1251,12 @@ func ProvisionerToLinkedca(p provisioner.Interface) (*linkedca.Provisioner, erro
|
||||
IncludeRoot: p.IncludeRoot,
|
||||
ExcludeIntermediate: p.ExcludeIntermediate,
|
||||
EncryptionAlgorithmIdentifier: int32(p.EncryptionAlgorithmIdentifier),
|
||||
Decrypter: &linkedca.SCEPDecrypter{
|
||||
DecrypterCertificate: p.DecrypterCertificate,
|
||||
DecrypterKey: p.DecrypterKeyPEM,
|
||||
DecrypterKeyUri: p.DecrypterKeyURI,
|
||||
DecrypterKeyPassword: p.DecrypterKeyPassword,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
|
Loading…
Reference in New Issue
Block a user