From 6030f8bc2eda65617987d13ae7db9b92f0ba0113 Mon Sep 17 00:00:00 2001
From: max furman <mx.furman@gmail.com>
Date: Mon, 28 Feb 2022 10:48:01 -0800
Subject: [PATCH] Validate provisioner configuration before storing in DB

---
 authority/provisioners.go | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/authority/provisioners.go b/authority/provisioners.go
index 3b14657c..7dbc84f7 100644
--- a/authority/provisioners.go
+++ b/authority/provisioners.go
@@ -133,9 +133,18 @@ func (a *Authority) StoreProvisioner(ctx context.Context, prov *linkedca.Provisi
 			"provisioner with token ID %s already exists", certProv.GetIDForToken())
 	}
 
+	provisionerConfig, err := a.generateProvisionerConfig(ctx)
+	if err != nil {
+		return admin.WrapErrorISE(err, "error generating provisioner config")
+	}
+
+	if err := certProv.Init(*provisionerConfig); err != nil {
+		return admin.WrapError(admin.ErrorBadRequestType, err, "error validating configuration for provisioner %s", prov.Name)
+	}
+
 	// Store to database -- this will set the ID.
 	if err := a.adminDB.CreateProvisioner(ctx, prov); err != nil {
-		return admin.WrapErrorISE(err, "error creating admin")
+		return admin.WrapErrorISE(err, "error creating provisioner")
 	}
 
 	// We need a new conversion that has the newly set ID.
@@ -145,11 +154,6 @@ func (a *Authority) StoreProvisioner(ctx context.Context, prov *linkedca.Provisi
 			"error converting to certificates provisioner from linkedca provisioner")
 	}
 
-	provisionerConfig, err := a.generateProvisionerConfig(ctx)
-	if err != nil {
-		return admin.WrapErrorISE(err, "error generating provisioner config")
-	}
-
 	if err := certProv.Init(*provisionerConfig); err != nil {
 		return admin.WrapErrorISE(err, "error initializing provisioner %s", prov.Name)
 	}