Change signature algorithm property name

5 months ago · 79739e5073
parent 7eacb68361
commit 79739e5073
6 changed files with 31 additions and 31 deletions
--- a/acme/api/order_test.go
+++ b/acme/api/order_test.go
@ -1733,7 +1733,7 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
 						},
 						Config: &wire.Config{
 							ClientID:                   "integration test",
-							SupportedSigningAlgs:       []string{},
+							SignatureAlgorithms:        []string{},
 							SkipClientIDCheck:          true,
 							SkipExpiryCheck:            true,
 							SkipIssuerCheck:            true,
--- a/acme/api/wire_integration_test.go
+++ b/acme/api/wire_integration_test.go
@ -67,7 +67,7 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
 				},
 				Config: &wire.Config{
 					ClientID:                   "integration test",
-					SupportedSigningAlgs:       []string{},
+					SignatureAlgorithms:        []string{},
 					SkipClientIDCheck:          true,
 					SkipExpiryCheck:            true,
 					SkipIssuerCheck:            true,
--- a/acme/challenge.go
+++ b/acme/challenge.go
@ -485,13 +485,13 @@ func wireDPOP01Validate(ctx context.Context, ch *Challenge, db DB, accountJWK *j
 	}

 	params := verifyParams{
-		token:      dpopPayload.AccessToken,
-		key:        dpopOptions.GetSigningKey(),
-		accountJWK: accountJWK,
-		issuer:     issuer,
-		wireID:     wireID,
-		challenge:  ch,
-		t:          clock.Now().UTC(),
+		token:     dpopPayload.AccessToken,
+		tokenKey:  dpopOptions.GetSigningKey(),
+		dpopKey:   accountJWK,
+		issuer:    issuer,
+		wireID:    wireID,
+		challenge: ch,
+		t:         clock.Now().UTC(),
 	}
 	_, dpop, err := parseAndVerifyWireAccessToken(params)
 	if err != nil {
@ -540,13 +540,13 @@ type wireAccessToken struct {
 type wireDpopToken map[string]any

 type verifyParams struct {
-	token      string
-	key        crypto.PublicKey
-	accountJWK *jose.JSONWebKey
-	issuer     string
-	wireID     wire.ID
-	challenge  *Challenge
-	t          time.Time
+	token     string
+	tokenKey  crypto.PublicKey
+	dpopKey   *jose.JSONWebKey
+	issuer    string
+	wireID    wire.ID
+	challenge *Challenge
+	t         time.Time
 }

 func parseAndVerifyWireAccessToken(v verifyParams) (*wireAccessToken, *wireDpopToken, error) {
@ -556,7 +556,7 @@ func parseAndVerifyWireAccessToken(v verifyParams) (*wireAccessToken, *wireDpopT
 	}

 	var accessToken wireAccessToken
-	if err = jwt.Claims(v.key, &accessToken); err != nil {
+	if err = jwt.Claims(v.tokenKey, &accessToken); err != nil {
 		return nil, nil, fmt.Errorf("failed validating Wire DPoP token claims: %w", err)
 	}

@ -567,7 +567,7 @@ func parseAndVerifyWireAccessToken(v verifyParams) (*wireAccessToken, *wireDpopT
 		return nil, nil, fmt.Errorf("failed validation: %w", err)
 	}

-	rawKid, err := v.accountJWK.Thumbprint(crypto.SHA256)
+	rawKid, err := v.dpopKey.Thumbprint(crypto.SHA256)
 	if err != nil {
 		return nil, nil, fmt.Errorf("failed to compute JWK thumbprint")
 	}
@ -591,7 +591,7 @@ func parseAndVerifyWireAccessToken(v verifyParams) (*wireAccessToken, *wireDpopT
 		return nil, nil, fmt.Errorf("invalid Wire DPoP token: %w", err)
 	}
 	var dpopToken wireDpopToken
-	if err := dpopJWT.Claims(v.accountJWK.Key, &dpopToken); err != nil {
+	if err := dpopJWT.Claims(v.dpopKey.Key, &dpopToken); err != nil {
 		return nil, nil, fmt.Errorf("failed validating Wire DPoP token claims: %w", err)
 	}

--- a/acme/challenge_test.go
+++ b/acme/challenge_test.go
@ -4333,13 +4333,13 @@ MCowBQYDK2VwAyEAB2IYqBWXAouDt3WcCZgCM3t9gumMEKMlgMsGenSu+fA=
 	json.Unmarshal(jwkBytes, &accountJWK)

 	at, dpop, err := parseAndVerifyWireAccessToken(verifyParams{
-		token:      token,
-		key:        publicKey,
-		accountJWK: &accountJWK,
-		issuer:     issuer,
-		wireID:     wireID,
-		challenge:  ch,
-		t:          issuedAt.Add(1 * time.Minute), // set validation time to be one minute after issuance
+		token:     token,
+		tokenKey:  publicKey,
+		dpopKey:   &accountJWK,
+		issuer:    issuer,
+		wireID:    wireID,
+		challenge: ch,
+		t:         issuedAt.Add(1 * time.Minute), // set validation time to be one minute after issuance
 	})
 	if assert.NoError(t, err) {
 		// token assertions
--- a/authority/provisioner/wire/dpop_options.go
+++ b/authority/provisioner/wire/dpop_options.go
@ -13,7 +13,7 @@ import (
 type DPOPOptions struct {
 	// Public part of the  signing key for DPoP access token
 	SigningKey []byte `json:"key"`
-	// URI template acme client must call to fetch the DPoP challenge proof (an access token from wire-server)
+	// URI template for the URI the ACME client must call to fetch the DPoP challenge proof (an access token from wire-server)
 	Target string `json:"target"`
 }

--- a/authority/provisioner/wire/oidc_options.go
+++ b/authority/provisioner/wire/oidc_options.go
@ -22,13 +22,13 @@ type Provider struct {
 }

 type Config struct {
-	ClientID                   string           `json:"client_id,omitempty"`
-	SupportedSigningAlgs       []string         `json:"supported_signing_algs,omitempty"`
+	ClientID                   string           `json:"clientId,omitempty"`
+	SignatureAlgorithms        []string         `json:"signatureAlgorithms,omitempty"`
 	SkipClientIDCheck          bool             `json:"-"`
 	SkipExpiryCheck            bool             `json:"-"`
 	SkipIssuerCheck            bool             `json:"-"`
-	Now                        func() time.Time `json:"-"`
 	InsecureSkipSignatureCheck bool             `json:"-"`
+	Now                        func() time.Time `json:"-"`
 }

 type OIDCOptions struct {
@ -50,7 +50,7 @@ func (o *OIDCOptions) GetConfig() *oidc.Config {

 	return &oidc.Config{
 		ClientID:                   o.Config.ClientID,
-		SupportedSigningAlgs:       o.Config.SupportedSigningAlgs,
+		SupportedSigningAlgs:       o.Config.SignatureAlgorithms,
 		SkipClientIDCheck:          o.Config.SkipClientIDCheck,
 		SkipExpiryCheck:            o.Config.SkipExpiryCheck,
 		SkipIssuerCheck:            o.Config.SkipIssuerCheck,