diff --git a/acme/api/order.go b/acme/api/order.go index beda4e5c..f82784a8 100644 --- a/acme/api/order.go +++ b/acme/api/order.go @@ -280,9 +280,9 @@ func newAuthorization(ctx context.Context, az *acme.Authorization) error { var target string switch az.Identifier.Type { case acme.WireUser: - wireOptions, err := prov.GetOptions().GetWireOptions() - if err != nil { - return acme.WrapErrorISE(err, "failed getting Wire options") + wireOptions := prov.GetOptions().GetWireOptions() + if wireOptions == nil { + return acme.NewErrorISE("failed getting Wire options") } var targetProvider interface{ EvaluateTarget(string) (string, error) } switch typ { @@ -305,9 +305,9 @@ func newAuthorization(ctx context.Context, az *acme.Authorization) error { if err != nil { return acme.WrapError(acme.ErrorMalformedType, err, "failed parsing ClientID") } - wireOptions, err := prov.GetOptions().GetWireOptions() - if err != nil { - return acme.WrapErrorISE(err, "failed getting Wire options") + wireOptions := prov.GetOptions().GetWireOptions() + if wireOptions == nil { + return acme.NewErrorISE("failed getting Wire options") } var targetProvider interface{ EvaluateTarget(string) (string, error) } switch typ { diff --git a/acme/challenge.go b/acme/challenge.go index 0a80f3ed..29910884 100644 --- a/acme/challenge.go +++ b/acme/challenge.go @@ -362,6 +362,10 @@ func wireOIDC01Validate(ctx context.Context, ch *Challenge, db DB, jwk *jose.JSO if !ok { return NewErrorISE("missing provisioner") } + wireOptions := prov.GetOptions().GetWireOptions() + if wireOptions == nil { + return NewErrorISE("no Wire options available") + } linker, ok := LinkerFromContext(ctx) if !ok { return NewErrorISE("missing linker") @@ -378,11 +382,6 @@ func wireOIDC01Validate(ctx context.Context, ch *Challenge, db DB, jwk *jose.JSO return WrapErrorISE(err, "error unmarshalling challenge data") } - wireOptions, err := prov.GetOptions().GetWireOptions() - if err != nil { - return WrapErrorISE(err, "failed getting Wire options") - } - oidcOptions := wireOptions.GetOIDCOptions() verifier := oidcOptions.GetProvider(ctx).Verifier(oidcOptions.GetConfig()) idToken, err := verifier.Verify(ctx, oidcPayload.IDToken) @@ -490,6 +489,10 @@ func wireDPOP01Validate(ctx context.Context, ch *Challenge, db DB, accountJWK *j if !ok { return NewErrorISE("missing provisioner") } + wireOptions := prov.GetOptions().GetWireOptions() + if wireOptions == nil { + return NewErrorISE("no Wire options available") + } linker, ok := LinkerFromContext(ctx) if !ok { return NewErrorISE("missing linker") @@ -510,11 +513,6 @@ func wireDPOP01Validate(ctx context.Context, ch *Challenge, db DB, accountJWK *j return WrapErrorISE(err, "error parsing device id") } - wireOptions, err := prov.GetOptions().GetWireOptions() - if err != nil { - return WrapErrorISE(err, "failed getting Wire options") - } - dpopOptions := wireOptions.GetDPOPOptions() issuer, err := dpopOptions.EvaluateTarget(clientID.DeviceID) if err != nil { diff --git a/authority/provisioner/acme.go b/authority/provisioner/acme.go index f338a78a..6303fe9a 100644 --- a/authority/provisioner/acme.go +++ b/authority/provisioner/acme.go @@ -211,10 +211,27 @@ func (p *ACME) Init(config Config) (err error) { } } + if err := p.initializeWireOptions(); err != nil { + return fmt.Errorf("failed initializing Wire options: %w", err) + } + p.ctl, err = NewController(p, p.Claims, config, p.Options) return } +func (p *ACME) initializeWireOptions() error { + w := p.GetOptions().GetWireOptions() + if w == nil { + return nil + } + + if err := w.Validate(); err != nil { + return fmt.Errorf("failed validating Wire options: %w", err) + } + + return nil +} + // ACMEIdentifierType encodes ACME Identifier types type ACMEIdentifierType string diff --git a/authority/provisioner/options.go b/authority/provisioner/options.go index 13532734..1e0457c5 100644 --- a/authority/provisioner/options.go +++ b/authority/provisioner/options.go @@ -2,7 +2,6 @@ package provisioner import ( "encoding/json" - "fmt" "strings" "github.com/pkg/errors" @@ -55,17 +54,11 @@ func (o *Options) GetSSHOptions() *SSHOptions { } // GetWireOptions returns the SSH options. -func (o *Options) GetWireOptions() (*wire.Options, error) { +func (o *Options) GetWireOptions() *wire.Options { if o == nil { - return nil, errors.New("no options available") - } - if o.Wire == nil { - return nil, errors.New("no Wire options available") - } - if err := o.Wire.Validate(); err != nil { - return nil, fmt.Errorf("failed validating Wire options: %w", err) + return nil } - return o.Wire, nil + return o.Wire } // GetWebhooks returns the webhooks options.