Archives/smallstep-certificates
2
0
Fork 0
mirror of https://github.com/smallstep/certificates.git synced 2024-11-15 18:12:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Move Wire option validation to provisioner initialization

Browse Source
This commit is contained in:
Herman Slatman 2024-01-29 16:45:13 +01:00
parent 79943d2e5e
commit 8a9b1b3f79
No known key found for this signature in database
GPG Key ID: F4D8A44EA0A75A4F
4 changed files with 34 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
acme/api/order.go
View File

@ -280,9 +280,9 @@ func newAuthorization(ctx context.Context, az *acme.Authorization) error {
var target string var target string
switch az.Identifier.Type { switch az.Identifier.Type {
case acme.WireUser: case acme.WireUser:
wireOptions, err := prov.GetOptions().GetWireOptions() wireOptions := prov.GetOptions().GetWireOptions()
if err != nil { if wireOptions == nil {
return acme.WrapErrorISE(err, "failed getting Wire options") return acme.NewErrorISE("failed getting Wire options")
} }
var targetProvider interface{ EvaluateTarget(string) (string, error) } var targetProvider interface{ EvaluateTarget(string) (string, error) }
switch typ { switch typ {
@ -305,9 +305,9 @@ func newAuthorization(ctx context.Context, az *acme.Authorization) error {
if err != nil { if err != nil {
return acme.WrapError(acme.ErrorMalformedType, err, "failed parsing ClientID") return acme.WrapError(acme.ErrorMalformedType, err, "failed parsing ClientID")
} }
wireOptions, err := prov.GetOptions().GetWireOptions() wireOptions := prov.GetOptions().GetWireOptions()
if err != nil { if wireOptions == nil {
return acme.WrapErrorISE(err, "failed getting Wire options") return acme.NewErrorISE("failed getting Wire options")
} }
var targetProvider interface{ EvaluateTarget(string) (string, error) } var targetProvider interface{ EvaluateTarget(string) (string, error) }
switch typ { switch typ {

18
acme/challenge.go
View File

@ -362,6 +362,10 @@ func wireOIDC01Validate(ctx context.Context, ch *Challenge, db DB, jwk *jose.JSO
if !ok { if !ok {
return NewErrorISE("missing provisioner") return NewErrorISE("missing provisioner")
} }
wireOptions := prov.GetOptions().GetWireOptions()
if wireOptions == nil {
return NewErrorISE("no Wire options available")
}
linker, ok := LinkerFromContext(ctx) linker, ok := LinkerFromContext(ctx)
if !ok { if !ok {
return NewErrorISE("missing linker") return NewErrorISE("missing linker")
@ -378,11 +382,6 @@ func wireOIDC01Validate(ctx context.Context, ch *Challenge, db DB, jwk *jose.JSO
return WrapErrorISE(err, "error unmarshalling challenge data") return WrapErrorISE(err, "error unmarshalling challenge data")
} }
wireOptions, err := prov.GetOptions().GetWireOptions()
if err != nil {
return WrapErrorISE(err, "failed getting Wire options")
}
oidcOptions := wireOptions.GetOIDCOptions() oidcOptions := wireOptions.GetOIDCOptions()
verifier := oidcOptions.GetProvider(ctx).Verifier(oidcOptions.GetConfig()) verifier := oidcOptions.GetProvider(ctx).Verifier(oidcOptions.GetConfig())
idToken, err := verifier.Verify(ctx, oidcPayload.IDToken) idToken, err := verifier.Verify(ctx, oidcPayload.IDToken)
@ -490,6 +489,10 @@ func wireDPOP01Validate(ctx context.Context, ch *Challenge, db DB, accountJWK *j
if !ok { if !ok {
return NewErrorISE("missing provisioner") return NewErrorISE("missing provisioner")
} }
wireOptions := prov.GetOptions().GetWireOptions()
if wireOptions == nil {
return NewErrorISE("no Wire options available")
}
linker, ok := LinkerFromContext(ctx) linker, ok := LinkerFromContext(ctx)
if !ok { if !ok {
return NewErrorISE("missing linker") return NewErrorISE("missing linker")
@ -510,11 +513,6 @@ func wireDPOP01Validate(ctx context.Context, ch *Challenge, db DB, accountJWK *j
return WrapErrorISE(err, "error parsing device id") return WrapErrorISE(err, "error parsing device id")
} }
wireOptions, err := prov.GetOptions().GetWireOptions()
if err != nil {
return WrapErrorISE(err, "failed getting Wire options")
}
dpopOptions := wireOptions.GetDPOPOptions() dpopOptions := wireOptions.GetDPOPOptions()
issuer, err := dpopOptions.EvaluateTarget(clientID.DeviceID) issuer, err := dpopOptions.EvaluateTarget(clientID.DeviceID)
if err != nil { if err != nil {

17
authority/provisioner/acme.go
View File

@ -211,10 +211,27 @@ func (p *ACME) Init(config Config) (err error) {
} }
} }
if err := p.initializeWireOptions(); err != nil {
return fmt.Errorf("failed initializing Wire options: %w", err)
}
p.ctl, err = NewController(p, p.Claims, config, p.Options) p.ctl, err = NewController(p, p.Claims, config, p.Options)
return return
} }
func (p *ACME) initializeWireOptions() error {
w := p.GetOptions().GetWireOptions()
if w == nil {
return nil
}
if err := w.Validate(); err != nil {
return fmt.Errorf("failed validating Wire options: %w", err)
}
return nil
}
// ACMEIdentifierType encodes ACME Identifier types // ACMEIdentifierType encodes ACME Identifier types
type ACMEIdentifierType string type ACMEIdentifierType string

13
authority/provisioner/options.go
View File

@ -2,7 +2,6 @@ package provisioner
import ( import (
"encoding/json" "encoding/json"
"fmt"
"strings" "strings"
"github.com/pkg/errors" "github.com/pkg/errors"
@ -55,17 +54,11 @@ func (o *Options) GetSSHOptions() *SSHOptions {
} }
// GetWireOptions returns the SSH options. // GetWireOptions returns the SSH options.
func (o *Options) GetWireOptions() (*wire.Options, error) { func (o *Options) GetWireOptions() *wire.Options {
if o == nil { if o == nil {
return nil, errors.New("no options available") return nil
} }
if o.Wire == nil { return o.Wire
return nil, errors.New("no Wire options available")
}
if err := o.Wire.Validate(); err != nil {
return nil, fmt.Errorf("failed validating Wire options: %w", err)
}
return o.Wire, nil
} }
// GetWebhooks returns the webhooks options. // GetWebhooks returns the webhooks options.