mirror of
https://github.com/smallstep/certificates.git
synced 2024-11-15 18:12:59 +00:00
Move Wire option validation to provisioner initialization
This commit is contained in:
parent
79943d2e5e
commit
8a9b1b3f79
@ -280,9 +280,9 @@ func newAuthorization(ctx context.Context, az *acme.Authorization) error {
|
||||
var target string
|
||||
switch az.Identifier.Type {
|
||||
case acme.WireUser:
|
||||
wireOptions, err := prov.GetOptions().GetWireOptions()
|
||||
if err != nil {
|
||||
return acme.WrapErrorISE(err, "failed getting Wire options")
|
||||
wireOptions := prov.GetOptions().GetWireOptions()
|
||||
if wireOptions == nil {
|
||||
return acme.NewErrorISE("failed getting Wire options")
|
||||
}
|
||||
var targetProvider interface{ EvaluateTarget(string) (string, error) }
|
||||
switch typ {
|
||||
@ -305,9 +305,9 @@ func newAuthorization(ctx context.Context, az *acme.Authorization) error {
|
||||
if err != nil {
|
||||
return acme.WrapError(acme.ErrorMalformedType, err, "failed parsing ClientID")
|
||||
}
|
||||
wireOptions, err := prov.GetOptions().GetWireOptions()
|
||||
if err != nil {
|
||||
return acme.WrapErrorISE(err, "failed getting Wire options")
|
||||
wireOptions := prov.GetOptions().GetWireOptions()
|
||||
if wireOptions == nil {
|
||||
return acme.NewErrorISE("failed getting Wire options")
|
||||
}
|
||||
var targetProvider interface{ EvaluateTarget(string) (string, error) }
|
||||
switch typ {
|
||||
|
@ -362,6 +362,10 @@ func wireOIDC01Validate(ctx context.Context, ch *Challenge, db DB, jwk *jose.JSO
|
||||
if !ok {
|
||||
return NewErrorISE("missing provisioner")
|
||||
}
|
||||
wireOptions := prov.GetOptions().GetWireOptions()
|
||||
if wireOptions == nil {
|
||||
return NewErrorISE("no Wire options available")
|
||||
}
|
||||
linker, ok := LinkerFromContext(ctx)
|
||||
if !ok {
|
||||
return NewErrorISE("missing linker")
|
||||
@ -378,11 +382,6 @@ func wireOIDC01Validate(ctx context.Context, ch *Challenge, db DB, jwk *jose.JSO
|
||||
return WrapErrorISE(err, "error unmarshalling challenge data")
|
||||
}
|
||||
|
||||
wireOptions, err := prov.GetOptions().GetWireOptions()
|
||||
if err != nil {
|
||||
return WrapErrorISE(err, "failed getting Wire options")
|
||||
}
|
||||
|
||||
oidcOptions := wireOptions.GetOIDCOptions()
|
||||
verifier := oidcOptions.GetProvider(ctx).Verifier(oidcOptions.GetConfig())
|
||||
idToken, err := verifier.Verify(ctx, oidcPayload.IDToken)
|
||||
@ -490,6 +489,10 @@ func wireDPOP01Validate(ctx context.Context, ch *Challenge, db DB, accountJWK *j
|
||||
if !ok {
|
||||
return NewErrorISE("missing provisioner")
|
||||
}
|
||||
wireOptions := prov.GetOptions().GetWireOptions()
|
||||
if wireOptions == nil {
|
||||
return NewErrorISE("no Wire options available")
|
||||
}
|
||||
linker, ok := LinkerFromContext(ctx)
|
||||
if !ok {
|
||||
return NewErrorISE("missing linker")
|
||||
@ -510,11 +513,6 @@ func wireDPOP01Validate(ctx context.Context, ch *Challenge, db DB, accountJWK *j
|
||||
return WrapErrorISE(err, "error parsing device id")
|
||||
}
|
||||
|
||||
wireOptions, err := prov.GetOptions().GetWireOptions()
|
||||
if err != nil {
|
||||
return WrapErrorISE(err, "failed getting Wire options")
|
||||
}
|
||||
|
||||
dpopOptions := wireOptions.GetDPOPOptions()
|
||||
issuer, err := dpopOptions.EvaluateTarget(clientID.DeviceID)
|
||||
if err != nil {
|
||||
|
@ -211,10 +211,27 @@ func (p *ACME) Init(config Config) (err error) {
|
||||
}
|
||||
}
|
||||
|
||||
if err := p.initializeWireOptions(); err != nil {
|
||||
return fmt.Errorf("failed initializing Wire options: %w", err)
|
||||
}
|
||||
|
||||
p.ctl, err = NewController(p, p.Claims, config, p.Options)
|
||||
return
|
||||
}
|
||||
|
||||
func (p *ACME) initializeWireOptions() error {
|
||||
w := p.GetOptions().GetWireOptions()
|
||||
if w == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
if err := w.Validate(); err != nil {
|
||||
return fmt.Errorf("failed validating Wire options: %w", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// ACMEIdentifierType encodes ACME Identifier types
|
||||
type ACMEIdentifierType string
|
||||
|
||||
|
@ -2,7 +2,6 @@ package provisioner
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"strings"
|
||||
|
||||
"github.com/pkg/errors"
|
||||
@ -55,17 +54,11 @@ func (o *Options) GetSSHOptions() *SSHOptions {
|
||||
}
|
||||
|
||||
// GetWireOptions returns the SSH options.
|
||||
func (o *Options) GetWireOptions() (*wire.Options, error) {
|
||||
func (o *Options) GetWireOptions() *wire.Options {
|
||||
if o == nil {
|
||||
return nil, errors.New("no options available")
|
||||
return nil
|
||||
}
|
||||
if o.Wire == nil {
|
||||
return nil, errors.New("no Wire options available")
|
||||
}
|
||||
if err := o.Wire.Validate(); err != nil {
|
||||
return nil, fmt.Errorf("failed validating Wire options: %w", err)
|
||||
}
|
||||
return o.Wire, nil
|
||||
return o.Wire
|
||||
}
|
||||
|
||||
// GetWebhooks returns the webhooks options.
|
||||
|
Loading…
Reference in New Issue
Block a user