From 9e3807eaa3096d633e6f28437387fef4256d36d7 Mon Sep 17 00:00:00 2001
From: Herman Slatman <hermanslatman@hotmail.com>
Date: Tue, 19 Sep 2023 16:34:29 +0200
Subject: [PATCH] Use `SignWithContext` in the critical paths

---
 acme/order.go     | 2 +-
 api/sign.go       | 2 +-
 api/ssh.go        | 2 +-
 scep/authority.go | 3 ++-
 4 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/acme/order.go b/acme/order.go
index 8dfcf97a..5a86c2c8 100644
--- a/acme/order.go
+++ b/acme/order.go
@@ -263,7 +263,7 @@ func (o *Order) Finalize(ctx context.Context, db DB, csr *x509.CertificateReques
 	signOps = append(signOps, extraOptions...)
 
 	// Sign a new certificate.
-	certChain, err := auth.Sign(csr, provisioner.SignOptions{
+	certChain, err := auth.SignWithContext(ctx, csr, provisioner.SignOptions{
 		NotBefore: provisioner.NewTimeDuration(o.NotBefore),
 		NotAfter:  provisioner.NewTimeDuration(o.NotAfter),
 	}, signOps...)
diff --git a/api/sign.go b/api/sign.go
index c0c83ce2..26b3c396 100644
--- a/api/sign.go
+++ b/api/sign.go
@@ -78,7 +78,7 @@ func Sign(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	certChain, err := a.Sign(body.CsrPEM.CertificateRequest, opts, signOpts...)
+	certChain, err := a.SignWithContext(ctx, body.CsrPEM.CertificateRequest, opts, signOpts...)
 	if err != nil {
 		render.Error(w, errs.ForbiddenErr(err, "error signing certificate"))
 		return
diff --git a/api/ssh.go b/api/ssh.go
index fbaa8c5a..a07dab29 100644
--- a/api/ssh.go
+++ b/api/ssh.go
@@ -330,7 +330,7 @@ func SSHSign(w http.ResponseWriter, r *http.Request) {
 			NotAfter:  time.Unix(int64(cert.ValidBefore), 0),
 		})
 
-		certChain, err := a.Sign(cr, provisioner.SignOptions{}, signOpts...)
+		certChain, err := a.SignWithContext(ctx, cr, provisioner.SignOptions{}, signOpts...)
 		if err != nil {
 			render.Error(w, errs.ForbiddenErr(err, "error signing identity certificate"))
 			return
diff --git a/scep/authority.go b/scep/authority.go
index 23c28813..a7333aa7 100644
--- a/scep/authority.go
+++ b/scep/authority.go
@@ -65,6 +65,7 @@ type AuthorityOptions struct {
 // SignAuthority is the interface for a signing authority
 type SignAuthority interface {
 	Sign(cr *x509.CertificateRequest, opts provisioner.SignOptions, signOpts ...provisioner.SignOption) ([]*x509.Certificate, error)
+	SignWithContext(ctx context.Context, cr *x509.CertificateRequest, opts provisioner.SignOptions, signOpts ...provisioner.SignOption) ([]*x509.Certificate, error)
 	LoadProvisionerByName(string) (provisioner.Interface, error)
 }
 
@@ -296,7 +297,7 @@ func (a *Authority) SignCSR(ctx context.Context, csr *x509.CertificateRequest, m
 	}
 	signOps = append(signOps, templateOptions)
 
-	certChain, err := a.signAuth.Sign(csr, opts, signOps...)
+	certChain, err := a.signAuth.SignWithContext(ctx, csr, opts, signOps...)
 	if err != nil {
 		return nil, fmt.Errorf("error generating certificate for order: %w", err)
 	}