Use `SignWithContext` in the critical paths

8 months ago · 9e3807eaa3
parent 4e06bdbc51
commit 9e3807eaa3
4 changed files with 5 additions and 4 deletions
--- a/acme/order.go
+++ b/acme/order.go
@ -263,7 +263,7 @@ func (o *Order) Finalize(ctx context.Context, db DB, csr *x509.CertificateReques
 	signOps = append(signOps, extraOptions...)
 	// Sign a new certificate.
-	certChain, err := auth.Sign(csr, provisioner.SignOptions{
+	certChain, err := auth.SignWithContext(ctx, csr, provisioner.SignOptions{
 		NotBefore: provisioner.NewTimeDuration(o.NotBefore),
 		NotAfter:  provisioner.NewTimeDuration(o.NotAfter),
 	}, signOps...)
--- a/api/sign.go
+++ b/api/sign.go
@ -78,7 +78,7 @@ func Sign(w http.ResponseWriter, r *http.Request) {
 		return
 	}
-	certChain, err := a.Sign(body.CsrPEM.CertificateRequest, opts, signOpts...)
+	certChain, err := a.SignWithContext(ctx, body.CsrPEM.CertificateRequest, opts, signOpts...)
 	if err != nil {
 		render.Error(w, errs.ForbiddenErr(err, "error signing certificate"))
 		return
--- a/api/ssh.go
+++ b/api/ssh.go
@ -330,7 +330,7 @@ func SSHSign(w http.ResponseWriter, r *http.Request) {
 			NotAfter:  time.Unix(int64(cert.ValidBefore), 0),
 		})
-		certChain, err := a.Sign(cr, provisioner.SignOptions{}, signOpts...)
+		certChain, err := a.SignWithContext(ctx, cr, provisioner.SignOptions{}, signOpts...)
 		if err != nil {
 			render.Error(w, errs.ForbiddenErr(err, "error signing identity certificate"))
 			return
--- a/scep/authority.go
+++ b/scep/authority.go
@ -65,6 +65,7 @@ type AuthorityOptions struct {
 // SignAuthority is the interface for a signing authority
 type SignAuthority interface {
 	Sign(cr *x509.CertificateRequest, opts provisioner.SignOptions, signOpts ...provisioner.SignOption) ([]*x509.Certificate, error)
 	SignWithContext(ctx context.Context, cr *x509.CertificateRequest, opts provisioner.SignOptions, signOpts ...provisioner.SignOption) ([]*x509.Certificate, error)
 	LoadProvisionerByName(string) (provisioner.Interface, error)
 }
@ -296,7 +297,7 @@ func (a *Authority) SignCSR(ctx context.Context, csr *x509.CertificateRequest, m
 	}
 	signOps = append(signOps, templateOptions)
-	certChain, err := a.signAuth.Sign(csr, opts, signOps...)
+	certChain, err := a.signAuth.SignWithContext(ctx, csr, opts, signOps...)
 	if err != nil {
 		return nil, fmt.Errorf("error generating certificate for order: %w", err)
 	}