Archives/smallstep-certificates
2
0
Fork 0
mirror of https://github.com/smallstep/certificates.git synced 2024-11-09 13:10:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add SCEPCHALLENGE as valid webhook type in admin API

Browse Source
This commit is contained in:
Herman Slatman 2023-04-29 01:40:03 +02:00
parent 419478d1e5
commit ad4d8e6c68
No known key found for this signature in database
GPG Key ID: F4D8A44EA0A75A4F
3 changed files with 27 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
authority/admin/api/webhook.go
View File

@ -57,9 +57,9 @@ func validateWebhook(webhook *linkedca.Webhook) error {
// kind
switch webhook.Kind {
case linkedca.Webhook_ENRICHING, linkedca.Webhook_AUTHORIZING:
case linkedca.Webhook_ENRICHING, linkedca.Webhook_AUTHORIZING, linkedca.Webhook_SCEPCHALLENGE:
default:
return admin.NewError(admin.ErrorBadRequestType, "webhook kind is invalid")
return admin.NewError(admin.ErrorBadRequestType, "webhook kind %q is invalid", webhook.Kind)
}
return nil

20
authority/admin/api/webhook_test.go
View File

@ -180,6 +180,26 @@ func TestWebhookAdminResponder_CreateProvisionerWebhook(t *testing.T) {
statusCode: 400,
}
},
"fail/unsupported-webhook-kind": func(t *testing.T) test {
prov := &linkedca.Provisioner{
Name: "provName",
}
ctx := linkedca.NewContextWithProvisioner(context.Background(), prov)
adminErr := admin.NewError(admin.ErrorBadRequestType, `(line 5:13): invalid value for enum type: "UNSUPPORTED"`)
adminErr.Message = `(line 5:13): invalid value for enum type: "UNSUPPORTED"`
body := []byte(`
{
"name": "metadata",
"url": "https://example.com",
"kind": "UNSUPPORTED",
}`)
return test{
ctx: ctx,
body: body,
err: adminErr,
statusCode: 400,
}
},
"fail/auth.UpdateProvisioner-error": func(t *testing.T) test {
adm := &linkedca.Admin{
Subject: "step",

7
scep/api/webhook/webhook.go
View File

@ -54,8 +54,11 @@ func (c *Controller) Validate(ctx context.Context, challenge string) error {
return provisioner.ErrWebhookDenied
}
// isCertTypeOK returns whether or not the webhook is for X.509
// certificates.
// isCertTypeOK returns whether or not the webhook can be used
// with the SCEP challenge validation webhook controller.
func (c *Controller) isCertTypeOK(wh *provisioner.Webhook) bool {
if wh.CertType == linkedca.Webhook_ALL.String() || wh.CertType == "" {
return true
}
return linkedca.Webhook_X509.String() == wh.CertType
}