certificates/scep/provisioner.go

package scep

import (
	"context"
	"crypto"
	"crypto/x509"
	"time"

	"github.com/smallstep/certificates/authority/provisioner"
)

// Provisioner is an interface that implements a subset of the provisioner.Interface --
// only those methods required by the SCEP api/authority.
type Provisioner interface {
	AuthorizeSign(ctx context.Context, token string) ([]provisioner.SignOption, error)
	GetName() string
	DefaultTLSCertDuration() time.Duration
	GetOptions() *provisioner.Options
	GetCapabilities() []string
	ShouldIncludeRootInChain() bool
	GetDecrypter() (*x509.Certificate, crypto.Decrypter)
	GetContentEncryptionAlgorithm() int
	ValidateChallenge(ctx context.Context, challenge, transactionID string) error
}

// provisionerKey is the key type for storing and searching a
// SCEP provisioner in the context.
type provisionerKey struct{}

// provisionerFromContext searches the context for a SCEP provisioner.
// Returns the provisioner or panics if no SCEP provisioner is found.
func provisionerFromContext(ctx context.Context) Provisioner {
	p, ok := ctx.Value(provisionerKey{}).(Provisioner)
	if !ok {
		panic("SCEP provisioner expected in request context")
	}
	return p
}

func NewProvisionerContext(ctx context.Context, p Provisioner) context.Context {
	return context.WithValue(ctx, provisionerKey{}, p)
}
Add rudimentary (and incomplete) support for SCEP 2021-02-12 11:03:08 +00:00			`package scep`

			`import (`
Add AuthorizeSign method to SCEP authority 2021-02-26 13:00:47 +00:00			`"context"`
Add basic version of provisioner specific SCEP decrypter 2023-05-26 21:52:24 +00:00			`"crypto"`
			`"crypto/x509"`
Refactor SCEP authority initialization and clean some code 2021-02-12 16:02:39 +00:00			`"time"`

			`"github.com/smallstep/certificates/authority/provisioner"`
Add rudimentary (and incomplete) support for SCEP 2021-02-12 11:03:08 +00:00			`)`

			`// Provisioner is an interface that implements a subset of the provisioner.Interface --`
			`// only those methods required by the SCEP api/authority.`
			`type Provisioner interface {`
Add AuthorizeSign method to SCEP authority 2021-02-26 13:00:47 +00:00			`AuthorizeSign(ctx context.Context, token string) ([]provisioner.SignOption, error)`
Refactor SCEP authority initialization and clean some code 2021-02-12 16:02:39 +00:00			`GetName() string`
			`DefaultTLSCertDuration() time.Duration`
			`GetOptions() *provisioner.Options`
Add support for configuring capabilities (cacaps) 2021-03-06 23:50:00 +00:00			`GetCapabilities() []string`
Fix PR comments 2022-01-19 10:31:33 +00:00			`ShouldIncludeRootInChain() bool`
Add basic version of provisioner specific SCEP decrypter 2023-05-26 21:52:24 +00:00			`GetDecrypter() (*x509.Certificate, crypto.Decrypter)`
Fix macOS SCEP client issues Fixes #746 2022-01-14 09:48:23 +00:00			`GetContentEncryptionAlgorithm() int`
Refactor SCEP webhook validation 2023-05-01 20:09:42 +00:00			`ValidateChallenge(ctx context.Context, challenge, transactionID string) error`
Add rudimentary (and incomplete) support for SCEP 2021-02-12 11:03:08 +00:00			`}`
Refactor the SCEP authority initialization Instead of relying on an intermediate `scep.Service` struct, initialize the `scep.Authority` directly. This removes one redundant layer of indirection. 2023-06-01 13:46:21 +00:00
Simplify SCEP provisioner context handling 2023-06-01 14:22:00 +00:00			`// provisionerKey is the key type for storing and searching a`
			`// SCEP provisioner in the context.`
			`type provisionerKey struct{}`
Refactor the SCEP authority initialization Instead of relying on an intermediate `scep.Service` struct, initialize the `scep.Authority` directly. This removes one redundant layer of indirection. 2023-06-01 13:46:21 +00:00
			`// provisionerFromContext searches the context for a SCEP provisioner.`
Simplify SCEP provisioner context handling 2023-06-01 14:22:00 +00:00			`// Returns the provisioner or panics if no SCEP provisioner is found.`
			`func provisionerFromContext(ctx context.Context) Provisioner {`
			`p, ok := ctx.Value(provisionerKey{}).(Provisioner)`
			`if !ok {`
			`panic("SCEP provisioner expected in request context")`
Refactor the SCEP authority initialization Instead of relying on an intermediate `scep.Service` struct, initialize the `scep.Authority` directly. This removes one redundant layer of indirection. 2023-06-01 13:46:21 +00:00			`}`
Simplify SCEP provisioner context handling 2023-06-01 14:22:00 +00:00			`return p`
			`}`

			`func NewProvisionerContext(ctx context.Context, p Provisioner) context.Context {`
			`return context.WithValue(ctx, provisionerKey{}, p)`
Refactor the SCEP authority initialization Instead of relying on an intermediate `scep.Service` struct, initialize the `scep.Authority` directly. This removes one redundant layer of indirection. 2023-06-01 13:46:21 +00:00			`}`