TrueCloudLab/certificates
17
0
Fork 2
Code Issues 1 Pull requests 1 Releases Activity Actions

Fix PR comments

Browse source
This commit is contained in:
Herman Slatman 2021-12-03 15:06:28 +01:00
parent 47a8a3c463
commit 004fc054d5
No known key found for this signature in database
GPG key ID: F4D8A44EA0A75A4F
2 changed files with 6 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
acme/api/handler.go
View file

@ -101,16 +101,16 @@ func (h *Handler) Route(r api.Router) {
r.MethodFunc("HEAD", getPath(DirectoryLinkType, "{provisionerID}"), h.baseURLFromRequest(h.lookupProvisioner(h.GetDirectory))) r.MethodFunc("HEAD", getPath(DirectoryLinkType, "{provisionerID}"), h.baseURLFromRequest(h.lookupProvisioner(h.GetDirectory)))
validatingMiddleware := func(next nextHTTP) nextHTTP { validatingMiddleware := func(next nextHTTP) nextHTTP {
return h.baseURLFromRequest(h.lookupProvisioner(h.addNonce(h.addDirLink(h.verifyContentType(h.parseJWS(next)))))) return h.baseURLFromRequest(h.lookupProvisioner(h.addNonce(h.addDirLink(h.verifyContentType(h.parseJWS(h.validateJWS(next)))))))
} }
extractPayloadByJWK := func(next nextHTTP) nextHTTP { extractPayloadByJWK := func(next nextHTTP) nextHTTP {
return validatingMiddleware(h.validateJWS(h.extractJWK(h.verifyAndExtractJWSPayload(next)))) return validatingMiddleware(h.extractJWK(h.verifyAndExtractJWSPayload(next)))
} }
extractPayloadByKid := func(next nextHTTP) nextHTTP { extractPayloadByKid := func(next nextHTTP) nextHTTP {
return validatingMiddleware(h.validateJWS(h.lookupJWK(h.verifyAndExtractJWSPayload(next)))) return validatingMiddleware(h.lookupJWK(h.verifyAndExtractJWSPayload(next)))
} }
extractPayloadByKidOrJWK := func(next nextHTTP) nextHTTP { extractPayloadByKidOrJWK := func(next nextHTTP) nextHTTP {
return validatingMiddleware(h.validateJWS(h.extractOrLookupJWK(h.verifyAndExtractJWSPayload(next)))) return validatingMiddleware(h.extractOrLookupJWK(h.verifyAndExtractJWSPayload(next)))
} }
r.MethodFunc("POST", getPath(NewAccountLinkType, "{provisionerID}"), extractPayloadByJWK(h.NewAccount)) r.MethodFunc("POST", getPath(NewAccountLinkType, "{provisionerID}"), extractPayloadByJWK(h.NewAccount))

5
acme/api/revoke.go
View file

@ -205,7 +205,7 @@ func identifierKey(identifier acme.Identifier) string {
} }
// extractIdentifiers extracts ACME identifiers from an x509 certificate and // extractIdentifiers extracts ACME identifiers from an x509 certificate and
// creates a map from them. The map ensures that double SANs are deduplicated. // creates a map from them. The map ensures that duplicate SANs are deduplicated.
// The Subject CommonName is included, because RFC8555 7.4 states that DNS // The Subject CommonName is included, because RFC8555 7.4 states that DNS
// identifiers can come from either the CommonName or a DNS SAN or both. When // identifiers can come from either the CommonName or a DNS SAN or both. When
// authorizing issuance, the DNS identifier must be in the request and will be // authorizing issuance, the DNS identifier must be in the request and will be
@ -227,7 +227,6 @@ func extractIdentifiers(cert *x509.Certificate) map[string]acme.Identifier {
} }
result[identifierKey(identifier)] = identifier result[identifierKey(identifier)] = identifier
} }
// TODO(hs): should we include the CommonName or not?
if cert.Subject.CommonName != "" { if cert.Subject.CommonName != "" {
identifier := acme.Identifier{ identifier := acme.Identifier{
// assuming only DNS can be in Common Name (RFC8555, 7.4); RFC8738 // assuming only DNS can be in Common Name (RFC8555, 7.4); RFC8738
@ -302,7 +301,7 @@ func validateReasonCode(reasonCode *int) *acme.Error {
return nil return nil
} }
// revokeOptions determines the the RevokeOptions for the Authority to use in revocation // revokeOptions determines the RevokeOptions for the Authority to use in revocation
func revokeOptions(serial string, certToBeRevoked *x509.Certificate, reasonCode *int) *authority.RevokeOptions { func revokeOptions(serial string, certToBeRevoked *x509.Certificate, reasonCode *int) *authority.RevokeOptions {
opts := &authority.RevokeOptions{ opts := &authority.RevokeOptions{
Serial: serial, Serial: serial,