TrueCloudLab/certificates
17
0
Fork 2
Code Issues 1 Pull requests 1 Releases Activity Actions

Mask challenge password after it has been read

Browse source
This commit is contained in:
Herman Slatman 2021-04-16 14:09:34 +02:00
parent 0487686f69
commit 9787728fbd
No known key found for this signature in database
GPG key ID: F4D8A44EA0A75A4F
1 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
authority/provisioner/scep.go
View file

@ -20,6 +20,8 @@ type SCEP struct {
Options *Options `json:"options,omitempty"` Options *Options `json:"options,omitempty"`
Claims *Claims `json:"claims,omitempty"` Claims *Claims `json:"claims,omitempty"`
claimer *Claimer claimer *Claimer
secretChallengePassword string
} }
// GetID returns the provisioner unique identifier. // GetID returns the provisioner unique identifier.
@ -73,6 +75,10 @@ func (s *SCEP) Init(config Config) (err error) {
return err return err
} }
// Mask the actual challenge value, so it won't be marshalled
s.secretChallengePassword = s.ChallengePassword
s.ChallengePassword = "*** redacted ***"
// TODO: add other, SCEP specific, options? // TODO: add other, SCEP specific, options?
return err return err
@ -95,7 +101,7 @@ func (s *SCEP) AuthorizeSign(ctx context.Context, token string) ([]SignOption, e
// GetChallengePassword returns the challenge password // GetChallengePassword returns the challenge password
func (s *SCEP) GetChallengePassword() string { func (s *SCEP) GetChallengePassword() string {
return s.ChallengePassword return s.secretChallengePassword
} }
// GetCapabilities returns the CA capabilities // GetCapabilities returns the CA capabilities