Add noop provisioner and use it if a provisioner cannot been found from a cert.
This commit is contained in:
parent
47817ab212
commit
9f7f871f25
2 changed files with 42 additions and 2 deletions
|
@ -80,7 +80,7 @@ func (c *Collection) LoadByToken(token *jose.JSONWebToken, claims *jose.Claims)
|
|||
return c.Load(payload.Audience[0])
|
||||
}
|
||||
|
||||
// LoadByCertificate lookds for the provisioner extension and extracts the
|
||||
// LoadByCertificate looks for the provisioner extension and extracts the
|
||||
// proper id to load the provisioner.
|
||||
func (c *Collection) LoadByCertificate(cert *x509.Certificate) (Interface, bool) {
|
||||
for _, e := range cert.Extensions {
|
||||
|
@ -95,7 +95,10 @@ func (c *Collection) LoadByCertificate(cert *x509.Certificate) (Interface, bool)
|
|||
return c.Load(string(provisioner.CredentialID))
|
||||
}
|
||||
}
|
||||
return nil, false
|
||||
|
||||
// Default to noop provisioner if an extension is not found. This allows to
|
||||
// accept a renewal of a cert without the provisioner extension.
|
||||
return &noop{}, true
|
||||
}
|
||||
|
||||
// LoadEncryptedKey returns a the encrypted key by KeyID. At this moment only
|
||||
|
|
37
authority/provisioner/noop.go
Normal file
37
authority/provisioner/noop.go
Normal file
|
@ -0,0 +1,37 @@
|
|||
package provisioner
|
||||
|
||||
import "crypto/x509"
|
||||
|
||||
// noop provisioners is a provisioner that accepts anything.
|
||||
type noop struct{}
|
||||
|
||||
func (p *noop) GetID() string {
|
||||
return "noop"
|
||||
}
|
||||
|
||||
func (p *noop) GetName() string {
|
||||
return "noop"
|
||||
}
|
||||
func (p *noop) GetType() Type {
|
||||
return noopType
|
||||
}
|
||||
|
||||
func (p *noop) GetEncryptedKey() (kid string, key string, ok bool) {
|
||||
return "", "", false
|
||||
}
|
||||
|
||||
func (p *noop) Init(config Config) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (p *noop) Authorize(token string) ([]SignOption, error) {
|
||||
return []SignOption{}, nil
|
||||
}
|
||||
|
||||
func (p *noop) AuthorizeRenewal(cert *x509.Certificate) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (p *noop) AuthorizeRevoke(token string) error {
|
||||
return nil
|
||||
}
|
Loading…
Reference in a new issue