Remove some duplicate and unnecessary logic

This commit is contained in:
Herman Slatman 2021-03-06 23:24:49 +01:00
parent 99654f0efe
commit 2d21b09d41
No known key found for this signature in database
GPG key ID: F4D8A44EA0A75A4F
4 changed files with 12 additions and 25 deletions

View file

@ -156,7 +156,6 @@ func (ca *CA) Init(config *authority.Config) (*CA, error) {
// well as certificates via SCEP.
tlsConfig = nil
// TODO: get the SCEP service
scepPrefix := "scep"
scepAuthority, err := scep.New(auth, scep.AuthorityOptions{
IntermediateCertificatePath: config.IntermediateCert,

View file

@ -16,6 +16,7 @@ import (
"github.com/smallstep/certificates/api"
"github.com/smallstep/certificates/authority/provisioner"
"github.com/smallstep/certificates/scep"
"go.mozilla.org/pkcs7"
microscep "github.com/micromdm/scep/scep"
)
@ -269,16 +270,24 @@ func (h *Handler) PKIOperation(ctx context.Context, request SCEPRequest) (SCEPRe
response := SCEPResponse{Operation: opnPKIOperation}
// parse the message using microscep implementation
microMsg, err := microscep.ParsePKIMessage(request.Message)
if err != nil {
return SCEPResponse{}, err
}
p7, err := pkcs7.Parse(microMsg.Raw)
if err != nil {
return SCEPResponse{}, err
}
// copy over properties to our internal PKIMessage
msg := &scep.PKIMessage{
TransactionID: microMsg.TransactionID,
MessageType: microMsg.MessageType,
SenderNonce: microMsg.SenderNonce,
Raw: microMsg.Raw,
P7: p7,
}
if err := h.Auth.DecryptPKIEnvelope(ctx, msg); err != nil {

View file

@ -198,27 +198,7 @@ func (a *Authority) GetCACertificates() ([]*x509.Certificate, error) {
// DecryptPKIEnvelope decrypts an enveloped message
func (a *Authority) DecryptPKIEnvelope(ctx context.Context, msg *PKIMessage) error {
data := msg.Raw
p7, err := pkcs7.Parse(data)
if err != nil {
return err
}
var tID microscep.TransactionID
if err := p7.UnmarshalSignedAttribute(oidSCEPtransactionID, &tID); err != nil {
return err
}
var msgType microscep.MessageType
if err := p7.UnmarshalSignedAttribute(oidSCEPmessageType, &msgType); err != nil {
return err
}
msg.p7 = p7
//p7c, err := pkcs7.Parse(p7.Content)
p7c, err := pkcs7.Parse(p7.Content)
p7c, err := pkcs7.Parse(msg.P7.Content)
if err != nil {
return err
}
@ -253,7 +233,6 @@ func (a *Authority) DecryptPKIEnvelope(ctx context.Context, msg *PKIMessage) err
CSR: csr,
ChallengePassword: cp,
}
//msg.Certificate = p7.Certificates[0] // TODO: check if this is necessary to add (again)
return nil
case microscep.GetCRL, microscep.GetCert, microscep.CertPoll:
return fmt.Errorf("not implemented") //errNotImplemented
@ -355,7 +334,7 @@ func (a *Authority) SignCSR(ctx context.Context, csr *x509.CertificateRequest, m
return nil, err
}
e7, err := pkcs7.Encrypt(deg, msg.p7.Certificates)
e7, err := pkcs7.Encrypt(deg, msg.P7.Certificates)
if err != nil {
return nil, err
}

View file

@ -35,7 +35,7 @@ type PKIMessage struct {
Raw []byte
// parsed
p7 *pkcs7.PKCS7
P7 *pkcs7.PKCS7
// decrypted enveloped content
pkiEnvelope []byte