forked from TrueCloudLab/certificates
Remove some duplicate and unnecessary logic
This commit is contained in:
Herman Slatman
parent
99654f0efe
commit
2d21b09d41
4 changed files with 12 additions and 25 deletions
1
ca/ca.go
1
ca/ca.go
|
|
@ -156,7 +156,6 @@ func (ca *CA) Init(config *authority.Config) (*CA, error) {
|
|||
// well as certificates via SCEP.
|
||||
tlsConfig = nil
|
||||
|
||||
// TODO: get the SCEP service
|
||||
scepPrefix := "scep"
|
||||
scepAuthority, err := scep.New(auth, scep.AuthorityOptions{
|
||||
IntermediateCertificatePath: config.IntermediateCert,
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ import (
|
|||
"github.com/smallstep/certificates/api"
|
||||
"github.com/smallstep/certificates/authority/provisioner"
|
||||
"github.com/smallstep/certificates/scep"
|
||||
"go.mozilla.org/pkcs7"
|
||||
|
||||
microscep "github.com/micromdm/scep/scep"
|
||||
)
|
||||
|
|
@ -269,16 +270,24 @@ func (h *Handler) PKIOperation(ctx context.Context, request SCEPRequest) (SCEPRe
|
|||
|
||||
response := SCEPResponse{Operation: opnPKIOperation}
|
||||
|
||||
// parse the message using microscep implementation
|
||||
microMsg, err := microscep.ParsePKIMessage(request.Message)
|
||||
if err != nil {
|
||||
return SCEPResponse{}, err
|
||||
}
|
||||
|
||||
p7, err := pkcs7.Parse(microMsg.Raw)
|
||||
if err != nil {
|
||||
return SCEPResponse{}, err
|
||||
}
|
||||
|
||||
// copy over properties to our internal PKIMessage
|
||||
msg := &scep.PKIMessage{
|
||||
TransactionID: microMsg.TransactionID,
|
||||
MessageType: microMsg.MessageType,
|
||||
SenderNonce: microMsg.SenderNonce,
|
||||
Raw: microMsg.Raw,
|
||||
P7: p7,
|
||||
}
|
||||
|
||||
if err := h.Auth.DecryptPKIEnvelope(ctx, msg); err != nil {
|
||||
|
|
|
|||
|
|
@ -198,27 +198,7 @@ func (a *Authority) GetCACertificates() ([]*x509.Certificate, error) {
|
|||
// DecryptPKIEnvelope decrypts an enveloped message
|
||||
func (a *Authority) DecryptPKIEnvelope(ctx context.Context, msg *PKIMessage) error {
|
||||
|
||||
data := msg.Raw
|
||||
|
||||
p7, err := pkcs7.Parse(data)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
var tID microscep.TransactionID
|
||||
if err := p7.UnmarshalSignedAttribute(oidSCEPtransactionID, &tID); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
var msgType microscep.MessageType
|
||||
if err := p7.UnmarshalSignedAttribute(oidSCEPmessageType, &msgType); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
msg.p7 = p7
|
||||
|
||||
//p7c, err := pkcs7.Parse(p7.Content)
|
||||
p7c, err := pkcs7.Parse(p7.Content)
|
||||
p7c, err := pkcs7.Parse(msg.P7.Content)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
@ -253,7 +233,6 @@ func (a *Authority) DecryptPKIEnvelope(ctx context.Context, msg *PKIMessage) err
|
|||
CSR: csr,
|
||||
ChallengePassword: cp,
|
||||
}
|
||||
//msg.Certificate = p7.Certificates[0] // TODO: check if this is necessary to add (again)
|
||||
return nil
|
||||
case microscep.GetCRL, microscep.GetCert, microscep.CertPoll:
|
||||
return fmt.Errorf("not implemented") //errNotImplemented
|
||||
|
|
@ -355,7 +334,7 @@ func (a *Authority) SignCSR(ctx context.Context, csr *x509.CertificateRequest, m
|
|||
return nil, err
|
||||
}
|
||||
|
||||
e7, err := pkcs7.Encrypt(deg, msg.p7.Certificates)
|
||||
e7, err := pkcs7.Encrypt(deg, msg.P7.Certificates)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ type PKIMessage struct {
|
|||
Raw []byte
|
||||
|
||||
// parsed
|
||||
p7 *pkcs7.PKCS7
|
||||
P7 *pkcs7.PKCS7
|
||||
|
||||
// decrypted enveloped content
|
||||
pkiEnvelope []byte
|
||||
|
|
|
|||
Loading…
Reference in a new issue