From 66407139e5f41f1056e1894f743be0b6f8a0f2f5 Mon Sep 17 00:00:00 2001 From: Mariano Cano Date: Thu, 8 Sep 2022 17:49:24 -0700 Subject: [PATCH] Add methods to convert attestation formats --- authority/provisioners.go | 56 ++++++++++++++++++++++++++++++++------- go.mod | 2 +- go.sum | 4 +-- 3 files changed, 49 insertions(+), 13 deletions(-) diff --git a/authority/provisioners.go b/authority/provisioners.go index 02f1cd54..1e5ddda5 100644 --- a/authority/provisioners.go +++ b/authority/provisioners.go @@ -748,14 +748,15 @@ func ProvisionerToCertificates(p *linkedca.Provisioner) (provisioner.Interface, case *linkedca.ProvisionerDetails_ACME: cfg := d.ACME return &provisioner.ACME{ - ID: p.Id, - Type: p.Type.String(), - Name: p.Name, - ForceCN: cfg.ForceCn, - RequireEAB: cfg.RequireEab, - Challenges: challengesToCertificates(cfg.Challenges), - Claims: claims, - Options: options, + ID: p.Id, + Type: p.Type.String(), + Name: p.Name, + ForceCN: cfg.ForceCn, + RequireEAB: cfg.RequireEab, + Challenges: challengesToCertificates(cfg.Challenges), + AttestationFormats: attestationFormatsToCertificates(cfg.AttestationFormats), + Claims: claims, + Options: options, }, nil case *linkedca.ProvisionerDetails_OIDC: cfg := d.OIDC @@ -1002,8 +1003,9 @@ func ProvisionerToLinkedca(p provisioner.Interface) (*linkedca.Provisioner, erro Details: &linkedca.ProvisionerDetails{ Data: &linkedca.ProvisionerDetails_ACME{ ACME: &linkedca.ACMEProvisioner{ - ForceCn: p.ForceCN, - Challenges: challengesToLinkedca(p.Challenges), + ForceCn: p.ForceCN, + Challenges: challengesToLinkedca(p.Challenges), + AttestationFormats: attestationFormatsToLinkedca(p.AttestationFormats), }, }, }, @@ -1162,3 +1164,37 @@ func challengesToLinkedca(challenges []provisioner.ACMEChallenge) []linkedca.ACM } return ret } + +// attestationFormatsToCertificates converts linkedca attestation formats to +// provisioner ones skipping the unknown ones. +func attestationFormatsToCertificates(formats []linkedca.ACMEProvisioner_AttestationFormatType) []provisioner.ACMEAttestationFormat { + ret := make([]provisioner.ACMEAttestationFormat, 0, len(formats)) + for _, f := range formats { + switch f { + case linkedca.ACMEProvisioner_APPLE: + ret = append(ret, provisioner.APPLE) + case linkedca.ACMEProvisioner_STEP: + ret = append(ret, provisioner.STEP) + case linkedca.ACMEProvisioner_TPM: + ret = append(ret, provisioner.TPM) + } + } + return ret +} + +// attestationFormatsToLinkedca converts provisioner attestation formats to +// linkedca ones skipping the unknown ones. +func attestationFormatsToLinkedca(formats []provisioner.ACMEAttestationFormat) []linkedca.ACMEProvisioner_AttestationFormatType { + ret := make([]linkedca.ACMEProvisioner_AttestationFormatType, 0, len(formats)) + for _, f := range formats { + switch provisioner.ACMEAttestationFormat(f.String()) { + case provisioner.APPLE: + ret = append(ret, linkedca.ACMEProvisioner_APPLE) + case provisioner.STEP: + ret = append(ret, linkedca.ACMEProvisioner_STEP) + case provisioner.TPM: + ret = append(ret, linkedca.ACMEProvisioner_TPM) + } + } + return ret +} diff --git a/go.mod b/go.mod index f2e828a8..a376e222 100644 --- a/go.mod +++ b/go.mod @@ -40,7 +40,7 @@ require ( go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 go.step.sm/cli-utils v0.7.4 go.step.sm/crypto v0.19.0 - go.step.sm/linkedca v0.18.1-0.20220824000236-47827c8eb300 + go.step.sm/linkedca v0.18.1-0.20220909002054-5b28651792cb golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 golang.org/x/net v0.0.0-20220607020251-c690dde0001d golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba // indirect diff --git a/go.sum b/go.sum index eeb4f32b..9cef9e1f 100644 --- a/go.sum +++ b/go.sum @@ -641,8 +641,8 @@ go.step.sm/cli-utils v0.7.4/go.mod h1:taSsY8haLmXoXM3ZkywIyRmVij/4Aj0fQbNTlJvv71 go.step.sm/crypto v0.9.0/go.mod h1:+CYG05Mek1YDqi5WK0ERc6cOpKly2i/a5aZmU1sfGj0= go.step.sm/crypto v0.19.0 h1:WxjUDeTDpuPZ1IR3v6c4jc6WdlQlS5IYYQBhfnG5uW0= go.step.sm/crypto v0.19.0/go.mod h1:qZ+pNU1nV+THwP7TPTNCRMRr9xrRURhETTAK7U5psfw= -go.step.sm/linkedca v0.18.1-0.20220824000236-47827c8eb300 h1:kDqCHUh4jqqqf+m5IXjFjlwsTXuIXpf5ciGKigqJH14= -go.step.sm/linkedca v0.18.1-0.20220824000236-47827c8eb300/go.mod h1:qSuYlIIhvPmA2+DSSS03E2IXhbXWTLW61Xh9zDQJ3VM= +go.step.sm/linkedca v0.18.1-0.20220909002054-5b28651792cb h1:YxFSzM8+nWsiAbi9tOmXRcY1LJizDTKLDa+grJp6n+8= +go.step.sm/linkedca v0.18.1-0.20220909002054-5b28651792cb/go.mod h1:qSuYlIIhvPmA2+DSSS03E2IXhbXWTLW61Xh9zDQJ3VM= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=