forked from TrueCloudLab/certificates
Add ACME permanent-identifier identifier type
This commit is contained in:
Brandon Weeks
max furman
parent
f3d2bd7a19
commit
6f2b4d3042
3 changed files with 482 additions and 1 deletions
|
|
@ -10,6 +10,8 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/google/go-attestation/oid"
|
||||||
|
attest_x509 "github.com/google/go-attestation/x509"
|
||||||
"github.com/smallstep/certificates/authority/provisioner"
|
"github.com/smallstep/certificates/authority/provisioner"
|
||||||
"go.step.sm/crypto/x509util"
|
"go.step.sm/crypto/x509util"
|
||||||
)
|
)
|
||||||
|
|
@ -188,6 +190,11 @@ func (o *Order) Finalize(ctx context.Context, db DB, csr *x509.CertificateReques
|
||||||
data.SetSubjectAlternativeNames(sans...)
|
data.SetSubjectAlternativeNames(sans...)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
deviceIDs, err := o.deviceIDs(csr)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
// Get authorizations from the ACME provisioner.
|
// Get authorizations from the ACME provisioner.
|
||||||
ctx = provisioner.NewContextWithMethod(ctx, provisioner.SignMethod)
|
ctx = provisioner.NewContextWithMethod(ctx, provisioner.SignMethod)
|
||||||
signOps, err := p.AuthorizeSign(ctx, "")
|
signOps, err := p.AuthorizeSign(ctx, "")
|
||||||
|
|
@ -306,6 +313,25 @@ func (o *Order) sans(csr *x509.CertificateRequest) ([]x509util.SubjectAlternativ
|
||||||
return sans, nil
|
return sans, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (o *Order) deviceIDs(csr *x509.CertificateRequest) ([]x509util.PermanentIdentifier, error) {
|
||||||
|
var permIDs []x509util.PermanentIdentifier
|
||||||
|
for _, ext := range csr.Extensions {
|
||||||
|
if ext.Id.Equal(oid.SubjectAltName) {
|
||||||
|
san, err := attest_x509.ParseSubjectAltName(ext)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
for _, pi := range san.PermanentIdentifiers {
|
||||||
|
permIDs = append(permIDs, x509util.PermanentIdentifier{
|
||||||
|
Value: pi.IdentifierValue,
|
||||||
|
Assigner: pi.Assigner,
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return permIDs, nil
|
||||||
|
}
|
||||||
|
|
||||||
// numberOfIdentifierType returns the number of Identifiers that
|
// numberOfIdentifierType returns the number of Identifiers that
|
||||||
// are of type typ.
|
// are of type typ.
|
||||||
func numberOfIdentifierType(typ IdentifierType, ids []Identifier) int {
|
func numberOfIdentifierType(typ IdentifierType, ids []Identifier) int {
|
||||||
|
|
|
||||||
18
go.mod
18
go.mod
|
|
@ -15,11 +15,15 @@ require (
|
||||||
github.com/dgraph-io/ristretto v0.0.4-0.20200906165740-41ebdbffecfd // indirect
|
github.com/dgraph-io/ristretto v0.0.4-0.20200906165740-41ebdbffecfd // indirect
|
||||||
github.com/fatih/color v1.9.0 // indirect
|
github.com/fatih/color v1.9.0 // indirect
|
||||||
github.com/fxamacker/cbor/v2 v2.4.0
|
github.com/fxamacker/cbor/v2 v2.4.0
|
||||||
|
github.com/go-chi/chi v4.0.2+incompatible
|
||||||
github.com/go-chi/chi v4.1.2+incompatible
|
github.com/go-chi/chi v4.1.2+incompatible
|
||||||
github.com/go-kit/kit v0.10.0 // indirect
|
github.com/go-kit/kit v0.10.0 // indirect
|
||||||
github.com/go-piv/piv-go v1.10.0 // indirect
|
github.com/go-piv/piv-go v1.10.0 // indirect
|
||||||
|
github.com/go-piv/piv-go v1.7.0
|
||||||
github.com/go-sql-driver/mysql v1.6.0 // indirect
|
github.com/go-sql-driver/mysql v1.6.0 // indirect
|
||||||
github.com/golang/mock v1.6.0
|
github.com/golang/mock v1.6.0
|
||||||
|
github.com/golang/mock v1.6.0
|
||||||
|
github.com/google/go-attestation v0.4.4-0.20220404204839-8820d49b18d9
|
||||||
github.com/google/go-cmp v0.5.8
|
github.com/google/go-cmp v0.5.8
|
||||||
github.com/google/uuid v1.3.0
|
github.com/google/uuid v1.3.0
|
||||||
github.com/googleapis/gax-go/v2 v2.4.0
|
github.com/googleapis/gax-go/v2 v2.4.0
|
||||||
|
|
@ -29,8 +33,12 @@ require (
|
||||||
github.com/jhump/protoreflect v1.9.0 // indirect
|
github.com/jhump/protoreflect v1.9.0 // indirect
|
||||||
github.com/kr/pretty v0.3.0 // indirect
|
github.com/kr/pretty v0.3.0 // indirect
|
||||||
github.com/mattn/go-colorable v0.1.8 // indirect
|
github.com/mattn/go-colorable v0.1.8 // indirect
|
||||||
|
github.com/mattn/go-colorable v0.1.8 // indirect
|
||||||
|
github.com/mattn/go-isatty v0.0.13 // indirect
|
||||||
github.com/mattn/go-isatty v0.0.13 // indirect
|
github.com/mattn/go-isatty v0.0.13 // indirect
|
||||||
github.com/micromdm/scep/v2 v2.1.0
|
github.com/micromdm/scep/v2 v2.1.0
|
||||||
|
github.com/micromdm/scep/v2 v2.1.0
|
||||||
|
github.com/newrelic/go-agent v2.15.0+incompatible
|
||||||
github.com/newrelic/go-agent/v3 v3.18.0
|
github.com/newrelic/go-agent/v3 v3.18.0
|
||||||
github.com/pkg/errors v0.9.1
|
github.com/pkg/errors v0.9.1
|
||||||
github.com/rs/xid v1.2.1
|
github.com/rs/xid v1.2.1
|
||||||
|
|
@ -41,14 +49,20 @@ require (
|
||||||
github.com/stretchr/testify v1.7.1
|
github.com/stretchr/testify v1.7.1
|
||||||
github.com/urfave/cli v1.22.4
|
github.com/urfave/cli v1.22.4
|
||||||
go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352
|
go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352
|
||||||
|
go.step.sm/cli-utils v0.7.0
|
||||||
go.step.sm/cli-utils v0.7.4
|
go.step.sm/cli-utils v0.7.4
|
||||||
go.step.sm/crypto v0.19.0
|
go.step.sm/crypto v0.19.0
|
||||||
go.step.sm/linkedca v0.19.0-rc.1
|
go.step.sm/linkedca v0.19.0-rc.1
|
||||||
golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90
|
golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90
|
||||||
|
golang.org/x/net v0.0.0-20220403103023-749bd193bc2b
|
||||||
golang.org/x/net v0.0.0-20220909164309-bea034e7d591
|
golang.org/x/net v0.0.0-20220909164309-bea034e7d591
|
||||||
|
golang.org/x/sys v0.0.0-20220405052023-b1e9470b6e64 // indirect
|
||||||
golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba // indirect
|
golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba // indirect
|
||||||
|
google.golang.org/api v0.70.0
|
||||||
google.golang.org/api v0.84.0
|
google.golang.org/api v0.84.0
|
||||||
|
google.golang.org/genproto v0.0.0-20220401170504-314d38edb7de
|
||||||
google.golang.org/genproto v0.0.0-20220617124728-180714bec0ad
|
google.golang.org/genproto v0.0.0-20220617124728-180714bec0ad
|
||||||
|
google.golang.org/grpc v1.45.0
|
||||||
google.golang.org/grpc v1.47.0
|
google.golang.org/grpc v1.47.0
|
||||||
google.golang.org/protobuf v1.28.0
|
google.golang.org/protobuf v1.28.0
|
||||||
gopkg.in/square/go-jose.v2 v2.6.0
|
gopkg.in/square/go-jose.v2 v2.6.0
|
||||||
|
|
@ -153,4 +167,6 @@ require (
|
||||||
// use github.com/smallstep/pkcs7 fork with patches applied
|
// use github.com/smallstep/pkcs7 fork with patches applied
|
||||||
replace go.mozilla.org/pkcs7 => github.com/smallstep/pkcs7 v0.0.0-20211016004704-52592125d6f6
|
replace go.mozilla.org/pkcs7 => github.com/smallstep/pkcs7 v0.0.0-20211016004704-52592125d6f6
|
||||||
|
|
||||||
replace go.step.sm/crypto => ../crypto
|
replace go.step.sm/crypto => github.com/brandonweeks/crypto v0.16.2-0.20220531234114-45e4f06ca16b
|
||||||
|
|
||||||
|
replace github.com/google/go-attestation => github.com/brandonweeks/go-attestation v0.0.0-20220602235615-164122a1d59b
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue