diff --git a/authority/provisioner/collection_test.go b/authority/provisioner/collection_test.go index 18146882..d065d5f3 100644 --- a/authority/provisioner/collection_test.go +++ b/authority/provisioner/collection_test.go @@ -74,6 +74,7 @@ func TestCollection_LoadByToken(t *testing.T) { assert.FatalError(t, err) jwk, err = decryptJSONWebKey(p2.EncryptedKey) + assert.FatalError(t, err) token, err = generateSimpleToken(p2.Name, testAudiences[1], jwk) assert.FatalError(t, err) t2, c2, err := parseToken(token) diff --git a/authority/provisioner/sign_options.go b/authority/provisioner/sign_options.go index a67f2590..c28fd80b 100644 --- a/authority/provisioner/sign_options.go +++ b/authority/provisioner/sign_options.go @@ -226,3 +226,8 @@ func createProvisionerExtension(typ int, name, credentialID string) (pkix.Extens Value: b, }, nil } + +func init() { + // Avoid deadcode warning in profileWithOption + _ = profileWithOption(nil) +} diff --git a/authority/tls.go b/authority/tls.go index faa7228b..c52ac1e8 100644 --- a/authority/tls.go +++ b/authority/tls.go @@ -3,7 +3,6 @@ package authority import ( "crypto/tls" "crypto/x509" - "crypto/x509/pkix" "encoding/asn1" "encoding/pem" "net/http" @@ -23,41 +22,7 @@ func (a *Authority) GetTLSOptions() *tlsutil.TLSOptions { return a.config.TLS } -var ( - stepOIDRoot = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 37476, 9000, 64} - stepOIDProvisioner = append(asn1.ObjectIdentifier(nil), append(stepOIDRoot, 1)...) - oidAuthorityKeyIdentifier = asn1.ObjectIdentifier{2, 5, 29, 35} -) - -type stepProvisionerASN1 struct { - Type int - Name []byte - CredentialID []byte -} - -const provisionerTypeJWK = 1 - -func withProvisionerOID(name, kid string) x509util.WithOption { - return func(p x509util.Profile) error { - crt := p.Subject() - - b, err := asn1.Marshal(stepProvisionerASN1{ - Type: provisionerTypeJWK, - Name: []byte(name), - CredentialID: []byte(kid), - }) - if err != nil { - return err - } - crt.ExtraExtensions = append(crt.ExtraExtensions, pkix.Extension{ - Id: stepOIDProvisioner, - Critical: false, - Value: b, - }) - - return nil - } -} +var oidAuthorityKeyIdentifier = asn1.ObjectIdentifier{2, 5, 29, 35} func withDefaultASN1DN(def *x509util.ASN1DN) x509util.WithOption { return func(p x509util.Profile) error { diff --git a/authority/tls_test.go b/authority/tls_test.go index b8d95158..47ac7966 100644 --- a/authority/tls_test.go +++ b/authority/tls_test.go @@ -22,6 +22,41 @@ import ( stepx509 "github.com/smallstep/cli/pkg/x509" ) +var ( + stepOIDRoot = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 37476, 9000, 64} + stepOIDProvisioner = append(asn1.ObjectIdentifier(nil), append(stepOIDRoot, 1)...) +) + +const provisionerTypeJWK = 1 + +type stepProvisionerASN1 struct { + Type int + Name []byte + CredentialID []byte +} + +func withProvisionerOID(name, kid string) x509util.WithOption { + return func(p x509util.Profile) error { + crt := p.Subject() + + b, err := asn1.Marshal(stepProvisionerASN1{ + Type: provisionerTypeJWK, + Name: []byte(name), + CredentialID: []byte(kid), + }) + if err != nil { + return err + } + crt.ExtraExtensions = append(crt.ExtraExtensions, pkix.Extension{ + Id: stepOIDProvisioner, + Critical: false, + Value: b, + }) + + return nil + } +} + func getCSR(t *testing.T, priv interface{}, opts ...func(*x509.CertificateRequest)) *x509.CertificateRequest { _csr := &x509.CertificateRequest{ Subject: pkix.Name{CommonName: "smallstep test"},