alexvanin/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

Mask challenge password after it has been read

Browse source
This commit is contained in:
Herman Slatman 2021-04-16 14:09:34 +02:00
parent 0487686f69
commit 9787728fbd
No known key found for this signature in database
GPG key ID: F4D8A44EA0A75A4F
1 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
authority/provisioner/scep.go
View file

@ -20,6 +20,8 @@ type SCEP struct {
Options *Options `json:"options,omitempty"`
Claims *Claims `json:"claims,omitempty"`
claimer *Claimer
secretChallengePassword string
}
// GetID returns the provisioner unique identifier.
@ -73,6 +75,10 @@ func (s *SCEP) Init(config Config) (err error) {
return err
}
// Mask the actual challenge value, so it won't be marshalled
s.secretChallengePassword = s.ChallengePassword
s.ChallengePassword = "*** redacted ***"
// TODO: add other, SCEP specific, options?
return err
@ -95,7 +101,7 @@ func (s *SCEP) AuthorizeSign(ctx context.Context, token string) ([]SignOption, e
// GetChallengePassword returns the challenge password
func (s *SCEP) GetChallengePassword() string {
return s.ChallengePassword
return s.secretChallengePassword
}
// GetCapabilities returns the CA capabilities