Add noop provisioner and use it if a provisioner cannot been found from a cert.

This commit is contained in:
Mariano Cano 2019-03-07 16:05:13 -08:00
parent 47817ab212
commit 9f7f871f25
2 changed files with 42 additions and 2 deletions

View file

@ -80,7 +80,7 @@ func (c *Collection) LoadByToken(token *jose.JSONWebToken, claims *jose.Claims)
return c.Load(payload.Audience[0])
}
// LoadByCertificate lookds for the provisioner extension and extracts the
// LoadByCertificate looks for the provisioner extension and extracts the
// proper id to load the provisioner.
func (c *Collection) LoadByCertificate(cert *x509.Certificate) (Interface, bool) {
for _, e := range cert.Extensions {
@ -95,7 +95,10 @@ func (c *Collection) LoadByCertificate(cert *x509.Certificate) (Interface, bool)
return c.Load(string(provisioner.CredentialID))
}
}
return nil, false
// Default to noop provisioner if an extension is not found. This allows to
// accept a renewal of a cert without the provisioner extension.
return &noop{}, true
}
// LoadEncryptedKey returns a the encrypted key by KeyID. At this moment only

View file

@ -0,0 +1,37 @@
package provisioner
import "crypto/x509"
// noop provisioners is a provisioner that accepts anything.
type noop struct{}
func (p *noop) GetID() string {
return "noop"
}
func (p *noop) GetName() string {
return "noop"
}
func (p *noop) GetType() Type {
return noopType
}
func (p *noop) GetEncryptedKey() (kid string, key string, ok bool) {
return "", "", false
}
func (p *noop) Init(config Config) error {
return nil
}
func (p *noop) Authorize(token string) ([]SignOption, error) {
return []SignOption{}, nil
}
func (p *noop) AuthorizeRenewal(cert *x509.Certificate) error {
return nil
}
func (p *noop) AuthorizeRevoke(token string) error {
return nil
}