Use always LoadProvisionerByCertificate on authority package

This commit is contained in:
Mariano Cano 2022-04-08 14:18:24 -07:00
parent 1d1e095447
commit af8fcf5b01
2 changed files with 27 additions and 4 deletions

View file

@ -282,8 +282,8 @@ func (a *Authority) authorizeRenew(cert *x509.Certificate) error {
if isRevoked { if isRevoked {
return errs.Unauthorized("authority.authorizeRenew: certificate has been revoked", opts...) return errs.Unauthorized("authority.authorizeRenew: certificate has been revoked", opts...)
} }
p, ok := a.provisioners.LoadByCertificate(cert) p, err := a.LoadProvisionerByCertificate(cert)
if !ok { if err != nil {
return errs.Unauthorized("authority.authorizeRenew: provisioner not found", opts...) return errs.Unauthorized("authority.authorizeRenew: provisioner not found", opts...)
} }
if err := p.AuthorizeRenew(context.Background(), cert); err != nil { if err := p.AuthorizeRenew(context.Background(), cert); err != nil {
@ -383,8 +383,8 @@ func (a *Authority) AuthorizeRenewToken(ctx context.Context, ott string) (*x509.
return nil, errs.InternalServerErr(err, errs.WithMessage("error validating renew token")) return nil, errs.InternalServerErr(err, errs.WithMessage("error validating renew token"))
} }
p, ok := a.provisioners.LoadByCertificate(leaf) p, err := a.LoadProvisionerByCertificate(leaf)
if !ok { if err != nil {
return nil, errs.Unauthorized("error validating renew token: cannot get provisioner from certificate") return nil, errs.Unauthorized("error validating renew token: cannot get provisioner from certificate")
} }
if err := a.UseToken(ott, p); err != nil { if err := a.UseToken(ott, p); err != nil {

View file

@ -847,6 +847,29 @@ func TestAuthority_authorizeRenew(t *testing.T) {
cert: fooCrt, cert: fooCrt,
} }
}, },
"ok/from db": func(t *testing.T) *authorizeTest {
a := testAuthority(t)
a.db = &db.MockAuthDB{
MIsRevoked: func(key string) (bool, error) {
return false, nil
},
MGetCertificateData: func(serialNumber string) (*db.CertificateData, error) {
p, ok := a.provisioners.LoadByName("step-cli")
if !ok {
t.Fatal("provisioner step-cli not found")
}
return &db.CertificateData{
Provisioner: &db.ProvisionerData{
ID: p.GetID(),
},
}, nil
},
}
return &authorizeTest{
auth: a,
cert: fooCrt,
}
},
} }
for name, genTestCase := range tests { for name, genTestCase := range tests {