forked from TrueCloudLab/certificates
Fix PR comments
This commit is contained in:
Herman Slatman
parent
47a8a3c463
commit
004fc054d5
2 changed files with 6 additions and 7 deletions
|
|
@ -101,16 +101,16 @@ func (h *Handler) Route(r api.Router) {
|
|||
r.MethodFunc("HEAD", getPath(DirectoryLinkType, "{provisionerID}"), h.baseURLFromRequest(h.lookupProvisioner(h.GetDirectory)))
|
||||
|
||||
validatingMiddleware := func(next nextHTTP) nextHTTP {
|
||||
return h.baseURLFromRequest(h.lookupProvisioner(h.addNonce(h.addDirLink(h.verifyContentType(h.parseJWS(next))))))
|
||||
return h.baseURLFromRequest(h.lookupProvisioner(h.addNonce(h.addDirLink(h.verifyContentType(h.parseJWS(h.validateJWS(next)))))))
|
||||
}
|
||||
extractPayloadByJWK := func(next nextHTTP) nextHTTP {
|
||||
return validatingMiddleware(h.validateJWS(h.extractJWK(h.verifyAndExtractJWSPayload(next))))
|
||||
return validatingMiddleware(h.extractJWK(h.verifyAndExtractJWSPayload(next)))
|
||||
}
|
||||
extractPayloadByKid := func(next nextHTTP) nextHTTP {
|
||||
return validatingMiddleware(h.validateJWS(h.lookupJWK(h.verifyAndExtractJWSPayload(next))))
|
||||
return validatingMiddleware(h.lookupJWK(h.verifyAndExtractJWSPayload(next)))
|
||||
}
|
||||
extractPayloadByKidOrJWK := func(next nextHTTP) nextHTTP {
|
||||
return validatingMiddleware(h.validateJWS(h.extractOrLookupJWK(h.verifyAndExtractJWSPayload(next))))
|
||||
return validatingMiddleware(h.extractOrLookupJWK(h.verifyAndExtractJWSPayload(next)))
|
||||
}
|
||||
|
||||
r.MethodFunc("POST", getPath(NewAccountLinkType, "{provisionerID}"), extractPayloadByJWK(h.NewAccount))
|
||||
|
|
|
|||
|
|
@ -205,7 +205,7 @@ func identifierKey(identifier acme.Identifier) string {
|
|||
}
|
||||
|
||||
// extractIdentifiers extracts ACME identifiers from an x509 certificate and
|
||||
// creates a map from them. The map ensures that double SANs are deduplicated.
|
||||
// creates a map from them. The map ensures that duplicate SANs are deduplicated.
|
||||
// The Subject CommonName is included, because RFC8555 7.4 states that DNS
|
||||
// identifiers can come from either the CommonName or a DNS SAN or both. When
|
||||
// authorizing issuance, the DNS identifier must be in the request and will be
|
||||
|
|
@ -227,7 +227,6 @@ func extractIdentifiers(cert *x509.Certificate) map[string]acme.Identifier {
|
|||
}
|
||||
result[identifierKey(identifier)] = identifier
|
||||
}
|
||||
// TODO(hs): should we include the CommonName or not?
|
||||
if cert.Subject.CommonName != "" {
|
||||
identifier := acme.Identifier{
|
||||
// assuming only DNS can be in Common Name (RFC8555, 7.4); RFC8738
|
||||
|
|
@ -302,7 +301,7 @@ func validateReasonCode(reasonCode *int) *acme.Error {
|
|||
return nil
|
||||
}
|
||||
|
||||
// revokeOptions determines the the RevokeOptions for the Authority to use in revocation
|
||||
// revokeOptions determines the RevokeOptions for the Authority to use in revocation
|
||||
func revokeOptions(serial string, certToBeRevoked *x509.Certificate, reasonCode *int) *authority.RevokeOptions {
|
||||
opts := &authority.RevokeOptions{
|
||||
Serial: serial,
|
||||
|
|
|
|||
Loading…
Reference in a new issue