forked from TrueCloudLab/certificates
Make custom SCEP CA paths automagic
This commit is contained in:
parent
a3cda9c3d7
commit
15477f6d7b
2 changed files with 6 additions and 27 deletions
|
@ -26,18 +26,10 @@ type SCEP struct {
|
||||||
// Numerical identifier for the ContentEncryptionAlgorithm as defined in github.com/mozilla-services/pkcs7
|
// Numerical identifier for the ContentEncryptionAlgorithm as defined in github.com/mozilla-services/pkcs7
|
||||||
// at https://github.com/mozilla-services/pkcs7/blob/33d05740a3526e382af6395d3513e73d4e66d1cb/encrypt.go#L63
|
// at https://github.com/mozilla-services/pkcs7/blob/33d05740a3526e382af6395d3513e73d4e66d1cb/encrypt.go#L63
|
||||||
// Defaults to 0, being DES-CBC
|
// Defaults to 0, being DES-CBC
|
||||||
EncryptionAlgorithmIdentifier int `json:"encryptionAlgorithmIdentifier,omitempty"`
|
EncryptionAlgorithmIdentifier int `json:"encryptionAlgorithmIdentifier,omitempty"`
|
||||||
// CustomPath is used to specify a custom path on which the SCEP provisioner will be made
|
Options *Options `json:"options,omitempty"`
|
||||||
// available. By default a SCEP provisioner is available at
|
Claims *Claims `json:"claims,omitempty"`
|
||||||
// https://<address>:<port>/scep/<provisionerName> and requests performed looking similar
|
claimer *Claimer
|
||||||
// to https://<address>:<port>/scep/<provisionerName>?operations=GetCACert. When CustomPath
|
|
||||||
// is set, the SCEP URL will be https://<address>:<port>/scep/<provisionerName>/<customPath>,
|
|
||||||
// resulting in SCEP clients that expect a specific path, such as "/pkiclient.exe", to be
|
|
||||||
// able to interact with the SCEP provisioner.
|
|
||||||
CustomPath string `json:"customPath,omitempty"`
|
|
||||||
Options *Options `json:"options,omitempty"`
|
|
||||||
Claims *Claims `json:"claims,omitempty"`
|
|
||||||
claimer *Claimer
|
|
||||||
|
|
||||||
secretChallengePassword string
|
secretChallengePassword string
|
||||||
encryptionAlgorithm int
|
encryptionAlgorithm int
|
||||||
|
|
|
@ -66,9 +66,9 @@ func New(scepAuth scep.Interface) api.RouterHandler {
|
||||||
// Route traffic and implement the Router interface.
|
// Route traffic and implement the Router interface.
|
||||||
func (h *Handler) Route(r api.Router) {
|
func (h *Handler) Route(r api.Router) {
|
||||||
getLink := h.Auth.GetLinkExplicit
|
getLink := h.Auth.GetLinkExplicit
|
||||||
r.MethodFunc(http.MethodGet, getLink("{provisionerName}/{customPath}*", false, nil), h.lookupProvisioner(h.Get))
|
r.MethodFunc(http.MethodGet, getLink("{provisionerName}/*", false, nil), h.lookupProvisioner(h.Get))
|
||||||
r.MethodFunc(http.MethodGet, getLink("{provisionerName}", false, nil), h.lookupProvisioner(h.Get))
|
r.MethodFunc(http.MethodGet, getLink("{provisionerName}", false, nil), h.lookupProvisioner(h.Get))
|
||||||
r.MethodFunc(http.MethodPost, getLink("{provisionerName}/{customPath}*", false, nil), h.lookupProvisioner(h.Post))
|
r.MethodFunc(http.MethodPost, getLink("{provisionerName}/*", false, nil), h.lookupProvisioner(h.Post))
|
||||||
r.MethodFunc(http.MethodPost, getLink("{provisionerName}", false, nil), h.lookupProvisioner(h.Post))
|
r.MethodFunc(http.MethodPost, getLink("{provisionerName}", false, nil), h.lookupProvisioner(h.Post))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -193,13 +193,6 @@ func (h *Handler) lookupProvisioner(next nextHTTP) nextHTTP {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
customPathParam := chi.URLParam(r, "customPath")
|
|
||||||
customPath, err := url.PathUnescape(customPathParam)
|
|
||||||
if err != nil {
|
|
||||||
api.WriteError(w, err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
p, err := h.Auth.LoadProvisionerByName(provisionerName)
|
p, err := h.Auth.LoadProvisionerByName(provisionerName)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
api.WriteError(w, err)
|
api.WriteError(w, err)
|
||||||
|
@ -212,12 +205,6 @@ func (h *Handler) lookupProvisioner(next nextHTTP) nextHTTP {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
configuredCustomPath := strings.Trim(prov.CustomPath, "/")
|
|
||||||
if customPath != configuredCustomPath {
|
|
||||||
api.WriteError(w, errors.Errorf("custom path requested '%s' is not the expected path '%s'", customPath, configuredCustomPath))
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
ctx := r.Context()
|
ctx := r.Context()
|
||||||
ctx = context.WithValue(ctx, scep.ProvisionerContextKey, scep.Provisioner(prov))
|
ctx = context.WithValue(ctx, scep.ProvisionerContextKey, scep.Provisioner(prov))
|
||||||
next(w, r.WithContext(ctx))
|
next(w, r.WithContext(ctx))
|
||||||
|
|
Loading…
Reference in a new issue