Make custom SCEP CA paths automagic

This commit is contained in:
Herman Slatman 2022-03-15 23:28:56 +01:00
parent a3cda9c3d7
commit 15477f6d7b
No known key found for this signature in database
GPG key ID: F4D8A44EA0A75A4F
2 changed files with 6 additions and 27 deletions

View file

@ -26,18 +26,10 @@ type SCEP struct {
// Numerical identifier for the ContentEncryptionAlgorithm as defined in github.com/mozilla-services/pkcs7 // Numerical identifier for the ContentEncryptionAlgorithm as defined in github.com/mozilla-services/pkcs7
// at https://github.com/mozilla-services/pkcs7/blob/33d05740a3526e382af6395d3513e73d4e66d1cb/encrypt.go#L63 // at https://github.com/mozilla-services/pkcs7/blob/33d05740a3526e382af6395d3513e73d4e66d1cb/encrypt.go#L63
// Defaults to 0, being DES-CBC // Defaults to 0, being DES-CBC
EncryptionAlgorithmIdentifier int `json:"encryptionAlgorithmIdentifier,omitempty"` EncryptionAlgorithmIdentifier int `json:"encryptionAlgorithmIdentifier,omitempty"`
// CustomPath is used to specify a custom path on which the SCEP provisioner will be made Options *Options `json:"options,omitempty"`
// available. By default a SCEP provisioner is available at Claims *Claims `json:"claims,omitempty"`
// https://<address>:<port>/scep/<provisionerName> and requests performed looking similar claimer *Claimer
// to https://<address>:<port>/scep/<provisionerName>?operations=GetCACert. When CustomPath
// is set, the SCEP URL will be https://<address>:<port>/scep/<provisionerName>/<customPath>,
// resulting in SCEP clients that expect a specific path, such as "/pkiclient.exe", to be
// able to interact with the SCEP provisioner.
CustomPath string `json:"customPath,omitempty"`
Options *Options `json:"options,omitempty"`
Claims *Claims `json:"claims,omitempty"`
claimer *Claimer
secretChallengePassword string secretChallengePassword string
encryptionAlgorithm int encryptionAlgorithm int

View file

@ -66,9 +66,9 @@ func New(scepAuth scep.Interface) api.RouterHandler {
// Route traffic and implement the Router interface. // Route traffic and implement the Router interface.
func (h *Handler) Route(r api.Router) { func (h *Handler) Route(r api.Router) {
getLink := h.Auth.GetLinkExplicit getLink := h.Auth.GetLinkExplicit
r.MethodFunc(http.MethodGet, getLink("{provisionerName}/{customPath}*", false, nil), h.lookupProvisioner(h.Get)) r.MethodFunc(http.MethodGet, getLink("{provisionerName}/*", false, nil), h.lookupProvisioner(h.Get))
r.MethodFunc(http.MethodGet, getLink("{provisionerName}", false, nil), h.lookupProvisioner(h.Get)) r.MethodFunc(http.MethodGet, getLink("{provisionerName}", false, nil), h.lookupProvisioner(h.Get))
r.MethodFunc(http.MethodPost, getLink("{provisionerName}/{customPath}*", false, nil), h.lookupProvisioner(h.Post)) r.MethodFunc(http.MethodPost, getLink("{provisionerName}/*", false, nil), h.lookupProvisioner(h.Post))
r.MethodFunc(http.MethodPost, getLink("{provisionerName}", false, nil), h.lookupProvisioner(h.Post)) r.MethodFunc(http.MethodPost, getLink("{provisionerName}", false, nil), h.lookupProvisioner(h.Post))
} }
@ -193,13 +193,6 @@ func (h *Handler) lookupProvisioner(next nextHTTP) nextHTTP {
return return
} }
customPathParam := chi.URLParam(r, "customPath")
customPath, err := url.PathUnescape(customPathParam)
if err != nil {
api.WriteError(w, err)
return
}
p, err := h.Auth.LoadProvisionerByName(provisionerName) p, err := h.Auth.LoadProvisionerByName(provisionerName)
if err != nil { if err != nil {
api.WriteError(w, err) api.WriteError(w, err)
@ -212,12 +205,6 @@ func (h *Handler) lookupProvisioner(next nextHTTP) nextHTTP {
return return
} }
configuredCustomPath := strings.Trim(prov.CustomPath, "/")
if customPath != configuredCustomPath {
api.WriteError(w, errors.Errorf("custom path requested '%s' is not the expected path '%s'", customPath, configuredCustomPath))
return
}
ctx := r.Context() ctx := r.Context()
ctx = context.WithValue(ctx, scep.ProvisionerContextKey, scep.Provisioner(prov)) ctx = context.WithValue(ctx, scep.ProvisionerContextKey, scep.Provisioner(prov))
next(w, r.WithContext(ctx)) next(w, r.WithContext(ctx))