forked from TrueCloudLab/certificates
Fix linter errors
This commit is contained in:
parent
a8a4261980
commit
9147356d8a
7 changed files with 29 additions and 48 deletions
|
@ -40,7 +40,7 @@ type payloadInfo struct {
|
|||
|
||||
// HandlerOptions required to create a new ACME API request handler.
|
||||
type HandlerOptions struct {
|
||||
// DB storage backend that impements the acme.DB interface.
|
||||
// DB storage backend that implements the acme.DB interface.
|
||||
//
|
||||
// Deprecated: use acme.NewContex(context.Context, acme.DB)
|
||||
DB acme.DB
|
||||
|
@ -50,7 +50,7 @@ type HandlerOptions struct {
|
|||
// Deprecated: use authority.NewContext(context.Context, *authority.Authority)
|
||||
CA acme.CertificateAuthority
|
||||
|
||||
// Backdate is the duration that the CA will substract from the current time
|
||||
// Backdate is the duration that the CA will subtract from the current time
|
||||
// to set the NotBefore in the certificate.
|
||||
Backdate provisioner.Duration
|
||||
|
||||
|
|
|
@ -31,7 +31,7 @@ type mockClient struct {
|
|||
tlsDial func(network, addr string, config *tls.Config) (*tls.Conn, error)
|
||||
}
|
||||
|
||||
func (m *mockClient) Get(url string) (*http.Response, error) { return m.get(url) }
|
||||
func (m *mockClient) Get(u string) (*http.Response, error) { return m.get(u) }
|
||||
func (m *mockClient) LookupTxt(name string) ([]string, error) { return m.lookupTxt(name) }
|
||||
func (m *mockClient) TLSDial(network, addr string, config *tls.Config) (*tls.Conn, error) {
|
||||
return m.tlsDial(network, addr, config)
|
||||
|
|
|
@ -37,11 +37,11 @@ func ClientFromContext(ctx context.Context) (c Client, ok bool) {
|
|||
// MustClientFromContext returns the current client from the given context. It will
|
||||
// return a new instance of the client if it does not exist.
|
||||
func MustClientFromContext(ctx context.Context) Client {
|
||||
if c, ok := ClientFromContext(ctx); !ok {
|
||||
c, ok := ClientFromContext(ctx)
|
||||
if !ok {
|
||||
return NewClient()
|
||||
} else {
|
||||
return c
|
||||
}
|
||||
return c
|
||||
}
|
||||
|
||||
type client struct {
|
||||
|
|
|
@ -40,10 +40,6 @@ func Route(r api.Router, acmeResponder acmeAdminResponderInterface) {
|
|||
return extractAuthorizeTokenAdmin(requireAPIEnabled(next))
|
||||
}
|
||||
|
||||
requireEABEnabled := func(next nextHTTP) nextHTTP {
|
||||
return requireEABEnabled(next)
|
||||
}
|
||||
|
||||
// Provisioners
|
||||
r.MethodFunc("GET", "/provisioners/{name}", authnz(GetProvisioner))
|
||||
r.MethodFunc("GET", "/provisioners", authnz(GetProvisioners))
|
||||
|
|
5
ca/ca.go
5
ca/ca.go
|
@ -230,13 +230,12 @@ func (ca *CA) Init(cfg *config.Config) (*CA, error) {
|
|||
if err != nil {
|
||||
return nil, errors.Wrap(err, "error creating SCEP authority")
|
||||
}
|
||||
scepRouterHandler := scepAPI.New(scepAuthority)
|
||||
|
||||
// According to the RFC (https://tools.ietf.org/html/rfc8894#section-7.10),
|
||||
// SCEP operations are performed using HTTP, so that's why the API is mounted
|
||||
// to the insecure mux.
|
||||
insecureMux.Route("/"+scepPrefix, func(r chi.Router) {
|
||||
scepRouterHandler.Route(r)
|
||||
scepAPI.Route(r)
|
||||
})
|
||||
|
||||
// The RFC also mentions usage of HTTPS, but seems to advise
|
||||
|
@ -246,7 +245,7 @@ func (ca *CA) Init(cfg *config.Config) (*CA, error) {
|
|||
// as well as HTTPS can be used to request certificates
|
||||
// using SCEP.
|
||||
mux.Route("/"+scepPrefix, func(r chi.Router) {
|
||||
scepRouterHandler.Route(r)
|
||||
scepAPI.Route(r)
|
||||
})
|
||||
}
|
||||
|
||||
|
|
|
@ -38,8 +38,8 @@ type request struct {
|
|||
Message []byte
|
||||
}
|
||||
|
||||
// response is a SCEP server response.
|
||||
type response struct {
|
||||
// Response is a SCEP server Response.
|
||||
type Response struct {
|
||||
Operation string
|
||||
CACertNum int
|
||||
Data []byte
|
||||
|
@ -81,7 +81,7 @@ func Get(w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
ctx := r.Context()
|
||||
var res response
|
||||
var res Response
|
||||
|
||||
switch req.Operation {
|
||||
case opnGetCACert:
|
||||
|
@ -110,7 +110,7 @@ func Post(w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
var res response
|
||||
var res Response
|
||||
switch req.Operation {
|
||||
case opnPKIOperation:
|
||||
res, err = PKIOperation(r.Context(), req)
|
||||
|
@ -207,18 +207,18 @@ func lookupProvisioner(next http.HandlerFunc) http.HandlerFunc {
|
|||
}
|
||||
|
||||
// GetCACert returns the CA certificates in a SCEP response
|
||||
func GetCACert(ctx context.Context) (response, error) {
|
||||
func GetCACert(ctx context.Context) (Response, error) {
|
||||
auth := scep.MustFromContext(ctx)
|
||||
certs, err := auth.GetCACertificates(ctx)
|
||||
if err != nil {
|
||||
return response{}, err
|
||||
return Response{}, err
|
||||
}
|
||||
|
||||
if len(certs) == 0 {
|
||||
return response{}, errors.New("missing CA cert")
|
||||
return Response{}, errors.New("missing CA cert")
|
||||
}
|
||||
|
||||
res := response{
|
||||
res := Response{
|
||||
Operation: opnGetCACert,
|
||||
CACertNum: len(certs),
|
||||
}
|
||||
|
@ -231,7 +231,7 @@ func GetCACert(ctx context.Context) (response, error) {
|
|||
// not signed or encrypted data has to be returned.
|
||||
data, err := microscep.DegenerateCertificates(certs)
|
||||
if err != nil {
|
||||
return response{}, err
|
||||
return Response{}, err
|
||||
}
|
||||
res.Data = data
|
||||
}
|
||||
|
@ -240,11 +240,11 @@ func GetCACert(ctx context.Context) (response, error) {
|
|||
}
|
||||
|
||||
// GetCACaps returns the CA capabilities in a SCEP response
|
||||
func GetCACaps(ctx context.Context) (response, error) {
|
||||
func GetCACaps(ctx context.Context) (Response, error) {
|
||||
auth := scep.MustFromContext(ctx)
|
||||
caps := auth.GetCACaps(ctx)
|
||||
|
||||
res := response{
|
||||
res := Response{
|
||||
Operation: opnGetCACaps,
|
||||
Data: formatCapabilities(caps),
|
||||
}
|
||||
|
@ -253,12 +253,12 @@ func GetCACaps(ctx context.Context) (response, error) {
|
|||
}
|
||||
|
||||
// PKIOperation performs PKI operations and returns a SCEP response
|
||||
func PKIOperation(ctx context.Context, req request) (response, error) {
|
||||
func PKIOperation(ctx context.Context, req request) (Response, error) {
|
||||
// parse the message using microscep implementation
|
||||
microMsg, err := microscep.ParsePKIMessage(req.Message)
|
||||
if err != nil {
|
||||
// return the error, because we can't use the msg for creating a CertRep
|
||||
return response{}, err
|
||||
return Response{}, err
|
||||
}
|
||||
|
||||
// this is essentially doing the same as microscep.ParsePKIMessage, but
|
||||
|
@ -266,7 +266,7 @@ func PKIOperation(ctx context.Context, req request) (response, error) {
|
|||
// wrapper for the microscep implementation.
|
||||
p7, err := pkcs7.Parse(microMsg.Raw)
|
||||
if err != nil {
|
||||
return response{}, err
|
||||
return Response{}, err
|
||||
}
|
||||
|
||||
// copy over properties to our internal PKIMessage
|
||||
|
@ -280,7 +280,7 @@ func PKIOperation(ctx context.Context, req request) (response, error) {
|
|||
|
||||
auth := scep.MustFromContext(ctx)
|
||||
if err := auth.DecryptPKIEnvelope(ctx, msg); err != nil {
|
||||
return response{}, err
|
||||
return Response{}, err
|
||||
}
|
||||
|
||||
// NOTE: at this point we have sufficient information for returning nicely signed CertReps
|
||||
|
@ -315,7 +315,7 @@ func PKIOperation(ctx context.Context, req request) (response, error) {
|
|||
return createFailureResponse(ctx, csr, msg, microscep.BadRequest, fmt.Errorf("error when signing new certificate: %w", err))
|
||||
}
|
||||
|
||||
res := response{
|
||||
res := Response{
|
||||
Operation: opnPKIOperation,
|
||||
Data: certRep.Raw,
|
||||
Certificate: certRep.Certificate,
|
||||
|
@ -329,7 +329,7 @@ func formatCapabilities(caps []string) []byte {
|
|||
}
|
||||
|
||||
// writeResponse writes a SCEP response back to the SCEP client.
|
||||
func writeResponse(w http.ResponseWriter, res response) {
|
||||
func writeResponse(w http.ResponseWriter, res Response) {
|
||||
|
||||
if res.Error != nil {
|
||||
log.Error(w, res.Error)
|
||||
|
@ -349,20 +349,20 @@ func fail(w http.ResponseWriter, err error) {
|
|||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
}
|
||||
|
||||
func createFailureResponse(ctx context.Context, csr *x509.CertificateRequest, msg *scep.PKIMessage, info microscep.FailInfo, failError error) (response, error) {
|
||||
func createFailureResponse(ctx context.Context, csr *x509.CertificateRequest, msg *scep.PKIMessage, info microscep.FailInfo, failError error) (Response, error) {
|
||||
auth := scep.MustFromContext(ctx)
|
||||
certRepMsg, err := auth.CreateFailureResponse(ctx, csr, msg, scep.FailInfoName(info), failError.Error())
|
||||
if err != nil {
|
||||
return response{}, err
|
||||
return Response{}, err
|
||||
}
|
||||
return response{
|
||||
return Response{
|
||||
Operation: opnPKIOperation,
|
||||
Data: certRepMsg.Raw,
|
||||
Error: failError,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func contentHeader(r response) string {
|
||||
func contentHeader(r Response) string {
|
||||
switch r.Operation {
|
||||
default:
|
||||
return "text/plain"
|
||||
|
|
|
@ -63,20 +63,6 @@ type AuthorityOptions struct {
|
|||
Prefix string
|
||||
}
|
||||
|
||||
type optionsKey struct{}
|
||||
|
||||
func newOptionsContext(ctx context.Context, o *AuthorityOptions) context.Context {
|
||||
return context.WithValue(ctx, optionsKey{}, o)
|
||||
}
|
||||
|
||||
func optionsFromContext(ctx context.Context) *AuthorityOptions {
|
||||
o, ok := ctx.Value(optionsKey{}).(*AuthorityOptions)
|
||||
if !ok {
|
||||
panic("scep options are not in the context")
|
||||
}
|
||||
return o
|
||||
}
|
||||
|
||||
// SignAuthority is the interface for a signing authority
|
||||
type SignAuthority interface {
|
||||
Sign(cr *x509.CertificateRequest, opts provisioner.SignOptions, signOpts ...provisioner.SignOption) ([]*x509.Certificate, error)
|
||||
|
|
Loading…
Add table
Reference in a new issue