mbiryukova/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

Add more template data

Browse source
This commit is contained in:
Herman Slatman 2021-03-26 16:11:35 +01:00
parent b815478981
commit 9bda3c465a
No known key found for this signature in database
GPG key ID: F4D8A44EA0A75A4F
1 changed files with 27 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
scep/authority.go
View file

@ -4,7 +4,6 @@ import (
"context" "context"
"crypto/subtle" "crypto/subtle"
"crypto/x509" "crypto/x509"
"fmt"
"net/url" "net/url"
"github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/authority/provisioner"
@ -109,9 +108,9 @@ func (a *Authority) GetLinkExplicit(provName string, abs bool, baseURL *url.URL,
// URL dynamically obtained from the request for which the link is being calculated. // URL dynamically obtained from the request for which the link is being calculated.
func (a *Authority) getLinkExplicit(provisionerName string, abs bool, baseURL *url.URL, inputs ...string) string { func (a *Authority) getLinkExplicit(provisionerName string, abs bool, baseURL *url.URL, inputs ...string) string {
// TODO: do we need to provide a way to provide a different suffix/base? // TODO: do we need to provide a way to provide a different suffix?
// Like "/cgi-bin/pkiclient.exe"? Or would it be enough to have that as the name? // Like "/cgi-bin/pkiclient.exe"? Or would it be enough to have that as the name?
link := fmt.Sprintf("/%s", provisionerName) link := "/" + provisionerName
if abs { if abs {
// Copy the baseURL value from the pointer. https://github.com/golang/go/issues/38351 // Copy the baseURL value from the pointer. https://github.com/golang/go/issues/38351
@ -235,7 +234,31 @@ func (a *Authority) SignCSR(ctx context.Context, csr *x509.CertificateRequest, m
} }
// Template data // Template data
data := x509util.CreateTemplateData(csr.Subject.CommonName, csr.DNSNames) sans := []string{}
sans = append(sans, csr.DNSNames...)
sans = append(sans, csr.EmailAddresses...)
for _, v := range csr.IPAddresses {
sans = append(sans, v.String())
}
for _, v := range csr.URIs {
sans = append(sans, v.String())
}
if len(sans) == 0 {
sans = append(sans, csr.Subject.CommonName)
}
data := x509util.CreateTemplateData(csr.Subject.CommonName, sans)
data.SetCertificateRequest(csr)
data.SetSubject(x509util.Subject{
Country: csr.Subject.Country,
Organization: csr.Subject.Organization,
OrganizationalUnit: csr.Subject.OrganizationalUnit,
Locality: csr.Subject.Locality,
Province: csr.Subject.Province,
StreetAddress: csr.Subject.StreetAddress,
PostalCode: csr.Subject.PostalCode,
SerialNumber: csr.Subject.SerialNumber,
CommonName: csr.Subject.CommonName,
})
// Get authorizations from the SCEP provisioner. // Get authorizations from the SCEP provisioner.
ctx = provisioner.NewContextWithMethod(ctx, provisioner.SignMethod) ctx = provisioner.NewContextWithMethod(ctx, provisioner.SignMethod)