forked from TrueCloudLab/certificates
Change to a fixed fork of go.mozilla.org/pkcs7
Hopefully this will be a temporary change until the fix is merged in the upstream module.
This commit is contained in:
parent
3a5f633cdd
commit
9df5f513e7
4 changed files with 7 additions and 18 deletions
3
go.mod
3
go.mod
|
@ -21,6 +21,7 @@ require (
|
||||||
github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262
|
github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262
|
||||||
github.com/smallstep/nosql v0.3.6
|
github.com/smallstep/nosql v0.3.6
|
||||||
github.com/urfave/cli v1.22.4
|
github.com/urfave/cli v1.22.4
|
||||||
|
go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1
|
||||||
go.step.sm/cli-utils v0.1.0
|
go.step.sm/cli-utils v0.1.0
|
||||||
go.step.sm/crypto v0.7.3
|
go.step.sm/crypto v0.7.3
|
||||||
golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897
|
golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897
|
||||||
|
@ -34,3 +35,5 @@ require (
|
||||||
|
|
||||||
// replace github.com/smallstep/nosql => ../nosql
|
// replace github.com/smallstep/nosql => ../nosql
|
||||||
// replace go.step.sm/crypto => ../crypto
|
// replace go.step.sm/crypto => ../crypto
|
||||||
|
|
||||||
|
replace go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1 => github.com/omorsi/pkcs7 v0.0.0-20210217142924-a7b80a2a8568
|
||||||
|
|
2
go.sum
2
go.sum
|
@ -257,6 +257,8 @@ github.com/mitchellh/reflectwalk v1.0.0 h1:9D+8oIskB4VJBN5SFlmc27fSlIBZaov1Wpk/I
|
||||||
github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
|
github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
|
||||||
github.com/newrelic/go-agent v2.15.0+incompatible h1:IB0Fy+dClpBq9aEoIrLyQXzU34JyI1xVTanPLB/+jvU=
|
github.com/newrelic/go-agent v2.15.0+incompatible h1:IB0Fy+dClpBq9aEoIrLyQXzU34JyI1xVTanPLB/+jvU=
|
||||||
github.com/newrelic/go-agent v2.15.0+incompatible/go.mod h1:a8Fv1b/fYhFSReoTU6HDkTYIMZeSVNffmoS726Y0LzQ=
|
github.com/newrelic/go-agent v2.15.0+incompatible/go.mod h1:a8Fv1b/fYhFSReoTU6HDkTYIMZeSVNffmoS726Y0LzQ=
|
||||||
|
github.com/omorsi/pkcs7 v0.0.0-20210217142924-a7b80a2a8568 h1:+MPqEswjYiS0S1FCTg8MIhMBMzxiVQ94rooFwvPPiWk=
|
||||||
|
github.com/omorsi/pkcs7 v0.0.0-20210217142924-a7b80a2a8568/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk=
|
||||||
github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181zc=
|
github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181zc=
|
||||||
github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
|
github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
|
||||||
github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
|
github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
|
||||||
|
|
|
@ -82,7 +82,6 @@ func (h *Handler) Route(r api.Router) {
|
||||||
|
|
||||||
r.MethodFunc(http.MethodGet, getLink("{provisionerID}", false, nil), h.lookupProvisioner(h.Get))
|
r.MethodFunc(http.MethodGet, getLink("{provisionerID}", false, nil), h.lookupProvisioner(h.Get))
|
||||||
r.MethodFunc(http.MethodPost, getLink("{provisionerID}", false, nil), h.lookupProvisioner(h.Post))
|
r.MethodFunc(http.MethodPost, getLink("{provisionerID}", false, nil), h.lookupProvisioner(h.Post))
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get handles all SCEP GET requests
|
// Get handles all SCEP GET requests
|
||||||
|
@ -103,7 +102,7 @@ func (h *Handler) Get(w http.ResponseWriter, r *http.Request) {
|
||||||
case opnGetCACaps:
|
case opnGetCACaps:
|
||||||
response, err = h.GetCACaps(ctx)
|
response, err = h.GetCACaps(ctx)
|
||||||
case opnPKIOperation:
|
case opnPKIOperation:
|
||||||
// TODO: implement the GET for PKI operation
|
// TODO: implement the GET for PKI operation? Default CACAPS doesn't specify this is in use, though
|
||||||
default:
|
default:
|
||||||
err = fmt.Errorf("unknown operation: %s", request.Operation)
|
err = fmt.Errorf("unknown operation: %s", request.Operation)
|
||||||
}
|
}
|
||||||
|
@ -170,6 +169,7 @@ func decodeSCEPRequest(r *http.Request) (SCEPRequest, error) {
|
||||||
if _, ok := query["message"]; ok {
|
if _, ok := query["message"]; ok {
|
||||||
message = query.Get("message")
|
message = query.Get("message")
|
||||||
}
|
}
|
||||||
|
// TODO: verify this; it seems like it should be StdEncoding instead of URLEncoding
|
||||||
decodedMessage, err := base64.URLEncoding.DecodeString(message)
|
decodedMessage, err := base64.URLEncoding.DecodeString(message)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return SCEPRequest{}, err
|
return SCEPRequest{}, err
|
||||||
|
@ -269,8 +269,6 @@ func (h *Handler) PKIOperation(ctx context.Context, request SCEPRequest) (SCEPRe
|
||||||
|
|
||||||
response := SCEPResponse{Operation: opnPKIOperation}
|
response := SCEPResponse{Operation: opnPKIOperation}
|
||||||
|
|
||||||
fmt.Println("BEFORE PARSING")
|
|
||||||
|
|
||||||
microMsg, err := microscep.ParsePKIMessage(request.Message)
|
microMsg, err := microscep.ParsePKIMessage(request.Message)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return SCEPResponse{}, err
|
return SCEPResponse{}, err
|
||||||
|
@ -283,12 +281,7 @@ func (h *Handler) PKIOperation(ctx context.Context, request SCEPRequest) (SCEPRe
|
||||||
Raw: microMsg.Raw,
|
Raw: microMsg.Raw,
|
||||||
}
|
}
|
||||||
|
|
||||||
fmt.Println("len raw:", len(microMsg.Raw))
|
|
||||||
|
|
||||||
fmt.Println("AFTER PARSING")
|
|
||||||
|
|
||||||
if err := h.Auth.DecryptPKIEnvelope(ctx, msg); err != nil {
|
if err := h.Auth.DecryptPKIEnvelope(ctx, msg); err != nil {
|
||||||
fmt.Println("ERROR IN DECRYPTPKIENVELOPE")
|
|
||||||
return SCEPResponse{}, err
|
return SCEPResponse{}, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -312,8 +305,6 @@ func (h *Handler) PKIOperation(ctx context.Context, request SCEPRequest) (SCEPRe
|
||||||
response.Data = certRep.Raw
|
response.Data = certRep.Raw
|
||||||
response.Certificate = certRep.Certificate
|
response.Certificate = certRep.Certificate
|
||||||
|
|
||||||
fmt.Println("HERE!!!")
|
|
||||||
|
|
||||||
return response, nil
|
return response, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -205,8 +205,6 @@ func (a *Authority) DecryptPKIEnvelope(ctx context.Context, msg *PKIMessage) err
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
fmt.Println("len content:", len(p7.Content))
|
|
||||||
|
|
||||||
var tID microscep.TransactionID
|
var tID microscep.TransactionID
|
||||||
if err := p7.UnmarshalSignedAttribute(oidSCEPtransactionID, &tID); err != nil {
|
if err := p7.UnmarshalSignedAttribute(oidSCEPtransactionID, &tID); err != nil {
|
||||||
return err
|
return err
|
||||||
|
@ -225,11 +223,6 @@ func (a *Authority) DecryptPKIEnvelope(ctx context.Context, msg *PKIMessage) err
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
fmt.Println(tID)
|
|
||||||
fmt.Println(msgType)
|
|
||||||
|
|
||||||
fmt.Println("len p7c content:", len(p7c.Content))
|
|
||||||
|
|
||||||
envelope, err := p7c.Decrypt(a.intermediateCertificate, a.service.Decrypter)
|
envelope, err := p7c.Decrypt(a.intermediateCertificate, a.service.Decrypter)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
|
Loading…
Reference in a new issue