Change to a fixed fork of go.mozilla.org/pkcs7

Hopefully this will be a temporary change until
the fix is merged in the upstream module.
This commit is contained in:
Herman Slatman 2021-03-06 22:35:41 +01:00
parent 3a5f633cdd
commit 9df5f513e7
No known key found for this signature in database
GPG key ID: F4D8A44EA0A75A4F
4 changed files with 7 additions and 18 deletions

3
go.mod
View file

@ -21,6 +21,7 @@ require (
github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262 github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262
github.com/smallstep/nosql v0.3.6 github.com/smallstep/nosql v0.3.6
github.com/urfave/cli v1.22.4 github.com/urfave/cli v1.22.4
go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1
go.step.sm/cli-utils v0.1.0 go.step.sm/cli-utils v0.1.0
go.step.sm/crypto v0.7.3 go.step.sm/crypto v0.7.3
golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897 golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897
@ -34,3 +35,5 @@ require (
// replace github.com/smallstep/nosql => ../nosql // replace github.com/smallstep/nosql => ../nosql
// replace go.step.sm/crypto => ../crypto // replace go.step.sm/crypto => ../crypto
replace go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1 => github.com/omorsi/pkcs7 v0.0.0-20210217142924-a7b80a2a8568

2
go.sum
View file

@ -257,6 +257,8 @@ github.com/mitchellh/reflectwalk v1.0.0 h1:9D+8oIskB4VJBN5SFlmc27fSlIBZaov1Wpk/I
github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
github.com/newrelic/go-agent v2.15.0+incompatible h1:IB0Fy+dClpBq9aEoIrLyQXzU34JyI1xVTanPLB/+jvU= github.com/newrelic/go-agent v2.15.0+incompatible h1:IB0Fy+dClpBq9aEoIrLyQXzU34JyI1xVTanPLB/+jvU=
github.com/newrelic/go-agent v2.15.0+incompatible/go.mod h1:a8Fv1b/fYhFSReoTU6HDkTYIMZeSVNffmoS726Y0LzQ= github.com/newrelic/go-agent v2.15.0+incompatible/go.mod h1:a8Fv1b/fYhFSReoTU6HDkTYIMZeSVNffmoS726Y0LzQ=
github.com/omorsi/pkcs7 v0.0.0-20210217142924-a7b80a2a8568 h1:+MPqEswjYiS0S1FCTg8MIhMBMzxiVQ94rooFwvPPiWk=
github.com/omorsi/pkcs7 v0.0.0-20210217142924-a7b80a2a8568/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk=
github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181zc= github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181zc=
github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=

View file

@ -82,7 +82,6 @@ func (h *Handler) Route(r api.Router) {
r.MethodFunc(http.MethodGet, getLink("{provisionerID}", false, nil), h.lookupProvisioner(h.Get)) r.MethodFunc(http.MethodGet, getLink("{provisionerID}", false, nil), h.lookupProvisioner(h.Get))
r.MethodFunc(http.MethodPost, getLink("{provisionerID}", false, nil), h.lookupProvisioner(h.Post)) r.MethodFunc(http.MethodPost, getLink("{provisionerID}", false, nil), h.lookupProvisioner(h.Post))
} }
// Get handles all SCEP GET requests // Get handles all SCEP GET requests
@ -103,7 +102,7 @@ func (h *Handler) Get(w http.ResponseWriter, r *http.Request) {
case opnGetCACaps: case opnGetCACaps:
response, err = h.GetCACaps(ctx) response, err = h.GetCACaps(ctx)
case opnPKIOperation: case opnPKIOperation:
// TODO: implement the GET for PKI operation // TODO: implement the GET for PKI operation? Default CACAPS doesn't specify this is in use, though
default: default:
err = fmt.Errorf("unknown operation: %s", request.Operation) err = fmt.Errorf("unknown operation: %s", request.Operation)
} }
@ -170,6 +169,7 @@ func decodeSCEPRequest(r *http.Request) (SCEPRequest, error) {
if _, ok := query["message"]; ok { if _, ok := query["message"]; ok {
message = query.Get("message") message = query.Get("message")
} }
// TODO: verify this; it seems like it should be StdEncoding instead of URLEncoding
decodedMessage, err := base64.URLEncoding.DecodeString(message) decodedMessage, err := base64.URLEncoding.DecodeString(message)
if err != nil { if err != nil {
return SCEPRequest{}, err return SCEPRequest{}, err
@ -269,8 +269,6 @@ func (h *Handler) PKIOperation(ctx context.Context, request SCEPRequest) (SCEPRe
response := SCEPResponse{Operation: opnPKIOperation} response := SCEPResponse{Operation: opnPKIOperation}
fmt.Println("BEFORE PARSING")
microMsg, err := microscep.ParsePKIMessage(request.Message) microMsg, err := microscep.ParsePKIMessage(request.Message)
if err != nil { if err != nil {
return SCEPResponse{}, err return SCEPResponse{}, err
@ -283,12 +281,7 @@ func (h *Handler) PKIOperation(ctx context.Context, request SCEPRequest) (SCEPRe
Raw: microMsg.Raw, Raw: microMsg.Raw,
} }
fmt.Println("len raw:", len(microMsg.Raw))
fmt.Println("AFTER PARSING")
if err := h.Auth.DecryptPKIEnvelope(ctx, msg); err != nil { if err := h.Auth.DecryptPKIEnvelope(ctx, msg); err != nil {
fmt.Println("ERROR IN DECRYPTPKIENVELOPE")
return SCEPResponse{}, err return SCEPResponse{}, err
} }
@ -312,8 +305,6 @@ func (h *Handler) PKIOperation(ctx context.Context, request SCEPRequest) (SCEPRe
response.Data = certRep.Raw response.Data = certRep.Raw
response.Certificate = certRep.Certificate response.Certificate = certRep.Certificate
fmt.Println("HERE!!!")
return response, nil return response, nil
} }

View file

@ -205,8 +205,6 @@ func (a *Authority) DecryptPKIEnvelope(ctx context.Context, msg *PKIMessage) err
return err return err
} }
fmt.Println("len content:", len(p7.Content))
var tID microscep.TransactionID var tID microscep.TransactionID
if err := p7.UnmarshalSignedAttribute(oidSCEPtransactionID, &tID); err != nil { if err := p7.UnmarshalSignedAttribute(oidSCEPtransactionID, &tID); err != nil {
return err return err
@ -225,11 +223,6 @@ func (a *Authority) DecryptPKIEnvelope(ctx context.Context, msg *PKIMessage) err
return err return err
} }
fmt.Println(tID)
fmt.Println(msgType)
fmt.Println("len p7c content:", len(p7c.Content))
envelope, err := p7c.Decrypt(a.intermediateCertificate, a.service.Decrypter) envelope, err := p7c.Decrypt(a.intermediateCertificate, a.service.Decrypter)
if err != nil { if err != nil {
return err return err