forked from TrueCloudLab/certificates
Add noop provisioner and use it if a provisioner cannot been found from a cert.
This commit is contained in:
parent
47817ab212
commit
9f7f871f25
2 changed files with 42 additions and 2 deletions
|
@ -80,7 +80,7 @@ func (c *Collection) LoadByToken(token *jose.JSONWebToken, claims *jose.Claims)
|
||||||
return c.Load(payload.Audience[0])
|
return c.Load(payload.Audience[0])
|
||||||
}
|
}
|
||||||
|
|
||||||
// LoadByCertificate lookds for the provisioner extension and extracts the
|
// LoadByCertificate looks for the provisioner extension and extracts the
|
||||||
// proper id to load the provisioner.
|
// proper id to load the provisioner.
|
||||||
func (c *Collection) LoadByCertificate(cert *x509.Certificate) (Interface, bool) {
|
func (c *Collection) LoadByCertificate(cert *x509.Certificate) (Interface, bool) {
|
||||||
for _, e := range cert.Extensions {
|
for _, e := range cert.Extensions {
|
||||||
|
@ -95,7 +95,10 @@ func (c *Collection) LoadByCertificate(cert *x509.Certificate) (Interface, bool)
|
||||||
return c.Load(string(provisioner.CredentialID))
|
return c.Load(string(provisioner.CredentialID))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return nil, false
|
|
||||||
|
// Default to noop provisioner if an extension is not found. This allows to
|
||||||
|
// accept a renewal of a cert without the provisioner extension.
|
||||||
|
return &noop{}, true
|
||||||
}
|
}
|
||||||
|
|
||||||
// LoadEncryptedKey returns a the encrypted key by KeyID. At this moment only
|
// LoadEncryptedKey returns a the encrypted key by KeyID. At this moment only
|
||||||
|
|
37
authority/provisioner/noop.go
Normal file
37
authority/provisioner/noop.go
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
package provisioner
|
||||||
|
|
||||||
|
import "crypto/x509"
|
||||||
|
|
||||||
|
// noop provisioners is a provisioner that accepts anything.
|
||||||
|
type noop struct{}
|
||||||
|
|
||||||
|
func (p *noop) GetID() string {
|
||||||
|
return "noop"
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *noop) GetName() string {
|
||||||
|
return "noop"
|
||||||
|
}
|
||||||
|
func (p *noop) GetType() Type {
|
||||||
|
return noopType
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *noop) GetEncryptedKey() (kid string, key string, ok bool) {
|
||||||
|
return "", "", false
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *noop) Init(config Config) error {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *noop) Authorize(token string) ([]SignOption, error) {
|
||||||
|
return []SignOption{}, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *noop) AuthorizeRenewal(cert *x509.Certificate) error {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *noop) AuthorizeRevoke(token string) error {
|
||||||
|
return nil
|
||||||
|
}
|
Loading…
Reference in a new issue