mbiryukova/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

Add SCEPCHALLENGE as valid webhook type in admin API

Browse source
This commit is contained in:
Herman Slatman 2023-04-29 01:40:03 +02:00
parent 419478d1e5
commit ad4d8e6c68
No known key found for this signature in database
GPG key ID: F4D8A44EA0A75A4F
3 changed files with 27 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
authority/admin/api/webhook.go
View file

@ -57,9 +57,9 @@ func validateWebhook(webhook *linkedca.Webhook) error {
// kind // kind
switch webhook.Kind { switch webhook.Kind {
case linkedca.Webhook_ENRICHING, linkedca.Webhook_AUTHORIZING: case linkedca.Webhook_ENRICHING, linkedca.Webhook_AUTHORIZING, linkedca.Webhook_SCEPCHALLENGE:
default: default:
return admin.NewError(admin.ErrorBadRequestType, "webhook kind is invalid") return admin.NewError(admin.ErrorBadRequestType, "webhook kind %q is invalid", webhook.Kind)
} }
return nil return nil

20
authority/admin/api/webhook_test.go
View file

@ -180,6 +180,26 @@ func TestWebhookAdminResponder_CreateProvisionerWebhook(t *testing.T) {
statusCode: 400, statusCode: 400,
} }
}, },
"fail/unsupported-webhook-kind": func(t *testing.T) test {
prov := &linkedca.Provisioner{
Name: "provName",
}
ctx := linkedca.NewContextWithProvisioner(context.Background(), prov)
adminErr := admin.NewError(admin.ErrorBadRequestType, `(line 5:13): invalid value for enum type: "UNSUPPORTED"`)
adminErr.Message = `(line 5:13): invalid value for enum type: "UNSUPPORTED"`
body := []byte(`
{
"name": "metadata",
"url": "https://example.com",
"kind": "UNSUPPORTED",
}`)
return test{
ctx: ctx,
body: body,
err: adminErr,
statusCode: 400,
}
},
"fail/auth.UpdateProvisioner-error": func(t *testing.T) test { "fail/auth.UpdateProvisioner-error": func(t *testing.T) test {
adm := &linkedca.Admin{ adm := &linkedca.Admin{
Subject: "step", Subject: "step",

7
scep/api/webhook/webhook.go
View file

@ -54,8 +54,11 @@ func (c *Controller) Validate(ctx context.Context, challenge string) error {
return provisioner.ErrWebhookDenied return provisioner.ErrWebhookDenied
} }
// isCertTypeOK returns whether or not the webhook is for X.509 // isCertTypeOK returns whether or not the webhook can be used
// certificates. // with the SCEP challenge validation webhook controller.
func (c *Controller) isCertTypeOK(wh *provisioner.Webhook) bool { func (c *Controller) isCertTypeOK(wh *provisioner.Webhook) bool {
if wh.CertType == linkedca.Webhook_ALL.String() || wh.CertType == "" {
return true
}
return linkedca.Webhook_X509.String() == wh.CertType return linkedca.Webhook_X509.String() == wh.CertType
} }