mbiryukova/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

Fix remaining gocritic remarks

Browse source
This commit is contained in:
Herman Slatman 2021-10-11 23:34:23 +02:00
parent a4660f73fa
commit dd4b4b0435
No known key found for this signature in database
GPG key ID: F4D8A44EA0A75A4F
7 changed files with 103 additions and 110 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
acme/api/account_test.go
View file

@ -69,12 +69,12 @@ const noKeyID = keyID("")
// jwsEncodeEAB creates a JWS payload for External Account Binding according to RFC 8555 §7.3.4. // jwsEncodeEAB creates a JWS payload for External Account Binding according to RFC 8555 §7.3.4.
// Implementation taken from github.com/mholt/acmez // Implementation taken from github.com/mholt/acmez
func jwsEncodeEAB(accountKey crypto.PublicKey, hmacKey []byte, kid keyID, url string) ([]byte, error) { func jwsEncodeEAB(accountKey crypto.PublicKey, hmacKey []byte, kid keyID, u string) ([]byte, error) {
// §7.3.4: "The 'alg' field MUST indicate a MAC-based algorithm" // §7.3.4: "The 'alg' field MUST indicate a MAC-based algorithm"
alg, sha := "HS256", crypto.SHA256 alg, sha := "HS256", crypto.SHA256
// §7.3.4: "The 'nonce' field MUST NOT be present" // §7.3.4: "The 'nonce' field MUST NOT be present"
phead, err := jwsHead(alg, "", url, kid, nil) phead, err := jwsHead(alg, "", u, kid, nil)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -99,7 +99,7 @@ func jwsEncodeEAB(accountKey crypto.PublicKey, hmacKey []byte, kid keyID, url st
// Since jwk and kid are mutually-exclusive, the jwk will be encoded // Since jwk and kid are mutually-exclusive, the jwk will be encoded
// only if kid is empty. If nonce is empty, it will not be encoded. // only if kid is empty. If nonce is empty, it will not be encoded.
// Implementation taken from github.com/mholt/acmez // Implementation taken from github.com/mholt/acmez
func jwsHead(alg, nonce, url string, kid keyID, key crypto.Signer) (string, error) { func jwsHead(alg, nonce, u string, kid keyID, key crypto.Signer) (string, error) {
phead := fmt.Sprintf(`{"alg":%q`, alg) phead := fmt.Sprintf(`{"alg":%q`, alg)
if kid == noKeyID { if kid == noKeyID {
jwk, err := jwkEncode(key.Public()) jwk, err := jwkEncode(key.Public())
@ -113,7 +113,7 @@ func jwsHead(alg, nonce, url string, kid keyID, key crypto.Signer) (string, erro
if nonce != "" { if nonce != "" {
phead += fmt.Sprintf(`,"nonce":%q`, nonce) phead += fmt.Sprintf(`,"nonce":%q`, nonce)
} }
phead += fmt.Sprintf(`,"url":%q}`, url) phead += fmt.Sprintf(`,"url":%q}`, u)
phead = base64.RawURLEncoding.EncodeToString([]byte(phead)) phead = base64.RawURLEncoding.EncodeToString([]byte(phead))
return phead, nil return phead, nil
} }
@ -684,7 +684,7 @@ func TestHandler_NewAccount(t *testing.T) {
assert.Equals(t, acc.Key, jwk) assert.Equals(t, acc.Key, jwk)
return nil return nil
}, },
MockGetExternalAccountKey: func(ctx context.Context, provisionerName string, keyID string) (*acme.ExternalAccountKey, error) { MockGetExternalAccountKey: func(ctx context.Context, provisionerName, keyID string) (*acme.ExternalAccountKey, error) {
return &acme.ExternalAccountKey{ return &acme.ExternalAccountKey{
ID: "eakID", ID: "eakID",
Provisioner: escProvName, Provisioner: escProvName,
@ -1058,7 +1058,7 @@ func TestHandler_validateExternalAccountBinding(t *testing.T) {
createdAt := time.Now() createdAt := time.Now()
return test{ return test{
db: &acme.MockDB{ db: &acme.MockDB{
MockGetExternalAccountKey: func(ctx context.Context, provisionerName string, keyID string) (*acme.ExternalAccountKey, error) { MockGetExternalAccountKey: func(ctx context.Context, provisionerName, keyID string) (*acme.ExternalAccountKey, error) {
return &acme.ExternalAccountKey{ return &acme.ExternalAccountKey{
ID: "eakID", ID: "eakID",
Provisioner: escProvName, Provisioner: escProvName,
@ -1091,7 +1091,7 @@ func TestHandler_validateExternalAccountBinding(t *testing.T) {
eab := &ExternalAccountBinding{} eab := &ExternalAccountBinding{}
err = json.Unmarshal(eabJWS, &eab) err = json.Unmarshal(eabJWS, &eab)
assert.FatalError(t, err) assert.FatalError(t, err)
eab.Payload = eab.Payload + "{}" eab.Payload += "{}"
prov := newACMEProv(t) prov := newACMEProv(t)
prov.RequireEAB = true prov.RequireEAB = true
ctx := context.WithValue(context.Background(), jwkContextKey, jwk) ctx := context.WithValue(context.Background(), jwkContextKey, jwk)
@ -1149,7 +1149,7 @@ func TestHandler_validateExternalAccountBinding(t *testing.T) {
ctx = context.WithValue(ctx, provisionerContextKey, prov) ctx = context.WithValue(ctx, provisionerContextKey, prov)
return test{ return test{
db: &acme.MockDB{ db: &acme.MockDB{
MockGetExternalAccountKey: func(ctx context.Context, provisionerName string, keyID string) (*acme.ExternalAccountKey, error) { MockGetExternalAccountKey: func(ctx context.Context, provisionerName, keyID string) (*acme.ExternalAccountKey, error) {
return nil, acme.NewErrorISE("error retrieving external account key") return nil, acme.NewErrorISE("error retrieving external account key")
}, },
}, },
@ -1205,7 +1205,7 @@ func TestHandler_validateExternalAccountBinding(t *testing.T) {
boundAt := time.Now().Add(1 * time.Second) boundAt := time.Now().Add(1 * time.Second)
return test{ return test{
db: &acme.MockDB{ db: &acme.MockDB{
MockGetExternalAccountKey: func(ctx context.Context, provisionerName string, keyID string) (*acme.ExternalAccountKey, error) { MockGetExternalAccountKey: func(ctx context.Context, provisionerName, keyID string) (*acme.ExternalAccountKey, error) {
return &acme.ExternalAccountKey{ return &acme.ExternalAccountKey{
ID: "eakID", ID: "eakID",
Provisioner: escProvName, Provisioner: escProvName,
@ -1240,7 +1240,7 @@ func TestHandler_validateExternalAccountBinding(t *testing.T) {
ctx = context.WithValue(ctx, provisionerContextKey, prov) ctx = context.WithValue(ctx, provisionerContextKey, prov)
return test{ return test{
db: &acme.MockDB{ db: &acme.MockDB{
MockGetExternalAccountKey: func(ctx context.Context, provisionerName string, keyID string) (*acme.ExternalAccountKey, error) { MockGetExternalAccountKey: func(ctx context.Context, provisionerName, keyID string) (*acme.ExternalAccountKey, error) {
return &acme.ExternalAccountKey{ return &acme.ExternalAccountKey{
ID: "eakID", ID: "eakID",
Provisioner: escProvName, Provisioner: escProvName,
@ -1276,7 +1276,7 @@ func TestHandler_validateExternalAccountBinding(t *testing.T) {
ctx = context.WithValue(ctx, provisionerContextKey, prov) ctx = context.WithValue(ctx, provisionerContextKey, prov)
return test{ return test{
db: &acme.MockDB{ db: &acme.MockDB{
MockGetExternalAccountKey: func(ctx context.Context, provisionerName string, keyID string) (*acme.ExternalAccountKey, error) { MockGetExternalAccountKey: func(ctx context.Context, provisionerName, keyID string) (*acme.ExternalAccountKey, error) {
return &acme.ExternalAccountKey{ return &acme.ExternalAccountKey{
ID: "eakID", ID: "eakID",
Provisioner: escProvName, Provisioner: escProvName,

7
acme/challenge.go
View file

@ -26,8 +26,11 @@ import (
type ChallengeType string type ChallengeType string
const ( const (
HTTP01 ChallengeType = "http-01" // HTTP-01 challenge type
DNS01 ChallengeType = "dns-01" HTTP01 ChallengeType = "http-01"
// DNS-01 challenge type
DNS01 ChallengeType = "dns-01"
// TLS-ALPN-01 challenge type
TLSALPN01 ChallengeType = "tls-alpn-01" TLSALPN01 ChallengeType = "tls-alpn-01"
) )

4
acme/db/nosql/account.go
View file

@ -190,7 +190,7 @@ func (db *DB) CreateExternalAccountKey(ctx context.Context, provisionerName, ref
CreatedAt: clock.Now(), CreatedAt: clock.Now(),
} }
if err = db.save(ctx, keyID, dbeak, nil, "external_account_key", externalAccountKeyTable); err != nil { if err := db.save(ctx, keyID, dbeak, nil, "external_account_key", externalAccountKeyTable); err != nil {
return nil, err return nil, err
} }
@ -199,7 +199,7 @@ func (db *DB) CreateExternalAccountKey(ctx context.Context, provisionerName, ref
Reference: dbeak.Reference, Reference: dbeak.Reference,
ExternalAccountKeyID: dbeak.ID, ExternalAccountKeyID: dbeak.ID,
} }
if err = db.save(ctx, dbeak.Reference, dbExternalAccountKeyReference, nil, "external_account_key_reference", externalAccountKeysByReferenceTable); err != nil { if err := db.save(ctx, dbeak.Reference, dbExternalAccountKeyReference, nil, "external_account_key_reference", externalAccountKeysByReferenceTable); err != nil {
return nil, err return nil, err
} }
} }

144
acme/db/nosql/account_test.go
View file

@ -771,8 +771,8 @@ func TestDB_getDBExternalAccountKey(t *testing.T) {
for name, run := range tests { for name, run := range tests {
tc := run(t) tc := run(t)
t.Run(name, func(t *testing.T) { t.Run(name, func(t *testing.T) {
db := DB{db: tc.db} d := DB{db: tc.db}
if dbeak, err := db.getDBExternalAccountKey(context.Background(), keyID); err != nil { if dbeak, err := d.getDBExternalAccountKey(context.Background(), keyID); err != nil {
switch k := err.(type) { switch k := err.(type) {
case *acme.Error: case *acme.Error:
if assert.NotNil(t, tc.acmeErr) { if assert.NotNil(t, tc.acmeErr) {
@ -787,16 +787,14 @@ func TestDB_getDBExternalAccountKey(t *testing.T) {
assert.HasPrefix(t, err.Error(), tc.err.Error()) assert.HasPrefix(t, err.Error(), tc.err.Error())
} }
} }
} else { } else if assert.Nil(t, tc.err) {
if assert.Nil(t, tc.err) { assert.Equals(t, dbeak.ID, tc.dbeak.ID)
assert.Equals(t, dbeak.ID, tc.dbeak.ID) assert.Equals(t, dbeak.KeyBytes, tc.dbeak.KeyBytes)
assert.Equals(t, dbeak.KeyBytes, tc.dbeak.KeyBytes) assert.Equals(t, dbeak.Provisioner, tc.dbeak.Provisioner)
assert.Equals(t, dbeak.Provisioner, tc.dbeak.Provisioner) assert.Equals(t, dbeak.Reference, tc.dbeak.Reference)
assert.Equals(t, dbeak.Reference, tc.dbeak.Reference) assert.Equals(t, dbeak.CreatedAt, tc.dbeak.CreatedAt)
assert.Equals(t, dbeak.CreatedAt, tc.dbeak.CreatedAt) assert.Equals(t, dbeak.AccountID, tc.dbeak.AccountID)
assert.Equals(t, dbeak.AccountID, tc.dbeak.AccountID) assert.Equals(t, dbeak.BoundAt, tc.dbeak.BoundAt)
assert.Equals(t, dbeak.BoundAt, tc.dbeak.BoundAt)
}
} }
}) })
} }
@ -890,8 +888,8 @@ func TestDB_GetExternalAccountKey(t *testing.T) {
for name, run := range tests { for name, run := range tests {
tc := run(t) tc := run(t)
t.Run(name, func(t *testing.T) { t.Run(name, func(t *testing.T) {
db := DB{db: tc.db} d := DB{db: tc.db}
if eak, err := db.GetExternalAccountKey(context.Background(), prov, keyID); err != nil { if eak, err := d.GetExternalAccountKey(context.Background(), prov, keyID); err != nil {
switch k := err.(type) { switch k := err.(type) {
case *acme.Error: case *acme.Error:
if assert.NotNil(t, tc.acmeErr) { if assert.NotNil(t, tc.acmeErr) {
@ -906,16 +904,14 @@ func TestDB_GetExternalAccountKey(t *testing.T) {
assert.HasPrefix(t, err.Error(), tc.err.Error()) assert.HasPrefix(t, err.Error(), tc.err.Error())
} }
} }
} else { } else if assert.Nil(t, tc.err) {
if assert.Nil(t, tc.err) { assert.Equals(t, eak.ID, tc.eak.ID)
assert.Equals(t, eak.ID, tc.eak.ID) assert.Equals(t, eak.KeyBytes, tc.eak.KeyBytes)
assert.Equals(t, eak.KeyBytes, tc.eak.KeyBytes) assert.Equals(t, eak.Provisioner, tc.eak.Provisioner)
assert.Equals(t, eak.Provisioner, tc.eak.Provisioner) assert.Equals(t, eak.Reference, tc.eak.Reference)
assert.Equals(t, eak.Reference, tc.eak.Reference) assert.Equals(t, eak.CreatedAt, tc.eak.CreatedAt)
assert.Equals(t, eak.CreatedAt, tc.eak.CreatedAt) assert.Equals(t, eak.AccountID, tc.eak.AccountID)
assert.Equals(t, eak.AccountID, tc.eak.AccountID) assert.Equals(t, eak.BoundAt, tc.eak.BoundAt)
assert.Equals(t, eak.BoundAt, tc.eak.BoundAt)
}
} }
}) })
} }
@ -1056,8 +1052,8 @@ func TestDB_GetExternalAccountKeyByReference(t *testing.T) {
for name, run := range tests { for name, run := range tests {
tc := run(t) tc := run(t)
t.Run(name, func(t *testing.T) { t.Run(name, func(t *testing.T) {
db := DB{db: tc.db} d := DB{db: tc.db}
if eak, err := db.GetExternalAccountKeyByReference(context.Background(), prov, tc.ref); err != nil { if eak, err := d.GetExternalAccountKeyByReference(context.Background(), prov, tc.ref); err != nil {
switch k := err.(type) { switch k := err.(type) {
case *acme.Error: case *acme.Error:
if assert.NotNil(t, tc.acmeErr) { if assert.NotNil(t, tc.acmeErr) {
@ -1072,16 +1068,14 @@ func TestDB_GetExternalAccountKeyByReference(t *testing.T) {
assert.HasPrefix(t, err.Error(), tc.err.Error()) assert.HasPrefix(t, err.Error(), tc.err.Error())
} }
} }
} else { } else if assert.Nil(t, tc.err) && tc.eak != nil {
if assert.Nil(t, tc.err) && tc.eak != nil { assert.Equals(t, eak.ID, tc.eak.ID)
assert.Equals(t, eak.ID, tc.eak.ID) assert.Equals(t, eak.AccountID, tc.eak.AccountID)
assert.Equals(t, eak.AccountID, tc.eak.AccountID) assert.Equals(t, eak.BoundAt, tc.eak.BoundAt)
assert.Equals(t, eak.BoundAt, tc.eak.BoundAt) assert.Equals(t, eak.CreatedAt, tc.eak.CreatedAt)
assert.Equals(t, eak.CreatedAt, tc.eak.CreatedAt) assert.Equals(t, eak.KeyBytes, tc.eak.KeyBytes)
assert.Equals(t, eak.KeyBytes, tc.eak.KeyBytes) assert.Equals(t, eak.Provisioner, tc.eak.Provisioner)
assert.Equals(t, eak.Provisioner, tc.eak.Provisioner) assert.Equals(t, eak.Reference, tc.eak.Reference)
assert.Equals(t, eak.Reference, tc.eak.Reference)
}
} }
}) })
} }
@ -1208,8 +1202,8 @@ func TestDB_GetExternalAccountKeys(t *testing.T) {
for name, run := range tests { for name, run := range tests {
tc := run(t) tc := run(t)
t.Run(name, func(t *testing.T) { t.Run(name, func(t *testing.T) {
db := DB{db: tc.db} d := DB{db: tc.db}
if eaks, err := db.GetExternalAccountKeys(context.Background(), prov); err != nil { if eaks, err := d.GetExternalAccountKeys(context.Background(), prov); err != nil {
switch k := err.(type) { switch k := err.(type) {
case *acme.Error: case *acme.Error:
if assert.NotNil(t, tc.acmeErr) { if assert.NotNil(t, tc.acmeErr) {
@ -1224,18 +1218,16 @@ func TestDB_GetExternalAccountKeys(t *testing.T) {
assert.HasPrefix(t, err.Error(), tc.err.Error()) assert.HasPrefix(t, err.Error(), tc.err.Error())
} }
} }
} else { } else if assert.Nil(t, tc.err) {
if assert.Nil(t, tc.err) { assert.Equals(t, len(eaks), len(tc.eaks))
assert.Equals(t, len(eaks), len(tc.eaks)) for i, eak := range eaks {
for i, eak := range eaks { assert.Equals(t, eak.ID, tc.eaks[i].ID)
assert.Equals(t, eak.ID, tc.eaks[i].ID) assert.Equals(t, eak.KeyBytes, tc.eaks[i].KeyBytes)
assert.Equals(t, eak.KeyBytes, tc.eaks[i].KeyBytes) assert.Equals(t, eak.Provisioner, tc.eaks[i].Provisioner)
assert.Equals(t, eak.Provisioner, tc.eaks[i].Provisioner) assert.Equals(t, eak.Reference, tc.eaks[i].Reference)
assert.Equals(t, eak.Reference, tc.eaks[i].Reference) assert.Equals(t, eak.CreatedAt, tc.eaks[i].CreatedAt)
assert.Equals(t, eak.CreatedAt, tc.eaks[i].CreatedAt) assert.Equals(t, eak.AccountID, tc.eaks[i].AccountID)
assert.Equals(t, eak.AccountID, tc.eaks[i].AccountID) assert.Equals(t, eak.BoundAt, tc.eaks[i].BoundAt)
assert.Equals(t, eak.BoundAt, tc.eaks[i].BoundAt)
}
} }
} }
}) })
@ -1440,8 +1432,8 @@ func TestDB_DeleteExternalAccountKey(t *testing.T) {
for name, run := range tests { for name, run := range tests {
tc := run(t) tc := run(t)
t.Run(name, func(t *testing.T) { t.Run(name, func(t *testing.T) {
db := DB{db: tc.db} d := DB{db: tc.db}
if err := db.DeleteExternalAccountKey(context.Background(), prov, keyID); err != nil { if err := d.DeleteExternalAccountKey(context.Background(), prov, keyID); err != nil {
switch k := err.(type) { switch k := err.(type) {
case *acme.Error: case *acme.Error:
if assert.NotNil(t, tc.acmeErr) { if assert.NotNil(t, tc.acmeErr) {
@ -1569,22 +1561,20 @@ func TestDB_CreateExternalAccountKey(t *testing.T) {
for name, run := range tests { for name, run := range tests {
tc := run(t) tc := run(t)
t.Run(name, func(t *testing.T) { t.Run(name, func(t *testing.T) {
db := DB{db: tc.db} d := DB{db: tc.db}
eak, err := db.CreateExternalAccountKey(context.Background(), prov, ref) eak, err := d.CreateExternalAccountKey(context.Background(), prov, ref)
if err != nil { if err != nil {
if assert.NotNil(t, tc.err) { if assert.NotNil(t, tc.err) {
assert.HasPrefix(t, err.Error(), tc.err.Error()) assert.HasPrefix(t, err.Error(), tc.err.Error())
} }
} else { } else if assert.Nil(t, tc.err) {
if assert.Nil(t, tc.err) { assert.Equals(t, *tc._id, eak.ID)
assert.Equals(t, *tc._id, eak.ID) assert.Equals(t, prov, eak.Provisioner)
assert.Equals(t, prov, eak.Provisioner) assert.Equals(t, ref, eak.Reference)
assert.Equals(t, ref, eak.Reference) assert.Equals(t, "", eak.AccountID)
assert.Equals(t, "", eak.AccountID) assert.False(t, eak.CreatedAt.IsZero())
assert.False(t, eak.CreatedAt.IsZero()) assert.False(t, eak.AlreadyBound())
assert.False(t, eak.AlreadyBound()) assert.True(t, eak.BoundAt.IsZero())
assert.True(t, eak.BoundAt.IsZero())
}
} }
}) })
} }
@ -1649,7 +1639,7 @@ func TestDB_UpdateExternalAccountKey(t *testing.T) {
} }
}, },
"fail/provisioner-mismatch": func(t *testing.T) test { "fail/provisioner-mismatch": func(t *testing.T) test {
dbeak := &dbExternalAccountKey{ newDBEAK := &dbExternalAccountKey{
ID: keyID, ID: keyID,
Provisioner: "differentProvisioner", Provisioner: "differentProvisioner",
Reference: ref, Reference: ref,
@ -1657,7 +1647,7 @@ func TestDB_UpdateExternalAccountKey(t *testing.T) {
KeyBytes: []byte{1, 3, 3, 7}, KeyBytes: []byte{1, 3, 3, 7},
CreatedAt: now, CreatedAt: now,
} }
b, err := json.Marshal(dbeak) b, err := json.Marshal(newDBEAK)
assert.FatalError(t, err) assert.FatalError(t, err)
return test{ return test{
eak: &acme.ExternalAccountKey{ eak: &acme.ExternalAccountKey{
@ -1694,21 +1684,19 @@ func TestDB_UpdateExternalAccountKey(t *testing.T) {
for name, run := range tests { for name, run := range tests {
tc := run(t) tc := run(t)
t.Run(name, func(t *testing.T) { t.Run(name, func(t *testing.T) {
db := DB{db: tc.db} d := DB{db: tc.db}
if err := db.UpdateExternalAccountKey(context.Background(), prov, tc.eak); err != nil { if err := d.UpdateExternalAccountKey(context.Background(), prov, tc.eak); err != nil {
if assert.NotNil(t, tc.err) { if assert.NotNil(t, tc.err) {
assert.HasPrefix(t, err.Error(), tc.err.Error()) assert.HasPrefix(t, err.Error(), tc.err.Error())
} }
} else { } else if assert.Nil(t, tc.err) {
if assert.Nil(t, tc.err) { assert.Equals(t, dbeak.ID, tc.eak.ID)
assert.Equals(t, dbeak.ID, tc.eak.ID) assert.Equals(t, dbeak.Provisioner, tc.eak.Provisioner)
assert.Equals(t, dbeak.Provisioner, tc.eak.Provisioner) assert.Equals(t, dbeak.Reference, tc.eak.Reference)
assert.Equals(t, dbeak.Reference, tc.eak.Reference) assert.Equals(t, dbeak.AccountID, tc.eak.AccountID)
assert.Equals(t, dbeak.AccountID, tc.eak.AccountID) assert.Equals(t, dbeak.CreatedAt, tc.eak.CreatedAt)
assert.Equals(t, dbeak.CreatedAt, tc.eak.CreatedAt) assert.Equals(t, dbeak.BoundAt, tc.eak.BoundAt)
assert.Equals(t, dbeak.BoundAt, tc.eak.BoundAt) assert.Equals(t, dbeak.KeyBytes, tc.eak.KeyBytes)
assert.Equals(t, dbeak.KeyBytes, tc.eak.KeyBytes)
}
} }
}) })
} }

4
acme/order.go
View file

@ -17,7 +17,9 @@ import (
type IdentifierType string type IdentifierType string
const ( const (
IP IdentifierType = "ip" // IP identifier type
IP IdentifierType = "ip"
// DNS identifier type
DNS IdentifierType = "dns" DNS IdentifierType = "dns"
) )

26
authority/admin/api/acme.go
View file

@ -33,14 +33,14 @@ type GetExternalAccountKeysResponse struct {
// before serving requests that act on ACME EAB credentials. // before serving requests that act on ACME EAB credentials.
func (h *Handler) requireEABEnabled(next nextHTTP) nextHTTP { func (h *Handler) requireEABEnabled(next nextHTTP) nextHTTP {
return func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) {
provisioner := chi.URLParam(r, "prov") prov := chi.URLParam(r, "prov")
eabEnabled, err := h.provisionerHasEABEnabled(r.Context(), provisioner) eabEnabled, err := h.provisionerHasEABEnabled(r.Context(), prov)
if err != nil { if err != nil {
api.WriteError(w, err) api.WriteError(w, err)
return return
} }
if !eabEnabled { if !eabEnabled {
api.WriteError(w, admin.NewError(admin.ErrorBadRequestType, "ACME EAB not enabled for provisioner %s", provisioner)) api.WriteError(w, admin.NewError(admin.ErrorBadRequestType, "ACME EAB not enabled for provisioner %s", prov))
return return
} }
next(w, r) next(w, r)
@ -68,12 +68,12 @@ func (h *Handler) provisionerHasEABEnabled(ctx context.Context, provisionerName
return false, admin.NewErrorISE("error getting details for provisioner with ID: %s", p.GetID()) return false, admin.NewErrorISE("error getting details for provisioner with ID: %s", p.GetID())
} }
acme := details.GetACME() acmeProvisioner := details.GetACME()
if acme == nil { if acmeProvisioner == nil {
return false, admin.NewErrorISE("error getting ACME details for provisioner with ID: %s", p.GetID()) return false, admin.NewErrorISE("error getting ACME details for provisioner with ID: %s", p.GetID())
} }
return acme.GetRequireEab(), nil return acmeProvisioner.GetRequireEab(), nil
} }
// CreateExternalAccountKey creates a new External Account Binding key // CreateExternalAccountKey creates a new External Account Binding key
@ -89,23 +89,23 @@ func (h *Handler) CreateExternalAccountKey(w http.ResponseWriter, r *http.Reques
return return
} }
provisioner := chi.URLParam(r, "prov") prov := chi.URLParam(r, "prov")
reference := body.Reference reference := body.Reference
if reference != "" { if reference != "" {
k, err := h.acmeDB.GetExternalAccountKeyByReference(r.Context(), provisioner, reference) k, err := h.acmeDB.GetExternalAccountKeyByReference(r.Context(), prov, reference)
// retrieving an EAB key from DB results in error if it doesn't exist, which is what we're looking for // retrieving an EAB key from DB results in error if it doesn't exist, which is what we're looking for
if err == nil || k != nil { if err == nil || k != nil {
err := admin.NewError(admin.ErrorBadRequestType, "an ACME EAB key for provisioner %s with reference %s already exists", provisioner, reference) err := admin.NewError(admin.ErrorBadRequestType, "an ACME EAB key for provisioner %s with reference %s already exists", prov, reference)
err.Status = 409 err.Status = 409
api.WriteError(w, err) api.WriteError(w, err)
return return
} }
} }
eak, err := h.acmeDB.CreateExternalAccountKey(r.Context(), provisioner, reference) eak, err := h.acmeDB.CreateExternalAccountKey(r.Context(), prov, reference)
if err != nil { if err != nil {
api.WriteError(w, admin.WrapErrorISE(err, "error creating ACME EAB key for provisioner %s and reference %s", provisioner, reference)) api.WriteError(w, admin.WrapErrorISE(err, "error creating ACME EAB key for provisioner %s and reference %s", prov, reference))
return return
} }
@ -121,10 +121,10 @@ func (h *Handler) CreateExternalAccountKey(w http.ResponseWriter, r *http.Reques
// DeleteExternalAccountKey deletes an ACME External Account Key. // DeleteExternalAccountKey deletes an ACME External Account Key.
func (h *Handler) DeleteExternalAccountKey(w http.ResponseWriter, r *http.Request) { func (h *Handler) DeleteExternalAccountKey(w http.ResponseWriter, r *http.Request) {
provisioner := chi.URLParam(r, "prov") prov := chi.URLParam(r, "prov")
keyID := chi.URLParam(r, "id") keyID := chi.URLParam(r, "id")
if err := h.acmeDB.DeleteExternalAccountKey(r.Context(), provisioner, keyID); err != nil { if err := h.acmeDB.DeleteExternalAccountKey(r.Context(), prov, keyID); err != nil {
api.WriteError(w, admin.WrapErrorISE(err, "error deleting ACME EAB Key %s", keyID)) api.WriteError(w, admin.WrapErrorISE(err, "error deleting ACME EAB Key %s", keyID))
return return
} }

6
ca/adminClient.go
View file

@ -561,7 +561,7 @@ retry:
} }
// GetExternalAccountKeysPaginate returns a page from the the GET /admin/acme/eab request to the CA. // GetExternalAccountKeysPaginate returns a page from the the GET /admin/acme/eab request to the CA.
func (c *AdminClient) GetExternalAccountKeysPaginate(provisionerName string, reference string, opts ...AdminOption) (*adminAPI.GetExternalAccountKeysResponse, error) { func (c *AdminClient) GetExternalAccountKeysPaginate(provisionerName, reference string, opts ...AdminOption) (*adminAPI.GetExternalAccountKeysResponse, error) {
var retried bool var retried bool
o := new(adminOptions) o := new(adminOptions)
if err := o.apply(opts); err != nil { if err := o.apply(opts); err != nil {
@ -640,7 +640,7 @@ retry:
} }
// RemoveExternalAccountKey performs the DELETE /admin/acme/eab/{prov}/{key_id} request to the CA. // RemoveExternalAccountKey performs the DELETE /admin/acme/eab/{prov}/{key_id} request to the CA.
func (c *AdminClient) RemoveExternalAccountKey(provisionerName string, keyID string) error { func (c *AdminClient) RemoveExternalAccountKey(provisionerName, keyID string) error {
var retried bool var retried bool
u := c.endpoint.ResolveReference(&url.URL{Path: path.Join(adminURLPrefix, "acme/eab", provisionerName, "/", keyID)}) u := c.endpoint.ResolveReference(&url.URL{Path: path.Join(adminURLPrefix, "acme/eab", provisionerName, "/", keyID)})
tok, err := c.generateAdminToken(u.Path) tok, err := c.generateAdminToken(u.Path)
@ -668,7 +668,7 @@ retry:
} }
// GetExternalAccountKeys returns all ACME EAB Keys from the GET /admin/acme/eab request to the CA. // GetExternalAccountKeys returns all ACME EAB Keys from the GET /admin/acme/eab request to the CA.
func (c *AdminClient) GetExternalAccountKeys(provisionerName string, reference string, opts ...AdminOption) ([]*linkedca.EABKey, error) { func (c *AdminClient) GetExternalAccountKeys(provisionerName, reference string, opts ...AdminOption) ([]*linkedca.EABKey, error) {
var ( var (
cursor = "" cursor = ""
eaks = []*linkedca.EABKey{} eaks = []*linkedca.EABKey{}