|
|
|
@ -201,11 +201,6 @@ func (s *SCEP) AuthorizeSign(ctx context.Context, token string) ([]SignOption, e
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// GetChallengePassword returns the challenge password
|
|
|
|
|
func (s *SCEP) GetChallengePassword() string {
|
|
|
|
|
return s.ChallengePassword
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// GetCapabilities returns the CA capabilities
|
|
|
|
|
func (s *SCEP) GetCapabilities() []string {
|
|
|
|
|
return s.Capabilities
|
|
|
|
@ -236,7 +231,7 @@ func (s *SCEP) ValidateChallenge(ctx context.Context, challenge, transactionID s
|
|
|
|
|
case validationMethodWebhook:
|
|
|
|
|
return s.challengeValidationController.Validate(ctx, challenge, transactionID)
|
|
|
|
|
default:
|
|
|
|
|
if subtle.ConstantTimeCompare([]byte(s.secretChallengePassword), []byte(challenge)) == 0 {
|
|
|
|
|
if subtle.ConstantTimeCompare([]byte(s.ChallengePassword), []byte(challenge)) == 0 {
|
|
|
|
|
return errors.New("invalid challenge password provided")
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
@ -259,7 +254,7 @@ func (s *SCEP) selectValidationMethod() validationMethod {
|
|
|
|
|
if len(s.challengeValidationController.webhooks) > 0 {
|
|
|
|
|
return validationMethodWebhook
|
|
|
|
|
}
|
|
|
|
|
if s.secretChallengePassword != "" {
|
|
|
|
|
if s.ChallengePassword != "" {
|
|
|
|
|
return validationMethodStatic
|
|
|
|
|
}
|
|
|
|
|
return validationMethodNone
|
|
|
|
|