Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add full certificate DER bytes to success notification webhook

Browse Source
pull/1544/head
Herman Slatman 8 months ago
parent 52bc96760b
commit 63257e0576
No known key found for this signature in database
GPG Key ID: F4D8A44EA0A75A4F
2 changed files with 9 additions and 14 deletions
Show Stats Download Patch File Download Diff File

22
authority/provisioner/scep.go
Unescape Escape View File

@ -190,34 +190,28 @@ func newNotificationController(client *http.Client, webhooks []*Webhook) *notifi
}
func (c *notificationController) Success(ctx context.Context, csr *x509.CertificateRequest, cert *x509.Certificate, transactionID string) error {
if len(c.webhooks) == 0 {
return nil
}
for _, wh := range c.webhooks {
req, err := webhook.NewRequestBody(webhook.WithX509CertificateRequest(csr), webhook.WithX509Certificate(nil, cert)) // TODO(hs): pass in the x509util.Certifiate too?
if err != nil {
return fmt.Errorf("failed creating new webhook request: %w", err)
}
req.X509Certificate.Raw = cert.Raw // adding the full certificate DER bytes
// TODO(hs): more properties required?
req.SCEPTransactionID = transactionID
resp, err := wh.DoWithContext(ctx, c.client, req, nil)
if err != nil {
return fmt.Errorf("failed executing webhook request: %w", err)
}
if resp.Allow { // TODO(hs): different response for notifying?
return nil // return early when response is positive
if !resp.Allow { // TODO(hs): different response for notifying?
return ErrSCEPNotificationFailed // return early
}
}
return ErrSCEPNotificationFailed
return nil
}
func (c *notificationController) Failure(ctx context.Context, csr *x509.CertificateRequest, transactionID string) error {
if len(c.webhooks) == 0 {
return nil
}
for _, wh := range c.webhooks {
req, err := webhook.NewRequestBody(webhook.WithX509CertificateRequest(csr))
if err != nil {
@ -229,12 +223,12 @@ func (c *notificationController) Failure(ctx context.Context, csr *x509.Certific
if err != nil {
return fmt.Errorf("failed executing webhook request: %w", err)
}
if resp.Allow { // TODO(hs): different response for notifying?
return nil // return early when response is positive
if !resp.Allow { // TODO(hs): different response for notifying?
return ErrSCEPNotificationFailed // return early
}
}
return ErrSCEPNotificationFailed
return nil
}
// isCertTypeOK returns whether or not the webhook can be used

1
webhook/types.go
Unescape Escape View File

@ -30,6 +30,7 @@ type X509Certificate struct {
PublicKeyAlgorithm string `json:"publicKeyAlgorithm"`
NotBefore time.Time `json:"notBefore"`
NotAfter time.Time `json:"notAfter"`
Raw []byte `json:"raw"`
}
// SSHCertificateRequest is the certificate request sent to webhook servers for

Write Preview
Loading…
Cancel
Save