Normalize SCEP provisioner name in webhook body

6 months ago · 9ebc8779f5
parent e815864ed8
commit 9ebc8779f5
2 changed files with 7 additions and 4 deletions
--- a/authority/provisioner/scep.go
+++ b/authority/provisioner/scep.go
@ -9,6 +9,7 @@ import (
 	"encoding/pem"
 	"fmt"
 	"net/http"
+	"strings"
 	"time"

 	"github.com/pkg/errors"
@ -152,7 +153,7 @@ func (c *challengeValidationController) Validate(ctx context.Context, csr *x509.
 		if err != nil {
 			return fmt.Errorf("failed creating new webhook request: %w", err)
 		}
-		req.ProvisionerName = provisionerName
+		req.ProvisionerName = strings.ToLower(provisionerName)
 		req.SCEPChallenge = challenge
 		req.SCEPTransactionID = transactionID
 		resp, err := wh.DoWithContext(ctx, c.client, req, nil) // TODO(hs): support templated URL? Requires some refactoring
--- a/authority/provisioner/scep_test.go
+++ b/authority/provisioner/scep_test.go
@ -242,9 +242,10 @@ func TestSCEP_ValidateChallenge(t *testing.T) {
 		Raw: []byte{1},
 	}
 	type request struct {
-		Request       *webhook.X509CertificateRequest `json:"x509CertificateRequest,omitempty"`
-		Challenge     string                          `json:"scepChallenge"`
-		TransactionID string                          `json:"scepTransactionID"`
+		ProvisionerName string                          `json:"provisionerName,omitempty"`
+		Request         *webhook.X509CertificateRequest `json:"x509CertificateRequest,omitempty"`
+		Challenge       string                          `json:"scepChallenge"`
+		TransactionID   string                          `json:"scepTransactionID"`
 	}
 	type response struct {
 		Allow bool `json:"allow"`
@ -253,6 +254,7 @@ func TestSCEP_ValidateChallenge(t *testing.T) {
 		req := &request{}
 		err := json.NewDecoder(r.Body).Decode(req)
 		require.NoError(t, err)
+		assert.Equal(t, "scep", req.ProvisionerName)
 		assert.Equal(t, "webhook-challenge", req.Challenge)
 		assert.Equal(t, "webhook-transaction-1", req.TransactionID)
 		if assert.NotNil(t, req.Request) {