From 9ebc8779f5b66a2f8e2d492f2e474ad4b935f630 Mon Sep 17 00:00:00 2001
From: Herman Slatman <hermanslatman@hotmail.com>
Date: Wed, 8 Nov 2023 19:52:20 +0100
Subject: [PATCH] Normalize SCEP provisioner name in webhook body

---
 authority/provisioner/scep.go      | 3 ++-
 authority/provisioner/scep_test.go | 8 +++++---
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/authority/provisioner/scep.go b/authority/provisioner/scep.go
index a48d11cc..4d087de3 100644
--- a/authority/provisioner/scep.go
+++ b/authority/provisioner/scep.go
@@ -9,6 +9,7 @@ import (
 	"encoding/pem"
 	"fmt"
 	"net/http"
+	"strings"
 	"time"
 
 	"github.com/pkg/errors"
@@ -152,7 +153,7 @@ func (c *challengeValidationController) Validate(ctx context.Context, csr *x509.
 		if err != nil {
 			return fmt.Errorf("failed creating new webhook request: %w", err)
 		}
-		req.ProvisionerName = provisionerName
+		req.ProvisionerName = strings.ToLower(provisionerName)
 		req.SCEPChallenge = challenge
 		req.SCEPTransactionID = transactionID
 		resp, err := wh.DoWithContext(ctx, c.client, req, nil) // TODO(hs): support templated URL? Requires some refactoring
diff --git a/authority/provisioner/scep_test.go b/authority/provisioner/scep_test.go
index 87bd885c..1b4ca1d8 100644
--- a/authority/provisioner/scep_test.go
+++ b/authority/provisioner/scep_test.go
@@ -242,9 +242,10 @@ func TestSCEP_ValidateChallenge(t *testing.T) {
 		Raw: []byte{1},
 	}
 	type request struct {
-		Request       *webhook.X509CertificateRequest `json:"x509CertificateRequest,omitempty"`
-		Challenge     string                          `json:"scepChallenge"`
-		TransactionID string                          `json:"scepTransactionID"`
+		ProvisionerName string                          `json:"provisionerName,omitempty"`
+		Request         *webhook.X509CertificateRequest `json:"x509CertificateRequest,omitempty"`
+		Challenge       string                          `json:"scepChallenge"`
+		TransactionID   string                          `json:"scepTransactionID"`
 	}
 	type response struct {
 		Allow bool `json:"allow"`
@@ -253,6 +254,7 @@ func TestSCEP_ValidateChallenge(t *testing.T) {
 		req := &request{}
 		err := json.NewDecoder(r.Body).Decode(req)
 		require.NoError(t, err)
+		assert.Equal(t, "scep", req.ProvisionerName)
 		assert.Equal(t, "webhook-challenge", req.Challenge)
 		assert.Equal(t, "webhook-transaction-1", req.TransactionID)
 		if assert.NotNil(t, req.Request) {