Address code review remarks

8 months ago · ba72710e2d
parent 6d2d21e989
commit ba72710e2d
5 changed files with 7 additions and 21 deletions
--- a/authority/admin/api/webhook.go
+++ b/authority/admin/api/webhook.go
@ -56,9 +56,7 @@ func validateWebhook(webhook *linkedca.Webhook) error {
 	}
 	// kind
-	switch webhook.Kind {
+	if _, ok := linkedca.Webhook_Kind_name[int32(webhook.Kind)]; !ok || webhook.Kind == linkedca.Webhook_NO_KIND {
 	case linkedca.Webhook_ENRICHING, linkedca.Webhook_AUTHORIZING, linkedca.Webhook_SCEPCHALLENGE, linkedca.Webhook_NOTIFYING:
 	default:
 		return admin.NewError(admin.ErrorBadRequestType, "webhook kind %q is invalid", webhook.Kind)
 	}
--- a/authority/provisioner/scep.go
+++ b/authority/provisioner/scep.go
@ -197,12 +197,8 @@ func (c *notificationController) Success(ctx context.Context, csr *x509.Certific
 		}
 		req.X509Certificate.Raw = cert.Raw // adding the full certificate DER bytes
 		req.SCEPTransactionID = transactionID
-		resp, err := wh.DoWithContext(ctx, c.client, req, nil)
+		if _, err = wh.DoWithContext(ctx, c.client, req, nil); err != nil {
-		if err != nil {
+			return fmt.Errorf("failed executing webhook request: %w: %w", ErrSCEPNotificationFailed, err)
 			return fmt.Errorf("failed executing webhook request: %w", err)
 		}
 		if !resp.Allow { // TODO(hs): different response for notifying?
 			return ErrSCEPNotificationFailed // return early
 		}
 	}
@ -218,12 +214,8 @@ func (c *notificationController) Failure(ctx context.Context, csr *x509.Certific
 		req.SCEPTransactionID = transactionID
 		req.SCEPErrorCode = errorCode
 		req.SCEPErrorDescription = errorDescription
-		resp, err := wh.DoWithContext(ctx, c.client, req, nil)
+		if _, err = wh.DoWithContext(ctx, c.client, req, nil); err != nil {
-		if err != nil {
+			return fmt.Errorf("failed executing webhook request: %w: %w", ErrSCEPNotificationFailed, err)
 			return fmt.Errorf("failed executing webhook request: %w", err)
 		}
 		if !resp.Allow { // TODO(hs): different response for notifying?
 			return ErrSCEPNotificationFailed // return early
 		}
 	}
--- a/scep/api/api.go
+++ b/scep/api/api.go
@ -333,10 +333,7 @@ func PKIOperation(ctx context.Context, req request) (Response, error) {
 	certRep, err := auth.SignCSR(ctx, csr, msg)
 	if err != nil {
-		// default to ERROR_INTERNAL_ERROR: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/18d8fbe8-a967-4f1c-ae50-99ca8e491d2d
+		if notifyErr := auth.NotifyFailure(ctx, csr, transactionID, 0, err.Error()); notifyErr != nil {
 		errorCode := 0x0000054F
 		errorDescription := err.Error()
 		if notifyErr := auth.NotifyFailure(ctx, csr, transactionID, errorCode, errorDescription); notifyErr != nil {
 			// TODO(hs): ignore this error case? It's not critical if the notification fails; but logging it might be good
 			_ = notifyErr
 		}
--- a/scep/context.go
+++ b/scep/context.go
@ -1 +0,0 @@
 package scep
--- a/webhook/types.go
+++ b/webhook/types.go
@ -80,7 +80,7 @@ type RequestBody struct {
 	X509Certificate        *X509Certificate        `json:"x509Certificate,omitempty"`
 	SSHCertificateRequest  *SSHCertificateRequest  `json:"sshCertificateRequest,omitempty"`
 	SSHCertificate         *SSHCertificate         `json:"sshCertificate,omitempty"`
-	// Only set for SCEP challenge validation requests
+	// Only set for SCEP webhook requests
 	SCEPChallenge        string `json:"scepChallenge,omitempty"`
 	SCEPTransactionID    string `json:"scepTransactionID,omitempty"`
 	SCEPErrorCode        int    `json:"scepErrorCode,omitempty"`