Skip to content

Commit

Permalink
handle eab kid and hmac
Browse files Browse the repository at this point in the history
  • Loading branch information
fritterhoff committed Nov 28, 2024
1 parent db4fef0 commit c2a6af7
Show file tree
Hide file tree
Showing 4 changed files with 13 additions and 7 deletions.
4 changes: 2 additions & 2 deletions backend/pki-service/cmd/run.go
Original file line number Diff line number Diff line change
Expand Up @@ -121,7 +121,7 @@ func init() {
runCmd.Flags().String("mail_from", "", "The mail from")
runCmd.Flags().String("acme_storage", "", "Storage for the internal acme client")
runCmd.Flags().String("acme_email", "", "Email for the acme client")
runCmd.Flags().String("acme_eab", "", "EAB for the acme client")
runCmd.Flags().String("acme_key", "", "Key for the acme client")
runCmd.Flags().String("acme_hmac", "", "EAB HMAC for the acme client")
runCmd.Flags().String("acme_kid", "", "Key ID for the acme client")
runCmd.Flags().String("dns_configs", "", "Config file for the dns provider")
}
4 changes: 2 additions & 2 deletions backend/pki-service/pkg/cfg/sectigo.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,8 @@ type PKIConfiguration struct {
SmimeKeyType string `mapstructure:"smime_key_type"`
AcmeStorage string `mapstructure:"acme_storage"`
AcmeEmail string `mapstructure:"acme_email"`
AcmeEab string `mapstructure:"acme_eab"`
AcmeKey string `mapstructure:"acme_key"`
AcmeKid string `mapstructure:"acme_kid"`
AcmeHmac string `mapstructure:"acme_hmac"`
DnsConfigs string `mapstructure:"dns_configs"`

Check failure on line 31 in backend/pki-service/pkg/cfg/sectigo.go

View workflow job for this annotation

GitHub Actions / lint (backend/pki-service)

var-naming: struct field DnsConfigs should be DNSConfigs (revive)

Check failure on line 31 in backend/pki-service/pkg/cfg/sectigo.go

View workflow job for this annotation

GitHub Actions / lint (backend/pki-service)

var-naming: struct field DnsConfigs should be DNSConfigs (revive)
}

Expand Down
2 changes: 1 addition & 1 deletion backend/pki-service/pkg/grpc/ssl.go
Original file line number Diff line number Diff line change
Expand Up @@ -176,7 +176,7 @@ func registerAcme(cfg *cfg.PKIConfiguration) *lego.Client {
if err != nil {
return nil
}
err = pkiHelper.RegisterAcme(legoClient, account, accountFile, keyFile)
err = pkiHelper.RegisterAcme(legoClient, cfg, account, accountFile, keyFile)
if err != nil {
return nil
}
Expand Down
10 changes: 8 additions & 2 deletions backend/pki-service/pkg/helper/acme.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ import (
"github.com/go-acme/lego/v4/certcrypto"
"github.com/go-acme/lego/v4/lego"
"github.com/go-acme/lego/v4/registration"
"github.com/hm-edu/pki-service/pkg/cfg"
)

// User represents an ACME user.
Expand All @@ -36,8 +37,13 @@ func (u *User) GetPrivateKey() crypto.PrivateKey {
}

// RegisterAcme performs a new registration and stores the registration in the given file.
func RegisterAcme(client *lego.Client, account User, accountFile string, keyFile string) error {
reg, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
func RegisterAcme(client *lego.Client, config *cfg.PKIConfiguration, account User, accountFile string, keyFile string) error {
reg, err := client.Registration.RegisterWithExternalAccountBinding(
registration.RegisterEABOptions{
TermsOfServiceAgreed: true,
Kid: config.AcmeKid,
HmacEncoded: config.AcmeHmac,
})
if err != nil {
return err
}
Expand Down

0 comments on commit c2a6af7

Please sign in to comment.