github-personal/certificates
1
0
Fork 0
mirror of https://github.com/outbackdingo/certificates.git synced 2026-01-27 10:18:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Change KeyAuth back to old behavior (for now)

Browse Source
This commit is contained in:
Herman Slatman
2024-01-10 18:32:18 +01:00
parent bf5f1201ea
commit 8faf26c593
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
acme/challenge.go
View File

@@ -357,6 +357,8 @@ func dns01Validate(ctx context.Context, ch *Challenge, db DB, jwk *jose.JSONWebK
type WireChallengePayload struct {
// IDToken
IDToken string `json:"id_token,omitempty"`
// KeyAuth ({challenge-token}.{jwk-thumbprint})
KeyAuth string `json:"keyauth,omitempty"`
// AccessToken is the token generated by wire-server
AccessToken string `json:"access_token,omitempty"`
}
@@ -386,7 +388,7 @@ func wireOIDC01Validate(ctx context.Context, ch *Challenge, db DB, jwk *jose.JSO
Handle string `json:"name"`
Issuer string `json:"iss,omitempty"`
GivenName string `json:"given_name,omitempty"`
KeyAuth string `json:"keyauth"`
KeyAuth string `json:"keyauth"` // TODO(hs): use this property instead of the one in the payload after https://github.com/wireapp/rusty-jwt-tools/tree/fix/keyauth is done
}
err = idToken.Claims(&claims)
if err != nil {
@@ -403,9 +405,9 @@ func wireOIDC01Validate(ctx context.Context, ch *Challenge, db DB, jwk *jose.JSO
if err != nil {
return err
}
if expectedKeyAuth != claims.KeyAuth {
if expectedKeyAuth != wireChallengePayload.KeyAuth {
return storeError(ctx, db, ch, true, NewError(ErrorRejectedIdentifierType,
"keyAuthorization does not match; expected %s, but got %s", expectedKeyAuth, claims.KeyAuth))
"keyAuthorization does not match; expected %s, but got %s", expectedKeyAuth, wireChallengePayload.KeyAuth))
}
if challengeValues.Name != claims.Name || challengeValues.Handle != claims.Handle {