Skip to content

Commit

Permalink
challenge: separate validator interface
Browse files Browse the repository at this point in the history
  • Loading branch information
jessepeterson committed Jun 4, 2024
1 parent aa863fe commit 40ab0cf
Showing 1 changed file with 10 additions and 3 deletions.
13 changes: 10 additions & 3 deletions challenge/challenge.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,14 +10,21 @@ import (
scepserver "github.com/micromdm/scep/v2/server"
)

// Validator validates challenge passwords.
type Validator interface {
// HasChallenge validates pw as valid.
HasChallenge(pw string) (bool, error)
}

// Store is a dynamic challenge password cache.
type Store interface {
// SCEPChallenge generates a new challenge password.
SCEPChallenge() (string, error)
HasChallenge(pw string) (bool, error)
Validator
}

// Middleware wraps next in a CSRSigner that verifies and invalidates the challenge
func Middleware(store Store, next scepserver.CSRSignerContext) scepserver.CSRSignerContextFunc {
// Middleware wraps next in a CSRSigner that verifies and invalidates the challenge.
func Middleware(store Validator, next scepserver.CSRSignerContext) scepserver.CSRSignerContextFunc {
return func(ctx context.Context, m *scep.CSRReqMessage) (*x509.Certificate, error) {
// TODO: compare challenge only for PKCSReq?
valid, err := store.HasChallenge(m.ChallengePassword)
Expand Down

0 comments on commit 40ab0cf

Please sign in to comment.