Skip to content

Commit

Permalink
Allow storing the attestation payload (#2114)
Browse files Browse the repository at this point in the history 
This commit allows storing the attestation payload using a custom database
implementation.
  • Loading branch information
@maraino
maraino authored Dec 27, 2024
1 parent 232f464 commit f812cf2
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 0 deletions.
2 changes: 2 additions & 0 deletions acme/challenge.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,7 @@ type Challenge struct {
URL string `json:"url"`
Target string `json:"target,omitempty"`
Error *Error `json:"error,omitempty"`
Payload []byte `json:"-"`
}

// ToLog enables response logging.
Expand Down Expand Up @@ -942,6 +943,7 @@ func deviceAttest01Validate(ctx context.Context, ch *Challenge, db DB, jwk *jose
ch.Status = StatusValid
ch.Error = nil
ch.ValidatedAt = clock.Now().Format(time.RFC3339)
ch.Payload = payload

// Store the fingerprint in the authorization.
//
Expand Down
17 changes: 17 additions & 0 deletions acme/challenge_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -820,6 +820,7 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
assert.Equal(t, StatusInvalid, updch.Status)
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
assert.Equal(t, "12345678", updch.Value)
assert.Nil(t, updch.Payload)

err := NewError(ErrorRejectedIdentifierType, "payload contained error: an error")

Expand Down Expand Up @@ -871,6 +872,7 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
assert.Equal(t, StatusValid, updch.Status)
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
assert.Equal(t, "1234", updch.Value)
assert.Equal(t, payload, updch.Payload)

return nil
},
Expand Down Expand Up @@ -4004,6 +4006,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
assert.Equal(t, StatusInvalid, updch.Status)
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
assert.Equal(t, "12345678", updch.Value)
assert.Nil(t, updch.Payload)

err := NewError(ErrorRejectedIdentifierType, "payload contained error: an error")

Expand Down Expand Up @@ -4042,6 +4045,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
assert.Equal(t, StatusInvalid, updch.Status)
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
assert.Equal(t, "12345678", updch.Value)
assert.Nil(t, updch.Payload)

err := NewDetailedError(ErrorBadAttestationStatementType, "failed base64 decoding attObj %q", "?!")

Expand Down Expand Up @@ -4080,6 +4084,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
assert.Equal(t, StatusInvalid, updch.Status)
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
assert.Equal(t, "12345678", updch.Value)
assert.Nil(t, updch.Payload)

err := NewDetailedError(ErrorBadAttestationStatementType, "attObj must not be empty")

Expand Down Expand Up @@ -4118,6 +4123,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
assert.Equal(t, StatusInvalid, updch.Status)
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
assert.Equal(t, "12345678", updch.Value)
assert.Nil(t, updch.Payload)

err := NewDetailedError(ErrorBadAttestationStatementType, "attObj must not be empty")

Expand Down Expand Up @@ -4156,6 +4162,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
assert.Equal(t, StatusInvalid, updch.Status)
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
assert.Equal(t, "12345678", updch.Value)
assert.Nil(t, updch.Payload)

err := NewDetailedError(ErrorBadAttestationStatementType, "attObj is not well formed CBOR: unexpected EOF")

Expand Down Expand Up @@ -4196,6 +4203,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
assert.Equal(t, StatusInvalid, updch.Status)
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
assert.Equal(t, "12345678", updch.Value)
assert.Nil(t, updch.Payload)

err := NewDetailedError(ErrorBadAttestationStatementType, "unsupported attestation object format %q", "unsupported-format")

Expand Down Expand Up @@ -4241,6 +4249,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
assert.Equal(t, StatusInvalid, updch.Status)
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
assert.Equal(t, "12345678", updch.Value)
assert.Nil(t, updch.Payload)

err := NewError(ErrorBadAttestationStatementType, "attestation format %q is not enabled", "step")

Expand Down Expand Up @@ -4296,6 +4305,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
assert.Equal(t, StatusInvalid, updch.Status)
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
assert.Equal(t, "12345678", updch.Value)
assert.Nil(t, updch.Payload)

err := NewDetailedError(ErrorBadAttestationStatementType, "x5c not present")

Expand Down Expand Up @@ -4343,6 +4353,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
assert.Equal(t, StatusInvalid, updch.Status)
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
assert.Equal(t, "serial-number", updch.Value)
assert.Nil(t, updch.Payload)

err := NewDetailedError(ErrorBadAttestationStatementType, "challenge token does not match")

Expand Down Expand Up @@ -4389,6 +4400,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
assert.Equal(t, StatusInvalid, updch.Status)
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
assert.Equal(t, "non-matching-value", updch.Value)
assert.Nil(t, updch.Payload)

subproblem := NewSubproblemWithIdentifier(
ErrorRejectedIdentifierType,
Expand Down Expand Up @@ -4467,6 +4479,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
assert.Equal(t, StatusInvalid, updch.Status)
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
assert.Equal(t, "12345678", updch.Value)
assert.Nil(t, updch.Payload)

err := NewDetailedError(ErrorBadAttestationStatementType, "x5c not present")

Expand Down Expand Up @@ -4521,6 +4534,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
assert.Equal(t, StatusInvalid, updch.Status)
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
assert.Equal(t, "12345678", updch.Value)
assert.Nil(t, updch.Payload)

err := NewDetailedError(ErrorBadAttestationStatementType, "permanent identifier does not match").
AddSubproblems(NewSubproblemWithIdentifier(
Expand Down Expand Up @@ -4616,6 +4630,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
assert.Equal(t, StatusInvalid, updch.Status)
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
assert.Equal(t, "12345678", updch.Value)
assert.Nil(t, updch.Payload)

err := NewDetailedError(ErrorBadAttestationStatementType, `unsupported attestation object format "bogus-format"`)

Expand Down Expand Up @@ -4708,6 +4723,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
assert.Equal(t, StatusValid, updch.Status)
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
assert.Equal(t, "12345678", updch.Value)
assert.Equal(t, payload, updch.Payload)

return errors.New("force")
},
Expand Down Expand Up @@ -4754,6 +4770,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
assert.Equal(t, StatusValid, updch.Status)
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
assert.Equal(t, "12345678", updch.Value)
assert.Equal(t, payload, updch.Payload)

return nil
},
Expand Down

0 comments on commit f812cf2

Please sign in to comment.