Skip Wire option validation and initialization if not enabled

smallstep · Jan 29, 2024 · 14e8d47 · 14e8d47
1 parent 8a9b1b3
commit 14e8d47
Showing 1 changed file with 17 additions and 2 deletions.
diff --git a/authority/provisioner/acme.go b/authority/provisioner/acme.go
@@ -107,7 +107,8 @@ type ACME struct {
 	RequireEAB bool `json:"requireEAB,omitempty"`
 	// Challenges contains the enabled challenges for this provisioner. If this
 	// value is not set the default http-01, dns-01 and tls-alpn-01 challenges
-	// will be enabled, device-attest-01 will be disabled.
+	// will be enabled, device-attest-01, wire-oidc-01 and wire-dpop-01 will be
+	// disabled.
 	Challenges []ACMEChallenge `json:"challenges,omitempty"`
 	// AttestationFormats contains the enabled attestation formats for this
 	// provisioner. If this value is not set the default apple, step and tpm
@@ -219,10 +220,24 @@ func (p *ACME) Init(config Config) (err error) {
 	return
 }
 
+// initializeWireOptions initializes the options for the ACME Wire
+// integration. It'll return early if no Wire challenge types are
+// enabled.
 func (p *ACME) initializeWireOptions() error {
+	hasWireChallenges := false
+	for _, c := range p.Challenges {
+		if c == WIREOIDC_01 || c == WIREDPOP_01 {
+			hasWireChallenges = true
+			break
+		}
+	}
+	if !hasWireChallenges {
+		return nil
+	}
+
 	w := p.GetOptions().GetWireOptions()
 	if w == nil {
-		return nil
+		return errors.New("no Wire options available")
 	}
 
 	if err := w.Validate(); err != nil {