From 14e8d47118a0b76467b448c1ceec70630c4dbac5 Mon Sep 17 00:00:00 2001
From: Herman Slatman <hermanslatman@hotmail.com>
Date: Mon, 29 Jan 2024 16:58:50 +0100
Subject: [PATCH] Skip Wire option validation and initialization if not enabled

---
 authority/provisioner/acme.go | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/authority/provisioner/acme.go b/authority/provisioner/acme.go
index 6303fe9ac..36b38dc87 100644
--- a/authority/provisioner/acme.go
+++ b/authority/provisioner/acme.go
@@ -107,7 +107,8 @@ type ACME struct {
 	RequireEAB bool `json:"requireEAB,omitempty"`
 	// Challenges contains the enabled challenges for this provisioner. If this
 	// value is not set the default http-01, dns-01 and tls-alpn-01 challenges
-	// will be enabled, device-attest-01 will be disabled.
+	// will be enabled, device-attest-01, wire-oidc-01 and wire-dpop-01 will be
+	// disabled.
 	Challenges []ACMEChallenge `json:"challenges,omitempty"`
 	// AttestationFormats contains the enabled attestation formats for this
 	// provisioner. If this value is not set the default apple, step and tpm
@@ -219,10 +220,24 @@ func (p *ACME) Init(config Config) (err error) {
 	return
 }
 
+// initializeWireOptions initializes the options for the ACME Wire
+// integration. It'll return early if no Wire challenge types are
+// enabled.
 func (p *ACME) initializeWireOptions() error {
+	hasWireChallenges := false
+	for _, c := range p.Challenges {
+		if c == WIREOIDC_01 || c == WIREDPOP_01 {
+			hasWireChallenges = true
+			break
+		}
+	}
+	if !hasWireChallenges {
+		return nil
+	}
+
 	w := p.GetOptions().GetWireOptions()
 	if w == nil {
-		return nil
+		return errors.New("no Wire options available")
 	}
 
 	if err := w.Validate(); err != nil {