Change to a fixed fork of go.mozilla.org/pkcs7

Hopefully this will be a temporary change until the fix is merged in the upstream module.
smallstep · Mar 6, 2021 · 9df5f51 · 9df5f51
1 parent 3a5f633
commit 9df5f51
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 18 deletions.
diff --git a/go.mod b/go.mod
@@ -21,6 +21,7 @@ require (
 	github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262
 	github.com/smallstep/nosql v0.3.6
 	github.com/urfave/cli v1.22.4
+	go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1
 	go.step.sm/cli-utils v0.1.0
 	go.step.sm/crypto v0.7.3
 	golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897
@@ -34,3 +35,5 @@ require (
 
 // replace github.com/smallstep/nosql => ../nosql
 // replace go.step.sm/crypto => ../crypto
+
+replace go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1 => github.com/omorsi/pkcs7 v0.0.0-20210217142924-a7b80a2a8568
diff --git a/go.sum b/go.sum
@@ -257,6 +257,8 @@ github.com/mitchellh/reflectwalk v1.0.0 h1:9D+8oIskB4VJBN5SFlmc27fSlIBZaov1Wpk/I
 github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
 github.com/newrelic/go-agent v2.15.0+incompatible h1:IB0Fy+dClpBq9aEoIrLyQXzU34JyI1xVTanPLB/+jvU=
 github.com/newrelic/go-agent v2.15.0+incompatible/go.mod h1:a8Fv1b/fYhFSReoTU6HDkTYIMZeSVNffmoS726Y0LzQ=
+github.com/omorsi/pkcs7 v0.0.0-20210217142924-a7b80a2a8568 h1:+MPqEswjYiS0S1FCTg8MIhMBMzxiVQ94rooFwvPPiWk=
+github.com/omorsi/pkcs7 v0.0.0-20210217142924-a7b80a2a8568/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk=
 github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181zc=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=

diff --git a/scep/api/api.go b/scep/api/api.go
@@ -82,7 +82,6 @@ func (h *Handler) Route(r api.Router) {
 
 	r.MethodFunc(http.MethodGet, getLink("{provisionerID}", false, nil), h.lookupProvisioner(h.Get))
 	r.MethodFunc(http.MethodPost, getLink("{provisionerID}", false, nil), h.lookupProvisioner(h.Post))
-
 }
 
 // Get handles all SCEP GET requests
@@ -103,7 +102,7 @@ func (h *Handler) Get(w http.ResponseWriter, r *http.Request) {
 	case opnGetCACaps:
 		response, err = h.GetCACaps(ctx)
 	case opnPKIOperation:
-		// TODO: implement the GET for PKI operation
+		// TODO: implement the GET for PKI operation? Default CACAPS doesn't specify this is in use, though
 	default:
 		err = fmt.Errorf("unknown operation: %s", request.Operation)
 	}
@@ -170,6 +169,7 @@ func decodeSCEPRequest(r *http.Request) (SCEPRequest, error) {
 			if _, ok := query["message"]; ok {
 				message = query.Get("message")
 			}
+			// TODO: verify this; it seems like it should be StdEncoding instead of URLEncoding
 			decodedMessage, err := base64.URLEncoding.DecodeString(message)
 			if err != nil {
 				return SCEPRequest{}, err
@@ -269,8 +269,6 @@ func (h *Handler) PKIOperation(ctx context.Context, request SCEPRequest) (SCEPRe
 
 	response := SCEPResponse{Operation: opnPKIOperation}
 
-	fmt.Println("BEFORE PARSING")
-
 	microMsg, err := microscep.ParsePKIMessage(request.Message)
 	if err != nil {
 		return SCEPResponse{}, err
@@ -283,12 +281,7 @@ func (h *Handler) PKIOperation(ctx context.Context, request SCEPRequest) (SCEPRe
 		Raw:           microMsg.Raw,
 	}
 
-	fmt.Println("len raw:", len(microMsg.Raw))
-
-	fmt.Println("AFTER PARSING")
-
 	if err := h.Auth.DecryptPKIEnvelope(ctx, msg); err != nil {
-		fmt.Println("ERROR IN DECRYPTPKIENVELOPE")
 		return SCEPResponse{}, err
 	}
 
@@ -312,8 +305,6 @@ func (h *Handler) PKIOperation(ctx context.Context, request SCEPRequest) (SCEPRe
 	response.Data = certRep.Raw
 	response.Certificate = certRep.Certificate
 
-	fmt.Println("HERE!!!")
-
 	return response, nil
 }
 

diff --git a/scep/authority.go b/scep/authority.go
@@ -205,8 +205,6 @@ func (a *Authority) DecryptPKIEnvelope(ctx context.Context, msg *PKIMessage) err
 		return err
 	}
 
-	fmt.Println("len content:", len(p7.Content))
-
 	var tID microscep.TransactionID
 	if err := p7.UnmarshalSignedAttribute(oidSCEPtransactionID, &tID); err != nil {
 		return err
@@ -225,11 +223,6 @@ func (a *Authority) DecryptPKIEnvelope(ctx context.Context, msg *PKIMessage) err
 		return err
 	}
 
-	fmt.Println(tID)
-	fmt.Println(msgType)
-
-	fmt.Println("len p7c content:", len(p7c.Content))
-
 	envelope, err := p7c.Decrypt(a.intermediateCertificate, a.service.Decrypter)
 	if err != nil {
 		return err