Use SignWithContext in the critical paths

smallstep · Sep 19, 2023 · 9e3807e · 9e3807e
1 parent 4e06bdb
commit 9e3807e
Show file tree

Hide file tree

Showing 4 changed files with 5 additions and 4 deletions.
diff --git a/acme/order.go b/acme/order.go
@@ -263,7 +263,7 @@ func (o *Order) Finalize(ctx context.Context, db DB, csr *x509.CertificateReques
 	signOps = append(signOps, extraOptions...)
 
 	// Sign a new certificate.
-	certChain, err := auth.Sign(csr, provisioner.SignOptions{
+	certChain, err := auth.SignWithContext(ctx, csr, provisioner.SignOptions{
 		NotBefore: provisioner.NewTimeDuration(o.NotBefore),
 		NotAfter:  provisioner.NewTimeDuration(o.NotAfter),
 	}, signOps...)

diff --git a/api/sign.go b/api/sign.go
@@ -78,7 +78,7 @@ func Sign(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	certChain, err := a.Sign(body.CsrPEM.CertificateRequest, opts, signOpts...)
+	certChain, err := a.SignWithContext(ctx, body.CsrPEM.CertificateRequest, opts, signOpts...)
 	if err != nil {
 		render.Error(w, errs.ForbiddenErr(err, "error signing certificate"))
 		return

diff --git a/api/ssh.go b/api/ssh.go
@@ -330,7 +330,7 @@ func SSHSign(w http.ResponseWriter, r *http.Request) {
 			NotAfter:  time.Unix(int64(cert.ValidBefore), 0),
 		})
 
-		certChain, err := a.Sign(cr, provisioner.SignOptions{}, signOpts...)
+		certChain, err := a.SignWithContext(ctx, cr, provisioner.SignOptions{}, signOpts...)
 		if err != nil {
 			render.Error(w, errs.ForbiddenErr(err, "error signing identity certificate"))
 			return

diff --git a/scep/authority.go b/scep/authority.go
@@ -65,6 +65,7 @@ type AuthorityOptions struct {
 // SignAuthority is the interface for a signing authority
 type SignAuthority interface {
 	Sign(cr *x509.CertificateRequest, opts provisioner.SignOptions, signOpts ...provisioner.SignOption) ([]*x509.Certificate, error)
+	SignWithContext(ctx context.Context, cr *x509.CertificateRequest, opts provisioner.SignOptions, signOpts ...provisioner.SignOption) ([]*x509.Certificate, error)
 	LoadProvisionerByName(string) (provisioner.Interface, error)
 }
 
@@ -296,7 +297,7 @@ func (a *Authority) SignCSR(ctx context.Context, csr *x509.CertificateRequest, m
 	}
 	signOps = append(signOps, templateOptions)
 
-	certChain, err := a.signAuth.Sign(csr, opts, signOps...)
+	certChain, err := a.signAuth.SignWithContext(ctx, csr, opts, signOps...)
 	if err != nil {
 		return nil, fmt.Errorf("error generating certificate for order: %w", err)
 	}