Skip to content

Commit

Permalink
switch to smallstep scep (#233)
Browse files Browse the repository at this point in the history
  • Loading branch information
jessepeterson authored Jul 15, 2024
1 parent ebb37c2 commit c5e4c78
Show file tree
Hide file tree
Showing 28 changed files with 21 additions and 1,481 deletions.
52 changes: 0 additions & 52 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -175,58 +175,6 @@ docker run -it --rm -v /path/to/ca/folder:/depot micromdm/scep:latest ca -init
docker run -it --rm -v /path/to/ca/folder:/depot -p 8080:8080 micromdm/scep:latest
```
## SCEP library
The core `scep` library can be used for both client and server operations.
```
go get github.com/micromdm/scep/scep
```
For detailed usage, see the [Go Reference](https://pkg.go.dev/github.com/micromdm/scep/v2/scep).
Example (server):
```go
// read a request body containing SCEP message
body, err := ioutil.ReadAll(r.Body)
if err != nil {
// handle err
}
// parse the SCEP message
msg, err := scep.ParsePKIMessage(body)
if err != nil {
// handle err
}
// do something with msg
fmt.Println(msg.MessageType)
// extract encrypted pkiEnvelope
err := msg.DecryptPKIEnvelope(CAcert, CAkey)
if err != nil {
// handle err
}
// use the CSR from decrypted PKCS request and sign
// MyCSRSigner returns an *x509.Certificate here
crt, err := MyCSRSigner(msg.CSRReqMessage.CSR)
if err != nil {
// handle err
}
// create a CertRep message from the original
certRep, err := msg.Success(CAcert, CAkey, crt)
if err != nil {
// handle err
}
// send response back
// w is a http.ResponseWriter
w.Write(certRep.Raw)
```
## Server library
You can import the scep endpoint into another Go project. For an example take a look at [scepserver.go](cmd/scepserver/scepserver.go).
Expand Down
3 changes: 2 additions & 1 deletion challenge/challenge.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,9 @@ import (
"crypto/x509"
"errors"

"github.com/micromdm/scep/v2/scep"
scepserver "github.com/micromdm/scep/v2/server"

"github.com/smallstep/scep"
)

// Validator validates challenge passwords.
Expand Down
2 changes: 1 addition & 1 deletion challenge/challenge_bolt_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,10 @@ import (
"testing"

challengestore "github.com/micromdm/scep/v2/challenge/bolt"
"github.com/micromdm/scep/v2/scep"
scepserver "github.com/micromdm/scep/v2/server"

"github.com/boltdb/bolt"
"github.com/smallstep/scep"
)

func TestDynamicChallenge(t *testing.T) {
Expand Down
2 changes: 1 addition & 1 deletion cmd/scepclient/scepclient.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,11 +17,11 @@ import (
"time"

scepclient "github.com/micromdm/scep/v2/client"
"github.com/micromdm/scep/v2/scep"

"github.com/go-kit/kit/log"
"github.com/go-kit/kit/log/level"
"github.com/pkg/errors"
"github.com/smallstep/scep"
)

// version info
Expand Down
2 changes: 1 addition & 1 deletion csrverifier/csrverifier.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@ import (
"crypto/x509"
"errors"

"github.com/micromdm/scep/v2/scep"
scepserver "github.com/micromdm/scep/v2/server"
"github.com/smallstep/scep"
)

// CSRVerifier verifies the raw decrypted CSR.
Expand Down
2 changes: 1 addition & 1 deletion depot/signer.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ import (
"time"

"github.com/micromdm/scep/v2/cryptoutil"
"github.com/micromdm/scep/v2/scep"
"github.com/smallstep/scep"
)

// Signer signs x509 certificates and stores them in a Depot
Expand Down
6 changes: 2 additions & 4 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -5,13 +5,11 @@ go 1.16
require (
github.com/boltdb/bolt v1.3.1
github.com/go-kit/kit v0.4.0
github.com/go-logfmt/logfmt v0.3.0 // indirect
github.com/go-stack/stack v1.6.0 // indirect
github.com/gorilla/context v0.0.0-20160226214623-1ea25387ff6f // indirect
github.com/gorilla/mux v1.4.0
github.com/groob/finalizer v0.0.0-20170707115354-4c2ed49aabda
github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515 // indirect
github.com/pkg/errors v0.8.0
github.com/smallstep/pkcs7 v0.0.0-20231107075624-be1870d87d13
github.com/smallstep/pkcs7 v0.0.0-20231107075624-be1870d87d13 // indirect
github.com/smallstep/scep v0.0.0-20240214080410-892e41795b99
golang.org/x/net v0.23.0 // indirect
)
9 changes: 5 additions & 4 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@ github.com/boltdb/bolt v1.3.1 h1:JQmyP4ZBrce+ZQu0dY660FMfatumYDLun9hBCUVIkF4=
github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps=
github.com/go-kit/kit v0.4.0 h1:KeVK+Emj3c3S4eRztFuzbFYb2BAgf2jmwDwyXEri7Lo=
github.com/go-kit/kit v0.4.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-logfmt/logfmt v0.3.0 h1:8HUsc87TaSWLKwrnumgC8/YconD2fJQsRJAsWaPg2ic=
github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
github.com/go-logfmt/logfmt v0.5.1 h1:otpy5pqBCBZ1ng9RQ0dPu4PN7ba75Y/aA+UpowDyNVA=
github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
github.com/go-stack/stack v1.6.0 h1:MmJCxYVKTJ0SplGKqFVX3SBnmaUhODHZrrFF6jMbpZk=
github.com/go-stack/stack v1.6.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
github.com/gorilla/context v0.0.0-20160226214623-1ea25387ff6f h1:9oNbS1z4rVpbnkHBdPZU4jo9bSmrLpII768arSyMFgk=
Expand All @@ -12,12 +12,13 @@ github.com/gorilla/mux v1.4.0 h1:N6R8isjoRv7IcVVlf0cTBbo0UDc9V6ZXWEm0HQoQmLo=
github.com/gorilla/mux v1.4.0/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
github.com/groob/finalizer v0.0.0-20170707115354-4c2ed49aabda h1:5ikpG9mYCMFiZX0nkxoV6aU2IpCHPdws3gCNgdZeEV0=
github.com/groob/finalizer v0.0.0-20170707115354-4c2ed49aabda/go.mod h1:MyndkAZd5rUMdNogn35MWXBX1UiBigrU8eTj8DoAC2c=
github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515 h1:T+h1c/A9Gawja4Y9mFVWj2vyii2bbUNDw3kt9VxK2EY=
github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
github.com/pkg/errors v0.8.0 h1:WdK/asTD0HN+q6hsWO3/vpuAkAr+tw6aNJNDFFf0+qw=
github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/smallstep/pkcs7 v0.0.0-20231024181729-3b98ecc1ca81/go.mod h1:SoUAr/4M46rZ3WaLstHxGhLEgoYIDRqxQEXLOmOEB0Y=
github.com/smallstep/pkcs7 v0.0.0-20231107075624-be1870d87d13 h1:qRxEt9ESQhAg1kjmgJ8oyyzlc9zkAjOooe7bcKjKORQ=
github.com/smallstep/pkcs7 v0.0.0-20231107075624-be1870d87d13/go.mod h1:SoUAr/4M46rZ3WaLstHxGhLEgoYIDRqxQEXLOmOEB0Y=
github.com/smallstep/scep v0.0.0-20240214080410-892e41795b99 h1:e85HuLX5/MW15yJ7yWb/PMNFW1Kx1N+DeQtpQnlMUbw=
github.com/smallstep/scep v0.0.0-20240214080410-892e41795b99/go.mod h1:4d0ub42ut1mMtvGyMensjuHYEUpRrASvkzLEJvoRQcU=
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
Expand Down
57 changes: 0 additions & 57 deletions scep/certs_selector.go

This file was deleted.

156 changes: 0 additions & 156 deletions scep/certs_selector_test.go

This file was deleted.

Loading

0 comments on commit c5e4c78

Please sign in to comment.