Skip to content

Commit ba9e082

Browse files
marainomaraino
committed
Add attestation format to challenge
This commit adds the format of the payload to the challenge object.
1 parent 143e484 commit ba9e082

File tree

2 files changed

+21
-0
lines changed

2 files changed

+21
-0
lines changed

acme/challenge.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -89,6 +89,7 @@ type Challenge struct {
8989
Target string `json:"target,omitempty"`
9090
Error *Error `json:"error,omitempty"`
9191
Payload []byte `json:"-"`
92+
PayloadFormat string `json:"-"`
9293
}
9394

9495
// ToLog enables response logging.
@@ -944,6 +945,7 @@ func deviceAttest01Validate(ctx context.Context, ch *Challenge, db DB, jwk *jose
944945
ch.Error = nil
945946
ch.ValidatedAt = clock.Now().Format(time.RFC3339)
946947
ch.Payload = payload
948+
ch.PayloadFormat = format
947949

948950
// Store the fingerprint in the authorization.
949951
//

acme/challenge_test.go

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -151,6 +151,8 @@ func mustAttestApple(t *testing.T, nonce string) ([]byte, *x509.Certificate, *x5
151151
}
152152

153153
func mustAttestYubikey(t *testing.T, _, keyAuthorization string, serial int) ([]byte, *x509.Certificate, *x509.Certificate) {
154+
t.Helper()
155+
154156
ca, err := minica.New()
155157
fatalError(t, err)
156158

@@ -821,6 +823,7 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
821823
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
822824
assert.Equal(t, "12345678", updch.Value)
823825
assert.Nil(t, updch.Payload)
826+
assert.Empty(t, updch.PayloadFormat)
824827

825828
err := NewError(ErrorRejectedIdentifierType, "payload contained error: an error")
826829

@@ -873,6 +876,7 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
873876
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
874877
assert.Equal(t, "1234", updch.Value)
875878
assert.Equal(t, payload, updch.Payload)
879+
assert.Equal(t, "step", updch.PayloadFormat)
876880

877881
return nil
878882
},
@@ -4007,6 +4011,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
40074011
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
40084012
assert.Equal(t, "12345678", updch.Value)
40094013
assert.Nil(t, updch.Payload)
4014+
assert.Empty(t, updch.PayloadFormat)
40104015

40114016
err := NewError(ErrorRejectedIdentifierType, "payload contained error: an error")
40124017

@@ -4046,6 +4051,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
40464051
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
40474052
assert.Equal(t, "12345678", updch.Value)
40484053
assert.Nil(t, updch.Payload)
4054+
assert.Empty(t, updch.PayloadFormat)
40494055

40504056
err := NewDetailedError(ErrorBadAttestationStatementType, "failed base64 decoding attObj %q", "?!")
40514057

@@ -4085,6 +4091,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
40854091
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
40864092
assert.Equal(t, "12345678", updch.Value)
40874093
assert.Nil(t, updch.Payload)
4094+
assert.Empty(t, updch.PayloadFormat)
40884095

40894096
err := NewDetailedError(ErrorBadAttestationStatementType, "attObj must not be empty")
40904097

@@ -4124,6 +4131,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
41244131
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
41254132
assert.Equal(t, "12345678", updch.Value)
41264133
assert.Nil(t, updch.Payload)
4134+
assert.Empty(t, updch.PayloadFormat)
41274135

41284136
err := NewDetailedError(ErrorBadAttestationStatementType, "attObj must not be empty")
41294137

@@ -4163,6 +4171,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
41634171
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
41644172
assert.Equal(t, "12345678", updch.Value)
41654173
assert.Nil(t, updch.Payload)
4174+
assert.Empty(t, updch.PayloadFormat)
41664175

41674176
err := NewDetailedError(ErrorBadAttestationStatementType, "attObj is not well formed CBOR: unexpected EOF")
41684177

@@ -4204,6 +4213,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
42044213
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
42054214
assert.Equal(t, "12345678", updch.Value)
42064215
assert.Nil(t, updch.Payload)
4216+
assert.Empty(t, updch.PayloadFormat)
42074217

42084218
err := NewDetailedError(ErrorBadAttestationStatementType, "unsupported attestation object format %q", "unsupported-format")
42094219

@@ -4250,6 +4260,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
42504260
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
42514261
assert.Equal(t, "12345678", updch.Value)
42524262
assert.Nil(t, updch.Payload)
4263+
assert.Empty(t, updch.PayloadFormat)
42534264

42544265
err := NewError(ErrorBadAttestationStatementType, "attestation format %q is not enabled", "step")
42554266

@@ -4306,6 +4317,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
43064317
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
43074318
assert.Equal(t, "12345678", updch.Value)
43084319
assert.Nil(t, updch.Payload)
4320+
assert.Empty(t, updch.PayloadFormat)
43094321

43104322
err := NewDetailedError(ErrorBadAttestationStatementType, "x5c not present")
43114323

@@ -4354,6 +4366,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
43544366
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
43554367
assert.Equal(t, "serial-number", updch.Value)
43564368
assert.Nil(t, updch.Payload)
4369+
assert.Empty(t, updch.PayloadFormat)
43574370

43584371
err := NewDetailedError(ErrorBadAttestationStatementType, "challenge token does not match")
43594372

@@ -4401,6 +4414,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
44014414
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
44024415
assert.Equal(t, "non-matching-value", updch.Value)
44034416
assert.Nil(t, updch.Payload)
4417+
assert.Empty(t, updch.PayloadFormat)
44044418

44054419
subproblem := NewSubproblemWithIdentifier(
44064420
ErrorRejectedIdentifierType,
@@ -4480,6 +4494,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
44804494
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
44814495
assert.Equal(t, "12345678", updch.Value)
44824496
assert.Nil(t, updch.Payload)
4497+
assert.Empty(t, updch.PayloadFormat)
44834498

44844499
err := NewDetailedError(ErrorBadAttestationStatementType, "x5c not present")
44854500

@@ -4535,6 +4550,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
45354550
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
45364551
assert.Equal(t, "12345678", updch.Value)
45374552
assert.Nil(t, updch.Payload)
4553+
assert.Empty(t, updch.PayloadFormat)
45384554

45394555
err := NewDetailedError(ErrorBadAttestationStatementType, "permanent identifier does not match").
45404556
AddSubproblems(NewSubproblemWithIdentifier(
@@ -4631,6 +4647,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
46314647
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
46324648
assert.Equal(t, "12345678", updch.Value)
46334649
assert.Nil(t, updch.Payload)
4650+
assert.Empty(t, updch.PayloadFormat)
46344651

46354652
err := NewDetailedError(ErrorBadAttestationStatementType, `unsupported attestation object format "bogus-format"`)
46364653

@@ -4724,6 +4741,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
47244741
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
47254742
assert.Equal(t, "12345678", updch.Value)
47264743
assert.Equal(t, payload, updch.Payload)
4744+
assert.Equal(t, "step", updch.PayloadFormat)
47274745

47284746
return errors.New("force")
47294747
},
@@ -4771,6 +4789,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
47714789
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
47724790
assert.Equal(t, "12345678", updch.Value)
47734791
assert.Equal(t, payload, updch.Payload)
4792+
assert.Equal(t, "step", updch.PayloadFormat)
47744793

47754794
return nil
47764795
},

0 commit comments

Comments
 (0)