letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Small review tweaks

This commit is contained in:
Daniel 2017-09-01 11:58:35 -04:00
parent c4f235a614
commit d3c802512b
No known key found for this signature in database
GPG Key ID: 08FB2BFC470E75B4
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
wfe2/wfe.go
View File

@ -543,15 +543,15 @@ func (wfe *WebFrontEndImpl) acctHoldsAuthorizations(ctx context.Context, acctID
// there are two ways a revocation request can be authenticated it is the // there are two ways a revocation request can be authenticated it is the
// responsibility of the implementation to extract the outer JWS payload (and if // responsibility of the implementation to extract the outer JWS payload (and if
// applicable, an associated account ID). If the request is not properly // applicable, an associated account ID). If the request is not properly
// authenticated a problem should be returned. Note that the account ID returned // authenticated a problem should be returned.
// _may_ be 0 if the request is self-authenticated and not associated with an
// account.
type authenticateRevocation func(context.Context, *jose.JSONWebSignature, *http.Request, *requestEvent) ([]byte, int64, *probs.ProblemDetails) type authenticateRevocation func(context.Context, *jose.JSONWebSignature, *http.Request, *requestEvent) ([]byte, int64, *probs.ProblemDetails)
// authorizedToRevokeCert is a callback function that can be used to validate if // authorizedToRevokeCert is a callback function that can be used to validate if
// a given requester is authorized to revoke the certificate parsed out of the // a given requester is authorized to revoke the certificate parsed out of the
// revocation request from the inner JWS. If the requester is not authorized to // revocation request from the inner JWS. If the requester is not authorized to
// revoke the certificate a problem is returned. // revoke the certificate a problem is returned. It is expected to be a closure
// containing additional state (an account ID or key) that will be used to make
// the decision.
type authorizedToRevokeCert func(*x509.Certificate) *probs.ProblemDetails type authorizedToRevokeCert func(*x509.Certificate) *probs.ProblemDetails
// processRevocation accepts the outer JWS for a revocation request along with // processRevocation accepts the outer JWS for a revocation request along with
@ -735,7 +735,7 @@ func (wfe *WebFrontEndImpl) revokeCertByJWK(
// certificate by checking that to-be-revoked certificate has the same public // certificate by checking that to-be-revoked certificate has the same public
// key as the JWK that was used to authenticate the request // key as the JWK that was used to authenticate the request
authorizedToRevoke := func(parsedCertificate *x509.Certificate) *probs.ProblemDetails { authorizedToRevoke := func(parsedCertificate *x509.Certificate) *probs.ProblemDetails {
if !(core.KeyDigestEquals(requestKey, parsedCertificate.PublicKey)) { if !core.KeyDigestEquals(requestKey, parsedCertificate.PublicKey) {
return probs.Unauthorized( return probs.Unauthorized(
"JWK embedded in revocation request must be the same public key as the cert to be revoked") "JWK embedded in revocation request must be the same public key as the cert to be revoked")
} }