Skip to content

Commit

Permalink
Use SignWithContext in the critical paths
Browse files Browse the repository at this point in the history
  • Loading branch information
hslatman committed Sep 19, 2023
1 parent 4e06bdb commit 9e3807e
Show file tree
Hide file tree
Showing 4 changed files with 5 additions and 4 deletions.
2 changes: 1 addition & 1 deletion acme/order.go
Original file line number Diff line number Diff line change
Expand Up @@ -263,7 +263,7 @@ func (o *Order) Finalize(ctx context.Context, db DB, csr *x509.CertificateReques
signOps = append(signOps, extraOptions...)

// Sign a new certificate.
certChain, err := auth.Sign(csr, provisioner.SignOptions{
certChain, err := auth.SignWithContext(ctx, csr, provisioner.SignOptions{
NotBefore: provisioner.NewTimeDuration(o.NotBefore),
NotAfter: provisioner.NewTimeDuration(o.NotAfter),
}, signOps...)
Expand Down
2 changes: 1 addition & 1 deletion api/sign.go
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ func Sign(w http.ResponseWriter, r *http.Request) {
return
}

certChain, err := a.Sign(body.CsrPEM.CertificateRequest, opts, signOpts...)
certChain, err := a.SignWithContext(ctx, body.CsrPEM.CertificateRequest, opts, signOpts...)
if err != nil {
render.Error(w, errs.ForbiddenErr(err, "error signing certificate"))
return
Expand Down
2 changes: 1 addition & 1 deletion api/ssh.go
Original file line number Diff line number Diff line change
Expand Up @@ -330,7 +330,7 @@ func SSHSign(w http.ResponseWriter, r *http.Request) {
NotAfter: time.Unix(int64(cert.ValidBefore), 0),
})

certChain, err := a.Sign(cr, provisioner.SignOptions{}, signOpts...)
certChain, err := a.SignWithContext(ctx, cr, provisioner.SignOptions{}, signOpts...)
if err != nil {
render.Error(w, errs.ForbiddenErr(err, "error signing identity certificate"))
return
Expand Down
3 changes: 2 additions & 1 deletion scep/authority.go
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,7 @@ type AuthorityOptions struct {
// SignAuthority is the interface for a signing authority
type SignAuthority interface {
Sign(cr *x509.CertificateRequest, opts provisioner.SignOptions, signOpts ...provisioner.SignOption) ([]*x509.Certificate, error)
SignWithContext(ctx context.Context, cr *x509.CertificateRequest, opts provisioner.SignOptions, signOpts ...provisioner.SignOption) ([]*x509.Certificate, error)
LoadProvisionerByName(string) (provisioner.Interface, error)
}

Expand Down Expand Up @@ -296,7 +297,7 @@ func (a *Authority) SignCSR(ctx context.Context, csr *x509.CertificateRequest, m
}
signOps = append(signOps, templateOptions)

certChain, err := a.signAuth.Sign(csr, opts, signOps...)
certChain, err := a.signAuth.SignWithContext(ctx, csr, opts, signOps...)
if err != nil {
return nil, fmt.Errorf("error generating certificate for order: %w", err)
}
Expand Down

0 comments on commit 9e3807e

Please sign in to comment.