Skip to content

Commit 67b558f

Browse files
samuhvartapawansomos
samuhvarta
and
pawansomos
authored
Support for TNAuthlist identifier (#35)
* add support for TNAuthList identifier * added notice * added notice * removed notice --------- Co-authored-by: Pawan Tripathi <[email protected]>
1 parent 04a702f commit 67b558f

File tree

2 files changed

+17
-1
lines changed

2 files changed

+17
-1
lines changed

acme/challenge.go

+7
Original file line numberDiff line numberDiff line change
@@ -90,6 +90,12 @@ type Challenge struct {
9090
// be included in the POST request. This field is applicable when responding
9191
// to "device-attest-01" challenges.
9292
Payload any `json:"-"`
93+
94+
// TkAuthType is the Authority Token Subtype as described in RFC9447 §3
95+
// This field is only applicable when responding to "tkauth-01" challenges
96+
// and indicates the type of Authority token that will be used
97+
// to validate the challenge.
98+
TkAuthType string `json:"tkauth-type,omitempty"`
9399
}
94100

95101
// HTTP01ResourcePath returns the URI path for solving the http-01 challenge.
@@ -170,4 +176,5 @@ const (
170176
ChallengeTypeTLSALPN01 = "tls-alpn-01" // RFC 8737 §3
171177
ChallengeTypeDeviceAttest01 = "device-attest-01" // draft-acme-device-attest-00 §5
172178
ChallengeTypeEmailReply00 = "email-reply-00" // RFC 8823 §5.2
179+
ChallengeTypeAuthorityToken = "tkauth-01" // RFC 9447 §3 - ACME Authority Token challenge type
173180
)

csr.go

+10-1
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@ import (
2020
"crypto/rand"
2121
"crypto/x509"
2222
"encoding/asn1"
23+
"encoding/base64"
2324
"errors"
2425
"fmt"
2526
"net"
@@ -196,6 +197,7 @@ var (
196197
oidExtensionSubjectAltName = []int{2, 5, 29, 17}
197198
oidPermanentIdentifier = []int{1, 3, 6, 1, 5, 5, 7, 8, 3}
198199
oidHardwareModuleName = []int{1, 3, 6, 1, 5, 5, 7, 8, 4}
200+
oidExtensionTNAuthList = []int{1, 3, 6, 1, 5, 5, 7, 1, 26} // TNAuthListIdentifier is defined in RFC9448
199201
)
200202

201203
// RFC 5280 - https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.6
@@ -282,9 +284,16 @@ func createIdentifiersUsingCSR(csr *x509.CertificateRequest) ([]acme.Identifier,
282284
})
283285
}
284286

285-
// Extract permanent identifiers and hardware module values.
287+
// Extract TNAuthList, permanent identifiers and hardware module values.
286288
// This block will ignore errors.
287289
for _, ext := range csr.Extensions {
290+
// Extract TNAuthList Identifier
291+
if ext.Id.Equal(oidExtensionTNAuthList) {
292+
ids = append(ids, acme.Identifier{
293+
Type: "TNAuthList",
294+
Value: base64.StdEncoding.EncodeToString(ext.Value),
295+
})
296+
}
288297
if ext.Id.Equal(oidExtensionSubjectAltName) {
289298
err := forEachSAN(ext.Value, func(tag int, data []byte) error {
290299
var on otherName

0 commit comments

Comments
 (0)