|
|
|
|
@ -122,17 +122,13 @@ func rotateWorkerAuth(ctx context.Context, w *Worker, currentNodeCreds *types.No
|
|
|
|
|
randReaderOpt := nodeenrollment.WithRandomReader(w.conf.SecureRandomReader)
|
|
|
|
|
|
|
|
|
|
// Ensure we can get some needed values prior to actually doing generation
|
|
|
|
|
currentKeyId, err := nodeenrollment.KeyIdFromPkix(currentNodeCreds.CertificatePublicKeyPkix)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return berrors.Wrap(ctx, err, op)
|
|
|
|
|
}
|
|
|
|
|
client := w.controllerMultihopConn.Load()
|
|
|
|
|
if client == nil {
|
|
|
|
|
return berrors.Wrap(ctx, err, op)
|
|
|
|
|
return berrors.New(ctx, berrors.Internal, op, "nil multihop client")
|
|
|
|
|
}
|
|
|
|
|
multihopClient, ok := client.(multihop.MultihopServiceClient)
|
|
|
|
|
if !ok {
|
|
|
|
|
return berrors.Wrap(ctx, err, op)
|
|
|
|
|
return berrors.New(ctx, berrors.Internal, op, "multihop client is not the right type")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Generate a new set of credentials but don't persist them yet
|
|
|
|
|
@ -154,7 +150,7 @@ func rotateWorkerAuth(ctx context.Context, w *Worker, currentNodeCreds *types.No
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Encrypt the values to the server
|
|
|
|
|
encFetchReq, err := nodeenrollment.EncryptMessage(ctx, currentKeyId, fetchReq, currentNodeCreds, randReaderOpt)
|
|
|
|
|
encFetchReq, err := nodeenrollment.EncryptMessage(ctx, fetchReq, currentNodeCreds, randReaderOpt)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return berrors.Wrap(ctx, err, op)
|
|
|
|
|
}
|
|
|
|
|
@ -171,7 +167,6 @@ func rotateWorkerAuth(ctx context.Context, w *Worker, currentNodeCreds *types.No
|
|
|
|
|
fetchResp := new(types.FetchNodeCredentialsResponse)
|
|
|
|
|
if err := nodeenrollment.DecryptMessage(
|
|
|
|
|
ctx,
|
|
|
|
|
currentKeyId,
|
|
|
|
|
resp.EncryptedFetchNodeCredentialsResponse,
|
|
|
|
|
currentNodeCreds,
|
|
|
|
|
fetchResp,
|
|
|
|
|
|
Jeff Mitchell
4 years ago