tokenserver/appengine/impl/machinetoken/machinetoken.go - Issue 2952723003: token-server: Make machine token minter config apply to subdomains.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: tokenserver/appengine/impl/machinetoken/machinetoken.go

Issue 2952723003: token-server: Make machine token minter config apply to subdomains. (Closed)

Patch Set: Created 3 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: tokenserver/appengine/impl/machinetoken/machinetoken.go

diff --git a/tokenserver/appengine/impl/machinetoken/machinetoken.go b/tokenserver/appengine/impl/machinetoken/machinetoken.go

index c04e3658a13593fa887869af405b22ffa7ba6e43..55caec9fae2cbb0905ebcb321b0a71084aa52e35 100644

--- a/tokenserver/appengine/impl/machinetoken/machinetoken.go

+++ b/tokenserver/appengine/impl/machinetoken/machinetoken.go

@@ -71,10 +71,7 @@ func (p *MintParams) Validate() error {

if len(chunks) != 2 {

return fmt.Errorf("not a valid FQDN %q", p.FQDN)

}

- host, domain := chunks[0], chunks[1]

- if strings.ContainsRune(host, '@') {

Vadim Sh. 2017/06/21 00:09:02 as I mentioned above, '@' has no magical significa

- return fmt.Errorf("forbidden character '@' in hostname %q", host)

- }

+ domain := chunks[1] // e.g. "us-central-1a.c.project-id.internal"

smut 2017/06/21 00:27:19 typo: us-central1-a, not us-central-1a

Vadim Sh. 2017/06/21 00:31:56 Done.

// Check DomainConfig for given domain.

domainCfg := domainConfig(p.Config, domain)

@@ -94,13 +91,16 @@ func (p *MintParams) Validate() error {

return nil

}

-// domainConfig returns DomainConfig for a domain.

+// domainConfig returns DomainConfig (part of *.cfg file) for a given domain.

+//

+// It enumerates all domains specified in the config finding first domain that

+// is equal to 'domain' or has it as a subdomain.

-// Returns nil if there's no such config.

+// Returns nil if requested domain is not represented in the config.

func domainConfig(cfg *admin.CertificateAuthorityConfig, domain string) *admin.DomainConfig {

for _, domainCfg := range cfg.KnownDomains {

for _, domainInCfg := range domainCfg.Domain {

- if domainInCfg == domain {

+ if domainInCfg == domain || strings.HasSuffix(domain, "."+domainInCfg) {

Vadim Sh. 2017/06/21 00:09:02 this is the actual change

return domainCfg

}