Skip to content

Commit

Permalink
fix #2051
Browse files Browse the repository at this point in the history
  • Loading branch information
@mathieuancelin
mathieuancelin committed Dec 11, 2024
1 parent 7ec4271 commit afca8ac
Show file tree
Hide file tree
Showing 3 changed files with 24 additions and 19 deletions.
2 changes: 1 addition & 1 deletion otoroshi/app/gateway/handlers.scala
View file
Original file line number Diff line number Diff line change
Expand Up @@ -720,7 +720,7 @@ class GatewayRequestHandler(

def aia(id: String) =
actionBuilder.async { req =>
env.ocspResponder.aia(id, req)
env.ocspResponder.aia(id, req, Seq.empty)
}

def letsEncrypt() =
Expand Down
9 changes: 5 additions & 4 deletions otoroshi/app/next/plugins/otoroshi.scala
View file
Original file line number Diff line number Diff line change
Expand Up @@ -551,19 +551,20 @@ class OtoroshiAIAEndpoint extends NgBackendCall {
override def core: Boolean = true
override def name: String = "Otoroshi AIA endpoint"
override def description: Option[String] = "This plugin provide an endpoint to return Otoroshi Authority Information Access for your certificates".some
override def defaultConfigObject: Option[NgPluginConfig] = None
override def defaultConfigObject: Option[NgPluginConfig] = PossibleCerts.default.some
override def useDelegates: Boolean = false
override def noJsForm: Boolean = true
override def configFlow: Seq[String] = Seq.empty
override def configSchema: Option[JsObject] = None
override def configFlow: Seq[String] = PossibleCerts.configFlow
override def configSchema: Option[JsObject] = PossibleCerts.configSchema

override def callBackend(ctx: NgbBackendCallContext, delegates: () => Future[Either[NgProxyEngineError, BackendCallResponse]])(implicit env: Env, ec: ExecutionContext, mat: Materializer): Future[Either[NgProxyEngineError, BackendCallResponse]] = {
val config = ctx.cachedConfig(internalName)(PossibleCerts.format).getOrElse(PossibleCerts.default)
ctx.attrs.get(otoroshi.next.plugins.Keys.MatchedRouteKey) match {
case None => Left(NgProxyEngineError.NgResultProxyEngineError(Results.InternalServerError(Json.obj("error" -> "matched route not found")))).vfuture
case Some(matchedRoute) => {
matchedRoute.pathParams.get("id").orElse(matchedRoute.pathParams.get("cert_id")) match {
case None => Right(BackendCallResponse(NgPluginHttpResponse.fromResult(BadRequest(Json.obj("error" -> "cert id not available"))), None)).vfuture
case Some(id) => env.ocspResponder.aia(id, ctx.rawRequest).map { res =>
case Some(id) => env.ocspResponder.aia(id, ctx.rawRequest, config.certIds).map { res =>
Right(BackendCallResponse(NgPluginHttpResponse.fromResult(res), None))
}
}
Expand Down
32 changes: 18 additions & 14 deletions otoroshi/app/ssl/ocsp.scala
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,23 +107,27 @@ class OcspResponder(env: Env, implicit val ec: ExecutionContext) {
val nextUpdateOffset: Int =
env.configuration.getOptionalWithFileSupport[Int]("app.ocsp.caching.seconds").getOrElse(3600)

def aia(id: String, req: RequestHeader)(implicit ec: ExecutionContext): Future[Result] = {
def aia(id: String, req: RequestHeader, possibleCerts: Seq[String])(implicit ec: ExecutionContext): Future[Result] = {
import scala.util._
// DynamicSSLEngineProvider.certificates.values.find(c => c.certificate.get.getSerialNumber.toString == id && c.exposed && CertParentHelper.fromOtoroshiRootCa(c.certificate.get)) match {
DynamicSSLEngineProvider.certificates.values.find { c =>
Try {
c.certificate.get.getSerialNumber.toString == id && c.exposed && CertParentHelper.fromOtoroshiRootCa(
c.certificate.get
)
if (possibleCerts.isEmpty || (possibleCerts.nonEmpty && possibleCerts.contains(id))) {
// DynamicSSLEngineProvider.certificates.values.find(c => c.certificate.get.getSerialNumber.toString == id && c.exposed && CertParentHelper.fromOtoroshiRootCa(c.certificate.get)) match {
DynamicSSLEngineProvider.certificates.values.find { c =>
Try {
c.certificate.get.getSerialNumber.toString == id && c.exposed && CertParentHelper.fromOtoroshiRootCa(
c.certificate.get
)
} match {
case Failure(e) =>
e.printStackTrace()
false
case Success(v) => v
}
} match {
case Failure(e) =>
e.printStackTrace()
false
case Success(v) => v
case None => Results.NotFound("").as("application/pkix-cert").future
case Some(cert) => Results.Ok(cert.certificate.get.asPem).as("application/pkix-cert").future
}
} match {
case None => Results.NotFound("").as("application/pkix-cert").future
case Some(cert) => Results.Ok(cert.certificate.get.asPem).as("application/pkix-cert").future
} else {
Results.NotFound("").as("application/pkix-cert").future
}
}

Expand Down

0 comments on commit afca8ac

Please sign in to comment.