(ctx EnrollmentContext)
| 47 | } |
| 48 | |
| 49 | func (module *EnrollModuleOtt) Process(ctx EnrollmentContext) (*EnrollmentResult, error) { |
| 50 | enrollment, err := module.env.GetManagers().Enrollment.ReadByToken(ctx.GetToken()) |
| 51 | if err != nil { |
| 52 | return nil, err |
| 53 | } |
| 54 | |
| 55 | if enrollment == nil || enrollment.IdentityId == nil { |
| 56 | return nil, apierror.NewInvalidEnrollmentToken() |
| 57 | } |
| 58 | |
| 59 | if enrollment.ExpiresAt == nil || enrollment.ExpiresAt.IsZero() || enrollment.ExpiresAt.Before(time.Now()) { |
| 60 | return nil, apierror.NewEnrollmentExpired() |
| 61 | } |
| 62 | |
| 63 | identity, err := module.env.GetManagers().Identity.Read(*enrollment.IdentityId) |
| 64 | |
| 65 | if err != nil { |
| 66 | return nil, err |
| 67 | } |
| 68 | |
| 69 | if identity == nil { |
| 70 | return nil, apierror.NewInvalidEnrollmentToken() |
| 71 | } |
| 72 | |
| 73 | ctx.GetChangeContext(). |
| 74 | SetChangeAuthorType(change.AuthorTypeIdentity). |
| 75 | SetChangeAuthorId(identity.Id). |
| 76 | SetChangeAuthorName(identity.Name) |
| 77 | |
| 78 | csrPem := ctx.GetData().ClientCsrPem |
| 79 | |
| 80 | csr, err := cert.ParseCsrPem(csrPem) |
| 81 | |
| 82 | if err != nil { |
| 83 | apiErr := apierror.NewCouldNotProcessCsr() |
| 84 | apiErr.Cause = err |
| 85 | apiErr.AppendCause = true |
| 86 | return nil, apiErr |
| 87 | } |
| 88 | |
| 89 | certRaw, err := module.env.GetApiClientCsrSigner().SignCsr(csr, &cert.SigningOpts{}) |
| 90 | |
| 91 | if err != nil { |
| 92 | apiErr := apierror.NewCouldNotProcessCsr() |
| 93 | apiErr.Cause = err |
| 94 | apiErr.AppendCause = true |
| 95 | return nil, apiErr |
| 96 | } |
| 97 | |
| 98 | fp := module.fingerprintGenerator.FromRaw(certRaw) |
| 99 | |
| 100 | clientChainPem, err := module.env.GetManagers().Enrollment.GetCertChainPem(certRaw) |
| 101 | if err != nil { |
| 102 | return nil, err |
| 103 | } |
| 104 | |
| 105 | newAuthenticator := &Authenticator{ |
| 106 | BaseEntity: models.BaseEntity{ |
nothing calls this directly
no test coverage detected