Skip to content

Commit

Permalink
fix: ESC3 enrollment agent restrictions logic
Browse files Browse the repository at this point in the history
  • Loading branch information
JonasBK committed Feb 9, 2024
1 parent d4b68d3 commit b73b97f
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 10 deletions.
16 changes: 9 additions & 7 deletions packages/go/analysis/ad/ad.go
Original file line number Diff line number Diff line change
Expand Up @@ -1072,13 +1072,15 @@ func GetADCSESC3EdgeComposition(ctx context.Context, db graph.Database, edge *gr

if collected, err := eca2.Properties.Get(ad.EnrollmentAgentRestrictionsCollected.String()).Bool(); err != nil {
log.Errorf("error getting enrollmentagentcollected for eca2 %d: %v", eca2.ID, err)
} else if hasRestrictions, err := eca2.Properties.Get(ad.HasEnrollmentAgentRestrictions.String()).Bool(); err != nil {
log.Errorf("error getting hasenrollmentagentrestrictions for ca %d: %v", eca2.ID, err)
} else if collected && hasRestrictions {
if p6, err := getDelegatedEnrollmentAgentPath(ctx, startNode, ct2, db); err != nil {
log.Infof("Error getting p6 for composition: %v", err)
} else {
paths.AddPathSet(p6)
} else if collected {
if hasRestrictions, err := eca2.Properties.Get(ad.HasEnrollmentAgentRestrictions.String()).Bool(); err != nil {
log.Errorf("error getting hasenrollmentagentrestrictions for ca %d: %v", eca2.ID, err)
} else if hasRestrictions {
if p6, err := getDelegatedEnrollmentAgentPath(ctx, startNode, ct2, db); err != nil {
log.Infof("Error getting p6 for composition: %v", err)
} else {
paths.AddPathSet(p6)
}
}
}
}
Expand Down
14 changes: 11 additions & 3 deletions packages/go/analysis/ad/esc3.go
Original file line number Diff line number Diff line change
Expand Up @@ -39,9 +39,17 @@ func PostADCSESC3(ctx context.Context, tx graph.Transaction, outC chan<- analysi
return nil
} else if collected, err := eca2.Properties.Get(ad.EnrollmentAgentRestrictionsCollected.String()).Bool(); err != nil {
return fmt.Errorf("error getting enrollmentagentcollected for eca2 %d: %w", eca2.ID, err)
} else if hasRestrictions, err := eca2.Properties.Get(ad.HasEnrollmentAgentRestrictions.String()).Bool(); err != nil {
return fmt.Errorf("error getting hasenrollmentagentrestrictions for ca %d: %w", eca2.ID, err)
} else {
// Assuming no enrollement agent restrictions if not collected
eARestrictions := false
if collected {
if hasRestrictions, err := eca2.Properties.Get(ad.HasEnrollmentAgentRestrictions.String()).Bool(); err != nil {
return fmt.Errorf("error getting hasenrollmentagentrestrictions for ca %d: %w", eca2.ID, err)
} else {
eARestrictions := hasRestrictions
}
}

for _, certTemplateTwo := range publishedCertTemplates {
if !isEndCertTemplateValidESC3(certTemplateTwo) {
continue
Expand All @@ -67,7 +75,7 @@ func PostADCSESC3(ctx context.Context, tx graph.Transaction, outC chan<- analysi
log.Errorf("error getting cas for cert template %d: %v", certTemplateOne.ID, err)
} else if publishedECAs.Len() == 0 {
continue
} else if collected && hasRestrictions {
} else if eARestrictions {
if delegatedAgents, err := fetchFirstDegreeNodes(tx, certTemplateTwo, ad.DelegatedEnrollmentAgent); err != nil {
log.Errorf("error getting delegated agents for cert template %d: %v", certTemplateTwo.ID, err)
} else {
Expand Down

0 comments on commit b73b97f

Please sign in to comment.