Browse Source

Fix OpenPGP key update

On openpgp update we can't set the objectClass again, ldap gives an
error. Let's only set it when we configure the first key.
master
meskio 4 months ago
parent
commit
0fccacdd77
Signed by: meskio
GPG Key ID: 52B8F5AC97A2DA86
  1. 33
      ldap/openpgp.go
  2. 44
      ldap/openpgp_test.go

33
ldap/openpgp.go

@ -1,6 +1,7 @@
package ldap
import (
"errors"
"strings"
"time"
@ -24,7 +25,14 @@ func (l Ldap) changeOpenPGPkey(dn string, fingerprint string, expiry time.Time,
defer conn.Close()
modifyRequest := ldap.NewModifyRequest(dn, nil)
modifyRequest.Add("objectClass", []string{"openPGP"})
_, err = l.getOpenPGPKey(dn, conn)
if err != nil {
if errors.Is(err, ErrNotFound) {
modifyRequest.Add("objectClass", []string{"openPGP"})
} else {
return err
}
}
modifyRequest.Replace("openPGPId", []string{fingerprint})
modifyRequest.Replace("openPGPExpiry", []string{expiry.Format(dateFormat)})
modifyRequest.Replace("openPGPKey", []string{string(key)})
@ -54,6 +62,29 @@ func (l Ldap) DeleteOpenPGPkey(dn string) error {
return conn.Modify(modifyRequest)
}
func (l Ldap) getOpenPGPKey(dn string, conn *ldap.Conn) (*OpenPGPkey, error) {
searchRequest := ldap.NewSearchRequest(
dn,
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
"((objectClass=openPGP))",
openPGPAttributes,
nil,
)
sr, err := conn.Search(searchRequest)
if err != nil {
return nil, err
}
switch len(sr.Entries) {
case 1:
entry := sr.Entries[0]
return openPGPkey(entry), nil
case 0:
return nil, ErrNotFound
default:
return nil, errors.New("More than one user found!!!")
}
}
func openPGPkey(entry *ldap.Entry) *OpenPGPkey {
openPGPexpiry, _ := time.Parse(dateFormat, entry.GetAttributeValue("openPGPExpiry"))
key := OpenPGPkey{

44
ldap/openpgp_test.go

@ -6,11 +6,16 @@ import (
"time"
)
func TestOpenPGPuser(t *testing.T) {
key := []byte("openpgpkey")
fingerprint := "AABBCCDDEEFF1122334455"
wkdHash := "hashhash"
const (
fingerprint = "AABBCCDDEEFF1122334455"
wkdHash = "hashhash"
)
var (
key = []byte("openpgpkey")
)
func TestOpenPGPuser(t *testing.T) {
l := testLdap(t)
u, err := l.GetUser(user)
if err != nil {
@ -61,10 +66,6 @@ func TestOpenPGPuser(t *testing.T) {
}
func TestOpenPGPgroup(t *testing.T) {
key := []byte("openpgpkey")
fingerprint := "AABBCCDDEEFF1122334455"
wkdHash := "hashhash"
l := testLdap(t)
g, err := l.GetGroup(group)
if err != nil {
@ -113,3 +114,30 @@ func TestOpenPGPgroup(t *testing.T) {
t.Errorf("user already has a key")
}
}
func TestUpdateOpenPGP(t *testing.T) {
l := testLdap(t)
u, err := l.GetUser(user)
if err != nil {
t.Errorf("GetUser() failed: %v", err)
}
if u.OpenPGPkey != nil {
t.Errorf("user already has a key")
}
dn := l.userDN(user)
err = l.changeOpenPGPkey(dn, fingerprint, time.Time{}, key, wkdHash, "")
if err != nil {
t.Errorf("ChangeOpenPGPkey() failed: %v", err)
}
err = l.changeOpenPGPkey(dn, fingerprint, time.Time{}, key, wkdHash, "")
if err != nil {
t.Errorf("ChangeOpenPGPkey() failed: %v", err)
}
err = l.DeleteOpenPGPkey(dn)
if err != nil {
t.Errorf("DeleteOpenPGPkey() failed: %v", err)
}
}

Loading…
Cancel
Save