Skip to content

Commit f75730d

Browse files
haasonsaashaasonsaas
committed
fix: restore missing constants in agent and pki
1 parent 89fb78e commit f75730d

File tree

3 files changed

+30
-24
lines changed

3 files changed

+30
-24
lines changed

agent/internal/service/service.go

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -22,14 +22,14 @@ import (
2222
)
2323

2424
const (
25-
defaultComponent = "attestor-service"
26-
statusHealthy = "healthy"
27-
slash = "/"
28-
defaultHTTPTimeout = 10 * time.Second
29-
defaultSignalCapacity = 1
30-
statusCodeThreshold = 400
31-
permOwnerReadWrite = 0o600
32-
permOwnerReadWriteExec = 0o700
25+
defaultComponent = "attestor-service"
26+
statusHealthy = "healthy"
27+
slash = "/"
28+
defaultHTTPTimeout = 10 * time.Second
29+
defaultSignalCapacity = 1
30+
statusCodeThreshold = 400
31+
permOwnerReadWrite = 0o600
32+
permOwnerReadExecute = 0o700
3333
)
3434

3535
// Config holds the service configuration
@@ -85,7 +85,7 @@ func New(config *Config) *Service {
8585
return &Service{
8686
config: config,
8787
collector: posture.GetCollector(),
88-
httpClient: newHTTPClient(),
88+
httpClient: &http.Client{Timeout: defaultHTTPTimeout},
8989
ctx: ctx,
9090
cancel: cancel,
9191
logger: logger,
@@ -358,7 +358,7 @@ func (s *Service) obtainCertificate() error {
358358
if err != nil {
359359
return err
360360
}
361-
if err := os.MkdirAll(filepath.Dir(s.config.CAPath), permOwnerReadWriteExec); err != nil {
361+
if err := os.MkdirAll(filepath.Dir(s.config.CAPath), permOwnerReadExecute); err != nil {
362362
return err
363363
}
364364
if err := os.WriteFile(s.config.CAPath, rawCA, permOwnerReadWrite); err != nil {

pkg/pki/ca.go

Lines changed: 14 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -16,13 +16,13 @@ import (
1616
)
1717

1818
const (
19-
defaultCAValidity = 10 * 365 * 24 * time.Hour
20-
defaultCertificateTTL = 8 * time.Hour
21-
defaultClockSkew = 5 * time.Minute
22-
permOwnerReadWrite = 0o600
23-
permOwnerReadWriteExec = 0o750
24-
permOwnerReadGroupRead = 0o640
25-
maxSerialShift = 128
19+
defaultCAValidity = 10 * 365 * 24 * time.Hour
20+
defaultCertificateTTL = 8 * time.Hour
21+
defaultClockSkew = 5 * time.Minute
22+
permOwnerReadWrite = 0o600
23+
permOwnerReadExecute = 0o750
24+
permOwnerReadGroup = 0o640
25+
maxSerialShift = 128
2626
)
2727

2828
type CertificateAuthority struct {
@@ -33,10 +33,10 @@ type CertificateAuthority struct {
3333
}
3434

3535
func LoadOrCreateCA(certPath, keyPath, commonName string, validFor time.Duration) (*CertificateAuthority, error) {
36-
if err := os.MkdirAll(filepath.Dir(certPath), permOwnerReadWriteExec); err != nil {
36+
if err := os.MkdirAll(filepath.Dir(certPath), permOwnerReadExecute); err != nil {
3737
return nil, err
3838
}
39-
if err := os.MkdirAll(filepath.Dir(keyPath), permOwnerReadWriteExec); err != nil {
39+
if err := os.MkdirAll(filepath.Dir(keyPath), permOwnerReadExecute); err != nil {
4040
return nil, err
4141
}
4242

@@ -78,7 +78,7 @@ func LoadOrCreateCA(certPath, keyPath, commonName string, validFor time.Duration
7878
return nil, err
7979
}
8080

81-
if err := writeFileSecure(certPath, 0o640, func(f *os.File) error {
81+
if err := writeFileSecure(certPath, permOwnerReadGroup, func(f *os.File) error {
8282
return pem.Encode(f, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
8383
}); err != nil {
8484
return nil, err
@@ -88,7 +88,7 @@ func LoadOrCreateCA(certPath, keyPath, commonName string, validFor time.Duration
8888
if err != nil {
8989
return nil, err
9090
}
91-
if err := writeFileSecure(keyPath, 0o600, func(f *os.File) error {
91+
if err := writeFileSecure(keyPath, permOwnerReadWrite, func(f *os.File) error {
9292
return pem.Encode(f, &pem.Block{Type: "PRIVATE KEY", Bytes: encoded})
9393
}); err != nil {
9494
return nil, err
@@ -135,7 +135,7 @@ func LoadCA(certPath, keyPath string) (*CertificateAuthority, error) {
135135
}
136136

137137
func writeFileSecure(path string, perm os.FileMode, writeFn func(*os.File) error) error {
138-
if err := os.MkdirAll(filepath.Dir(path), dirPermPrivate); err != nil {
138+
if err := os.MkdirAll(filepath.Dir(path), permOwnerReadExecute); err != nil {
139139
return err
140140
}
141141

@@ -153,7 +153,7 @@ func (c *CertificateAuthority) IssueCertificate(subject pkix.Name, uris []string
153153
ttl = defaultCertificateTTL
154154
}
155155

156-
serial, err := rand.Int(rand.Reader, maxSerialNumber)
156+
serial, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), maxSerialShift))
157157
if err != nil {
158158
return nil, err
159159
}
@@ -199,7 +199,7 @@ func (c *CertificateAuthority) SignCSR(csr *x509.CertificateRequest, ttl time.Du
199199
if ttl == 0 {
200200
ttl = defaultCertificateTTL
201201
}
202-
serial, err := rand.Int(rand.Reader, maxSerialNumber)
202+
serial, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), maxSerialShift))
203203
if err != nil {
204204
return nil, err
205205
}

pkg/pki/device_test.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,12 @@ import (
1313
"time"
1414
)
1515

16+
const (
17+
testKeyName = "test.key"
18+
benchKeyName = "bench.key"
19+
msgGenerateKeyFail = "Failed to generate key: %v"
20+
)
21+
1622
func TestGenerateSigningKey(t *testing.T) {
1723
tmpDir := t.TempDir()
1824
keyPath := filepath.Join(tmpDir, testKeyName)

0 commit comments

Comments
 (0)