challenge: separate validator interface

micromdm · Jun 4, 2024 · 40ab0cf · 40ab0cf
1 parent aa863fe
commit 40ab0cf
Showing 1 changed file with 10 additions and 3 deletions.
diff --git a/challenge/challenge.go b/challenge/challenge.go
@@ -10,14 +10,21 @@ import (
 	scepserver "github.com/micromdm/scep/v2/server"
 )
 
+// Validator validates challenge passwords.
+type Validator interface {
+	// HasChallenge validates pw as valid.
+	HasChallenge(pw string) (bool, error)
+}
+
 // Store is a dynamic challenge password cache.
 type Store interface {
+	// SCEPChallenge generates a new challenge password.
 	SCEPChallenge() (string, error)
-	HasChallenge(pw string) (bool, error)
+	Validator
 }
 
-// Middleware wraps next in a CSRSigner that verifies and invalidates the challenge
-func Middleware(store Store, next scepserver.CSRSignerContext) scepserver.CSRSignerContextFunc {
+// Middleware wraps next in a CSRSigner that verifies and invalidates the challenge.
+func Middleware(store Validator, next scepserver.CSRSignerContext) scepserver.CSRSignerContextFunc {
 	return func(ctx context.Context, m *scep.CSRReqMessage) (*x509.Certificate, error) {
 		// TODO: compare challenge only for PKCSReq?
 		valid, err := store.HasChallenge(m.ChallengePassword)