From 94c86df4d5b70739c07c28adce9b14364484b683 Mon Sep 17 00:00:00 2001 From: Harald Hoyer Date: Tue, 27 Feb 2024 11:55:56 +0100 Subject: [PATCH] fix: enable clearing the `sgx_mrsigner` and `sgx_mrenclave` field Add the ability to clear the `sgx_mrsigner` and `sgx_mrenclave` field. Otherwise we cannot switch from `sgx_mrenclave` to `sgx_mrsigner` based authentication. Signed-off-by: Harald Hoyer --- path_tees.go | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/path_tees.go b/path_tees.go index 24870cb..23bde90 100644 --- a/path_tees.go +++ b/path_tees.go @@ -249,19 +249,23 @@ func (b *backend) pathTeeWrite(ctx context.Context, req *logical.Request, d *fra } func handleSGXConfig(d *framework.FieldData, tee *TeeEntry) (*logical.Response, error) { - if sgxMrsignerRaw, ok := d.GetOk("sgx_mrsigner"); ok && sgxMrsignerRaw.(string) != "" { + if sgxMrsignerRaw, ok := d.GetOk("sgx_mrsigner"); ok { tee.SgxMrsigner = strings.ToLower(sgxMrsignerRaw.(string)) - b, err := hex.DecodeString(tee.SgxMrsigner) - if err != nil || len(b) != 32 { - return logical.ErrorResponse("`sgx_mrsigner` must be 32 byte hex encoded"), nil + if tee.SgxMrsigner != "" { + b, err := hex.DecodeString(tee.SgxMrsigner) + if err != nil || len(b) != 32 { + return logical.ErrorResponse("`sgx_mrsigner` must be 32 byte hex encoded"), nil + } } } - if sgxMrenclaveRaw, ok := d.GetOk("sgx_mrenclave"); ok && sgxMrenclaveRaw.(string) != "" { + if sgxMrenclaveRaw, ok := d.GetOk("sgx_mrenclave"); ok { tee.SgxMrenclave = strings.ToLower(sgxMrenclaveRaw.(string)) - b, err := hex.DecodeString(tee.SgxMrenclave) - if err != nil || len(b) != 32 { - return logical.ErrorResponse("`sgx_mrenclave` must be 32 byte hex encoded"), nil + if tee.SgxMrenclave != "" { + b, err := hex.DecodeString(tee.SgxMrenclave) + if err != nil || len(b) != 32 { + return logical.ErrorResponse("`sgx_mrenclave` must be 32 byte hex encoded"), nil + } } }