signature verifier location

micromdm · Sep 30, 2024 · a3faa70 · a3faa70
1 parent 6f7a285
commit a3faa70
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 12 deletions.
diff --git a/cmd/nanomdm/main.go b/cmd/nanomdm/main.go
@@ -162,7 +162,7 @@ func main() {
 				if *flDebug {
 					opts = append(opts, httpmdm.SigLogWithLogErrors(true))
 				}
-				h = httpmdm.CertExtractMdmSignatureMiddleware(h, cryptoutil.MdmSignatureVerifierFunc(cryptoutil.VerifyMdmSignature), opts...)
+				h = httpmdm.CertExtractMdmSignatureMiddleware(h, httpmdm.MdmSignatureVerifierFunc(cryptoutil.VerifyMdmSignature), opts...)
 			}
 			return h
 		}

diff --git a/cryptoutil/cryptoutil.go b/cryptoutil/cryptoutil.go
@@ -40,14 +40,6 @@ func TopicFromPEMCert(pemCert []byte) (string, error) {
 	return TopicFromCert(cert)
 }
 
-// MdmSignatureVerifierFunc is an adapter for verifying Apple MDM "Mdm-Signature" headers.
-type MdmSignatureVerifierFunc func(header string, body []byte) (*x509.Certificate, error)
-
-// VerifyMdmSignature calls v with header and body.
-func (v MdmSignatureVerifierFunc) VerifyMdmSignature(header string, body []byte) (*x509.Certificate, error) {
-	return v(header, body)
-}
-
 // VerifyMdmSignature verifies an Apple MDM "Mdm-Signature" header and returns the signing certificate.
 // See https://developer.apple.com/documentation/devicemanagement/implementing_device_management/managing_certificates_for_mdm_servers_and_devices
 // section "Pass an Identity Certificate Through a Proxy."

diff --git a/cryptoutil/cryptoutil_test.go b/cryptoutil/cryptoutil_test.go
@@ -22,13 +22,12 @@ func TestPKCS7ParseTagLengthError(t *testing.T) {
 	}
 }
 
-func TestMdmVerifierFunc(t *testing.T) {
+func TestVerifyMdmSignature(t *testing.T) {
 	body, err := base64.StdEncoding.DecodeString(mdmSignatureBody2)
 	if err != nil {
 		t.Error(err)
 	}
-	verifier := MdmSignatureVerifierFunc(VerifyMdmSignature)
-	_, err = verifier.VerifyMdmSignature(mdmSignatureHeader2, body)
+	_, err = VerifyMdmSignature(mdmSignatureHeader2, body)
 	if err != nil {
 		t.Error(err)
 	}

diff --git a/http/mdm/mdm_cert.go b/http/mdm/mdm_cert.go
@@ -108,6 +108,14 @@ type MdmSignatureVerifier interface {
 	VerifyMdmSignature(header string, body []byte) (*x509.Certificate, error)
 }
 
+// MdmSignatureVerifierFunc is an adapter for verifying Apple MDM "Mdm-Signature" headers.
+type MdmSignatureVerifierFunc func(header string, body []byte) (*x509.Certificate, error)
+
+// VerifyMdmSignature calls v with header and body.
+func (v MdmSignatureVerifierFunc) VerifyMdmSignature(header string, body []byte) (*x509.Certificate, error) {
+	return v(header, body)
+}
+
 // CertExtractMdmSignatureMiddleware extracts the MDM enrollment
 // identity certificate from the request into the HTTP request context.
 // It tries to verify the Mdm-Signature header on the request.