diff --git a/internal/server/api/register_agent.go b/internal/server/api/register_agent.go index 891355c..123e051 100644 --- a/internal/server/api/register_agent.go +++ b/internal/server/api/register_agent.go @@ -50,8 +50,8 @@ func (m *Mount) registerAgent(w http.ResponseWriter, r *http.Request) { } if !validSignature { - logger.Warn(ctx, "conflicting signature", logger.F("signature", registerAgentReq.Signature)) - api.ErrorResponse(w, http.StatusConflict, ErrCodeConflict, nil) + logger.Warn(ctx, "invalid thumbprint signature", logger.F("signature", registerAgentReq.Signature)) + api.ErrorResponse(w, http.StatusBadRequest, api.ErrCodeInvalidRequest, nil) return } @@ -109,29 +109,39 @@ func (m *Mount) registerAgent(w http.ResponseWriter, r *http.Request) { return } - validSignature, err = jwk.Verify(agent.KeySet.Set, registerAgentReq.Signature, registerAgentReq.Thumbprint, registerAgentReq.Metadata) - if err != nil { - err = errors.WithStack(err) - logger.Error(ctx, "could not validate signature using previous keyset", logger.CapturedE(err)) + if agent.Status != datastore.AgentStatusForgotten { + validSignature, err = jwk.Verify(agent.KeySet.Set, registerAgentReq.Signature, registerAgentReq.Thumbprint, registerAgentReq.Metadata) + if err != nil { + err = errors.WithStack(err) + logger.Error(ctx, "could not validate signature using previous keyset", logger.CapturedE(err)) - api.ErrorResponse(w, http.StatusConflict, ErrCodeConflict, nil) + api.ErrorResponse(w, http.StatusConflict, ErrCodeConflict, nil) - return + return + } + + if !validSignature { + logger.Error(ctx, "invalid signature") + api.ErrorResponse(w, http.StatusConflict, ErrCodeConflict, nil) + + return + } } - if !validSignature { - logger.Error(ctx, "invalid signature") - api.ErrorResponse(w, http.StatusBadRequest, api.ErrCodeInvalidRequest, nil) + updates := []datastore.AgentUpdateOptionFunc{ + datastore.WithAgentUpdateKeySet(keySet), + datastore.WithAgentUpdateMetadata(metadata), + datastore.WithAgentUpdateThumbprint(registerAgentReq.Thumbprint), + } - return + if agent.Status == datastore.AgentStatusForgotten { + updates = append(updates, datastore.WithAgentUpdateStatus(datastore.AgentStatusPending)) } agent, err = m.agentRepo.Update( ctx, agents[0].ID, - datastore.WithAgentUpdateKeySet(keySet), - datastore.WithAgentUpdateMetadata(metadata), - datastore.WithAgentUpdateThumbprint(registerAgentReq.Thumbprint), + updates..., ) if err != nil { err = errors.WithStack(err)