6ba20209c2
This commit makes sure that the attestation certificate key matches the key used on the CSR on an ACME device attestation flow.
70 lines
1.6 KiB
Go
70 lines
1.6 KiB
Go
package acme
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"time"
|
|
)
|
|
|
|
// Authorization representst an ACME Authorization.
|
|
type Authorization struct {
|
|
ID string `json:"-"`
|
|
AccountID string `json:"-"`
|
|
Token string `json:"-"`
|
|
Identifier Identifier `json:"identifier"`
|
|
Status Status `json:"status"`
|
|
Challenges []*Challenge `json:"challenges"`
|
|
Wildcard bool `json:"wildcard"`
|
|
ExpiresAt time.Time `json:"expires"`
|
|
Fingerprint string `json:"fingerprint,omitempty"`
|
|
Error *Error `json:"error,omitempty"`
|
|
}
|
|
|
|
// ToLog enables response logging.
|
|
func (az *Authorization) ToLog() (interface{}, error) {
|
|
b, err := json.Marshal(az)
|
|
if err != nil {
|
|
return nil, WrapErrorISE(err, "error marshaling authz for logging")
|
|
}
|
|
return string(b), nil
|
|
}
|
|
|
|
// UpdateStatus updates the ACME Authorization Status if necessary.
|
|
// Changes to the Authorization are saved using the database interface.
|
|
func (az *Authorization) UpdateStatus(ctx context.Context, db DB) error {
|
|
now := clock.Now()
|
|
|
|
switch az.Status {
|
|
case StatusInvalid:
|
|
return nil
|
|
case StatusValid:
|
|
return nil
|
|
case StatusPending:
|
|
// check expiry
|
|
if now.After(az.ExpiresAt) {
|
|
az.Status = StatusInvalid
|
|
break
|
|
}
|
|
|
|
var isValid = false
|
|
for _, ch := range az.Challenges {
|
|
if ch.Status == StatusValid {
|
|
isValid = true
|
|
break
|
|
}
|
|
}
|
|
|
|
if !isValid {
|
|
return nil
|
|
}
|
|
az.Status = StatusValid
|
|
az.Error = nil
|
|
default:
|
|
return NewErrorISE("unrecognized authorization status: %s", az.Status)
|
|
}
|
|
|
|
if err := db.UpdateAuthorization(ctx, az); err != nil {
|
|
return WrapErrorISE(err, "error updating authorization")
|
|
}
|
|
return nil
|
|
}
|