Removed unused functions, more consistent/readable debugging
This commit is contained in:
parent
6f9e487d7d
commit
10f2b59add
3 changed files with 23 additions and 27 deletions
|
@ -106,7 +106,10 @@ func NewClient(caURL string, usr User, keyBits int, optPort string) (*Client, er
|
||||||
|
|
||||||
// Register the current account to the ACME server.
|
// Register the current account to the ACME server.
|
||||||
func (c *Client) Register() (*RegistrationResource, error) {
|
func (c *Client) Register() (*RegistrationResource, error) {
|
||||||
logf("Registering account ... ")
|
if c == nil || c.user == nil {
|
||||||
|
return nil, errors.New("acme: cannot register a nil client or user")
|
||||||
|
}
|
||||||
|
logf("[INFO] acme: Registering account for %s", c.user.GetEmail())
|
||||||
|
|
||||||
regMsg := registrationMessage{
|
regMsg := registrationMessage{
|
||||||
Resource: "new-reg",
|
Resource: "new-reg",
|
||||||
|
@ -150,7 +153,7 @@ func (c *Client) Register() (*RegistrationResource, error) {
|
||||||
if links["next"] != "" {
|
if links["next"] != "" {
|
||||||
reg.NewAuthzURL = links["next"]
|
reg.NewAuthzURL = links["next"]
|
||||||
} else {
|
} else {
|
||||||
return nil, errors.New("The server did not return enough information to proceed...")
|
return nil, errors.New("acme: The server did not return 'next' link to proceed")
|
||||||
}
|
}
|
||||||
|
|
||||||
return reg, nil
|
return reg, nil
|
||||||
|
@ -185,7 +188,12 @@ func (c *Client) AgreeToTOS() error {
|
||||||
// If bundle is true, the []byte contains both the issuer certificate and
|
// If bundle is true, the []byte contains both the issuer certificate and
|
||||||
// your issued certificate as a bundle.
|
// your issued certificate as a bundle.
|
||||||
func (c *Client) ObtainCertificates(domains []string, bundle bool) ([]CertificateResource, map[string]error) {
|
func (c *Client) ObtainCertificates(domains []string, bundle bool) ([]CertificateResource, map[string]error) {
|
||||||
logf("Obtaining certificates...")
|
if bundle {
|
||||||
|
logf("[INFO] acme: Obtaining bundled certificates for %v", strings.Join(domains, ", "))
|
||||||
|
} else {
|
||||||
|
logf("[INFO] acme: Obtaining certificates for %v", strings.Join(domains, ", "))
|
||||||
|
}
|
||||||
|
|
||||||
challenges, failures := c.getChallenges(domains)
|
challenges, failures := c.getChallenges(domains)
|
||||||
if len(challenges) == 0 {
|
if len(challenges) == 0 {
|
||||||
return nil, failures
|
return nil, failures
|
||||||
|
@ -200,7 +208,7 @@ func (c *Client) ObtainCertificates(domains []string, bundle bool) ([]Certificat
|
||||||
return nil, failures
|
return nil, failures
|
||||||
}
|
}
|
||||||
|
|
||||||
logf("Validations succeeded. Getting certificates")
|
logf("[INFO] acme: Validations succeeded; requesting certificates")
|
||||||
|
|
||||||
certs, err := c.requestCertificates(challenges, bundle)
|
certs, err := c.requestCertificates(challenges, bundle)
|
||||||
for k, v := range err {
|
for k, v := range err {
|
||||||
|
@ -264,7 +272,7 @@ func (c *Client) RenewCertificate(cert CertificateResource, revokeOld bool, bund
|
||||||
|
|
||||||
// This is just meant to be informal for the user.
|
// This is just meant to be informal for the user.
|
||||||
timeLeft := x509Cert.NotAfter.Sub(time.Now().UTC())
|
timeLeft := x509Cert.NotAfter.Sub(time.Now().UTC())
|
||||||
logf("[%s] Trying to renew certificate with %d hours remaining.", cert.Domain, int(timeLeft.Hours()))
|
logf("[INFO] acme: [%s] Trying renewal with %d hours remaining", cert.Domain, int(timeLeft.Hours()))
|
||||||
|
|
||||||
// The first step of renewal is to check if we get a renewed cert
|
// The first step of renewal is to check if we get a renewed cert
|
||||||
// directly from the cert URL.
|
// directly from the cert URL.
|
||||||
|
@ -286,7 +294,7 @@ func (c *Client) RenewCertificate(cert CertificateResource, revokeOld bool, bund
|
||||||
// If the server responds with a different certificate we are effectively renewed.
|
// If the server responds with a different certificate we are effectively renewed.
|
||||||
// TODO: Further test if we can actually use the new certificate (Our private key works)
|
// TODO: Further test if we can actually use the new certificate (Our private key works)
|
||||||
if !x509Cert.Equal(serverCert) {
|
if !x509Cert.Equal(serverCert) {
|
||||||
logf("[%s] The server responded with a renewed certificate.", cert.Domain)
|
logf("[INFO] acme: [%s] Server responded with renewed certificate", cert.Domain)
|
||||||
if revokeOld {
|
if revokeOld {
|
||||||
c.RevokeCertificate(cert.Certificate)
|
c.RevokeCertificate(cert.Certificate)
|
||||||
}
|
}
|
||||||
|
@ -300,7 +308,7 @@ func (c *Client) RenewCertificate(cert CertificateResource, revokeOld bool, bund
|
||||||
issuerCert, err := c.getIssuerCertificate(links["up"])
|
issuerCert, err := c.getIssuerCertificate(links["up"])
|
||||||
if err != nil {
|
if err != nil {
|
||||||
// If we fail to aquire the issuer cert, return the issued certificate - do not fail.
|
// If we fail to aquire the issuer cert, return the issued certificate - do not fail.
|
||||||
logf("[%s] Could not bundle issuer certificate.\n%v", cert.Domain, err)
|
logf("[ERROR] acme: [%s] Could not bundle issuer certificate: %v", cert.Domain, err)
|
||||||
} else {
|
} else {
|
||||||
// Success - append the issuer cert to the issued cert.
|
// Success - append the issuer cert to the issued cert.
|
||||||
issuerCert = pemEncode(derCertificateBytes(issuerCert))
|
issuerCert = pemEncode(derCertificateBytes(issuerCert))
|
||||||
|
@ -341,7 +349,7 @@ func (c *Client) solveChallenges(challenges []*authorizationResource) map[string
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
failures[authz.Domain] = fmt.Errorf("Could not determine solvers for %s", authz.Domain)
|
failures[authz.Domain] = fmt.Errorf("acme: Could not determine solvers for %s", authz.Domain)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -357,7 +365,7 @@ func (c *Client) chooseSolvers(auth authorization, domain string) map[int]solver
|
||||||
if solver, ok := c.solvers[auth.Challenges[idx].Type]; ok {
|
if solver, ok := c.solvers[auth.Challenges[idx].Type]; ok {
|
||||||
solvers[idx] = solver
|
solvers[idx] = solver
|
||||||
} else {
|
} else {
|
||||||
logf("Could not find solver for: %s", auth.Challenges[idx].Type)
|
logf("[ERROR] acme: Could not find solver for: %s", auth.Challenges[idx].Type)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -393,7 +401,7 @@ func (c *Client) getChallenges(domains []string) ([]*authorizationResource, map[
|
||||||
|
|
||||||
links := parseLinks(resp.Header["Link"])
|
links := parseLinks(resp.Header["Link"])
|
||||||
if links["next"] == "" {
|
if links["next"] == "" {
|
||||||
logf("The server did not provide enough information to proceed.")
|
logf("[ERROR] acme: Server did not provide next link to proceed")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -515,7 +523,7 @@ func (c *Client) requestCertificate(authz *authorizationResource, result chan Ce
|
||||||
issuerCert, err := c.getIssuerCertificate(links["up"])
|
issuerCert, err := c.getIssuerCertificate(links["up"])
|
||||||
if err != nil {
|
if err != nil {
|
||||||
// If we fail to aquire the issuer cert, return the issued certificate - do not fail.
|
// If we fail to aquire the issuer cert, return the issued certificate - do not fail.
|
||||||
logf("[%s] Could not bundle issuer certificate.\n%v", authz.Domain, err)
|
logf("[WARNING] acme: [%s] Could not bundle issuer certificate: %v", authz.Domain, err)
|
||||||
} else {
|
} else {
|
||||||
// Success - append the issuer cert to the issued cert.
|
// Success - append the issuer cert to the issued cert.
|
||||||
issuerCert = pemEncode(derCertificateBytes(issuerCert))
|
issuerCert = pemEncode(derCertificateBytes(issuerCert))
|
||||||
|
@ -538,7 +546,7 @@ func (c *Client) requestCertificate(authz *authorizationResource, result chan Ce
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
logf("[%s] Server responded with status 202. Respecting retry-after of: %d", authz.Domain, retryAfter)
|
logf("[INFO] acme: [%s] Server responded with status 202; retrying after %ds", authz.Domain, retryAfter)
|
||||||
time.Sleep(time.Duration(retryAfter) * time.Second)
|
time.Sleep(time.Duration(retryAfter) * time.Second)
|
||||||
|
|
||||||
break
|
break
|
||||||
|
@ -558,7 +566,7 @@ func (c *Client) requestCertificate(authz *authorizationResource, result chan Ce
|
||||||
// getIssuerCertificate requests the issuer certificate and caches it for
|
// getIssuerCertificate requests the issuer certificate and caches it for
|
||||||
// subsequent requests.
|
// subsequent requests.
|
||||||
func (c *Client) getIssuerCertificate(url string) ([]byte, error) {
|
func (c *Client) getIssuerCertificate(url string) ([]byte, error) {
|
||||||
logf("Requesting issuer cert from: %s", url)
|
logf("[INFO] acme: Requesting issuer cert from %s", url)
|
||||||
if c.issuerCert != nil {
|
if c.issuerCert != nil {
|
||||||
return c.issuerCert, nil
|
return c.issuerCert, nil
|
||||||
}
|
}
|
||||||
|
@ -582,18 +590,6 @@ func (c *Client) getIssuerCertificate(url string) ([]byte, error) {
|
||||||
return issuerBytes, err
|
return issuerBytes, err
|
||||||
}
|
}
|
||||||
|
|
||||||
func logResponseHeaders(resp *http.Response) {
|
|
||||||
logf(resp.Status)
|
|
||||||
for k, v := range resp.Header {
|
|
||||||
logf("-- %s: %s", k, v)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func logResponseBody(resp *http.Response) {
|
|
||||||
body, _ := ioutil.ReadAll(resp.Body)
|
|
||||||
logf("Returned json data: \n%s", body)
|
|
||||||
}
|
|
||||||
|
|
||||||
func parseLinks(links []string) map[string]string {
|
func parseLinks(links []string) map[string]string {
|
||||||
aBrkt := regexp.MustCompile("[<>]")
|
aBrkt := regexp.MustCompile("[<>]")
|
||||||
slver := regexp.MustCompile("(.+) *= *\"(.+)\"")
|
slver := regexp.MustCompile("(.+) *= *\"(.+)\"")
|
||||||
|
|
|
@ -18,7 +18,7 @@ type RemoteError struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (e RemoteError) Error() string {
|
func (e RemoteError) Error() string {
|
||||||
return fmt.Sprintf("[%d] Type: %s Detail: %s", e.StatusCode, e.Type, e.Detail)
|
return fmt.Sprintf("acme: Error %d - %s - %s", e.StatusCode, e.Type, e.Detail)
|
||||||
}
|
}
|
||||||
|
|
||||||
// TOSError represents the error which is returned if the user needs to
|
// TOSError represents the error which is returned if the user needs to
|
||||||
|
|
|
@ -138,7 +138,7 @@ func TestSimpleHTTPServerError(t *testing.T) {
|
||||||
if err := solver.Solve(clientChallenge, "127.0.0.1"); err == nil {
|
if err := solver.Solve(clientChallenge, "127.0.0.1"); err == nil {
|
||||||
t.Error("UNEXPECTED: Expected Solve to return an error but the error was nil.")
|
t.Error("UNEXPECTED: Expected Solve to return an error but the error was nil.")
|
||||||
} else {
|
} else {
|
||||||
expectedError := "[500] Type: urn:acme:error:unauthorized Detail: Error creating new authz :: Syntax error"
|
expectedError := "acme: Error 500 - urn:acme:error:unauthorized - Error creating new authz :: Syntax error"
|
||||||
if err.Error() != expectedError {
|
if err.Error() != expectedError {
|
||||||
t.Errorf("Expected error |%s| but instead got |%s|", expectedError, err.Error())
|
t.Errorf("Expected error |%s| but instead got |%s|", expectedError, err.Error())
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue