Some more comments
This commit is contained in:
xenolf
parent
1ceebb72a2
commit
aa818d0515
2 changed files with 12 additions and 0 deletions
|
|
@ -14,6 +14,7 @@ type jws struct {
|
||||||
|
|
||||||
// Posts a JWS signed message to the specified URL
|
// Posts a JWS signed message to the specified URL
|
||||||
func (j *jws) post(url string, content []byte) (*http.Response, error) {
|
func (j *jws) post(url string, content []byte) (*http.Response, error) {
|
||||||
|
// TODO: support other algorithms - RS512
|
||||||
signer, err := jose.NewSigner(jose.RS256, j.privKey)
|
signer, err := jose.NewSigner(jose.RS256, j.privKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
|
|
||||||
|
|
@ -29,12 +29,15 @@ func (s *simpleHTTPChallenge) Solve(chlng challenge, domain string) error {
|
||||||
|
|
||||||
logger().Print("Trying to solve SimpleHTTPS")
|
logger().Print("Trying to solve SimpleHTTPS")
|
||||||
|
|
||||||
|
// Generate random string for the path. The acme server will
|
||||||
|
// access this path on the server in order to validate the request
|
||||||
responseToken := getRandomString(15)
|
responseToken := getRandomString(15)
|
||||||
listener, err := s.startHTTPSServer(domain, chlng.Token, responseToken)
|
listener, err := s.startHTTPSServer(domain, chlng.Token, responseToken)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("Could not start HTTPS server for challenge -> %v", err)
|
return fmt.Errorf("Could not start HTTPS server for challenge -> %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Tell the server about the generated random path
|
||||||
jsonBytes, err := json.Marshal(challenge{Type: chlng.Type, Path: responseToken})
|
jsonBytes, err := json.Marshal(challenge{Type: chlng.Type, Path: responseToken})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.New("Failed to marshal network message...")
|
return errors.New("Failed to marshal network message...")
|
||||||
|
|
@ -45,6 +48,8 @@ func (s *simpleHTTPChallenge) Solve(chlng challenge, domain string) error {
|
||||||
return fmt.Errorf("Failed to post JWS message. -> %v", err)
|
return fmt.Errorf("Failed to post JWS message. -> %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// After the path is sent, the ACME server will access our server.
|
||||||
|
// Repeatedly check the server for an updated status on our request.
|
||||||
var challengeResponse challenge
|
var challengeResponse challenge
|
||||||
loop:
|
loop:
|
||||||
for {
|
for {
|
||||||
|
|
@ -74,6 +79,8 @@ loop:
|
||||||
// Starts a temporary HTTPS server on port 443. As soon as the challenge passed validation,
|
// Starts a temporary HTTPS server on port 443. As soon as the challenge passed validation,
|
||||||
// this server will get shut down. The certificate generated here is only held in memory.
|
// this server will get shut down. The certificate generated here is only held in memory.
|
||||||
func (s *simpleHTTPChallenge) startHTTPSServer(domain string, token string, responseToken string) (net.Listener, error) {
|
func (s *simpleHTTPChallenge) startHTTPSServer(domain string, token string, responseToken string) (net.Listener, error) {
|
||||||
|
|
||||||
|
// Generate a new RSA key and a self-signed certificate.
|
||||||
tempPrivKey, err := generatePrivateKey(2048)
|
tempPrivKey, err := generatePrivateKey(2048)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
|
@ -96,15 +103,19 @@ func (s *simpleHTTPChallenge) startHTTPSServer(domain string, token string, resp
|
||||||
|
|
||||||
path := "/.well-known/acme-challenge/" + responseToken
|
path := "/.well-known/acme-challenge/" + responseToken
|
||||||
|
|
||||||
|
// Allow for CLI override
|
||||||
port := ":443"
|
port := ":443"
|
||||||
if s.optPort != "" {
|
if s.optPort != "" {
|
||||||
port = ":" + s.optPort
|
port = ":" + s.optPort
|
||||||
}
|
}
|
||||||
|
|
||||||
tlsListener, err := tls.Listen("tcp", port, tlsConf)
|
tlsListener, err := tls.Listen("tcp", port, tlsConf)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger().Fatalf("Could not start HTTP listener! -> %v", err)
|
logger().Fatalf("Could not start HTTP listener! -> %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// The handler validates the HOST header and request type.
|
||||||
|
// For validation it then writes the token the server returned with the challenge
|
||||||
http.HandleFunc(path, func(w http.ResponseWriter, r *http.Request) {
|
http.HandleFunc(path, func(w http.ResponseWriter, r *http.Request) {
|
||||||
if r.Host == domain && r.Method == "GET" {
|
if r.Host == domain && r.Method == "GET" {
|
||||||
w.Write([]byte(token))
|
w.Write([]byte(token))
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue