diff --git a/acme/client.go b/acme/client.go index d0f0ea19..d2ae18db 100644 --- a/acme/client.go +++ b/acme/client.go @@ -41,11 +41,11 @@ type solver interface { // Client is the user-friendy way to ACME type Client struct { - regURL string - user User - jws *jws - keyBits int - solvers map[string]solver + directory directory + user User + jws *jws + keyBits int + solvers map[string]solver } // NewClient creates a new client for the set user. @@ -53,7 +53,6 @@ func NewClient(caURL string, usr User, keyBits int, optPort string) *Client { if err := usr.GetPrivateKey().Validate(); err != nil { logger().Fatalf("Could not validate the private account key of %s\n\t%v", usr.GetEmail(), err) } - jws := &jws{privKey: usr.GetPrivateKey()} // REVIEW: best possibility? @@ -62,7 +61,21 @@ func NewClient(caURL string, usr User, keyBits int, optPort string) *Client { solvers := make(map[string]solver) solvers["simpleHttp"] = &simpleHTTPChallenge{jws: jws, optPort: optPort} - return &Client{regURL: caURL, user: usr, jws: jws, keyBits: keyBits, solvers: solvers} + dirResp, err := http.Get(caURL + "/directory") + if err != nil { + logger().Fatalf("Could not get directory from CA URL. Please check the URL.\n\t%v", err) + } + var dir directory + decoder := json.NewDecoder(dirResp.Body) + err = decoder.Decode(&dir) + if err != nil { + logger().Fatalf("Could not parse directory response from CA URL.\n\t%v", err) + } + if dir.NewRegURL == "" || dir.NewAuthzURL == "" || dir.NewCertURL == "" || dir.RevokeCertURL == "" { + logger().Fatal("The directory returned by the server was invalid.") + } + + return &Client{directory: dir, user: usr, jws: jws, keyBits: keyBits, solvers: solvers} } // Register the current account to the ACME server. @@ -73,7 +86,7 @@ func (c *Client) Register() (*RegistrationResource, error) { return nil, err } - resp, err := c.jws.post(c.regURL, jsonBytes) + resp, err := c.jws.post(c.directory.NewRegURL, jsonBytes) if err != nil { return nil, err } diff --git a/acme/client_test.go b/acme/client_test.go index 690d2cb8..d55f4984 100644 --- a/acme/client_test.go +++ b/acme/client_test.go @@ -3,6 +3,9 @@ package acme import ( "crypto/rand" "crypto/rsa" + "encoding/json" + "net/http" + "net/http/httptest" "testing" ) @@ -17,7 +20,13 @@ func TestNewClient(t *testing.T) { regres: new(RegistrationResource), privatekey: key, } - caURL, optPort := "https://foobar", "1234" + + ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + data, _ := json.Marshal(directory{NewAuthzURL: "http://test", NewCertURL: "http://test", NewRegURL: "http://test", RevokeCertURL: "http://test"}) + w.Write(data) + })) + + caURL, optPort := ts.URL, "1234" client := NewClient(caURL, user, keyBits, optPort) if client.jws == nil { @@ -27,9 +36,6 @@ func TestNewClient(t *testing.T) { t.Errorf("Expected jws.privKey to be %p but was %p", expected, actual) } - if client.regURL != caURL { - t.Errorf("Expected regURL to be '%s' but was '%s'", caURL, client.regURL) - } if client.keyBits != keyBits { t.Errorf("Expected keyBits to be %d but was %d", keyBits, client.keyBits) } diff --git a/acme/messages.go b/acme/messages.go index 037bd207..fdfadc4b 100644 --- a/acme/messages.go +++ b/acme/messages.go @@ -2,6 +2,13 @@ package acme import "time" +type directory struct { + NewAuthzURL string `json:"new-authz"` + NewCertURL string `json:"new-cert"` + NewRegURL string `json:"new-reg"` + RevokeCertURL string `json:"revoke-cert"` +} + type registrationMessage struct { Resource string `json:"resource"` Contact []string `json:"contact"` diff --git a/cli.go b/cli.go index d5ef2fe3..64ff213f 100644 --- a/cli.go +++ b/cli.go @@ -91,7 +91,7 @@ func main() { }, cli.StringFlag{ Name: "server, s", - Value: "https://acme-staging.api.letsencrypt.org/acme/new-reg", + Value: "https://acme-staging.api.letsencrypt.org/", Usage: "CA hostname (and optionally :port). The server certificate must be trusted in order to avoid further modifications to the client.", }, cli.StringFlag{