Changed the client to pull the urls down from the directory on the CA server.
CA Url now needs to point to the root of the CA
This commit is contained in:
parent
76db09c0a0
commit
e5f6f4c4a3
4 changed files with 39 additions and 13 deletions
|
@ -41,7 +41,7 @@ type solver interface {
|
|||
|
||||
// Client is the user-friendy way to ACME
|
||||
type Client struct {
|
||||
regURL string
|
||||
directory directory
|
||||
user User
|
||||
jws *jws
|
||||
keyBits int
|
||||
|
@ -53,7 +53,6 @@ func NewClient(caURL string, usr User, keyBits int, optPort string) *Client {
|
|||
if err := usr.GetPrivateKey().Validate(); err != nil {
|
||||
logger().Fatalf("Could not validate the private account key of %s\n\t%v", usr.GetEmail(), err)
|
||||
}
|
||||
|
||||
jws := &jws{privKey: usr.GetPrivateKey()}
|
||||
|
||||
// REVIEW: best possibility?
|
||||
|
@ -62,7 +61,21 @@ func NewClient(caURL string, usr User, keyBits int, optPort string) *Client {
|
|||
solvers := make(map[string]solver)
|
||||
solvers["simpleHttp"] = &simpleHTTPChallenge{jws: jws, optPort: optPort}
|
||||
|
||||
return &Client{regURL: caURL, user: usr, jws: jws, keyBits: keyBits, solvers: solvers}
|
||||
dirResp, err := http.Get(caURL + "/directory")
|
||||
if err != nil {
|
||||
logger().Fatalf("Could not get directory from CA URL. Please check the URL.\n\t%v", err)
|
||||
}
|
||||
var dir directory
|
||||
decoder := json.NewDecoder(dirResp.Body)
|
||||
err = decoder.Decode(&dir)
|
||||
if err != nil {
|
||||
logger().Fatalf("Could not parse directory response from CA URL.\n\t%v", err)
|
||||
}
|
||||
if dir.NewRegURL == "" || dir.NewAuthzURL == "" || dir.NewCertURL == "" || dir.RevokeCertURL == "" {
|
||||
logger().Fatal("The directory returned by the server was invalid.")
|
||||
}
|
||||
|
||||
return &Client{directory: dir, user: usr, jws: jws, keyBits: keyBits, solvers: solvers}
|
||||
}
|
||||
|
||||
// Register the current account to the ACME server.
|
||||
|
@ -73,7 +86,7 @@ func (c *Client) Register() (*RegistrationResource, error) {
|
|||
return nil, err
|
||||
}
|
||||
|
||||
resp, err := c.jws.post(c.regURL, jsonBytes)
|
||||
resp, err := c.jws.post(c.directory.NewRegURL, jsonBytes)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
@ -3,6 +3,9 @@ package acme
|
|||
import (
|
||||
"crypto/rand"
|
||||
"crypto/rsa"
|
||||
"encoding/json"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"testing"
|
||||
)
|
||||
|
||||
|
@ -17,7 +20,13 @@ func TestNewClient(t *testing.T) {
|
|||
regres: new(RegistrationResource),
|
||||
privatekey: key,
|
||||
}
|
||||
caURL, optPort := "https://foobar", "1234"
|
||||
|
||||
ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
data, _ := json.Marshal(directory{NewAuthzURL: "http://test", NewCertURL: "http://test", NewRegURL: "http://test", RevokeCertURL: "http://test"})
|
||||
w.Write(data)
|
||||
}))
|
||||
|
||||
caURL, optPort := ts.URL, "1234"
|
||||
client := NewClient(caURL, user, keyBits, optPort)
|
||||
|
||||
if client.jws == nil {
|
||||
|
@ -27,9 +36,6 @@ func TestNewClient(t *testing.T) {
|
|||
t.Errorf("Expected jws.privKey to be %p but was %p", expected, actual)
|
||||
}
|
||||
|
||||
if client.regURL != caURL {
|
||||
t.Errorf("Expected regURL to be '%s' but was '%s'", caURL, client.regURL)
|
||||
}
|
||||
if client.keyBits != keyBits {
|
||||
t.Errorf("Expected keyBits to be %d but was %d", keyBits, client.keyBits)
|
||||
}
|
||||
|
|
|
@ -2,6 +2,13 @@ package acme
|
|||
|
||||
import "time"
|
||||
|
||||
type directory struct {
|
||||
NewAuthzURL string `json:"new-authz"`
|
||||
NewCertURL string `json:"new-cert"`
|
||||
NewRegURL string `json:"new-reg"`
|
||||
RevokeCertURL string `json:"revoke-cert"`
|
||||
}
|
||||
|
||||
type registrationMessage struct {
|
||||
Resource string `json:"resource"`
|
||||
Contact []string `json:"contact"`
|
||||
|
|
2
cli.go
2
cli.go
|
@ -91,7 +91,7 @@ func main() {
|
|||
},
|
||||
cli.StringFlag{
|
||||
Name: "server, s",
|
||||
Value: "https://acme-staging.api.letsencrypt.org/acme/new-reg",
|
||||
Value: "https://acme-staging.api.letsencrypt.org/",
|
||||
Usage: "CA hostname (and optionally :port). The server certificate must be trusted in order to avoid further modifications to the client.",
|
||||
},
|
||||
cli.StringFlag{
|
||||
|
|
Loading…
Reference in a new issue