From e8d64bb50b1c10535370d0cb2d93cdd1c4c522fe Mon Sep 17 00:00:00 2001 From: xenolf Date: Thu, 19 Nov 2015 15:26:23 +0100 Subject: [PATCH] WIP TLS-SNI-01 [ci skip] --- acme/dvsni_challenge.go | 1 - acme/messages.go | 1 + acme/tls_sni_challenge.go | 44 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 45 insertions(+), 1 deletion(-) delete mode 100644 acme/dvsni_challenge.go create mode 100644 acme/tls_sni_challenge.go diff --git a/acme/dvsni_challenge.go b/acme/dvsni_challenge.go deleted file mode 100644 index 8d2a213b..00000000 --- a/acme/dvsni_challenge.go +++ /dev/null @@ -1 +0,0 @@ -package acme diff --git a/acme/messages.go b/acme/messages.go index 2cc2e583..2ec0bb74 100644 --- a/acme/messages.go +++ b/acme/messages.go @@ -80,6 +80,7 @@ type challenge struct { Token string `json:"token,omitempty"` KeyAuthorization string `json:"keyAuthorization,omitempty"` TLS bool `json:"tls,omitempty"` + Iterations int `json:"n,omitempty"` } type csrMessage struct { diff --git a/acme/tls_sni_challenge.go b/acme/tls_sni_challenge.go new file mode 100644 index 00000000..68498c0b --- /dev/null +++ b/acme/tls_sni_challenge.go @@ -0,0 +1,44 @@ +package acme + +import ( + "crypto/sha256" + "crypto/x509" + "encoding/hex" + "net" +) + +type tlsSNIChallenge struct { + jws *jws + optPort string + start chan net.Listener + end chan error +} + +func (t *tlsSNIChallenge) Solve(chlng challenge, domain string) error { + + logf("[INFO] acme: Trying to solve TLS-SNI-01") + + // Generate the Key Authorization for the challenge + keyAuth, err := getKeyAuthorization(chlng.Token, &t.jws.privKey.PublicKey) + if err != nil { + return err + } + + zet := make([]string, chlng.Iterations) + + zetBytes := sha256.Sum256([]byte(keyAuth)) + zet[0] = hex.EncodeToString(zetBytes[:sha256.Size]) + for i := 1; i < chlng.Iterations; i++ { + zetBytes = sha256.Sum256([]byte(zet[i-1])) + zet[i] = hex.EncodeToString(zetBytes[:sha256.Size]) + } + + certificates, err := t.generateCertificates(zet) + + return nil +} + +func (t *tlsSNIChallenge) generateCertificates(zet []string) ([]*x509.Certificate, error) { + + return nil, nil +}