From a68208a3ba8cdb55bb6018cba7946f018a6c9556 Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Wed, 22 Dec 2021 11:54:01 +0100 Subject: [PATCH 1/2] Set Step CLI User-Agent when performing ACME requests --- ca/acmeClient.go | 26 ++++++++++++++++++++------ ca/acmeClient_test.go | 20 ++++++++++++++++++++ 2 files changed, 40 insertions(+), 6 deletions(-) diff --git a/ca/acmeClient.go b/ca/acmeClient.go index 28451a45..6c73b2fd 100644 --- a/ca/acmeClient.go +++ b/ca/acmeClient.go @@ -37,15 +37,18 @@ func NewACMEClient(endpoint string, contact []string, opts ...ClientOption) (*AC if err != nil { return nil, err } - ac := &ACMEClient{ client: &http.Client{ Transport: tr, }, dirLoc: endpoint, } - - resp, err := ac.client.Get(endpoint) + req, err := http.NewRequest("GET", endpoint, nil) + if err != nil { + return nil, errors.Wrapf(err, "creating GET request %s failed", endpoint) + } + req.Header.Set("User-Agent", UserAgent) + resp, err := ac.client.Do(req) if err != nil { return nil, errors.Wrapf(err, "client GET %s failed", endpoint) } @@ -99,7 +102,12 @@ func (c *ACMEClient) GetDirectory() (*acmeAPI.Directory, error) { // GetNonce makes a nonce request to the ACME api and returns an // ACME directory object. func (c *ACMEClient) GetNonce() (string, error) { - resp, err := c.client.Get(c.dir.NewNonce) + req, err := http.NewRequest("GET", c.dir.NewNonce, nil) + if err != nil { + return "", errors.Wrapf(err, "creating GET request %s failed", c.dir.NewNonce) + } + req.Header.Set("User-Agent", UserAgent) + resp, err := c.client.Do(req) if err != nil { return "", errors.Wrapf(err, "client GET %s failed", c.dir.NewNonce) } @@ -171,9 +179,15 @@ func (c *ACMEClient) post(payload []byte, url string, headerOps ...withHeaderOpt if err != nil { return nil, err } - resp, err := c.client.Post(url, "application/jose+json", strings.NewReader(raw)) + req, err := http.NewRequest("POST", url, strings.NewReader(raw)) if err != nil { - return nil, errors.Wrapf(err, "client GET %s failed", c.dir.NewOrder) + return nil, errors.Wrapf(err, "creating POST request %s failed", url) + } + req.Header.Set("Content-Type", "application/jose+json") + req.Header.Set("User-Agent", UserAgent) + resp, err := c.client.Do(req) + if err != nil { + return nil, errors.Wrapf(err, "client POST %s failed", c.dir.NewOrder) } return resp, nil } diff --git a/ca/acmeClient_test.go b/ca/acmeClient_test.go index d22c4972..ad5f2116 100644 --- a/ca/acmeClient_test.go +++ b/ca/acmeClient_test.go @@ -109,6 +109,7 @@ func TestNewACMEClient(t *testing.T) { i := 0 srv.Config.Handler = http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { + assert.Equals(t, "step-http-client/1.0", req.Header.Get("User-Agent")) // check default User-Agent header switch { case i == 0: api.JSONStatus(w, tc.r1, tc.rc1) @@ -203,6 +204,7 @@ func TestACMEClient_GetNonce(t *testing.T) { tc := run(t) srv.Config.Handler = http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { + assert.Equals(t, "step-http-client/1.0", req.Header.Get("User-Agent")) // check default User-Agent header w.Header().Set("Replay-Nonce", expectedNonce) api.JSONStatus(w, tc.r1, tc.rc1) }) @@ -309,6 +311,8 @@ func TestACMEClient_post(t *testing.T) { i := 0 srv.Config.Handler = http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { + assert.Equals(t, "step-http-client/1.0", req.Header.Get("User-Agent")) // check default User-Agent header + w.Header().Set("Replay-Nonce", expectedNonce) if i == 0 { api.JSONStatus(w, tc.r1, tc.rc1) @@ -447,6 +451,8 @@ func TestACMEClient_NewOrder(t *testing.T) { i := 0 srv.Config.Handler = http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { + assert.Equals(t, "step-http-client/1.0", req.Header.Get("User-Agent")) // check default User-Agent header + w.Header().Set("Replay-Nonce", expectedNonce) if i == 0 { api.JSONStatus(w, tc.r1, tc.rc1) @@ -567,6 +573,8 @@ func TestACMEClient_GetOrder(t *testing.T) { i := 0 srv.Config.Handler = http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { + assert.Equals(t, "step-http-client/1.0", req.Header.Get("User-Agent")) // check default User-Agent header + w.Header().Set("Replay-Nonce", expectedNonce) if i == 0 { api.JSONStatus(w, tc.r1, tc.rc1) @@ -687,6 +695,8 @@ func TestACMEClient_GetAuthz(t *testing.T) { i := 0 srv.Config.Handler = http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { + assert.Equals(t, "step-http-client/1.0", req.Header.Get("User-Agent")) // check default User-Agent header + w.Header().Set("Replay-Nonce", expectedNonce) if i == 0 { api.JSONStatus(w, tc.r1, tc.rc1) @@ -807,6 +817,8 @@ func TestACMEClient_GetChallenge(t *testing.T) { i := 0 srv.Config.Handler = http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { + assert.Equals(t, "step-http-client/1.0", req.Header.Get("User-Agent")) // check default User-Agent header + w.Header().Set("Replay-Nonce", expectedNonce) if i == 0 { api.JSONStatus(w, tc.r1, tc.rc1) @@ -928,6 +940,8 @@ func TestACMEClient_ValidateChallenge(t *testing.T) { i := 0 srv.Config.Handler = http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { + assert.Equals(t, "step-http-client/1.0", req.Header.Get("User-Agent")) // check default User-Agent header + w.Header().Set("Replay-Nonce", expectedNonce) if i == 0 { api.JSONStatus(w, tc.r1, tc.rc1) @@ -1053,6 +1067,8 @@ func TestACMEClient_FinalizeOrder(t *testing.T) { i := 0 srv.Config.Handler = http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { + assert.Equals(t, "step-http-client/1.0", req.Header.Get("User-Agent")) // check default User-Agent header + w.Header().Set("Replay-Nonce", expectedNonce) if i == 0 { api.JSONStatus(w, tc.r1, tc.rc1) @@ -1180,6 +1196,8 @@ func TestACMEClient_GetAccountOrders(t *testing.T) { i := 0 srv.Config.Handler = http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { + assert.Equals(t, "step-http-client/1.0", req.Header.Get("User-Agent")) // check default User-Agent header + w.Header().Set("Replay-Nonce", expectedNonce) if i == 0 { api.JSONStatus(w, tc.r1, tc.rc1) @@ -1309,6 +1327,8 @@ func TestACMEClient_GetCertificate(t *testing.T) { i := 0 srv.Config.Handler = http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { + assert.Equals(t, "step-http-client/1.0", req.Header.Get("User-Agent")) // check default User-Agent header + w.Header().Set("Replay-Nonce", expectedNonce) if i == 0 { api.JSONStatus(w, tc.r1, tc.rc1) From 07addd0cac3d9178aa72540f94df8964497f47a4 Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Wed, 22 Dec 2021 11:58:00 +0100 Subject: [PATCH 2/2] Fix linting issue --- ca/acmeClient.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ca/acmeClient.go b/ca/acmeClient.go index 6c73b2fd..cca35b93 100644 --- a/ca/acmeClient.go +++ b/ca/acmeClient.go @@ -43,7 +43,7 @@ func NewACMEClient(endpoint string, contact []string, opts ...ClientOption) (*AC }, dirLoc: endpoint, } - req, err := http.NewRequest("GET", endpoint, nil) + req, err := http.NewRequest("GET", endpoint, http.NoBody) if err != nil { return nil, errors.Wrapf(err, "creating GET request %s failed", endpoint) } @@ -102,7 +102,7 @@ func (c *ACMEClient) GetDirectory() (*acmeAPI.Directory, error) { // GetNonce makes a nonce request to the ACME api and returns an // ACME directory object. func (c *ACMEClient) GetNonce() (string, error) { - req, err := http.NewRequest("GET", c.dir.NewNonce, nil) + req, err := http.NewRequest("GET", c.dir.NewNonce, http.NoBody) if err != nil { return "", errors.Wrapf(err, "creating GET request %s failed", c.dir.NewNonce) }