diff --git a/acme/api/handler.go b/acme/api/handler.go index e848e64d..83a5d800 100644 --- a/acme/api/handler.go +++ b/acme/api/handler.go @@ -59,6 +59,7 @@ func (h *Handler) Route(r api.Router) { r.MethodFunc("POST", getLink(acme.NewAccountLink, "{provisionerID}", false, nil), extractPayloadByJWK(h.NewAccount)) r.MethodFunc("POST", getLink(acme.AccountLink, "{provisionerID}", false, nil, "{accID}"), extractPayloadByKid(h.GetUpdateAccount)) + r.MethodFunc("POST", getLink(acme.KeyChangeLink, "{provisionerID}", false, nil, "{accID}"), extractPayloadByKid(h.NotImplemented)) r.MethodFunc("POST", getLink(acme.NewOrderLink, "{provisionerID}", false, nil), extractPayloadByKid(h.NewOrder)) r.MethodFunc("POST", getLink(acme.OrderLink, "{provisionerID}", false, nil, "{ordID}"), extractPayloadByKid(h.isPostAsGet(h.GetOrder))) r.MethodFunc("POST", getLink(acme.OrdersByAccountLink, "{provisionerID}", false, nil, "{accID}"), extractPayloadByKid(h.isPostAsGet(h.GetOrdersByAccount))) @@ -66,6 +67,7 @@ func (h *Handler) Route(r api.Router) { r.MethodFunc("POST", getLink(acme.AuthzLink, "{provisionerID}", false, nil, "{authzID}"), extractPayloadByKid(h.isPostAsGet(h.GetAuthz))) r.MethodFunc("POST", getLink(acme.ChallengeLink, "{provisionerID}", false, nil, "{chID}"), extractPayloadByKid(h.GetChallenge)) r.MethodFunc("POST", getLink(acme.CertificateLink, "{provisionerID}", false, nil, "{certID}"), extractPayloadByKid(h.isPostAsGet(h.GetCertificate))) + } // GetNonce just sets the right header since a Nonce is added to each response @@ -89,6 +91,11 @@ func (h *Handler) GetDirectory(w http.ResponseWriter, r *http.Request) { api.JSON(w, dir) } +// NotImplemented returns a 501. This is a place holder for future functionality. +func (h *Handler) NotImplemented(w http.ResponseWriter, r *http.Request) { + api.WriteError(w, acme.NotImplemented(nil).ToACME()) +} + // GetAuthz ACME api for retrieving an Authz. func (h *Handler) GetAuthz(w http.ResponseWriter, r *http.Request) { acc, err := acme.AccountFromContext(r.Context()) diff --git a/acme/errors.go b/acme/errors.go index dd6f4aff..878a1fdc 100644 --- a/acme/errors.go +++ b/acme/errors.go @@ -194,6 +194,16 @@ func ServerInternalErr(err error) *Error { } } +// NotImplemented returns a new acme error. +func NotImplemented(err error) *Error { + return &Error{ + Type: notImplemented, + Detail: "The requested operation is not implemented", + Status: 501, + Err: err, + } +} + // TLSErr returns a new acme error. func TLSErr(err error) *Error { return &Error{ @@ -296,6 +306,8 @@ const ( unsupportedIdentifierErr // Visit the “instance” URL and take actions specified there userActionRequiredErr + // The operation is not implemented + notImplemented ) // String returns the string representation of the acme problem type, @@ -350,6 +362,8 @@ func (ap ProbType) String() string { return "unsupportedIdentifier" case userActionRequiredErr: return "userActionRequired" + case notImplemented: + return "notImplemented" default: return "unsupported type" } @@ -398,10 +412,28 @@ func (e *Error) Cause() error { return e.Err } +// Official returns true if this error is registered with the IETF. +// +// The RFC says: +// +// This list is not exhaustive. The server MAY return errors whose +// "type" field is set to a URI other than those defined above. Servers +// MUST NOT use the ACME URN namespace for errors not listed in the +// appropriate IANA registry (see Section 9.6). Clients SHOULD display +// the "detail" field of all errors. +// +func (e *Error) Official() bool { + return e.Type != notImplemented +} + // ToACME returns an acme representation of the problem type. func (e *Error) ToACME() *AError { + prefix := "urn:step:acme:error" + if e.Official() { + prefix = "urn:ietf:params:acme:error:" + } ae := &AError{ - Type: "urn:ietf:params:acme:error:" + e.Type.String(), + Type: prefix + e.Type.String(), Detail: e.Error(), Status: e.Status, }