forked from TrueCloudLab/certificates
acme: go fmt
This commit is contained in:
David Cowden
parent
9af4dd3692
commit
bdadea8a37
3 changed files with 35 additions and 41 deletions
|
|
@ -62,7 +62,7 @@ var (
|
||||||
|
|
||||||
// Ordinal is used during challenge retries to indicate ownership.
|
// Ordinal is used during challenge retries to indicate ownership.
|
||||||
func init() {
|
func init() {
|
||||||
ordstr := os.Getenv("STEP_CA_ORDINAL");
|
ordstr := os.Getenv("STEP_CA_ORDINAL")
|
||||||
if ordstr == "" {
|
if ordstr == "" {
|
||||||
ordinal = 0
|
ordinal = 0
|
||||||
} else {
|
} else {
|
||||||
|
|
@ -323,13 +323,12 @@ func (a *Authority) ValidateChallenge(p provisioner.Interface, accID, chID strin
|
||||||
// Take ownership of the challenge status and retry state. The values must be reset.
|
// Take ownership of the challenge status and retry state. The values must be reset.
|
||||||
up := ch.clone()
|
up := ch.clone()
|
||||||
up.Status = StatusProcessing
|
up.Status = StatusProcessing
|
||||||
up.Retry = &Retry {
|
up.Retry = &Retry{
|
||||||
Owner: ordinal,
|
Owner: ordinal,
|
||||||
ProvisionerID: p.GetID(),
|
ProvisionerID: p.GetID(),
|
||||||
NumAttempts: 0,
|
NumAttempts: 0,
|
||||||
MaxAttempts: 10,
|
MaxAttempts: 10,
|
||||||
NextAttempt: time.Now().Add(retryInterval).UTC().Format(time.RFC3339),
|
NextAttempt: time.Now().Add(retryInterval).UTC().Format(time.RFC3339),
|
||||||
|
|
||||||
}
|
}
|
||||||
err = up.save(a.db, ch)
|
err = up.save(a.db, ch)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
@ -382,7 +381,6 @@ func (a *Authority) validate(ch challenge, jwk *jose.JSONWebKey) (challenge, err
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
const retryInterval = 12 * time.Second
|
const retryInterval = 12 * time.Second
|
||||||
|
|
||||||
// see: ValidateChallenge
|
// see: ValidateChallenge
|
||||||
|
|
@ -458,7 +456,6 @@ func (a *Authority) RetryChallenge(chID string) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
// GetCertificate retrieves the Certificate by ID.
|
// GetCertificate retrieves the Certificate by ID.
|
||||||
func (a *Authority) GetCertificate(accID, certID string) ([]byte, error) {
|
func (a *Authority) GetCertificate(accID, certID string) ([]byte, error) {
|
||||||
cert, err := getCert(a.db, certID)
|
cert, err := getCert(a.db, certID)
|
||||||
|
|
@ -470,4 +467,3 @@ func (a *Authority) GetCertificate(accID, certID string) ([]byte, error) {
|
||||||
}
|
}
|
||||||
return cert.toACME(a.db, a.dir)
|
return cert.toACME(a.db, a.dir)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -305,7 +305,6 @@ func (r *Retry) Active() bool {
|
||||||
return r.NumAttempts < r.MaxAttempts
|
return r.NumAttempts < r.MaxAttempts
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
// http01Challenge represents an http-01 acme challenge.
|
// http01Challenge represents an http-01 acme challenge.
|
||||||
type http01Challenge struct {
|
type http01Challenge struct {
|
||||||
*baseChallenge
|
*baseChallenge
|
||||||
|
|
@ -452,7 +451,7 @@ func (tc *tlsALPN01Challenge) validate(jwk *jose.JSONWebKey, vo validateOptions)
|
||||||
|
|
||||||
leafCert := certs[0]
|
leafCert := certs[0]
|
||||||
if len(leafCert.DNSNames) != 1 || !strings.EqualFold(leafCert.DNSNames[0], tc.Value) {
|
if len(leafCert.DNSNames) != 1 || !strings.EqualFold(leafCert.DNSNames[0], tc.Value) {
|
||||||
e := errors.Errorf("incorrect certificate for tls-alpn-01 challenge: " +
|
e := errors.Errorf("incorrect certificate for tls-alpn-01 challenge: "+
|
||||||
"leaf certificate must contain a single DNS name, %v", tc.Value)
|
"leaf certificate must contain a single DNS name, %v", tc.Value)
|
||||||
up.Error = RejectedIdentifierErr(e).ToACME()
|
up.Error = RejectedIdentifierErr(e).ToACME()
|
||||||
return up, nil
|
return up, nil
|
||||||
|
|
@ -488,7 +487,7 @@ func (tc *tlsALPN01Challenge) validate(jwk *jose.JSONWebKey, vo validateOptions)
|
||||||
}
|
}
|
||||||
|
|
||||||
if subtle.ConstantTimeCompare(hashedKeyAuth[:], extValue) != 1 {
|
if subtle.ConstantTimeCompare(hashedKeyAuth[:], extValue) != 1 {
|
||||||
e := errors.Errorf("incorrect certificate for tls-alpn-01 challenge: " +
|
e := errors.Errorf("incorrect certificate for tls-alpn-01 challenge: "+
|
||||||
"expected acmeValidationV1 extension value %s for this challenge but got %s",
|
"expected acmeValidationV1 extension value %s for this challenge but got %s",
|
||||||
hex.EncodeToString(hashedKeyAuth[:]), hex.EncodeToString(extValue))
|
hex.EncodeToString(hashedKeyAuth[:]), hex.EncodeToString(extValue))
|
||||||
up.Error = IncorrectResponseErr(e).ToACME()
|
up.Error = IncorrectResponseErr(e).ToACME()
|
||||||
|
|
@ -516,7 +515,7 @@ func (tc *tlsALPN01Challenge) validate(jwk *jose.JSONWebKey, vo validateOptions)
|
||||||
return up, nil
|
return up, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
e := errors.Errorf("incorrect certificate for tls-alpn-01 challenge: "+
|
e := errors.Errorf("incorrect certificate for tls-alpn-01 challenge: " +
|
||||||
"missing acmeValidationV1 extension")
|
"missing acmeValidationV1 extension")
|
||||||
up.Error = IncorrectResponseErr(e).ToACME()
|
up.Error = IncorrectResponseErr(e).ToACME()
|
||||||
return tc, nil
|
return tc, nil
|
||||||
|
|
@ -630,4 +629,3 @@ func getChallenge(db nosql.DB, id string) (challenge, error) {
|
||||||
}
|
}
|
||||||
return ch, nil
|
return ch, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue