From 974f2fa9297e0a8712523a0cea02116a3a8320c0 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 20 Nov 2015 12:01:06 -0700 Subject: [PATCH] Don't try appending /directory to caURL (spec doesn't require it) Also improved some comments/docs and fixed a test --- acme/client.go | 26 ++++++++++++-------------- acme/client_test.go | 8 ++++---- 2 files changed, 16 insertions(+), 18 deletions(-) diff --git a/acme/client.go b/acme/client.go index ef9e5710..5d0f6982 100644 --- a/acme/client.go +++ b/acme/client.go @@ -52,13 +52,14 @@ type Client struct { solvers map[string]solver } -// NewClient creates a new client for the set user. -// caURL - The root url to the boulder instance you want certificates from -// usr - A filled in user struct -// keyBits - Size of the key in bits -// optPort - The alternative port to listen on for challenges. -func NewClient(caURL string, usr User, keyBits int, optPort string) (*Client, error) { - privKey := usr.GetPrivateKey() +// NewClient creates a new ACME client on behalf of user. The client will depend on +// the ACME directory located at caDirURL for the rest of its actions. It will +// generate private keys for certificates of size keyBits. And, if the challenge +// type requires it, the client will open a port at optPort to solve the challenge. +// If optPort is blank, the port required by the spec will be used, but you must +// forward the required port to optPort for the challenge to succeed. +func NewClient(caDirURL string, user User, keyBits int, optPort string) (*Client, error) { + privKey := user.GetPrivateKey() if privKey == nil { return nil, errors.New("private key was nil") } @@ -67,12 +68,9 @@ func NewClient(caURL string, usr User, keyBits int, optPort string) (*Client, er return nil, fmt.Errorf("invalid private key: %v", err) } - if !strings.HasSuffix(caURL, "/directory") { - caURL = caURL + "/directory" - } - dirResp, err := http.Get(caURL) + dirResp, err := http.Get(caDirURL) if err != nil { - return nil, fmt.Errorf("get directory at '%s': %v", caURL, err) + return nil, fmt.Errorf("get directory at '%s': %v", caDirURL, err) } defer dirResp.Body.Close() @@ -95,7 +93,7 @@ func NewClient(caURL string, usr User, keyBits int, optPort string) (*Client, er return nil, errors.New("directory missing revoke certificate URL") } - jws := &jws{privKey: privKey, directoryURL: caURL} + jws := &jws{privKey: privKey, directoryURL: caDirURL} // REVIEW: best possibility? // Add all available solvers with the right index as per ACME @@ -103,7 +101,7 @@ func NewClient(caURL string, usr User, keyBits int, optPort string) (*Client, er solvers := make(map[string]solver) solvers["http-01"] = &httpChallenge{jws: jws, optPort: optPort} - return &Client{directory: dir, user: usr, jws: jws, keyBits: keyBits, solvers: solvers}, nil + return &Client{directory: dir, user: user, jws: jws, keyBits: keyBits, solvers: solvers}, nil } // Register the current account to the ACME server. diff --git a/acme/client_test.go b/acme/client_test.go index 7a835cee..0c37d536 100644 --- a/acme/client_test.go +++ b/acme/client_test.go @@ -43,19 +43,19 @@ func TestNewClient(t *testing.T) { t.Errorf("Expected keyBits to be %d but was %d", keyBits, client.keyBits) } - if expected, actual := 2, len(client.solvers); actual != expected { + if expected, actual := 1, len(client.solvers); actual != expected { t.Fatalf("Expected %d solver(s), got %d", expected, actual) } httpSolver, ok := client.solvers["http-01"].(*httpChallenge) if !ok { - t.Fatal("Expected simpleHttps solver to be simpleHTTPChallenge type") + t.Fatal("Expected http-01 solver to be httpChallenge type") } if httpSolver.jws != client.jws { - t.Error("Expected simpleHTTPChallenge to have same jws as client") + t.Error("Expected http-01 to have same jws as client") } if httpSolver.optPort != optPort { - t.Errorf("Expected simpleHTTPChallenge to have optPort %s but was %s", optPort, httpSolver.optPort) + t.Errorf("Expected http-01 to have optPort %s but was %s", optPort, httpSolver.optPort) } }