lego/acme/jws.go

91 lines
1.8 KiB
Go
Raw Normal View History

2015-06-11 22:13:43 +00:00
package acme
import (
"bytes"
"crypto/ecdsa"
2015-06-11 22:13:43 +00:00
"crypto/rsa"
"fmt"
2015-06-11 22:13:43 +00:00
"net/http"
"github.com/letsencrypt/go-jose"
2015-06-11 22:13:43 +00:00
)
type jws struct {
privKey *rsa.PrivateKey
nonces []string
2015-06-11 22:13:43 +00:00
}
func keyAsJWK(key *ecdsa.PublicKey) jose.JsonWebKey {
return jose.JsonWebKey{
Key: key,
Algorithm: "EC",
}
}
2015-06-11 22:13:43 +00:00
// Posts a JWS signed message to the specified URL
func (j *jws) post(url string, content []byte) (*http.Response, error) {
if len(j.nonces) == 0 {
err := j.getNonce(url)
if err != nil {
return nil, fmt.Errorf("Could not get a nonce for request: %s\n\t\tError: %v", url, err)
}
}
signedContent, err := j.signContent(content)
if err != nil {
return nil, err
}
resp, err := http.Post(url, "application/jose+json", bytes.NewBuffer([]byte(signedContent.FullSerialize())))
if err != nil {
return nil, err
}
j.getNonceFromResponse(resp)
return resp, err
}
func (j *jws) signContent(content []byte) (*jose.JsonWebSignature, error) {
2015-06-13 02:26:33 +00:00
// TODO: support other algorithms - RS512
2015-06-11 22:13:43 +00:00
signer, err := jose.NewSigner(jose.RS256, j.privKey)
if err != nil {
return nil, err
}
signed, err := signer.Sign(content, j.consumeNonce())
2015-06-11 22:13:43 +00:00
if err != nil {
return nil, err
}
return signed, nil
}
func (j *jws) getNonceFromResponse(resp *http.Response) error {
nonce := resp.Header.Get("Replay-Nonce")
if nonce == "" {
return fmt.Errorf("Server did not respond with a proper nonce header.")
}
j.nonces = append(j.nonces, nonce)
return nil
}
2015-06-11 22:13:43 +00:00
func (j *jws) getNonce(url string) error {
resp, err := http.Head(url)
2015-06-11 22:13:43 +00:00
if err != nil {
return err
2015-06-11 22:13:43 +00:00
}
return j.getNonceFromResponse(resp)
}
func (j *jws) consumeNonce() string {
nonce := ""
if len(j.nonces) == 0 {
return nonce
}
nonce, j.nonces = j.nonces[len(j.nonces)-1], j.nonces[:len(j.nonces)-1]
return nonce
2015-06-11 22:13:43 +00:00
}