Add TLS SNI Challenge function which returns domain

Used by rsc.io/letsencrypt to get the challenge domain. Originally committed under rsc.io/letsencrypt/vendor.
2016-06-10 11:47:21 -07:00 · 2016-06-10 11:47:21 -07:00 · c8b0781028
commit c8b0781028
parent cae9c70e1e
1 changed files with 12 additions and 6 deletions
--- a/acme/tls_sni_challenge.go
+++ b/acme/tls_sni_challenge.go
@ -40,12 +40,12 @@ func (t *tlsSNIChallenge) Solve(chlng challenge, domain string) error {
 	return t.validate(t.jws, domain, chlng.URI, challenge{Resource: "challenge", Type: chlng.Type, Token: chlng.Token, KeyAuthorization: keyAuth})
 }

-// TLSSNI01ChallengeCert returns a certificate for the `tls-sni-01` challenge
-func TLSSNI01ChallengeCert(keyAuth string) (tls.Certificate, error) {
+// TLSSNI01ChallengeCert returns a certificate and target domain for the `tls-sni-01` challenge
+func TLSSNI01ChallengeCertDomain(keyAuth string) (tls.Certificate, string, error) {
 	// generate a new RSA key for the certificates
 	tempPrivKey, err := generatePrivateKey(RSA2048)
 	if err != nil {
-		return tls.Certificate{}, err
+		return tls.Certificate{}, "", err
 	}
 	rsaPrivKey := tempPrivKey.(*rsa.PrivateKey)
 	rsaPrivPEM := pemEncode(rsaPrivKey)
@ -55,13 +55,19 @@ func TLSSNI01ChallengeCert(keyAuth string) (tls.Certificate, error) {
 	domain := fmt.Sprintf("%s.%s.acme.invalid", z[:32], z[32:])
 	tempCertPEM, err := generatePemCert(rsaPrivKey, domain)
 	if err != nil {
-		return tls.Certificate{}, err
+		return tls.Certificate{}, "", err
 	}

 	certificate, err := tls.X509KeyPair(tempCertPEM, rsaPrivPEM)
 	if err != nil {
-		return tls.Certificate{}, err
+		return tls.Certificate{}, "", err
 	}

-	return certificate, nil
+	return certificate, domain, nil
+}
+
+// TLSSNI01ChallengeCert returns a certificate for the `tls-sni-01` challenge
+func TLSSNI01ChallengeCert(keyAuth string) (tls.Certificate, error) {
+	cert, _, err := TLSSNI01ChallengeCertDomain(keyAuth)
+	return cert, err
 }