forked from TrueCloudLab/lego
Extract JWS to its own struct
This commit is contained in:
parent
bcdc00add6
commit
e600438aeb
2 changed files with 42 additions and 29 deletions
|
@ -1,7 +1,6 @@
|
||||||
package acme
|
package acme
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
|
||||||
"crypto/rsa"
|
"crypto/rsa"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"errors"
|
"errors"
|
||||||
|
@ -12,8 +11,6 @@ import (
|
||||||
"os"
|
"os"
|
||||||
"regexp"
|
"regexp"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"github.com/square/go-jose"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// Logger is used to log errors; if nil, the default log.Logger is used.
|
// Logger is used to log errors; if nil, the default log.Logger is used.
|
||||||
|
@ -44,6 +41,7 @@ type solver interface {
|
||||||
type Client struct {
|
type Client struct {
|
||||||
regURL string
|
regURL string
|
||||||
user User
|
user User
|
||||||
|
jws *jws
|
||||||
Solvers map[string]solver
|
Solvers map[string]solver
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -53,33 +51,14 @@ func NewClient(caURL string, usr User) *Client {
|
||||||
logger().Fatalf("Could not validate the private account key of %s -> %v", usr.GetEmail(), err)
|
logger().Fatalf("Could not validate the private account key of %s -> %v", usr.GetEmail(), err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
jws := &jws{privKey: usr.GetPrivateKey()}
|
||||||
|
|
||||||
// REVIEW: best possibility?
|
// REVIEW: best possibility?
|
||||||
solvers := make(map[string]solver)
|
solvers := make(map[string]solver)
|
||||||
solvers["simpleHttp"] = &simpleHTTPChallenge{}
|
solvers["simpleHttp"] = &simpleHTTPChallenge{jws: jws}
|
||||||
solvers["dvsni"] = &dvsniChallenge{}
|
solvers["dvsni"] = &dvsniChallenge{}
|
||||||
|
|
||||||
return &Client{regURL: caURL, user: usr}
|
return &Client{regURL: caURL, user: usr, jws: jws}
|
||||||
}
|
|
||||||
|
|
||||||
// Posts a JWS signed message to the specified URL
|
|
||||||
func (c *Client) jwsPost(url string, content []byte) (*http.Response, error) {
|
|
||||||
signer, err := jose.NewSigner(jose.RS256, c.user.GetPrivateKey())
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
signed, err := signer.Sign(content)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
signedContent := signed.FullSerialize()
|
|
||||||
|
|
||||||
resp, err := http.Post(url, "application/json", bytes.NewBuffer([]byte(signedContent)))
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
return resp, err
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Register the current account to the ACME server.
|
// Register the current account to the ACME server.
|
||||||
|
@ -90,7 +69,7 @@ func (c *Client) Register() (*RegistrationResource, error) {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
resp, err := c.jwsPost(c.regURL, jsonBytes)
|
resp, err := c.jws.post(c.regURL, jsonBytes)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
@ -135,7 +114,7 @@ func (c *Client) AgreeToTos() error {
|
||||||
|
|
||||||
logger().Printf("Agreement: %s", string(jsonBytes))
|
logger().Printf("Agreement: %s", string(jsonBytes))
|
||||||
|
|
||||||
resp, err := c.jwsPost(c.user.GetRegistration().URI, jsonBytes)
|
resp, err := c.jws.post(c.user.GetRegistration().URI, jsonBytes)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
@ -183,7 +162,7 @@ func (c *Client) getChallenges(domains []string) []*authorizationResource {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
resp, err := c.jwsPost(c.user.GetRegistration().NewAuthzURL, jsonBytes)
|
resp, err := c.jws.post(c.user.GetRegistration().NewAuthzURL, jsonBytes)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
errc <- err
|
errc <- err
|
||||||
return
|
return
|
||||||
|
|
34
acme/jws.go
Normal file
34
acme/jws.go
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
package acme
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bytes"
|
||||||
|
"crypto/rsa"
|
||||||
|
"net/http"
|
||||||
|
|
||||||
|
"github.com/square/go-jose"
|
||||||
|
)
|
||||||
|
|
||||||
|
type jws struct {
|
||||||
|
privKey *rsa.PrivateKey
|
||||||
|
}
|
||||||
|
|
||||||
|
// Posts a JWS signed message to the specified URL
|
||||||
|
func (j *jws) post(url string, content []byte) (*http.Response, error) {
|
||||||
|
signer, err := jose.NewSigner(jose.RS256, j.privKey)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
signed, err := signer.Sign(content)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
signedContent := signed.FullSerialize()
|
||||||
|
|
||||||
|
resp, err := http.Post(url, "application/json", bytes.NewBuffer([]byte(signedContent)))
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return resp, err
|
||||||
|
}
|
Loading…
Reference in a new issue