Browse Source

FetchCertificate: Use POST-AS-GET mechanism

master
Isaac 3 years ago
parent
commit
821421599d
  1. 6
      acme.go
  2. 2
      autocert/autocert.go
  3. 8
      certificate.go
  4. 8
      certificate_test.go
  5. 2
      examples/certbot/certbot.go
  6. 4
      misc_test.go

6
acme.go

@ -166,7 +166,7 @@ func (c Client) nonce() (string, error) {
// Helper function to perform an http post request and read the body.
// Will attempt to retry if error is badNonce
func (c Client) postRaw(retryCount int, requestURL, keyID string, privateKey crypto.Signer, payload interface{}, out interface{}, expectedStatus []int) (*http.Response, []byte, error) {
func (c Client) postRaw(retryCount int, requestURL, keyID string, privateKey crypto.Signer, payload interface{}, expectedStatus []int) (*http.Response, []byte, error) {
nonce, err := c.nonce()
if err != nil {
return nil, nil, err
@ -201,7 +201,7 @@ func (c Client) postRaw(retryCount int, requestURL, keyID string, privateKey cry
}
if strings.HasSuffix(prob.Type, ":badNonce") {
// only retry if error is badNonce
return c.postRaw(retryCount+1, requestURL, keyID, privateKey, payload, out, expectedStatus)
return c.postRaw(retryCount+1, requestURL, keyID, privateKey, payload, expectedStatus)
}
return resp, nil, err
}
@ -216,7 +216,7 @@ func (c Client) postRaw(retryCount int, requestURL, keyID string, privateKey cry
// Helper function for performing a http post to an acme resource.
func (c Client) post(requestURL, keyID string, privateKey crypto.Signer, payload interface{}, out interface{}, expectedStatus ...int) (*http.Response, error) {
resp, body, err := c.postRaw(0, requestURL, keyID, privateKey, payload, out, expectedStatus)
resp, body, err := c.postRaw(0, requestURL, keyID, privateKey, payload, expectedStatus)
if err != nil {
return resp, err
}

2
autocert/autocert.go

@ -389,7 +389,7 @@ func (m *AutoCert) issueCert(domainName string) (*tls.Certificate, error) {
}
// fetch the certificate chain from the finalized order provided by the acme server
certs, err := m.client.FetchCertificates(order.Certificate)
certs, err := m.client.FetchCertificates(account, order.Certificate)
if err != nil {
return nil, fmt.Errorf("autocert: error fetching order certificates for %s: %v", domainName, err)
}

8
certificate.go

@ -10,8 +10,8 @@ import (
)
// FetchCertificates downloads a certificate chain from a url given in an order certificate.
func (c Client) FetchCertificates(certificateURL string) ([]*x509.Certificate, error) {
resp, raw, err := c.getRaw(certificateURL, http.StatusOK)
func (c Client) FetchCertificates(account Account, certificateURL string) ([]*x509.Certificate, error) {
resp, body, err := c.postRaw(0, certificateURL, account.URL, account.PrivateKey, "", []int{http.StatusOK})
if err != nil {
return nil, err
}
@ -19,7 +19,7 @@ func (c Client) FetchCertificates(certificateURL string) ([]*x509.Certificate, e
var certs []*x509.Certificate
for {
var p *pem.Block
p, raw = pem.Decode(raw)
p, body = pem.Decode(body)
if p == nil {
break
}
@ -32,7 +32,7 @@ func (c Client) FetchCertificates(certificateURL string) ([]*x509.Certificate, e
up := fetchLink(resp, "up")
if up != "" {
upCerts, err := c.FetchCertificates(up)
upCerts, err := c.FetchCertificates(account, up)
if err != nil {
return certs, fmt.Errorf("acme: error fetching up cert: %v", err)
}

8
certificate_test.go

@ -3,11 +3,11 @@ package acme
import "testing"
func TestClient_FetchCertificates(t *testing.T) {
_, order, _ := makeOrderFinalised(t, nil)
account, order, _ := makeOrderFinalised(t, nil)
if order.Certificate == "" {
t.Fatalf("no certificate: %+v", order)
}
certs, err := testClient.FetchCertificates(order.Certificate)
certs, err := testClient.FetchCertificates(account, order.Certificate)
if err != nil {
t.Fatalf("expeceted no error, got: %v", err)
}
@ -27,7 +27,7 @@ func TestClient_RevokeCertificate(t *testing.T) {
if order.Certificate == "" {
t.Fatalf("no certificate: %+v", order)
}
certs, err := testClient.FetchCertificates(order.Certificate)
certs, err := testClient.FetchCertificates(account, order.Certificate)
if err != nil {
t.Fatalf("expeceted no error, got: %v", err)
}
@ -42,7 +42,7 @@ func TestClient_RevokeCertificate2(t *testing.T) {
if order.Certificate == "" {
t.Fatalf("no certificate: %+v", order)
}
certs, err := testClient.FetchCertificates(order.Certificate)
certs, err := testClient.FetchCertificates(account, order.Certificate)
if err != nil {
t.Fatalf("expeceted no error, got: %v", err)
}

2
examples/certbot/certbot.go

@ -194,7 +194,7 @@ func main() {
// fetch the certificate chain from the finalized order provided by the acme server
log.Printf("Fetching certificate: %s", order.Certificate)
certs, err := client.FetchCertificates(order.Certificate)
certs, err := client.FetchCertificates(account, order.Certificate)
if err != nil {
log.Fatalf("Error fetching order certificates: %v", err)
}

4
misc_test.go

@ -4,9 +4,9 @@ import "testing"
func TestWildcard(t *testing.T) {
d := "*." + randString() + ".com"
_, order, _ := makeOrderFinalised(t, []string{ChallengeTypeDNS01}, Identifier{Type: "dns", Value: d})
account, order, _ := makeOrderFinalised(t, []string{ChallengeTypeDNS01}, Identifier{Type: "dns", Value: d})
certs, err := testClient.FetchCertificates(order.Certificate)
certs, err := testClient.FetchCertificates(account, order.Certificate)
if err != nil {
t.Fatalf("error fetch cert: %v", err)
}

Loading…
Cancel
Save