aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDimitri Sokolyuk <demon@dim13.org>2015-12-26 23:31:17 +0100
committerDimitri Sokolyuk <demon@dim13.org>2015-12-26 23:31:17 +0100
commit0c1b5b987647bb264a1027565357b1377e3f5fad (patch)
tree5c47636c824bdc30dd276db40477606b3b13cece
parenta6db8ecb747ac7ee0554c948b1ec7fdd4da290a8 (diff)
Move Thumb into Account
-rw-r--r--README.md17
-rw-r--r--account.go12
-rw-r--r--client.go14
-rw-r--r--crypto.go12
4 files changed, 36 insertions, 19 deletions
diff --git a/README.md b/README.md
index a0d4400..392e773 100644
--- a/README.md
+++ b/README.md
@@ -111,3 +111,20 @@ worker:
## test tunnel
slogin -R \*:80:localhost:8080 -N root@docker.moccu.com
+
+
+
+# Refactor
+
+## Register Account
+- account key
+
+## Authorize Domain
+- account key (signer)
+- altnames
+- params: webroot, address
+
+## Certificate
+- account key (signer)
+- cert key
+- altnames
diff --git a/account.go b/account.go
index 0ce0643..a914db4 100644
--- a/account.go
+++ b/account.go
@@ -1,7 +1,9 @@
package acme
import (
+ "crypto"
"crypto/rsa"
+ "encoding/base64"
"io"
"net/mail"
"strings"
@@ -48,6 +50,7 @@ func (a *Account) AddPhone(phone string) error {
// Signer describes a signing interface
type Signer interface {
Sign([]byte, jose.NonceSource) (io.Reader, error)
+ Thumb(string) (string, error)
}
// Sign implements Signer interface
@@ -59,3 +62,12 @@ func (a *Account) Sign(msg []byte, n jose.NonceSource) (io.Reader, error) {
}
return strings.NewReader(obj.FullSerialize()), nil
}
+
+func (a *Account) Thumb(token string) (string, error) {
+ k := &jose.JsonWebKey{Key: a.PrivKey.Public(), Algorithm: "RSA"}
+ thumb, err := k.Thumbprint(crypto.SHA256)
+ if err != nil {
+ return "", err
+ }
+ return token + "." + base64.RawURLEncoding.EncodeToString(thumb), nil
+}
diff --git a/client.go b/client.go
index b0f76a0..45dca55 100644
--- a/client.go
+++ b/client.go
@@ -212,7 +212,7 @@ func pickChallenge(c []Challenge) (int, Challenge) {
return -1, Challenge{}
}
-func (c *Client) Authorize(a *Account, altnames []string) error {
+func (c *Client) Authorize(s Signer, altnames []string) error {
ident := Identifier{
Type: IdentDNS,
Value: altnames[0],
@@ -221,7 +221,7 @@ func (c *Client) Authorize(a *Account, altnames []string) error {
Resource: ResNewAuthz,
Identifier: ident,
}
- resp, err := c.post(c.NewAuthz, a, r)
+ resp, err := c.post(c.NewAuthz, s, r)
if err != nil {
return err
}
@@ -232,24 +232,24 @@ func (c *Client) Authorize(a *Account, altnames []string) error {
return errors.New("can't solve any challenges")
}
- ka, _ := Thumb(ch.Token, a.PrivKey.Public())
+ ka, _ := s.Thumb(ch.Token)
ans := &Challenge{
Resource: ResChallenge,
Type: ch.Type,
KeyAuthorization: ka,
}
- _, err = c.post(ch.URI, a, ans)
+ _, err = c.post(ch.URI, s, ans)
- var s Solver
+ var sol Solver
switch ch.Type {
case ChallengeHTTP:
- s = &httpChallenge{Addr: "localhost:8080", Challenge: *ans}
+ sol = &httpChallenge{Addr: "localhost:8080", Challenge: *ans}
default:
return errChallengeType
}
- if err := Solve(s, time.Minute); err != nil {
+ if err := Solve(sol, time.Minute); err != nil {
return err
}
diff --git a/crypto.go b/crypto.go
index e005562..f70cc2f 100644
--- a/crypto.go
+++ b/crypto.go
@@ -1,7 +1,6 @@
package acme
import (
- "crypto"
"crypto/rand"
"crypto/rsa"
"crypto/x509"
@@ -10,8 +9,6 @@ import (
"encoding/pem"
"io"
"io/ioutil"
-
- "github.com/square/go-jose"
)
func LoadKey(r io.Reader) (*rsa.PrivateKey, error) {
@@ -51,15 +48,6 @@ func NewCSR(altnames []string, key *rsa.PrivateKey) (string, error) {
return base64.RawURLEncoding.EncodeToString(der), nil
}
-func Thumb(token string, key crypto.PublicKey) (string, error) {
- k := &jose.JsonWebKey{Key: key, Algorithm: "RSA"}
- thumb, err := k.Thumbprint(crypto.SHA256)
- if err != nil {
- return "", err
- }
- return token + "." + base64.RawURLEncoding.EncodeToString(thumb), nil
-}
-
func SaveCert(w io.Writer, der []byte) error {
block := &pem.Block{
Type: "CERTIFICATE",