aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDimitri Sokolyuk <demon@dim13.org>2016-06-05 02:09:33 +0200
committerDimitri Sokolyuk <demon@dim13.org>2016-06-05 02:09:33 +0200
commit2915c9453086366c970c9ab602f2ec670ca29234 (patch)
treefef792034e861fdbbad8814603e4e07c2e61201d
parentd3bd76f5c8a0509869e749e13d6a6edafdd3af66 (diff)
Extract Thumb
-rw-r--r--crypto.go19
-rw-r--r--provider.go6
-rw-r--r--signer.go34
3 files changed, 42 insertions, 17 deletions
diff --git a/crypto.go b/crypto.go
index d9384b1..39c48fe 100644
--- a/crypto.go
+++ b/crypto.go
@@ -14,6 +14,7 @@ import (
"errors"
"io"
"io/ioutil"
+ "os"
)
const (
@@ -50,6 +51,15 @@ func SaveKey(w io.Writer, key crypto.PrivateKey) error {
return pem.Encode(w, block)
}
+func LoadKeyFile(fname string) (crypto.PrivateKey, error) {
+ fd, err := os.Open(fname)
+ if err != nil {
+ return nil, err
+ }
+ defer fd.Close()
+ return LoadKey(fd)
+}
+
func LoadKey(r io.Reader) (crypto.PrivateKey, error) {
der, err := ioutil.ReadAll(r)
if err != nil {
@@ -71,6 +81,15 @@ func SaveCert(w io.Writer, cert []byte) error {
return pem.Encode(w, block)
}
+func LoadCertFile(fname string) ([]*x509.Certificate, error) {
+ fd, err := os.Open(fname)
+ if err != nil {
+ return nil, err
+ }
+ defer fd.Close()
+ return LoadCerts(fd)
+}
+
func LoadCerts(r io.Reader) ([]*x509.Certificate, error) {
der, err := ioutil.ReadAll(r)
if err != nil {
diff --git a/provider.go b/provider.go
index ebb44f5..a43d67a 100644
--- a/provider.go
+++ b/provider.go
@@ -74,11 +74,15 @@ func DialProvider(directory string, key crypto.PrivateKey) (*Provider, error) {
if err != nil {
return nil, err
}
+ thumb, err := Thumb(key)
+ if err != nil {
+ return nil, err
+ }
p := &Provider{
Client: http.Client{
Transport: sig,
},
- thumb: sig.thumb,
+ thumb: thumb,
}
if directory == "" {
directory = LE1
diff --git a/signer.go b/signer.go
index d8d3b5d..f9f0b7d 100644
--- a/signer.go
+++ b/signer.go
@@ -21,27 +21,33 @@ var errNoNonces = errors.New("out of nonces")
// Signer ...
type Signer struct {
jose.Signer
- thumb string
nonces chan string
}
-func NewSigner(privKey crypto.PrivateKey) (*Signer, error) {
- thumb := func(pubKey crypto.PublicKey, alg string) (string, error) {
- wk := &jose.JsonWebKey{Key: pubKey, Algorithm: alg}
- t, err := wk.Thumbprint(crypto.SHA256)
- return base64.RawURLEncoding.EncodeToString(t), err
+func thumb(pubKey crypto.PublicKey) (string, error) {
+ jwk := &jose.JsonWebKey{Key: pubKey}
+ t, err := jwk.Thumbprint(crypto.SHA256)
+ return base64.RawURLEncoding.EncodeToString(t), err
+}
+
+func Thumb(privKey crypto.PrivateKey) (string, error) {
+ switch k := privKey.(type) {
+ case *rsa.PrivateKey:
+ return thumb(k.Public())
+ case *ecdsa.PrivateKey:
+ return thumb(k.Public())
}
+ return "", ErrKeyType
+}
+
+func NewSigner(privKey crypto.PrivateKey) (*Signer, error) {
switch k := privKey.(type) {
case *rsa.PrivateKey:
s, err := jose.NewSigner(jose.RS256, k)
if err != nil {
return nil, err
}
- t, err := thumb(k.Public(), "RSA")
- if err != nil {
- return nil, err
- }
- sig := &Signer{Signer: s, thumb: t, nonces: make(chan string, 100)}
+ sig := &Signer{Signer: s, nonces: make(chan string, 100)}
sig.SetNonceSource(sig)
return sig, nil
case *ecdsa.PrivateKey:
@@ -49,11 +55,7 @@ func NewSigner(privKey crypto.PrivateKey) (*Signer, error) {
if err != nil {
return nil, err
}
- t, err := thumb(k.Public(), "EC")
- if err != nil {
- return nil, err
- }
- sig := &Signer{Signer: s, thumb: t, nonces: make(chan string, 100)}
+ sig := &Signer{Signer: s, nonces: make(chan string, 100)}
sig.SetNonceSource(sig)
return sig, nil
default: