aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDimitri Sokolyuk <demon@dim13.org>2016-06-03 14:03:20 +0200
committerDimitri Sokolyuk <demon@dim13.org>2016-06-03 14:03:20 +0200
commitd21f85cfebeaee5335b0a8228f0c6f2653e942a0 (patch)
tree62b471f3b0768b55cbce67e2dec63f0d722914de
parente738999c9656b98e78fd6fba8576a1ffa5c5b892 (diff)
Encapsulate Signer in Provider
-rw-r--r--authorize.go6
-rw-r--r--certificate.go8
-rw-r--r--challenge.go6
-rw-r--r--provider.go15
-rw-r--r--register.go6
-rw-r--r--signer.go49
6 files changed, 39 insertions, 51 deletions
diff --git a/authorize.go b/authorize.go
index c6ea6d6..893764c 100644
--- a/authorize.go
+++ b/authorize.go
@@ -47,7 +47,7 @@ func (a Authorization) Supported(sols Solvers) []Challenge {
return nil
}
-func (p *Provider) Authorize(s *Signer, sols Solvers, domain string) error {
+func (p *Provider) Authorize(sols Solvers, domain string) error {
req := &Authorization{
Resource: ResNewAuthz,
Identifier: Identifier{
@@ -55,7 +55,7 @@ func (p *Provider) Authorize(s *Signer, sols Solvers, domain string) error {
Value: domain,
},
}
- resp, err := p.post(p.NewAuthz, s, req)
+ resp, err := p.post(p.NewAuthz, req)
if err != nil {
return err
}
@@ -63,7 +63,7 @@ func (p *Provider) Authorize(s *Signer, sols Solvers, domain string) error {
return err
}
for _, ch := range req.Supported(sols) {
- if err := p.Solve(s, ch, sols[ch.Type]); err != nil {
+ if err := p.Solve(ch, sols[ch.Type]); err != nil {
return err
}
}
diff --git a/certificate.go b/certificate.go
index 9273975..f9bec45 100644
--- a/certificate.go
+++ b/certificate.go
@@ -10,13 +10,13 @@ type CSR struct {
CSR string `json:"csr"`
}
-func (p *Provider) Bundle(s *Signer, key crypto.PrivateKey, altnames []string, email string) (tls.Certificate, error) {
+func (p *Provider) Bundle(key crypto.PrivateKey, altnames []string, email string) (tls.Certificate, error) {
cert := tls.Certificate{PrivateKey: key}
csr, err := NewCSR(key, altnames, email)
if err != nil {
return cert, err
}
- crt, up, err := p.RequestCert(s, csr)
+ crt, up, err := p.RequestCert(csr)
if err != nil {
return cert, err
}
@@ -28,12 +28,12 @@ func (p *Provider) Bundle(s *Signer, key crypto.PrivateKey, altnames []string, e
return cert, nil
}
-func (p *Provider) RequestCert(s *Signer, csr string) ([]byte, string, error) {
+func (p *Provider) RequestCert(csr string) ([]byte, string, error) {
req := &CSR{
Resource: ResNewCert,
CSR: csr,
}
- resp, err := p.post(p.NewCert, s, req)
+ resp, err := p.post(p.NewCert, req)
if err != nil {
return nil, "", err
}
diff --git a/challenge.go b/challenge.go
index 725a9a3..494f7ef 100644
--- a/challenge.go
+++ b/challenge.go
@@ -49,10 +49,10 @@ const (
ChallengeDNS ChalType = "dns-01"
)
-func (p *Provider) Solve(s *Signer, ch Challenge, sol Solver) error {
+func (p *Provider) Solve(ch Challenge, sol Solver) error {
// update challenge
ch.Resource = ResChallenge
- ch.KeyAuthorization = s.KeyAuth(ch.Token)
+ ch.KeyAuthorization = p.KeyAuth(ch.Token)
// prepare solver
if err := sol.Solve(ch); err != nil {
@@ -60,7 +60,7 @@ func (p *Provider) Solve(s *Signer, ch Challenge, sol Solver) error {
}
defer sol.Solved()
- resp, err := p.post(ch.URI, s, ch)
+ resp, err := p.post(ch.URI, ch)
if err != nil {
return err
}
diff --git a/provider.go b/provider.go
index 5c43655..23b6bd4 100644
--- a/provider.go
+++ b/provider.go
@@ -1,6 +1,7 @@
package acme
import (
+ "bytes"
"crypto"
"encoding/json"
"errors"
@@ -49,6 +50,7 @@ type Meta struct {
type Provider struct {
Directory
http.Client
+ thumb string
}
var (
@@ -76,6 +78,7 @@ func DialProvider(directory string, key crypto.PrivateKey) (*Provider, error) {
Client: http.Client{
Transport: sig,
},
+ thumb: sig.thumb,
}
if directory == "" {
directory = LE1
@@ -87,16 +90,16 @@ func DialProvider(directory string, key crypto.PrivateKey) (*Provider, error) {
return p, parseJson(resp, &p.Directory)
}
-func (p *Provider) post(uri string, s *Signer, v interface{}) (*http.Response, error) {
+func (p Provider) KeyAuth(token string) string {
+ return token + "." + p.thumb
+}
+
+func (p *Provider) post(uri string, v interface{}) (*http.Response, error) {
msg, err := json.Marshal(v)
if err != nil {
return nil, err
}
- signed, err := s.Sign(msg)
- if err != nil {
- return nil, err
- }
- return p.Post(uri, mimeJose, signed)
+ return p.Post(uri, mimeJose, bytes.NewReader(msg))
}
type nextStep struct {
diff --git a/register.go b/register.go
index f3fd1a9..bd9e0da 100644
--- a/register.go
+++ b/register.go
@@ -22,13 +22,13 @@ type Registration struct {
CreatedAt *time.Time `json:"createdAt,omitempty"`
}
-func (p *Provider) Register(s *Signer, c Contacts, agree func(string) bool) error {
+func (p *Provider) Register(c Contacts, agree func(string) bool) error {
// first step: new-reg
req := &Registration{
Resource: ResNewReg,
Contact: c,
}
- resp, err := p.post(p.NewReg, s, req)
+ resp, err := p.post(p.NewReg, req)
if err != nil {
return err
}
@@ -51,7 +51,7 @@ func (p *Provider) Register(s *Signer, c Contacts, agree func(string) bool) erro
Contact: c,
Agreement: ns.Link["terms-of-service"],
}
- resp, err = p.post(ns.Location, s, req)
+ resp, err = p.post(ns.Location, req)
if err != nil {
return err
}
diff --git a/signer.go b/signer.go
index 04bfd85..f72cd3c 100644
--- a/signer.go
+++ b/signer.go
@@ -6,7 +6,7 @@ import (
"crypto/rsa"
"encoding/base64"
"errors"
- "io"
+ "io/ioutil"
"net/http"
"strings"
@@ -20,7 +20,7 @@ var errNoNonces = errors.New("out of nonces")
// Signer ...
type Signer struct {
- signer jose.Signer
+ jose.Signer
thumb string
nonces chan string
}
@@ -41,8 +41,8 @@ func NewSigner(privKey crypto.PrivateKey) (*Signer, error) {
if err != nil {
return nil, err
}
- sig := &Signer{signer: s, thumb: t, nonces: make(chan string, 100)}
- sig.signer.SetNonceSource(sig)
+ sig := &Signer{Signer: s, thumb: t, nonces: make(chan string, 100)}
+ sig.SetNonceSource(sig)
return sig, nil
case *ecdsa.PrivateKey:
s, err := jose.NewSigner(jose.ES384, k)
@@ -53,8 +53,8 @@ func NewSigner(privKey crypto.PrivateKey) (*Signer, error) {
if err != nil {
return nil, err
}
- sig := &Signer{signer: s, thumb: t, nonces: make(chan string, 100)}
- sig.signer.SetNonceSource(sig)
+ sig := &Signer{Signer: s, thumb: t, nonces: make(chan string, 100)}
+ sig.SetNonceSource(sig)
return sig, nil
default:
return nil, ErrKeyType
@@ -73,20 +73,18 @@ func (s Signer) Nonce() (string, error) {
// RoundTrip extracts nonces from HTTP response
func (s Signer) RoundTrip(req *http.Request) (*http.Response, error) {
- /*
- if req.Method == "POST" {
- body, err := ioutil.ReadAll(req.Body)
- if err != nil {
- return nil, err
- }
- req.Body.Close()
- obj, err := s.signer.Sign(body)
- if err != nil {
- return nil, err
- }
- req.Body = ioutil.NopCloser(strings.NewReader(obj.FullSerialize()))
+ if req.Method == "POST" {
+ body, err := ioutil.ReadAll(req.Body)
+ if err != nil {
+ return nil, err
}
- */
+ req.Body.Close()
+ obj, err := s.Sign(body)
+ if err != nil {
+ return nil, err
+ }
+ req.Body = ioutil.NopCloser(strings.NewReader(obj.FullSerialize()))
+ }
resp, err := http.DefaultTransport.RoundTrip(req)
if err != nil {
return nil, err
@@ -101,16 +99,3 @@ func (s Signer) RoundTrip(req *http.Request) (*http.Response, error) {
s.nonces <- nonce
return resp, nil
}
-
-// Sign implements Signer interface
-func (s Signer) Sign(msg []byte) (io.Reader, error) {
- obj, err := s.signer.Sign(msg)
- if err != nil {
- return nil, err
- }
- return strings.NewReader(obj.FullSerialize()), nil
-}
-
-func (s Signer) KeyAuth(token string) string {
- return token + "." + s.thumb
-}