aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--client.go32
-rw-r--r--cmd/acme/config.go1
-rw-r--r--cmd/acme/main.go5
-rw-r--r--crypto.go12
-rw-r--r--messages.go5
5 files changed, 46 insertions, 9 deletions
diff --git a/client.go b/client.go
index 8cfc06e..bbae554 100644
--- a/client.go
+++ b/client.go
@@ -1,6 +1,7 @@
package acme
import (
+ "crypto/rsa"
"encoding/json"
"errors"
"io/ioutil"
@@ -86,6 +87,12 @@ func (c *Client) post(uri string, s Signer, v interface{}) (*http.Response, erro
if err != nil {
return nil, err
}
+ // TODO: add content-type switch
+ // application/problem+json
+ // application/json
+ // application/pkix-cert
+ ct := resp.Header.Get("Content-Type")
+ log.Println(ansi.Color("CT", "green"), ct)
defer resp.Body.Close()
defer c.replyNonce(resp)
log.Println(ansi.Color("STATUS", "yellow"), resp.Status)
@@ -209,10 +216,10 @@ func pickChallenge(c []Challenge) (int, Challenge) {
return -1, Challenge{}
}
-func (c *Client) Authorize(a *Account, domain []string) error {
+func (c *Client) Authorize(a *Account, altnames []string) error {
ident := Identifier{
Type: IdentDNS,
- Value: domain[0],
+ Value: altnames[0],
}
r := &Authorization{
Resource: ResNewAuthz,
@@ -251,6 +258,7 @@ func (c *Client) Authorize(a *Account, domain []string) error {
ns := parseHeader(resp)
done := make(chan bool)
errc := make(chan error)
+ log.Println(ansi.Color("NextStep", "green"), ns)
ticker := time.NewTicker(time.Second)
defer ticker.Stop()
go func() {
@@ -265,6 +273,8 @@ func (c *Client) Authorize(a *Account, domain []string) error {
select {
case <-done:
case err = <-errc:
+ case <-time.After(5 * time.Second):
+ return errors.New("timed out")
}
}
@@ -287,8 +297,22 @@ func (c *Client) Status(url string, n int, done chan bool) error {
log.Println(ansi.Color("DONE", "red:white"))
done <- true
}
- ns := parseHeader(resp)
- log.Println(ansi.Color("NEXT", "black:yellow"), ns)
+ return nil
+}
+
+func (c *Client) CSR(s Signer, altnames []string, key *rsa.PrivateKey) error {
+ csr, err := NewCSR(altnames, key)
+ if err != nil {
+ return err
+ }
+ r := &CSR{
+ Resource: ResNewCert,
+ CSR: csr,
+ }
+ _, err = c.post(c.NewCert, s, r)
+ if err != nil {
+ return err
+ }
return nil
}
diff --git a/cmd/acme/config.go b/cmd/acme/config.go
index a7ad24a..1180f16 100644
--- a/cmd/acme/config.go
+++ b/cmd/acme/config.go
@@ -60,7 +60,6 @@ type desire struct {
account *account
key *rsa.PrivateKey
cert *x509.Certificate
- csr *x509.CertificateRequest
}
var (
diff --git a/cmd/acme/main.go b/cmd/acme/main.go
index c84367b..6b07d5e 100644
--- a/cmd/acme/main.go
+++ b/cmd/acme/main.go
@@ -102,6 +102,11 @@ func main() {
if err != nil {
log.Println("authz", err)
}
+
+ err = c.CSR(a, des.Altnames, des.key)
+ if err != nil {
+ log.Println("cert", err)
+ }
}
}
diff --git a/crypto.go b/crypto.go
index 619cccc..bb1dd6a 100644
--- a/crypto.go
+++ b/crypto.go
@@ -35,7 +35,7 @@ func NewKey(w io.Writer, size int) (*rsa.PrivateKey, error) {
return key, pem.Encode(w, block)
}
-func NewCSR(altnames []string, key *rsa.PrivateKey) ([]byte, error) {
+func NewCSR(altnames []string, key *rsa.PrivateKey) (string, error) {
tmpl := x509.CertificateRequest{
Subject: pkix.Name{
CommonName: altnames[0],
@@ -44,14 +44,18 @@ func NewCSR(altnames []string, key *rsa.PrivateKey) ([]byte, error) {
if len(altnames) > 1 {
tmpl.DNSNames = altnames
}
- return x509.CreateCertificateRequest(rand.Reader, &tmpl, key)
+ der, err := x509.CreateCertificateRequest(rand.Reader, &tmpl, key)
+ if err != nil {
+ return "", err
+ }
+ return base64.RawURLEncoding.EncodeToString(der), nil
}
func Thumb(token string, key crypto.PublicKey) (string, error) {
k := &jose.JsonWebKey{Key: key, Algorithm: "RSA"}
- t, err := k.Thumbprint(crypto.SHA256)
+ thumb, err := k.Thumbprint(crypto.SHA256)
if err != nil {
return "", err
}
- return token + "." + base64.RawURLEncoding.EncodeToString(t), nil
+ return token + "." + base64.RawURLEncoding.EncodeToString(thumb), nil
}
diff --git a/messages.go b/messages.go
index 1be7c42..85aa48a 100644
--- a/messages.go
+++ b/messages.go
@@ -203,3 +203,8 @@ func (c *ChallengeType) UnmarshalText(b []byte) error {
}
return fmt.Errorf("unknown challenge %v", string(b))
}
+
+type CSR struct {
+ Resource Resource `json:"resource"` // new-cert
+ CSR string `json:"csr"`
+}