From 0c1b5b987647bb264a1027565357b1377e3f5fad Mon Sep 17 00:00:00 2001 From: Dimitri Sokolyuk Date: Sat, 26 Dec 2015 23:31:17 +0100 Subject: Move Thumb into Account --- README.md | 17 +++++++++++++++++ account.go | 12 ++++++++++++ client.go | 14 +++++++------- crypto.go | 12 ------------ 4 files changed, 36 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index a0d4400..392e773 100644 --- a/README.md +++ b/README.md @@ -111,3 +111,20 @@ worker: ## test tunnel slogin -R \*:80:localhost:8080 -N root@docker.moccu.com + + + +# Refactor + +## Register Account +- account key + +## Authorize Domain +- account key (signer) +- altnames +- params: webroot, address + +## Certificate +- account key (signer) +- cert key +- altnames diff --git a/account.go b/account.go index 0ce0643..a914db4 100644 --- a/account.go +++ b/account.go @@ -1,7 +1,9 @@ package acme import ( + "crypto" "crypto/rsa" + "encoding/base64" "io" "net/mail" "strings" @@ -48,6 +50,7 @@ func (a *Account) AddPhone(phone string) error { // Signer describes a signing interface type Signer interface { Sign([]byte, jose.NonceSource) (io.Reader, error) + Thumb(string) (string, error) } // Sign implements Signer interface @@ -59,3 +62,12 @@ func (a *Account) Sign(msg []byte, n jose.NonceSource) (io.Reader, error) { } return strings.NewReader(obj.FullSerialize()), nil } + +func (a *Account) Thumb(token string) (string, error) { + k := &jose.JsonWebKey{Key: a.PrivKey.Public(), Algorithm: "RSA"} + thumb, err := k.Thumbprint(crypto.SHA256) + if err != nil { + return "", err + } + return token + "." + base64.RawURLEncoding.EncodeToString(thumb), nil +} diff --git a/client.go b/client.go index b0f76a0..45dca55 100644 --- a/client.go +++ b/client.go @@ -212,7 +212,7 @@ func pickChallenge(c []Challenge) (int, Challenge) { return -1, Challenge{} } -func (c *Client) Authorize(a *Account, altnames []string) error { +func (c *Client) Authorize(s Signer, altnames []string) error { ident := Identifier{ Type: IdentDNS, Value: altnames[0], @@ -221,7 +221,7 @@ func (c *Client) Authorize(a *Account, altnames []string) error { Resource: ResNewAuthz, Identifier: ident, } - resp, err := c.post(c.NewAuthz, a, r) + resp, err := c.post(c.NewAuthz, s, r) if err != nil { return err } @@ -232,24 +232,24 @@ func (c *Client) Authorize(a *Account, altnames []string) error { return errors.New("can't solve any challenges") } - ka, _ := Thumb(ch.Token, a.PrivKey.Public()) + ka, _ := s.Thumb(ch.Token) ans := &Challenge{ Resource: ResChallenge, Type: ch.Type, KeyAuthorization: ka, } - _, err = c.post(ch.URI, a, ans) + _, err = c.post(ch.URI, s, ans) - var s Solver + var sol Solver switch ch.Type { case ChallengeHTTP: - s = &httpChallenge{Addr: "localhost:8080", Challenge: *ans} + sol = &httpChallenge{Addr: "localhost:8080", Challenge: *ans} default: return errChallengeType } - if err := Solve(s, time.Minute); err != nil { + if err := Solve(sol, time.Minute); err != nil { return err } diff --git a/crypto.go b/crypto.go index e005562..f70cc2f 100644 --- a/crypto.go +++ b/crypto.go @@ -1,7 +1,6 @@ package acme import ( - "crypto" "crypto/rand" "crypto/rsa" "crypto/x509" @@ -10,8 +9,6 @@ import ( "encoding/pem" "io" "io/ioutil" - - "github.com/square/go-jose" ) func LoadKey(r io.Reader) (*rsa.PrivateKey, error) { @@ -51,15 +48,6 @@ func NewCSR(altnames []string, key *rsa.PrivateKey) (string, error) { return base64.RawURLEncoding.EncodeToString(der), nil } -func Thumb(token string, key crypto.PublicKey) (string, error) { - k := &jose.JsonWebKey{Key: key, Algorithm: "RSA"} - thumb, err := k.Thumbprint(crypto.SHA256) - if err != nil { - return "", err - } - return token + "." + base64.RawURLEncoding.EncodeToString(thumb), nil -} - func SaveCert(w io.Writer, der []byte) error { block := &pem.Block{ Type: "CERTIFICATE", -- cgit v1.2.3