From 327e4172e4070e7ebbe4802220c82f93d6b54d95 Mon Sep 17 00:00:00 2001 From: Dimitri Sokolyuk Date: Sun, 6 Mar 2016 04:54:40 +0100 Subject: Simplify KeyAuth --- account.go | 49 +++++++++++++++++++++++++++++-------------------- challenge.go | 10 ++-------- 2 files changed, 31 insertions(+), 28 deletions(-) diff --git a/account.go b/account.go index 4fa8cec..fa3351b 100644 --- a/account.go +++ b/account.go @@ -18,16 +18,36 @@ const KeySize = 2048 type Account struct { key crypto.PrivateKey signer jose.Signer + thumb string } -func NewAccount(key crypto.PrivateKey) (*Account, error) { - switch k := key.(type) { +func NewAccount(privKey crypto.PrivateKey) (*Account, error) { + thumb := func(alg string, pubKey crypto.PublicKey) (string, error) { + wk := &jose.JsonWebKey{Key: pubKey, Algorithm: alg} + t, err := wk.Thumbprint(crypto.SHA256) + return base64.RawURLEncoding.EncodeToString(t), err + } + switch k := privKey.(type) { case *rsa.PrivateKey: - signer, err := jose.NewSigner(jose.RS256, k) - return &Account{key: k, signer: signer}, err + s, err := jose.NewSigner(jose.RS256, k) + if err != nil { + return nil, err + } + t, err := thumb("RSA", k.Public()) + if err != nil { + return nil, err + } + return &Account{key: k, signer: s, thumb: t}, nil case *ecdsa.PrivateKey: - signer, err := jose.NewSigner(jose.ES384, k) - return &Account{key: k, signer: signer}, err + s, err := jose.NewSigner(jose.ES384, k) + if err != nil { + return nil, err + } + t, err := thumb("EC", k.Public()) + if err != nil { + return nil, err + } + return &Account{key: k, signer: s, thumb: t}, nil default: return nil, errKeyType } @@ -36,7 +56,7 @@ func NewAccount(key crypto.PrivateKey) (*Account, error) { // Signer describes a signing interface type Signer interface { Sign([]byte, jose.NonceSource) (io.Reader, error) - KeyAuth(string) (string, error) + KeyAuth(string) string } // Sign implements Signer interface @@ -49,17 +69,6 @@ func (a *Account) Sign(msg []byte, n jose.NonceSource) (io.Reader, error) { return strings.NewReader(obj.FullSerialize()), nil } -func (a *Account) KeyAuth(token string) (string, error) { - var wk *jose.JsonWebKey - switch k := a.key.(type) { - case *rsa.PrivateKey: - wk = &jose.JsonWebKey{Key: k.Public(), Algorithm: "RSA"} - case *ecdsa.PrivateKey: - wk = &jose.JsonWebKey{Key: k.Public(), Algorithm: "EC"} - } - thumb, err := wk.Thumbprint(crypto.SHA256) - if err != nil { - return "", err - } - return token + "." + base64.RawURLEncoding.EncodeToString(thumb), nil +func (a *Account) KeyAuth(token string) string { + return token + "." + a.thumb } diff --git a/challenge.go b/challenge.go index fa313b0..e7b28c2 100644 --- a/challenge.go +++ b/challenge.go @@ -37,18 +37,12 @@ const ( ) func (p *Provider) Solve(s Signer, ch Challenge, sol Solver) error { - var err error - // update challenge ch.Resource = ResChallenge - ch.KeyAuthorization, err = s.KeyAuth(ch.Token) - if err != nil { - return err - } + ch.KeyAuthorization = s.KeyAuth(ch.Token) // prepare solver - err = sol.Solve(ch) - if err != nil { + if err := sol.Solve(ch); err != nil { return err } defer sol.Solved() -- cgit v1.2.3