From 98b7cd41de84742c6c4b895d42a1203f02a442a4 Mon Sep 17 00:00:00 2001 From: Dimitri Sokolyuk Date: Mon, 7 Mar 2016 14:36:50 +0100 Subject: Move SNIName to Challenge --- challenge.go | 15 ++++++++++++++- solve_tls.go | 12 ++---------- 2 files changed, 16 insertions(+), 11 deletions(-) diff --git a/challenge.go b/challenge.go index e7b28c2..abc35ef 100644 --- a/challenge.go +++ b/challenge.go @@ -1,6 +1,10 @@ package acme -import "time" +import ( + "crypto/sha256" + "encoding/hex" + "time" +) // Challege ... type Challenge struct { @@ -14,6 +18,15 @@ type Challenge struct { Err *Problem `json:"error,omitempty"` } +const AcmeInvalid = `.acme.invalid` + +// SNIName returns a new SNI name based on KeyAuthorization +func (c Challenge) SNIName() string { + hash := sha256.Sum256([]byte(c.KeyAuthorization)) + z := hex.EncodeToString(hash[:]) + return z[:32] + "." + z[32:] + AcmeInvalid +} + // Status of request type Status string diff --git a/solve_tls.go b/solve_tls.go index 36bbf11..c5e5fed 100644 --- a/solve_tls.go +++ b/solve_tls.go @@ -3,10 +3,8 @@ package acme import ( "crypto/rand" "crypto/rsa" - "crypto/sha256" "crypto/tls" "crypto/x509" - "encoding/hex" "errors" "log" "math/big" @@ -30,7 +28,7 @@ func (s *tlsSolver) getCert(h *tls.ClientHelloInfo) (*tls.Certificate, error) { func NewTLSSolver(addr string) (Solver, error) { // we need at least one cert - dummy, err := newCert(sniName("")) + dummy, err := newCert("dummy" + AcmeInvalid) if err != nil { return nil, err } @@ -84,14 +82,8 @@ func newCert(domain string) (tls.Certificate, error) { }, nil } -func sniName(keyAuth string) string { - hash := sha256.Sum256([]byte(keyAuth)) - z := hex.EncodeToString(hash[:]) - return z[:32] + "." + z[32:] + ".acme.invalid" -} - func (s *tlsSolver) Solve(ch Challenge) error { - name := sniName(ch.KeyAuthorization) + name := ch.SNIName() log.Println("solve tls", name) crt, err := newCert(name) if err != nil { -- cgit v1.2.3