From d21f85cfebeaee5335b0a8228f0c6f2653e942a0 Mon Sep 17 00:00:00 2001 From: Dimitri Sokolyuk Date: Fri, 3 Jun 2016 14:03:20 +0200 Subject: Encapsulate Signer in Provider --- authorize.go | 6 +++--- certificate.go | 8 ++++---- challenge.go | 6 +++--- provider.go | 15 +++++++++------ register.go | 6 +++--- signer.go | 49 +++++++++++++++++-------------------------------- 6 files changed, 39 insertions(+), 51 deletions(-) diff --git a/authorize.go b/authorize.go index c6ea6d6..893764c 100644 --- a/authorize.go +++ b/authorize.go @@ -47,7 +47,7 @@ func (a Authorization) Supported(sols Solvers) []Challenge { return nil } -func (p *Provider) Authorize(s *Signer, sols Solvers, domain string) error { +func (p *Provider) Authorize(sols Solvers, domain string) error { req := &Authorization{ Resource: ResNewAuthz, Identifier: Identifier{ @@ -55,7 +55,7 @@ func (p *Provider) Authorize(s *Signer, sols Solvers, domain string) error { Value: domain, }, } - resp, err := p.post(p.NewAuthz, s, req) + resp, err := p.post(p.NewAuthz, req) if err != nil { return err } @@ -63,7 +63,7 @@ func (p *Provider) Authorize(s *Signer, sols Solvers, domain string) error { return err } for _, ch := range req.Supported(sols) { - if err := p.Solve(s, ch, sols[ch.Type]); err != nil { + if err := p.Solve(ch, sols[ch.Type]); err != nil { return err } } diff --git a/certificate.go b/certificate.go index 9273975..f9bec45 100644 --- a/certificate.go +++ b/certificate.go @@ -10,13 +10,13 @@ type CSR struct { CSR string `json:"csr"` } -func (p *Provider) Bundle(s *Signer, key crypto.PrivateKey, altnames []string, email string) (tls.Certificate, error) { +func (p *Provider) Bundle(key crypto.PrivateKey, altnames []string, email string) (tls.Certificate, error) { cert := tls.Certificate{PrivateKey: key} csr, err := NewCSR(key, altnames, email) if err != nil { return cert, err } - crt, up, err := p.RequestCert(s, csr) + crt, up, err := p.RequestCert(csr) if err != nil { return cert, err } @@ -28,12 +28,12 @@ func (p *Provider) Bundle(s *Signer, key crypto.PrivateKey, altnames []string, e return cert, nil } -func (p *Provider) RequestCert(s *Signer, csr string) ([]byte, string, error) { +func (p *Provider) RequestCert(csr string) ([]byte, string, error) { req := &CSR{ Resource: ResNewCert, CSR: csr, } - resp, err := p.post(p.NewCert, s, req) + resp, err := p.post(p.NewCert, req) if err != nil { return nil, "", err } diff --git a/challenge.go b/challenge.go index 725a9a3..494f7ef 100644 --- a/challenge.go +++ b/challenge.go @@ -49,10 +49,10 @@ const ( ChallengeDNS ChalType = "dns-01" ) -func (p *Provider) Solve(s *Signer, ch Challenge, sol Solver) error { +func (p *Provider) Solve(ch Challenge, sol Solver) error { // update challenge ch.Resource = ResChallenge - ch.KeyAuthorization = s.KeyAuth(ch.Token) + ch.KeyAuthorization = p.KeyAuth(ch.Token) // prepare solver if err := sol.Solve(ch); err != nil { @@ -60,7 +60,7 @@ func (p *Provider) Solve(s *Signer, ch Challenge, sol Solver) error { } defer sol.Solved() - resp, err := p.post(ch.URI, s, ch) + resp, err := p.post(ch.URI, ch) if err != nil { return err } diff --git a/provider.go b/provider.go index 5c43655..23b6bd4 100644 --- a/provider.go +++ b/provider.go @@ -1,6 +1,7 @@ package acme import ( + "bytes" "crypto" "encoding/json" "errors" @@ -49,6 +50,7 @@ type Meta struct { type Provider struct { Directory http.Client + thumb string } var ( @@ -76,6 +78,7 @@ func DialProvider(directory string, key crypto.PrivateKey) (*Provider, error) { Client: http.Client{ Transport: sig, }, + thumb: sig.thumb, } if directory == "" { directory = LE1 @@ -87,16 +90,16 @@ func DialProvider(directory string, key crypto.PrivateKey) (*Provider, error) { return p, parseJson(resp, &p.Directory) } -func (p *Provider) post(uri string, s *Signer, v interface{}) (*http.Response, error) { +func (p Provider) KeyAuth(token string) string { + return token + "." + p.thumb +} + +func (p *Provider) post(uri string, v interface{}) (*http.Response, error) { msg, err := json.Marshal(v) if err != nil { return nil, err } - signed, err := s.Sign(msg) - if err != nil { - return nil, err - } - return p.Post(uri, mimeJose, signed) + return p.Post(uri, mimeJose, bytes.NewReader(msg)) } type nextStep struct { diff --git a/register.go b/register.go index f3fd1a9..bd9e0da 100644 --- a/register.go +++ b/register.go @@ -22,13 +22,13 @@ type Registration struct { CreatedAt *time.Time `json:"createdAt,omitempty"` } -func (p *Provider) Register(s *Signer, c Contacts, agree func(string) bool) error { +func (p *Provider) Register(c Contacts, agree func(string) bool) error { // first step: new-reg req := &Registration{ Resource: ResNewReg, Contact: c, } - resp, err := p.post(p.NewReg, s, req) + resp, err := p.post(p.NewReg, req) if err != nil { return err } @@ -51,7 +51,7 @@ func (p *Provider) Register(s *Signer, c Contacts, agree func(string) bool) erro Contact: c, Agreement: ns.Link["terms-of-service"], } - resp, err = p.post(ns.Location, s, req) + resp, err = p.post(ns.Location, req) if err != nil { return err } diff --git a/signer.go b/signer.go index 04bfd85..f72cd3c 100644 --- a/signer.go +++ b/signer.go @@ -6,7 +6,7 @@ import ( "crypto/rsa" "encoding/base64" "errors" - "io" + "io/ioutil" "net/http" "strings" @@ -20,7 +20,7 @@ var errNoNonces = errors.New("out of nonces") // Signer ... type Signer struct { - signer jose.Signer + jose.Signer thumb string nonces chan string } @@ -41,8 +41,8 @@ func NewSigner(privKey crypto.PrivateKey) (*Signer, error) { if err != nil { return nil, err } - sig := &Signer{signer: s, thumb: t, nonces: make(chan string, 100)} - sig.signer.SetNonceSource(sig) + sig := &Signer{Signer: s, thumb: t, nonces: make(chan string, 100)} + sig.SetNonceSource(sig) return sig, nil case *ecdsa.PrivateKey: s, err := jose.NewSigner(jose.ES384, k) @@ -53,8 +53,8 @@ func NewSigner(privKey crypto.PrivateKey) (*Signer, error) { if err != nil { return nil, err } - sig := &Signer{signer: s, thumb: t, nonces: make(chan string, 100)} - sig.signer.SetNonceSource(sig) + sig := &Signer{Signer: s, thumb: t, nonces: make(chan string, 100)} + sig.SetNonceSource(sig) return sig, nil default: return nil, ErrKeyType @@ -73,20 +73,18 @@ func (s Signer) Nonce() (string, error) { // RoundTrip extracts nonces from HTTP response func (s Signer) RoundTrip(req *http.Request) (*http.Response, error) { - /* - if req.Method == "POST" { - body, err := ioutil.ReadAll(req.Body) - if err != nil { - return nil, err - } - req.Body.Close() - obj, err := s.signer.Sign(body) - if err != nil { - return nil, err - } - req.Body = ioutil.NopCloser(strings.NewReader(obj.FullSerialize())) + if req.Method == "POST" { + body, err := ioutil.ReadAll(req.Body) + if err != nil { + return nil, err } - */ + req.Body.Close() + obj, err := s.Sign(body) + if err != nil { + return nil, err + } + req.Body = ioutil.NopCloser(strings.NewReader(obj.FullSerialize())) + } resp, err := http.DefaultTransport.RoundTrip(req) if err != nil { return nil, err @@ -101,16 +99,3 @@ func (s Signer) RoundTrip(req *http.Request) (*http.Response, error) { s.nonces <- nonce return resp, nil } - -// Sign implements Signer interface -func (s Signer) Sign(msg []byte) (io.Reader, error) { - obj, err := s.signer.Sign(msg) - if err != nil { - return nil, err - } - return strings.NewReader(obj.FullSerialize()), nil -} - -func (s Signer) KeyAuth(token string) string { - return token + "." + s.thumb -} -- cgit v1.2.3