package acme import ( "bytes" "encoding/json" "errors" "log" "net/http" "net/textproto" "regexp" "time" ) // Links to the next stage type Links map[string]string // Client ... type Client struct { Dir Directory nonce chan string Links Links Next string } // NewClient fetches directory and initializes nonce func NewClient(uri string) (*Client, error) { resp, err := http.Get(uri) if err != nil { return nil, err } defer resp.Body.Close() c := &Client{nonce: make(chan string, 10)} c.nonce <- replyNonce(resp) err = json.NewDecoder(resp.Body).Decode(&c.Dir) if err != nil { return nil, err } return c, nil } var errNoNonces = errors.New("No nonces available") // Nonce implements jose nonce provider func (c Client) Nonce() (string, error) { select { case nonce := <-c.nonce: return nonce, nil default: return "", errNoNonces } } // Important header fields // // Replay-Nonce each response, required for next request // Link links to next stage // Retry-After polling interval // Action Request Response // // Register POST new-reg 201 -> reg // Request challenges POST new-authz 201 -> authz // Answer challenges POST challenge 200 // Poll for status GET authz 200 // Request issuance POST new-cert 201 -> cert // Check for new cert GET cert 200 // post is used for // new-reg, new-authz, challenge, new-cert func (c *Client) post(s Signer, v interface{}) (*http.Response, error) { body, err := json.Marshal(v) if err != nil { return nil, err } log.Println(string(body)) signed, err := s.Sign(body, c) if err != nil { return nil, err } resp, err := http.Post(c.Next, "application/jose+json", bytes.NewReader(signed)) if err != nil { return nil, err } c.nonce <- replyNonce(resp) c.Links = links(resp) if resp.StatusCode >= http.StatusBadRequest { return nil, handleError(resp) } return resp, nil } func (c *Client) response(r *http.Response, v interface{}) (string, error) { defer r.Body.Close() next := r.Header.Get("Location") if next == "" { next = c.Links["next"] } err := json.NewDecoder(r.Body).Decode(v) return next, err } func links(r *http.Response) Links { links := make(Links) key := textproto.CanonicalMIMEHeaderKey("Link") reg := regexp.MustCompile(`^<(.*)>;rel="(.*)"`) for _, l := range r.Header[key] { re := reg.FindStringSubmatch(l) if len(re) == 3 { links[re[2]] = re[1] } } return links } func retryAfter(r *http.Response) time.Duration { ra := r.Header.Get("Retry-After") if d, err := time.ParseDuration(ra + "s"); err == nil { return d } return time.Second } func replyNonce(r *http.Response) string { return r.Header.Get("Replay-Nonce") } func (c *Client) Register(a *Account) error { r := Registration{ Resource: ResNewReg, Contact: a.Contact, } c.Next = c.Dir.NewReg resp, err := c.post(a, r) if err != nil { return err } re := RegistrationResp{} c.Next, err = c.response(resp, &re) if err != nil { return err } log.Println(re) // Agree to TOS r.Resource = ResRegister r.Agreement = c.Links["terms-of-service"] aresp, err := c.post(a, r) if err != nil { return err } c.Next, err = c.response(aresp, &re) log.Println(re) return err } func (c *Client) Authorize(a *Account, domain string) error { az := Authorization{ Resource: ResNewAuthz, Identifier: Identifier{ Type: IdentDNS, Value: domain, }, } c.Next = c.Dir.NewAuthz resp, err := c.post(a, az) if err != nil { return err } defer resp.Body.Close() ae := AuthorizationResp{} err = json.NewDecoder(resp.Body).Decode(&ae) log.Println(ae) return err }