aboutsummaryrefslogtreecommitdiff
path: root/provider.go
blob: afb8566daf9446401c047ae7be69bdeca608df1f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
package acme

import (
	"bytes"
	"crypto"
	"encoding/json"
	"errors"
	"io/ioutil"
	"net/http"
	"regexp"
	"time"
)

const (
	// LE1 Let's Encrypt V1
	LE1 = `https://acme-v01.api.letsencrypt.org/directory`
	// LES Let's Encrypt Staging
	LES = `https://acme-staging.api.letsencrypt.org/directory`
)

type Resource string

const (
	ResNewReg     Resource = "new-reg"
	ResNewAuthz   Resource = "new-authz"
	ResNewCert    Resource = "new-cert"
	ResRevokeCert Resource = "revoke-cert"
	ResReg        Resource = "reg"
	ResAuthz      Resource = "authz"
	ResChallenge  Resource = "challenge"
	ResCert       Resource = "cert"
)

// Directory ...
type Directory struct {
	NewReg     string `json:"new-reg"`
	NewAuthz   string `json:"new-authz"`
	NewCert    string `json:"new-cert"`
	RevokeCert string `json:"revoke-cert"`
	Meta       *Meta  `json:"meta,omitemtpy"`
}

type Meta struct {
	TOS     string   `json:"terms-of-service"`
	Website string   `json:"website"`
	CAA     []string `json:"caa-identities"`
}

// Provider ...
type Provider struct {
	Directory
	http.Client
	thumb string
}

var (
	errContentType = errors.New("unknown content type")
	errChalType    = errors.New("unknown challenge")
	errStatus      = errors.New("unexpected status")
)

const (
	mimeJson    = "application/json"
	mimeJose    = "application/jose+json"
	mimeProblem = "application/problem+json"
	mimePkix    = "application/pkix-cert"
	timeout     = time.Second * 10
	poll        = time.Second
)

// DialProvider fetches directory and initializes first nonce
func DialProvider(directory string, key crypto.PrivateKey) (*Provider, error) {
	sig, err := newSigner(key)
	if err != nil {
		return nil, err
	}
	thumb, err := Thumbnail(key)
	if err != nil {
		return nil, err
	}
	p := &Provider{
		Client: http.Client{
			Transport: sig,
		},
		thumb: thumb,
	}
	if directory == "" {
		directory = LE1
	}
	resp, err := p.Get(directory)
	if err != nil {
		return nil, err
	}
	return p, parseJson(resp, &p.Directory)
}

func (p Provider) KeyAuth(token string) string {
	return token + "." + p.thumb
}

func (p *Provider) postJson(uri string, v interface{}) (*http.Response, error) {
	msg, err := json.Marshal(v)
	if err != nil {
		return nil, err
	}
	return p.Post(uri, mimeJose, bytes.NewReader(msg))
}

type nextStep struct {
	Link     map[string]string
	Location string
}

var linksRe = regexp.MustCompile(`^<(.*)>;rel="(.*)"`)

func parseHeader(resp *http.Response) nextStep {
	var ns nextStep
	if lo, _ := resp.Location(); lo != nil {
		ns.Location = lo.String()
	}
	ns.Link = make(map[string]string)
	for _, li := range resp.Header["Link"] {
		re := linksRe.FindStringSubmatch(li)
		if len(re) == 3 {
			ns.Link[re[2]] = re[1]
		}
	}
	return ns
}

func parseJson(resp *http.Response, v interface{}) error {
	defer resp.Body.Close()
	switch resp.Header.Get("Content-Type") {
	case mimeJson:
		return json.NewDecoder(resp.Body).Decode(v)
	case mimeProblem:
		return problem(resp.Body)
	default:
		return errContentType
	}
}

func parseCert(resp *http.Response) ([]byte, error) {
	defer resp.Body.Close()
	switch resp.Header.Get("Content-Type") {
	case mimePkix:
		return ioutil.ReadAll(resp.Body)
	case mimeProblem:
		return nil, problem(resp.Body)
	default:
		return nil, errContentType
	}
}