mirror of
https://github.com/Luzifer/cloudkeys-go.git
synced 2024-11-09 22:50:05 +00:00
Knut Ahlers
a1df72edc5
commitf0db1ff1f8
Author: Knut Ahlers <knut@ahlers.me> Date: Sun Dec 24 12:19:56 2017 +0100 Mark option as deprecated Signed-off-by: Knut Ahlers <knut@ahlers.me> commit9891df2a16
Author: Knut Ahlers <knut@ahlers.me> Date: Sun Dec 24 12:11:56 2017 +0100 Fix: Typo Signed-off-by: Knut Ahlers <knut@ahlers.me> commit836006de64
Author: Knut Ahlers <knut@ahlers.me> Date: Sun Dec 24 12:04:20 2017 +0100 Add new dependencies Signed-off-by: Knut Ahlers <knut@ahlers.me> commitd64fee60c8
Author: Knut Ahlers <knut@ahlers.me> Date: Sun Dec 24 11:55:52 2017 +0100 Replace insecure password hashing Prior this commit passwords were hashed with a static salt and using the SHA1 hashing function. This could lead to passwords being attackable in case someone gets access to the raw data stored inside the database. This commit introduces password hashing using bcrypt hashing function which addresses this issue. Old passwords are not automatically re-hashed as they are unknown. Replacing the old password scheme is not that easy and needs #10 to be solved. Therefore the old hashing scheme is kept for compatibility reason. Signed-off-by: Knut Ahlers <knut@ahlers.me> Signed-off-by: Knut Ahlers <knut@ahlers.me> closes #14 closes #15
1058 lines
32 KiB
Go
1058 lines
32 KiB
Go
// Copyright 2015 The Go Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
// Package acme provides an implementation of the
|
|
// Automatic Certificate Management Environment (ACME) spec.
|
|
// See https://tools.ietf.org/html/draft-ietf-acme-acme-02 for details.
|
|
//
|
|
// Most common scenarios will want to use autocert subdirectory instead,
|
|
// which provides automatic access to certificates from Let's Encrypt
|
|
// and any other ACME-based CA.
|
|
//
|
|
// This package is a work in progress and makes no API stability promises.
|
|
package acme
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"crypto"
|
|
"crypto/ecdsa"
|
|
"crypto/elliptic"
|
|
"crypto/rand"
|
|
"crypto/sha256"
|
|
"crypto/tls"
|
|
"crypto/x509"
|
|
"encoding/base64"
|
|
"encoding/hex"
|
|
"encoding/json"
|
|
"encoding/pem"
|
|
"errors"
|
|
"fmt"
|
|
"io"
|
|
"io/ioutil"
|
|
"math/big"
|
|
"net/http"
|
|
"strconv"
|
|
"strings"
|
|
"sync"
|
|
"time"
|
|
)
|
|
|
|
// LetsEncryptURL is the Directory endpoint of Let's Encrypt CA.
|
|
const LetsEncryptURL = "https://acme-v01.api.letsencrypt.org/directory"
|
|
|
|
const (
|
|
maxChainLen = 5 // max depth and breadth of a certificate chain
|
|
maxCertSize = 1 << 20 // max size of a certificate, in bytes
|
|
|
|
// Max number of collected nonces kept in memory.
|
|
// Expect usual peak of 1 or 2.
|
|
maxNonces = 100
|
|
)
|
|
|
|
// Client is an ACME client.
|
|
// The only required field is Key. An example of creating a client with a new key
|
|
// is as follows:
|
|
//
|
|
// key, err := rsa.GenerateKey(rand.Reader, 2048)
|
|
// if err != nil {
|
|
// log.Fatal(err)
|
|
// }
|
|
// client := &Client{Key: key}
|
|
//
|
|
type Client struct {
|
|
// Key is the account key used to register with a CA and sign requests.
|
|
// Key.Public() must return a *rsa.PublicKey or *ecdsa.PublicKey.
|
|
Key crypto.Signer
|
|
|
|
// HTTPClient optionally specifies an HTTP client to use
|
|
// instead of http.DefaultClient.
|
|
HTTPClient *http.Client
|
|
|
|
// DirectoryURL points to the CA directory endpoint.
|
|
// If empty, LetsEncryptURL is used.
|
|
// Mutating this value after a successful call of Client's Discover method
|
|
// will have no effect.
|
|
DirectoryURL string
|
|
|
|
dirMu sync.Mutex // guards writes to dir
|
|
dir *Directory // cached result of Client's Discover method
|
|
|
|
noncesMu sync.Mutex
|
|
nonces map[string]struct{} // nonces collected from previous responses
|
|
}
|
|
|
|
// Discover performs ACME server discovery using c.DirectoryURL.
|
|
//
|
|
// It caches successful result. So, subsequent calls will not result in
|
|
// a network round-trip. This also means mutating c.DirectoryURL after successful call
|
|
// of this method will have no effect.
|
|
func (c *Client) Discover(ctx context.Context) (Directory, error) {
|
|
c.dirMu.Lock()
|
|
defer c.dirMu.Unlock()
|
|
if c.dir != nil {
|
|
return *c.dir, nil
|
|
}
|
|
|
|
dirURL := c.DirectoryURL
|
|
if dirURL == "" {
|
|
dirURL = LetsEncryptURL
|
|
}
|
|
res, err := c.get(ctx, dirURL)
|
|
if err != nil {
|
|
return Directory{}, err
|
|
}
|
|
defer res.Body.Close()
|
|
c.addNonce(res.Header)
|
|
if res.StatusCode != http.StatusOK {
|
|
return Directory{}, responseError(res)
|
|
}
|
|
|
|
var v struct {
|
|
Reg string `json:"new-reg"`
|
|
Authz string `json:"new-authz"`
|
|
Cert string `json:"new-cert"`
|
|
Revoke string `json:"revoke-cert"`
|
|
Meta struct {
|
|
Terms string `json:"terms-of-service"`
|
|
Website string `json:"website"`
|
|
CAA []string `json:"caa-identities"`
|
|
}
|
|
}
|
|
if err := json.NewDecoder(res.Body).Decode(&v); err != nil {
|
|
return Directory{}, err
|
|
}
|
|
c.dir = &Directory{
|
|
RegURL: v.Reg,
|
|
AuthzURL: v.Authz,
|
|
CertURL: v.Cert,
|
|
RevokeURL: v.Revoke,
|
|
Terms: v.Meta.Terms,
|
|
Website: v.Meta.Website,
|
|
CAA: v.Meta.CAA,
|
|
}
|
|
return *c.dir, nil
|
|
}
|
|
|
|
// CreateCert requests a new certificate using the Certificate Signing Request csr encoded in DER format.
|
|
// The exp argument indicates the desired certificate validity duration. CA may issue a certificate
|
|
// with a different duration.
|
|
// If the bundle argument is true, the returned value will also contain the CA (issuer) certificate chain.
|
|
//
|
|
// In the case where CA server does not provide the issued certificate in the response,
|
|
// CreateCert will poll certURL using c.FetchCert, which will result in additional round-trips.
|
|
// In such a scenario, the caller can cancel the polling with ctx.
|
|
//
|
|
// CreateCert returns an error if the CA's response or chain was unreasonably large.
|
|
// Callers are encouraged to parse the returned value to ensure the certificate is valid and has the expected features.
|
|
func (c *Client) CreateCert(ctx context.Context, csr []byte, exp time.Duration, bundle bool) (der [][]byte, certURL string, err error) {
|
|
if _, err := c.Discover(ctx); err != nil {
|
|
return nil, "", err
|
|
}
|
|
|
|
req := struct {
|
|
Resource string `json:"resource"`
|
|
CSR string `json:"csr"`
|
|
NotBefore string `json:"notBefore,omitempty"`
|
|
NotAfter string `json:"notAfter,omitempty"`
|
|
}{
|
|
Resource: "new-cert",
|
|
CSR: base64.RawURLEncoding.EncodeToString(csr),
|
|
}
|
|
now := timeNow()
|
|
req.NotBefore = now.Format(time.RFC3339)
|
|
if exp > 0 {
|
|
req.NotAfter = now.Add(exp).Format(time.RFC3339)
|
|
}
|
|
|
|
res, err := c.retryPostJWS(ctx, c.Key, c.dir.CertURL, req)
|
|
if err != nil {
|
|
return nil, "", err
|
|
}
|
|
defer res.Body.Close()
|
|
if res.StatusCode != http.StatusCreated {
|
|
return nil, "", responseError(res)
|
|
}
|
|
|
|
curl := res.Header.Get("Location") // cert permanent URL
|
|
if res.ContentLength == 0 {
|
|
// no cert in the body; poll until we get it
|
|
cert, err := c.FetchCert(ctx, curl, bundle)
|
|
return cert, curl, err
|
|
}
|
|
// slurp issued cert and CA chain, if requested
|
|
cert, err := c.responseCert(ctx, res, bundle)
|
|
return cert, curl, err
|
|
}
|
|
|
|
// FetchCert retrieves already issued certificate from the given url, in DER format.
|
|
// It retries the request until the certificate is successfully retrieved,
|
|
// context is cancelled by the caller or an error response is received.
|
|
//
|
|
// The returned value will also contain the CA (issuer) certificate if the bundle argument is true.
|
|
//
|
|
// FetchCert returns an error if the CA's response or chain was unreasonably large.
|
|
// Callers are encouraged to parse the returned value to ensure the certificate is valid
|
|
// and has expected features.
|
|
func (c *Client) FetchCert(ctx context.Context, url string, bundle bool) ([][]byte, error) {
|
|
for {
|
|
res, err := c.get(ctx, url)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer res.Body.Close()
|
|
if res.StatusCode == http.StatusOK {
|
|
return c.responseCert(ctx, res, bundle)
|
|
}
|
|
if res.StatusCode > 299 {
|
|
return nil, responseError(res)
|
|
}
|
|
d := retryAfter(res.Header.Get("Retry-After"), 3*time.Second)
|
|
select {
|
|
case <-time.After(d):
|
|
// retry
|
|
case <-ctx.Done():
|
|
return nil, ctx.Err()
|
|
}
|
|
}
|
|
}
|
|
|
|
// RevokeCert revokes a previously issued certificate cert, provided in DER format.
|
|
//
|
|
// The key argument, used to sign the request, must be authorized
|
|
// to revoke the certificate. It's up to the CA to decide which keys are authorized.
|
|
// For instance, the key pair of the certificate may be authorized.
|
|
// If the key is nil, c.Key is used instead.
|
|
func (c *Client) RevokeCert(ctx context.Context, key crypto.Signer, cert []byte, reason CRLReasonCode) error {
|
|
if _, err := c.Discover(ctx); err != nil {
|
|
return err
|
|
}
|
|
|
|
body := &struct {
|
|
Resource string `json:"resource"`
|
|
Cert string `json:"certificate"`
|
|
Reason int `json:"reason"`
|
|
}{
|
|
Resource: "revoke-cert",
|
|
Cert: base64.RawURLEncoding.EncodeToString(cert),
|
|
Reason: int(reason),
|
|
}
|
|
if key == nil {
|
|
key = c.Key
|
|
}
|
|
res, err := c.retryPostJWS(ctx, key, c.dir.RevokeURL, body)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer res.Body.Close()
|
|
if res.StatusCode != http.StatusOK {
|
|
return responseError(res)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// AcceptTOS always returns true to indicate the acceptance of a CA's Terms of Service
|
|
// during account registration. See Register method of Client for more details.
|
|
func AcceptTOS(tosURL string) bool { return true }
|
|
|
|
// Register creates a new account registration by following the "new-reg" flow.
|
|
// It returns the registered account. The account is not modified.
|
|
//
|
|
// The registration may require the caller to agree to the CA's Terms of Service (TOS).
|
|
// If so, and the account has not indicated the acceptance of the terms (see Account for details),
|
|
// Register calls prompt with a TOS URL provided by the CA. Prompt should report
|
|
// whether the caller agrees to the terms. To always accept the terms, the caller can use AcceptTOS.
|
|
func (c *Client) Register(ctx context.Context, a *Account, prompt func(tosURL string) bool) (*Account, error) {
|
|
if _, err := c.Discover(ctx); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
var err error
|
|
if a, err = c.doReg(ctx, c.dir.RegURL, "new-reg", a); err != nil {
|
|
return nil, err
|
|
}
|
|
var accept bool
|
|
if a.CurrentTerms != "" && a.CurrentTerms != a.AgreedTerms {
|
|
accept = prompt(a.CurrentTerms)
|
|
}
|
|
if accept {
|
|
a.AgreedTerms = a.CurrentTerms
|
|
a, err = c.UpdateReg(ctx, a)
|
|
}
|
|
return a, err
|
|
}
|
|
|
|
// GetReg retrieves an existing registration.
|
|
// The url argument is an Account URI.
|
|
func (c *Client) GetReg(ctx context.Context, url string) (*Account, error) {
|
|
a, err := c.doReg(ctx, url, "reg", nil)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
a.URI = url
|
|
return a, nil
|
|
}
|
|
|
|
// UpdateReg updates an existing registration.
|
|
// It returns an updated account copy. The provided account is not modified.
|
|
func (c *Client) UpdateReg(ctx context.Context, a *Account) (*Account, error) {
|
|
uri := a.URI
|
|
a, err := c.doReg(ctx, uri, "reg", a)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
a.URI = uri
|
|
return a, nil
|
|
}
|
|
|
|
// Authorize performs the initial step in an authorization flow.
|
|
// The caller will then need to choose from and perform a set of returned
|
|
// challenges using c.Accept in order to successfully complete authorization.
|
|
//
|
|
// If an authorization has been previously granted, the CA may return
|
|
// a valid authorization (Authorization.Status is StatusValid). If so, the caller
|
|
// need not fulfill any challenge and can proceed to requesting a certificate.
|
|
func (c *Client) Authorize(ctx context.Context, domain string) (*Authorization, error) {
|
|
if _, err := c.Discover(ctx); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
type authzID struct {
|
|
Type string `json:"type"`
|
|
Value string `json:"value"`
|
|
}
|
|
req := struct {
|
|
Resource string `json:"resource"`
|
|
Identifier authzID `json:"identifier"`
|
|
}{
|
|
Resource: "new-authz",
|
|
Identifier: authzID{Type: "dns", Value: domain},
|
|
}
|
|
res, err := c.retryPostJWS(ctx, c.Key, c.dir.AuthzURL, req)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer res.Body.Close()
|
|
if res.StatusCode != http.StatusCreated {
|
|
return nil, responseError(res)
|
|
}
|
|
|
|
var v wireAuthz
|
|
if err := json.NewDecoder(res.Body).Decode(&v); err != nil {
|
|
return nil, fmt.Errorf("acme: invalid response: %v", err)
|
|
}
|
|
if v.Status != StatusPending && v.Status != StatusValid {
|
|
return nil, fmt.Errorf("acme: unexpected status: %s", v.Status)
|
|
}
|
|
return v.authorization(res.Header.Get("Location")), nil
|
|
}
|
|
|
|
// GetAuthorization retrieves an authorization identified by the given URL.
|
|
//
|
|
// If a caller needs to poll an authorization until its status is final,
|
|
// see the WaitAuthorization method.
|
|
func (c *Client) GetAuthorization(ctx context.Context, url string) (*Authorization, error) {
|
|
res, err := c.get(ctx, url)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer res.Body.Close()
|
|
if res.StatusCode != http.StatusOK && res.StatusCode != http.StatusAccepted {
|
|
return nil, responseError(res)
|
|
}
|
|
var v wireAuthz
|
|
if err := json.NewDecoder(res.Body).Decode(&v); err != nil {
|
|
return nil, fmt.Errorf("acme: invalid response: %v", err)
|
|
}
|
|
return v.authorization(url), nil
|
|
}
|
|
|
|
// RevokeAuthorization relinquishes an existing authorization identified
|
|
// by the given URL.
|
|
// The url argument is an Authorization.URI value.
|
|
//
|
|
// If successful, the caller will be required to obtain a new authorization
|
|
// using the Authorize method before being able to request a new certificate
|
|
// for the domain associated with the authorization.
|
|
//
|
|
// It does not revoke existing certificates.
|
|
func (c *Client) RevokeAuthorization(ctx context.Context, url string) error {
|
|
req := struct {
|
|
Resource string `json:"resource"`
|
|
Status string `json:"status"`
|
|
Delete bool `json:"delete"`
|
|
}{
|
|
Resource: "authz",
|
|
Status: "deactivated",
|
|
Delete: true,
|
|
}
|
|
res, err := c.retryPostJWS(ctx, c.Key, url, req)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer res.Body.Close()
|
|
if res.StatusCode != http.StatusOK {
|
|
return responseError(res)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// WaitAuthorization polls an authorization at the given URL
|
|
// until it is in one of the final states, StatusValid or StatusInvalid,
|
|
// or the context is done.
|
|
//
|
|
// It returns a non-nil Authorization only if its Status is StatusValid.
|
|
// In all other cases WaitAuthorization returns an error.
|
|
// If the Status is StatusInvalid, the returned error is of type *AuthorizationError.
|
|
func (c *Client) WaitAuthorization(ctx context.Context, url string) (*Authorization, error) {
|
|
sleep := sleeper(ctx)
|
|
for {
|
|
res, err := c.get(ctx, url)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
retry := res.Header.Get("Retry-After")
|
|
if res.StatusCode != http.StatusOK && res.StatusCode != http.StatusAccepted {
|
|
res.Body.Close()
|
|
if err := sleep(retry, 1); err != nil {
|
|
return nil, err
|
|
}
|
|
continue
|
|
}
|
|
var raw wireAuthz
|
|
err = json.NewDecoder(res.Body).Decode(&raw)
|
|
res.Body.Close()
|
|
if err != nil {
|
|
if err := sleep(retry, 0); err != nil {
|
|
return nil, err
|
|
}
|
|
continue
|
|
}
|
|
if raw.Status == StatusValid {
|
|
return raw.authorization(url), nil
|
|
}
|
|
if raw.Status == StatusInvalid {
|
|
return nil, raw.error(url)
|
|
}
|
|
if err := sleep(retry, 0); err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
}
|
|
|
|
// GetChallenge retrieves the current status of an challenge.
|
|
//
|
|
// A client typically polls a challenge status using this method.
|
|
func (c *Client) GetChallenge(ctx context.Context, url string) (*Challenge, error) {
|
|
res, err := c.get(ctx, url)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer res.Body.Close()
|
|
if res.StatusCode != http.StatusOK && res.StatusCode != http.StatusAccepted {
|
|
return nil, responseError(res)
|
|
}
|
|
v := wireChallenge{URI: url}
|
|
if err := json.NewDecoder(res.Body).Decode(&v); err != nil {
|
|
return nil, fmt.Errorf("acme: invalid response: %v", err)
|
|
}
|
|
return v.challenge(), nil
|
|
}
|
|
|
|
// Accept informs the server that the client accepts one of its challenges
|
|
// previously obtained with c.Authorize.
|
|
//
|
|
// The server will then perform the validation asynchronously.
|
|
func (c *Client) Accept(ctx context.Context, chal *Challenge) (*Challenge, error) {
|
|
auth, err := keyAuth(c.Key.Public(), chal.Token)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
req := struct {
|
|
Resource string `json:"resource"`
|
|
Type string `json:"type"`
|
|
Auth string `json:"keyAuthorization"`
|
|
}{
|
|
Resource: "challenge",
|
|
Type: chal.Type,
|
|
Auth: auth,
|
|
}
|
|
res, err := c.retryPostJWS(ctx, c.Key, chal.URI, req)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer res.Body.Close()
|
|
// Note: the protocol specifies 200 as the expected response code, but
|
|
// letsencrypt seems to be returning 202.
|
|
if res.StatusCode != http.StatusOK && res.StatusCode != http.StatusAccepted {
|
|
return nil, responseError(res)
|
|
}
|
|
|
|
var v wireChallenge
|
|
if err := json.NewDecoder(res.Body).Decode(&v); err != nil {
|
|
return nil, fmt.Errorf("acme: invalid response: %v", err)
|
|
}
|
|
return v.challenge(), nil
|
|
}
|
|
|
|
// DNS01ChallengeRecord returns a DNS record value for a dns-01 challenge response.
|
|
// A TXT record containing the returned value must be provisioned under
|
|
// "_acme-challenge" name of the domain being validated.
|
|
//
|
|
// The token argument is a Challenge.Token value.
|
|
func (c *Client) DNS01ChallengeRecord(token string) (string, error) {
|
|
ka, err := keyAuth(c.Key.Public(), token)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
b := sha256.Sum256([]byte(ka))
|
|
return base64.RawURLEncoding.EncodeToString(b[:]), nil
|
|
}
|
|
|
|
// HTTP01ChallengeResponse returns the response for an http-01 challenge.
|
|
// Servers should respond with the value to HTTP requests at the URL path
|
|
// provided by HTTP01ChallengePath to validate the challenge and prove control
|
|
// over a domain name.
|
|
//
|
|
// The token argument is a Challenge.Token value.
|
|
func (c *Client) HTTP01ChallengeResponse(token string) (string, error) {
|
|
return keyAuth(c.Key.Public(), token)
|
|
}
|
|
|
|
// HTTP01ChallengePath returns the URL path at which the response for an http-01 challenge
|
|
// should be provided by the servers.
|
|
// The response value can be obtained with HTTP01ChallengeResponse.
|
|
//
|
|
// The token argument is a Challenge.Token value.
|
|
func (c *Client) HTTP01ChallengePath(token string) string {
|
|
return "/.well-known/acme-challenge/" + token
|
|
}
|
|
|
|
// TLSSNI01ChallengeCert creates a certificate for TLS-SNI-01 challenge response.
|
|
// Servers can present the certificate to validate the challenge and prove control
|
|
// over a domain name.
|
|
//
|
|
// The implementation is incomplete in that the returned value is a single certificate,
|
|
// computed only for Z0 of the key authorization. ACME CAs are expected to update
|
|
// their implementations to use the newer version, TLS-SNI-02.
|
|
// For more details on TLS-SNI-01 see https://tools.ietf.org/html/draft-ietf-acme-acme-01#section-7.3.
|
|
//
|
|
// The token argument is a Challenge.Token value.
|
|
// If a WithKey option is provided, its private part signs the returned cert,
|
|
// and the public part is used to specify the signee.
|
|
// If no WithKey option is provided, a new ECDSA key is generated using P-256 curve.
|
|
//
|
|
// The returned certificate is valid for the next 24 hours and must be presented only when
|
|
// the server name of the client hello matches exactly the returned name value.
|
|
func (c *Client) TLSSNI01ChallengeCert(token string, opt ...CertOption) (cert tls.Certificate, name string, err error) {
|
|
ka, err := keyAuth(c.Key.Public(), token)
|
|
if err != nil {
|
|
return tls.Certificate{}, "", err
|
|
}
|
|
b := sha256.Sum256([]byte(ka))
|
|
h := hex.EncodeToString(b[:])
|
|
name = fmt.Sprintf("%s.%s.acme.invalid", h[:32], h[32:])
|
|
cert, err = tlsChallengeCert([]string{name}, opt)
|
|
if err != nil {
|
|
return tls.Certificate{}, "", err
|
|
}
|
|
return cert, name, nil
|
|
}
|
|
|
|
// TLSSNI02ChallengeCert creates a certificate for TLS-SNI-02 challenge response.
|
|
// Servers can present the certificate to validate the challenge and prove control
|
|
// over a domain name. For more details on TLS-SNI-02 see
|
|
// https://tools.ietf.org/html/draft-ietf-acme-acme-03#section-7.3.
|
|
//
|
|
// The token argument is a Challenge.Token value.
|
|
// If a WithKey option is provided, its private part signs the returned cert,
|
|
// and the public part is used to specify the signee.
|
|
// If no WithKey option is provided, a new ECDSA key is generated using P-256 curve.
|
|
//
|
|
// The returned certificate is valid for the next 24 hours and must be presented only when
|
|
// the server name in the client hello matches exactly the returned name value.
|
|
func (c *Client) TLSSNI02ChallengeCert(token string, opt ...CertOption) (cert tls.Certificate, name string, err error) {
|
|
b := sha256.Sum256([]byte(token))
|
|
h := hex.EncodeToString(b[:])
|
|
sanA := fmt.Sprintf("%s.%s.token.acme.invalid", h[:32], h[32:])
|
|
|
|
ka, err := keyAuth(c.Key.Public(), token)
|
|
if err != nil {
|
|
return tls.Certificate{}, "", err
|
|
}
|
|
b = sha256.Sum256([]byte(ka))
|
|
h = hex.EncodeToString(b[:])
|
|
sanB := fmt.Sprintf("%s.%s.ka.acme.invalid", h[:32], h[32:])
|
|
|
|
cert, err = tlsChallengeCert([]string{sanA, sanB}, opt)
|
|
if err != nil {
|
|
return tls.Certificate{}, "", err
|
|
}
|
|
return cert, sanA, nil
|
|
}
|
|
|
|
// doReg sends all types of registration requests.
|
|
// The type of request is identified by typ argument, which is a "resource"
|
|
// in the ACME spec terms.
|
|
//
|
|
// A non-nil acct argument indicates whether the intention is to mutate data
|
|
// of the Account. Only Contact and Agreement of its fields are used
|
|
// in such cases.
|
|
func (c *Client) doReg(ctx context.Context, url string, typ string, acct *Account) (*Account, error) {
|
|
req := struct {
|
|
Resource string `json:"resource"`
|
|
Contact []string `json:"contact,omitempty"`
|
|
Agreement string `json:"agreement,omitempty"`
|
|
}{
|
|
Resource: typ,
|
|
}
|
|
if acct != nil {
|
|
req.Contact = acct.Contact
|
|
req.Agreement = acct.AgreedTerms
|
|
}
|
|
res, err := c.retryPostJWS(ctx, c.Key, url, req)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer res.Body.Close()
|
|
if res.StatusCode < 200 || res.StatusCode > 299 {
|
|
return nil, responseError(res)
|
|
}
|
|
|
|
var v struct {
|
|
Contact []string
|
|
Agreement string
|
|
Authorizations string
|
|
Certificates string
|
|
}
|
|
if err := json.NewDecoder(res.Body).Decode(&v); err != nil {
|
|
return nil, fmt.Errorf("acme: invalid response: %v", err)
|
|
}
|
|
var tos string
|
|
if v := linkHeader(res.Header, "terms-of-service"); len(v) > 0 {
|
|
tos = v[0]
|
|
}
|
|
var authz string
|
|
if v := linkHeader(res.Header, "next"); len(v) > 0 {
|
|
authz = v[0]
|
|
}
|
|
return &Account{
|
|
URI: res.Header.Get("Location"),
|
|
Contact: v.Contact,
|
|
AgreedTerms: v.Agreement,
|
|
CurrentTerms: tos,
|
|
Authz: authz,
|
|
Authorizations: v.Authorizations,
|
|
Certificates: v.Certificates,
|
|
}, nil
|
|
}
|
|
|
|
// retryPostJWS will retry calls to postJWS if there is a badNonce error,
|
|
// clearing the stored nonces after each error.
|
|
// If the response was 4XX-5XX, then responseError is called on the body,
|
|
// the body is closed, and the error returned.
|
|
func (c *Client) retryPostJWS(ctx context.Context, key crypto.Signer, url string, body interface{}) (*http.Response, error) {
|
|
sleep := sleeper(ctx)
|
|
for {
|
|
res, err := c.postJWS(ctx, key, url, body)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
// handle errors 4XX-5XX with responseError
|
|
if res.StatusCode >= 400 && res.StatusCode <= 599 {
|
|
err := responseError(res)
|
|
res.Body.Close()
|
|
// according to spec badNonce is urn:ietf:params:acme:error:badNonce
|
|
// however, acme servers in the wild return their version of the error
|
|
// https://tools.ietf.org/html/draft-ietf-acme-acme-02#section-5.4
|
|
if ae, ok := err.(*Error); ok && strings.HasSuffix(strings.ToLower(ae.ProblemType), ":badnonce") {
|
|
// clear any nonces that we might've stored that might now be
|
|
// considered bad
|
|
c.clearNonces()
|
|
retry := res.Header.Get("Retry-After")
|
|
if err := sleep(retry, 1); err != nil {
|
|
return nil, err
|
|
}
|
|
continue
|
|
}
|
|
return nil, err
|
|
}
|
|
return res, nil
|
|
}
|
|
}
|
|
|
|
// postJWS signs the body with the given key and POSTs it to the provided url.
|
|
// The body argument must be JSON-serializable.
|
|
func (c *Client) postJWS(ctx context.Context, key crypto.Signer, url string, body interface{}) (*http.Response, error) {
|
|
nonce, err := c.popNonce(ctx, url)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
b, err := jwsEncodeJSON(body, key, nonce)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
res, err := c.post(ctx, url, "application/jose+json", bytes.NewReader(b))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
c.addNonce(res.Header)
|
|
return res, nil
|
|
}
|
|
|
|
// popNonce returns a nonce value previously stored with c.addNonce
|
|
// or fetches a fresh one from the given URL.
|
|
func (c *Client) popNonce(ctx context.Context, url string) (string, error) {
|
|
c.noncesMu.Lock()
|
|
defer c.noncesMu.Unlock()
|
|
if len(c.nonces) == 0 {
|
|
return c.fetchNonce(ctx, url)
|
|
}
|
|
var nonce string
|
|
for nonce = range c.nonces {
|
|
delete(c.nonces, nonce)
|
|
break
|
|
}
|
|
return nonce, nil
|
|
}
|
|
|
|
// clearNonces clears any stored nonces
|
|
func (c *Client) clearNonces() {
|
|
c.noncesMu.Lock()
|
|
defer c.noncesMu.Unlock()
|
|
c.nonces = make(map[string]struct{})
|
|
}
|
|
|
|
// addNonce stores a nonce value found in h (if any) for future use.
|
|
func (c *Client) addNonce(h http.Header) {
|
|
v := nonceFromHeader(h)
|
|
if v == "" {
|
|
return
|
|
}
|
|
c.noncesMu.Lock()
|
|
defer c.noncesMu.Unlock()
|
|
if len(c.nonces) >= maxNonces {
|
|
return
|
|
}
|
|
if c.nonces == nil {
|
|
c.nonces = make(map[string]struct{})
|
|
}
|
|
c.nonces[v] = struct{}{}
|
|
}
|
|
|
|
func (c *Client) httpClient() *http.Client {
|
|
if c.HTTPClient != nil {
|
|
return c.HTTPClient
|
|
}
|
|
return http.DefaultClient
|
|
}
|
|
|
|
func (c *Client) get(ctx context.Context, urlStr string) (*http.Response, error) {
|
|
req, err := http.NewRequest("GET", urlStr, nil)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return c.do(ctx, req)
|
|
}
|
|
|
|
func (c *Client) head(ctx context.Context, urlStr string) (*http.Response, error) {
|
|
req, err := http.NewRequest("HEAD", urlStr, nil)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return c.do(ctx, req)
|
|
}
|
|
|
|
func (c *Client) post(ctx context.Context, urlStr, contentType string, body io.Reader) (*http.Response, error) {
|
|
req, err := http.NewRequest("POST", urlStr, body)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
req.Header.Set("Content-Type", contentType)
|
|
return c.do(ctx, req)
|
|
}
|
|
|
|
func (c *Client) do(ctx context.Context, req *http.Request) (*http.Response, error) {
|
|
res, err := c.httpClient().Do(req.WithContext(ctx))
|
|
if err != nil {
|
|
select {
|
|
case <-ctx.Done():
|
|
// Prefer the unadorned context error.
|
|
// (The acme package had tests assuming this, previously from ctxhttp's
|
|
// behavior, predating net/http supporting contexts natively)
|
|
// TODO(bradfitz): reconsider this in the future. But for now this
|
|
// requires no test updates.
|
|
return nil, ctx.Err()
|
|
default:
|
|
return nil, err
|
|
}
|
|
}
|
|
return res, nil
|
|
}
|
|
|
|
func (c *Client) fetchNonce(ctx context.Context, url string) (string, error) {
|
|
resp, err := c.head(ctx, url)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
defer resp.Body.Close()
|
|
nonce := nonceFromHeader(resp.Header)
|
|
if nonce == "" {
|
|
if resp.StatusCode > 299 {
|
|
return "", responseError(resp)
|
|
}
|
|
return "", errors.New("acme: nonce not found")
|
|
}
|
|
return nonce, nil
|
|
}
|
|
|
|
func nonceFromHeader(h http.Header) string {
|
|
return h.Get("Replay-Nonce")
|
|
}
|
|
|
|
func (c *Client) responseCert(ctx context.Context, res *http.Response, bundle bool) ([][]byte, error) {
|
|
b, err := ioutil.ReadAll(io.LimitReader(res.Body, maxCertSize+1))
|
|
if err != nil {
|
|
return nil, fmt.Errorf("acme: response stream: %v", err)
|
|
}
|
|
if len(b) > maxCertSize {
|
|
return nil, errors.New("acme: certificate is too big")
|
|
}
|
|
cert := [][]byte{b}
|
|
if !bundle {
|
|
return cert, nil
|
|
}
|
|
|
|
// Append CA chain cert(s).
|
|
// At least one is required according to the spec:
|
|
// https://tools.ietf.org/html/draft-ietf-acme-acme-03#section-6.3.1
|
|
up := linkHeader(res.Header, "up")
|
|
if len(up) == 0 {
|
|
return nil, errors.New("acme: rel=up link not found")
|
|
}
|
|
if len(up) > maxChainLen {
|
|
return nil, errors.New("acme: rel=up link is too large")
|
|
}
|
|
for _, url := range up {
|
|
cc, err := c.chainCert(ctx, url, 0)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
cert = append(cert, cc...)
|
|
}
|
|
return cert, nil
|
|
}
|
|
|
|
// responseError creates an error of Error type from resp.
|
|
func responseError(resp *http.Response) error {
|
|
// don't care if ReadAll returns an error:
|
|
// json.Unmarshal will fail in that case anyway
|
|
b, _ := ioutil.ReadAll(resp.Body)
|
|
e := &wireError{Status: resp.StatusCode}
|
|
if err := json.Unmarshal(b, e); err != nil {
|
|
// this is not a regular error response:
|
|
// populate detail with anything we received,
|
|
// e.Status will already contain HTTP response code value
|
|
e.Detail = string(b)
|
|
if e.Detail == "" {
|
|
e.Detail = resp.Status
|
|
}
|
|
}
|
|
return e.error(resp.Header)
|
|
}
|
|
|
|
// chainCert fetches CA certificate chain recursively by following "up" links.
|
|
// Each recursive call increments the depth by 1, resulting in an error
|
|
// if the recursion level reaches maxChainLen.
|
|
//
|
|
// First chainCert call starts with depth of 0.
|
|
func (c *Client) chainCert(ctx context.Context, url string, depth int) ([][]byte, error) {
|
|
if depth >= maxChainLen {
|
|
return nil, errors.New("acme: certificate chain is too deep")
|
|
}
|
|
|
|
res, err := c.get(ctx, url)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer res.Body.Close()
|
|
if res.StatusCode != http.StatusOK {
|
|
return nil, responseError(res)
|
|
}
|
|
b, err := ioutil.ReadAll(io.LimitReader(res.Body, maxCertSize+1))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if len(b) > maxCertSize {
|
|
return nil, errors.New("acme: certificate is too big")
|
|
}
|
|
chain := [][]byte{b}
|
|
|
|
uplink := linkHeader(res.Header, "up")
|
|
if len(uplink) > maxChainLen {
|
|
return nil, errors.New("acme: certificate chain is too large")
|
|
}
|
|
for _, up := range uplink {
|
|
cc, err := c.chainCert(ctx, up, depth+1)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
chain = append(chain, cc...)
|
|
}
|
|
|
|
return chain, nil
|
|
}
|
|
|
|
// linkHeader returns URI-Reference values of all Link headers
|
|
// with relation-type rel.
|
|
// See https://tools.ietf.org/html/rfc5988#section-5 for details.
|
|
func linkHeader(h http.Header, rel string) []string {
|
|
var links []string
|
|
for _, v := range h["Link"] {
|
|
parts := strings.Split(v, ";")
|
|
for _, p := range parts {
|
|
p = strings.TrimSpace(p)
|
|
if !strings.HasPrefix(p, "rel=") {
|
|
continue
|
|
}
|
|
if v := strings.Trim(p[4:], `"`); v == rel {
|
|
links = append(links, strings.Trim(parts[0], "<>"))
|
|
}
|
|
}
|
|
}
|
|
return links
|
|
}
|
|
|
|
// sleeper returns a function that accepts the Retry-After HTTP header value
|
|
// and an increment that's used with backoff to increasingly sleep on
|
|
// consecutive calls until the context is done. If the Retry-After header
|
|
// cannot be parsed, then backoff is used with a maximum sleep time of 10
|
|
// seconds.
|
|
func sleeper(ctx context.Context) func(ra string, inc int) error {
|
|
var count int
|
|
return func(ra string, inc int) error {
|
|
count += inc
|
|
d := backoff(count, 10*time.Second)
|
|
d = retryAfter(ra, d)
|
|
wakeup := time.NewTimer(d)
|
|
defer wakeup.Stop()
|
|
select {
|
|
case <-ctx.Done():
|
|
return ctx.Err()
|
|
case <-wakeup.C:
|
|
return nil
|
|
}
|
|
}
|
|
}
|
|
|
|
// retryAfter parses a Retry-After HTTP header value,
|
|
// trying to convert v into an int (seconds) or use http.ParseTime otherwise.
|
|
// It returns d if v cannot be parsed.
|
|
func retryAfter(v string, d time.Duration) time.Duration {
|
|
if i, err := strconv.Atoi(v); err == nil {
|
|
return time.Duration(i) * time.Second
|
|
}
|
|
t, err := http.ParseTime(v)
|
|
if err != nil {
|
|
return d
|
|
}
|
|
return t.Sub(timeNow())
|
|
}
|
|
|
|
// backoff computes a duration after which an n+1 retry iteration should occur
|
|
// using truncated exponential backoff algorithm.
|
|
//
|
|
// The n argument is always bounded between 0 and 30.
|
|
// The max argument defines upper bound for the returned value.
|
|
func backoff(n int, max time.Duration) time.Duration {
|
|
if n < 0 {
|
|
n = 0
|
|
}
|
|
if n > 30 {
|
|
n = 30
|
|
}
|
|
var d time.Duration
|
|
if x, err := rand.Int(rand.Reader, big.NewInt(1000)); err == nil {
|
|
d = time.Duration(x.Int64()) * time.Millisecond
|
|
}
|
|
d += time.Duration(1<<uint(n)) * time.Second
|
|
if d > max {
|
|
return max
|
|
}
|
|
return d
|
|
}
|
|
|
|
// keyAuth generates a key authorization string for a given token.
|
|
func keyAuth(pub crypto.PublicKey, token string) (string, error) {
|
|
th, err := JWKThumbprint(pub)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
return fmt.Sprintf("%s.%s", token, th), nil
|
|
}
|
|
|
|
// tlsChallengeCert creates a temporary certificate for TLS-SNI challenges
|
|
// with the given SANs and auto-generated public/private key pair.
|
|
// The Subject Common Name is set to the first SAN to aid debugging.
|
|
// To create a cert with a custom key pair, specify WithKey option.
|
|
func tlsChallengeCert(san []string, opt []CertOption) (tls.Certificate, error) {
|
|
var (
|
|
key crypto.Signer
|
|
tmpl *x509.Certificate
|
|
)
|
|
for _, o := range opt {
|
|
switch o := o.(type) {
|
|
case *certOptKey:
|
|
if key != nil {
|
|
return tls.Certificate{}, errors.New("acme: duplicate key option")
|
|
}
|
|
key = o.key
|
|
case *certOptTemplate:
|
|
var t = *(*x509.Certificate)(o) // shallow copy is ok
|
|
tmpl = &t
|
|
default:
|
|
// package's fault, if we let this happen:
|
|
panic(fmt.Sprintf("unsupported option type %T", o))
|
|
}
|
|
}
|
|
if key == nil {
|
|
var err error
|
|
if key, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader); err != nil {
|
|
return tls.Certificate{}, err
|
|
}
|
|
}
|
|
if tmpl == nil {
|
|
tmpl = &x509.Certificate{
|
|
SerialNumber: big.NewInt(1),
|
|
NotBefore: time.Now(),
|
|
NotAfter: time.Now().Add(24 * time.Hour),
|
|
BasicConstraintsValid: true,
|
|
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
|
|
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
|
|
}
|
|
}
|
|
tmpl.DNSNames = san
|
|
if len(san) > 0 {
|
|
tmpl.Subject.CommonName = san[0]
|
|
}
|
|
|
|
der, err := x509.CreateCertificate(rand.Reader, tmpl, tmpl, key.Public(), key)
|
|
if err != nil {
|
|
return tls.Certificate{}, err
|
|
}
|
|
return tls.Certificate{
|
|
Certificate: [][]byte{der},
|
|
PrivateKey: key,
|
|
}, nil
|
|
}
|
|
|
|
// encodePEM returns b encoded as PEM with block of type typ.
|
|
func encodePEM(typ string, b []byte) []byte {
|
|
pb := &pem.Block{Type: typ, Bytes: b}
|
|
return pem.EncodeToMemory(pb)
|
|
}
|
|
|
|
// timeNow is useful for testing for fixed current time.
|
|
var timeNow = time.Now
|