From 13a770bcb0e3da10ad9ddab4f6a762703bcecdb2 Mon Sep 17 00:00:00 2001 From: James Munnelly Date: Fri, 23 Mar 2018 15:11:55 +0000 Subject: [PATCH] Update acmev2 library with latest changes to golang.org/x/crypto --- third_party/crypto/acme/acme.go | 21 ++++++++++----------- third_party/crypto/acme/acme_test.go | 9 +++------ third_party/crypto/acme/types.go | 12 ++++++------ 3 files changed, 19 insertions(+), 23 deletions(-) diff --git a/third_party/crypto/acme/acme.go b/third_party/crypto/acme/acme.go index a57c20e3f..cad8161a2 100644 --- a/third_party/crypto/acme/acme.go +++ b/third_party/crypto/acme/acme.go @@ -76,10 +76,9 @@ type Client struct { noncesMu sync.Mutex nonces map[string]struct{} // nonces collected from previous responses - urlMu sync.Mutex // urlMu guards writes to dir, accountURL, ordersURL + urlMu sync.Mutex // urlMu guards writes to dir and accountURL dir *Directory // cached result of Client's Discover method accountURL string - ordersURL string } // Discover performs ACME server discovery using c.DirectoryURL. @@ -141,7 +140,7 @@ func (c *Client) Discover(ctx context.Context) (Directory, error) { } // CreateOrder creates a new certificate order. The input order argument is not -// modified and can be built using NewOrderWithDomains. +// modified and can be built using NewOrder. func (c *Client) CreateOrder(ctx context.Context, order *Order) (*Order, error) { if _, err := c.Discover(ctx); err != nil { return nil, err @@ -202,6 +201,10 @@ func (c *Client) CreateOrder(ctx context.Context, order *Order) (*Order, error) // Callers are encouraged to parse the returned certificate chain to ensure it // is valid and has the expected attributes. func (c *Client) FinalizeOrder(ctx context.Context, finalizeURL string, csr []byte) (der [][]byte, err error) { + if _, err := c.Discover(ctx); err != nil { + return nil, err + } + req := struct { CSR string `json:"csr"` }{ @@ -454,6 +457,10 @@ func (c *Client) GetChallenge(ctx context.Context, url string) (*Challenge, erro // // The server will then perform the validation asynchronously. func (c *Client) AcceptChallenge(ctx context.Context, chal *Challenge) (*Challenge, error) { + if _, err := c.Discover(ctx); err != nil { + return nil, err + } + auth, err := keyAuth(c.Key.Public(), chal.Token) if err != nil { return nil, err @@ -572,7 +579,6 @@ func (c *Client) doAccount(ctx context.Context, url string, getExistingWithKey b c.urlMu.Lock() defer c.urlMu.Unlock() c.accountURL = a.URL - c.ordersURL = a.OrdersURL return a, nil } @@ -591,18 +597,11 @@ func (c *Client) cacheAccountURL(ctx context.Context) (string, error) { if res.StatusCode != http.StatusOK { return "", responseError(res) } - var v struct { - Orders string - } - if err := json.NewDecoder(res.Body).Decode(&v); err != nil { - return "", err - } l, err := resolveLocation(c.dir.NewAccountURL, res.Header) if err != nil { return "", err } c.accountURL = l - c.ordersURL = v.Orders return c.accountURL, nil } diff --git a/third_party/crypto/acme/acme_test.go b/third_party/crypto/acme/acme_test.go index 51fb63df0..a44efc69c 100644 --- a/third_party/crypto/acme/acme_test.go +++ b/third_party/crypto/acme/acme_test.go @@ -533,7 +533,7 @@ func TestGetChallenge(t *testing.T) { "status":"pending", "url":"https://example.com/acme/challenge/publickey/id1", "validated": "2014-12-01T12:05:00Z", - "errors": [{ + "error": { "type": "urn:ietf:params:acme:error:malformed", "detail": "rejected", "subproblems": [ @@ -546,7 +546,7 @@ func TestGetChallenge(t *testing.T) { } } ] - }], + }, "token":"token1"}`) })) defer ts.Close() @@ -573,10 +573,7 @@ func TestGetChallenge(t *testing.T) { if !chall.Validated.Equal(vt) { t.Errorf("c.Validated = %v; want %v", chall.Validated, vt) } - if l := len(chall.Errors); l != 1 { - t.Fatalf("len(c.Errors) = %d; want 1", l) - } - e := chall.Errors[0] + e := chall.Error if e.Type != "urn:ietf:params:acme:error:malformed" { t.Fatalf("e.Type = %q; want urn:ietf:params:acme:error:malformed", e.Type) } diff --git a/third_party/crypto/acme/types.go b/third_party/crypto/acme/types.go index 2f153a1e3..9474dcd15 100644 --- a/third_party/crypto/acme/types.go +++ b/third_party/crypto/acme/types.go @@ -252,7 +252,7 @@ type Order struct { // A Challenge is a CA challenge for an identifier. type Challenge struct { - // Type is the challenge type, e.g. "http-01", "tls-sni-02", "dns-01". + // Type is the challenge type, e.g. "http-01" or "dns-01". Type string // URL is the URL where a challenge response can be posted. @@ -270,7 +270,7 @@ type Challenge struct { // Error indicates the errors that occurred while the server was validating // this challenge. - Errors []*Error + Error *Error } // Authorization encodes an authorization response. @@ -287,7 +287,7 @@ type Authorization struct { Identifier AuthzID // Expires is the timestamp after which the server will consider this authorization invalid. - Expires *time.Time + Expires time.Time // Challenges is the list of challenges that the client can fulfill in order // to prove posession of the identifier. For valid/invalid authorizations, @@ -310,7 +310,7 @@ type wireAuthzID struct { type wireAuthz struct { Status string Challenges []wireChallenge - Expires *time.Time + Expires time.Time Identifier struct { Type string Value string @@ -338,7 +338,7 @@ type wireChallenge struct { Token string Status string Validated time.Time - Errors []*Error + Error *Error } func (c *wireChallenge) challenge() *Challenge { @@ -348,7 +348,7 @@ func (c *wireChallenge) challenge() *Challenge { Token: c.Token, Status: c.Status, Validated: c.Validated, - Errors: c.Errors, + Error: c.Error, } if v.Status == "" { v.Status = StatusUnknown