Update acmev2 library with latest changes to golang.org/x/crypto

2018-03-23 15:11:55 +00:00 · 2018-03-23 15:11:55 +00:00 · 13a770bcb0
commit 13a770bcb0
parent d4b07ab0bb
3 changed files with 19 additions and 23 deletions
--- a/third_party/crypto/acme/acme.go
+++ b/third_party/crypto/acme/acme.go
@ -76,10 +76,9 @@ type Client struct {
 	noncesMu sync.Mutex
 	nonces   map[string]struct{} // nonces collected from previous responses

-	urlMu      sync.Mutex // urlMu guards writes to dir, accountURL, ordersURL
+	urlMu      sync.Mutex // urlMu guards writes to dir and accountURL
 	dir        *Directory // cached result of Client's Discover method
 	accountURL string
-	ordersURL  string
 }

 // Discover performs ACME server discovery using c.DirectoryURL.
@ -141,7 +140,7 @@ func (c *Client) Discover(ctx context.Context) (Directory, error) {
 }

 // CreateOrder creates a new certificate order. The input order argument is not
-// modified and can be built using NewOrderWithDomains.
+// modified and can be built using NewOrder.
 func (c *Client) CreateOrder(ctx context.Context, order *Order) (*Order, error) {
 	if _, err := c.Discover(ctx); err != nil {
 		return nil, err
@ -202,6 +201,10 @@ func (c *Client) CreateOrder(ctx context.Context, order *Order) (*Order, error)
 // Callers are encouraged to parse the returned certificate chain to ensure it
 // is valid and has the expected attributes.
 func (c *Client) FinalizeOrder(ctx context.Context, finalizeURL string, csr []byte) (der [][]byte, err error) {
+	if _, err := c.Discover(ctx); err != nil {
+		return nil, err
+	}
+
 	req := struct {
 		CSR string `json:"csr"`
 	}{
@ -454,6 +457,10 @@ func (c *Client) GetChallenge(ctx context.Context, url string) (*Challenge, erro
 //
 // The server will then perform the validation asynchronously.
 func (c *Client) AcceptChallenge(ctx context.Context, chal *Challenge) (*Challenge, error) {
+	if _, err := c.Discover(ctx); err != nil {
+		return nil, err
+	}
+
 	auth, err := keyAuth(c.Key.Public(), chal.Token)
 	if err != nil {
 		return nil, err
@ -572,7 +579,6 @@ func (c *Client) doAccount(ctx context.Context, url string, getExistingWithKey b
 	c.urlMu.Lock()
 	defer c.urlMu.Unlock()
 	c.accountURL = a.URL
-	c.ordersURL = a.OrdersURL
 	return a, nil
 }

@ -591,18 +597,11 @@ func (c *Client) cacheAccountURL(ctx context.Context) (string, error) {
 	if res.StatusCode != http.StatusOK {
 		return "", responseError(res)
 	}
-	var v struct {
-		Orders string
-	}
-	if err := json.NewDecoder(res.Body).Decode(&v); err != nil {
-		return "", err
-	}
 	l, err := resolveLocation(c.dir.NewAccountURL, res.Header)
 	if err != nil {
 		return "", err
 	}
 	c.accountURL = l
-	c.ordersURL = v.Orders
 	return c.accountURL, nil
 }

--- a/third_party/crypto/acme/acme_test.go
+++ b/third_party/crypto/acme/acme_test.go
@ -533,7 +533,7 @@ func TestGetChallenge(t *testing.T) {
 			"status":"pending",
 			"url":"https://example.com/acme/challenge/publickey/id1",
 			"validated": "2014-12-01T12:05:00Z",
-			"errors": [{
+			"error": {
 				"type": "urn:ietf:params:acme:error:malformed",
 				"detail": "rejected",
 				"subproblems": [
@ -546,7 +546,7 @@ func TestGetChallenge(t *testing.T) {
 						}
 					}
 				]
-			}],
+			},
 			"token":"token1"}`)
 	}))
 	defer ts.Close()
@ -573,10 +573,7 @@ func TestGetChallenge(t *testing.T) {
 	if !chall.Validated.Equal(vt) {
 		t.Errorf("c.Validated = %v; want %v", chall.Validated, vt)
 	}
-	if l := len(chall.Errors); l != 1 {
-		t.Fatalf("len(c.Errors) = %d; want 1", l)
-	}
-	e := chall.Errors[0]
+	e := chall.Error
 	if e.Type != "urn:ietf:params:acme:error:malformed" {
 		t.Fatalf("e.Type = %q; want urn:ietf:params:acme:error:malformed", e.Type)
 	}
--- a/third_party/crypto/acme/types.go
+++ b/third_party/crypto/acme/types.go
@ -252,7 +252,7 @@ type Order struct {

 // A Challenge is a CA challenge for an identifier.
 type Challenge struct {
-	// Type is the challenge type, e.g. "http-01", "tls-sni-02", "dns-01".
+	// Type is the challenge type, e.g. "http-01" or "dns-01".
 	Type string

 	// URL is the URL where a challenge response can be posted.
@ -270,7 +270,7 @@ type Challenge struct {

 	// Error indicates the errors that occurred while the server was validating
 	// this challenge.
-	Errors []*Error
+	Error *Error
 }

 // Authorization encodes an authorization response.
@ -287,7 +287,7 @@ type Authorization struct {
 	Identifier AuthzID

 	// Expires is the timestamp after which the server will consider this authorization invalid.
-	Expires *time.Time
+	Expires time.Time

 	// Challenges is the list of challenges that the client can fulfill in order
 	// to prove posession of the identifier. For valid/invalid authorizations,
@ -310,7 +310,7 @@ type wireAuthzID struct {
 type wireAuthz struct {
 	Status     string
 	Challenges []wireChallenge
-	Expires    *time.Time
+	Expires    time.Time
 	Identifier struct {
 		Type  string
 		Value string
@ -338,7 +338,7 @@ type wireChallenge struct {
 	Token     string
 	Status    string
 	Validated time.Time
-	Errors    []*Error
+	Error     *Error
 }

 func (c *wireChallenge) challenge() *Challenge {
@ -348,7 +348,7 @@ func (c *wireChallenge) challenge() *Challenge {
 		Token:     c.Token,
 		Status:    c.Status,
 		Validated: c.Validated,
-		Errors:    c.Errors,
+		Error:     c.Error,
 	}
 	if v.Status == "" {
 		v.Status = StatusUnknown