go/lego
go/lego
1
0
Fork 0
mirror of https://github.com/go-acme/lego.git synced 2025-01-27 07:18:15 +02:00
Code Issues Releases Activity

Update README & Extract KeyAuthorizations from HTTP-01

Browse Source
This commit is contained in:
xenolf 2015-11-16 23:57:04 +01:00
parent 6a6af837dd
commit 17576f0626
3 changed files with 25 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -18,7 +18,7 @@ Current features:
- [x] Revoking Certificates - [x] Revoking Certificates
- [ ] Initiating account recovery - [ ] Initiating account recovery
- Identifier validation challenges - Identifier validation challenges
- [x] SimpleHTTP Challenge - [x] SimpleHTTP Challenge (Scheduled for removal on Nov 19th)
- [x] HTTP (http-01) - [x] HTTP (http-01)
- [ ] TLS with Server Name Indication (tls-sni-01) - [ ] TLS with Server Name Indication (tls-sni-01)
- [ ] Proof of Possession of a Prior Key (proofOfPossession-01) - [ ] Proof of Possession of a Prior Key (proofOfPossession-01)

23
acme/crypto.go
View File

@ -9,6 +9,7 @@ import (
"crypto/rsa" "crypto/rsa"
"crypto/x509" "crypto/x509"
"crypto/x509/pkix" "crypto/x509/pkix"
"encoding/base64"
"encoding/binary" "encoding/binary"
"encoding/pem" "encoding/pem"
"errors" "errors"
@ -16,6 +17,7 @@ import (
"io/ioutil" "io/ioutil"
"math/big" "math/big"
"net/http" "net/http"
"strings"
"time" "time"
"golang.org/x/crypto/ocsp" "golang.org/x/crypto/ocsp"
@ -115,6 +117,27 @@ func GetOCSPForCert(bundle []byte) ([]byte, int, error) {
return ocspResBytes, ocspRes.Status, nil return ocspResBytes, ocspRes.Status, nil
} }
func getKeyAuthorization(token string, key interface{}) (string, error) {
// Generate the Key Authorization for the challenge
jwk := keyAsJWK(key)
if jwk == nil {
return "", errors.New("Could not generate JWK from key.")
}
thumbBytes, err := jwk.Thumbprint(crypto.SHA256)
if err != nil {
return "", err
}
// unpad the base64URL
keyThumb := base64.URLEncoding.EncodeToString(thumbBytes)
index := strings.Index(keyThumb, "=")
if index != -1 {
keyThumb = keyThumb[:index]
}
return token + "." + keyThumb, nil
}
// Derive the shared secret according to acme spec 5.6 // Derive the shared secret according to acme spec 5.6
func performECDH(priv *ecdsa.PrivateKey, pub *ecdsa.PublicKey, outLen int, label string) []byte { func performECDH(priv *ecdsa.PrivateKey, pub *ecdsa.PublicKey, outLen int, label string) []byte {
// Derive Z from the private and public keys according to SEC 1 Ver. 2.0 - 3.3.1 // Derive Z from the private and public keys according to SEC 1 Ver. 2.0 - 3.3.1

12
acme/http_challenge.go
View File

@ -1,8 +1,6 @@
package acme package acme
import ( import (
"crypto"
"encoding/base64"
"encoding/json" "encoding/json"
"errors" "errors"
"fmt" "fmt"
@ -27,19 +25,11 @@ func (s *httpChallenge) Solve(chlng challenge, domain string) error {
s.end = make(chan error) s.end = make(chan error)
// Generate the Key Authorization for the challenge // Generate the Key Authorization for the challenge
key := keyAsJWK(&s.jws.privKey.PublicKey) keyAuth, err := getKeyAuthorization(chlng.Token, &s.jws.privKey.PublicKey)
thumbBytes, err := key.Thumbprint(crypto.SHA256)
if err != nil { if err != nil {
return err return err
} }
keyThumb := base64.URLEncoding.EncodeToString(thumbBytes)
index := strings.Index(keyThumb, "=")
if index != -1 {
keyThumb = keyThumb[:index]
}
keyAuth := chlng.Token + "." + keyThumb
go s.startHTTPServer(domain, chlng.Token, keyAuth) go s.startHTTPServer(domain, chlng.Token, keyAuth)
var listener net.Listener var listener net.Listener
select { select {