func (s *fdbStore) validateAuthorization(account *Account, authName string, c *fdb.Collection) error {
ss, err := fdb.String(c.Open("expiry"))
if err != nil {
return err
}
expiry, err := time.Parse(time.RFC3339, strings.TrimSpace(ss))
if err != nil {
return err
}
azURL, _ := fdb.String(c.Open("url"))
if !acmeapi.ValidURL(azURL) {
azURL = ""
}
az := &Authorization{
Name: authName,
URL: strings.TrimSpace(azURL),
Expires: expiry,
}
account.Authorizations[authName] = az
return nil
}
func (s *Store) loadWebrootPaths() {
webrootPath, _ := fdb.String(s.db.Collection("conf").Open("webroot-path")) // ignore errors
webrootPath = strings.TrimSpace(webrootPath)
webrootPaths := strings.Split(webrootPath, "\n")
for i := range webrootPaths {
webrootPaths[i] = strings.TrimSpace(webrootPaths[i])
}
s.webrootPaths = webrootPaths
}
func (s *fdbStore) validateCert(certID string, c *fdb.Collection) error {
ss, err := fdb.String(c.Open("url"))
if err != nil {
return err
}
ss = strings.TrimSpace(ss)
if !acmeapi.ValidURL(ss) {
return fmt.Errorf("certificate has invalid URI")
}
actualCertID := determineCertificateID(ss)
if certID != actualCertID {
return fmt.Errorf("cert ID mismatch: %#v != %#v", certID, actualCertID)
}
crt := &Certificate{
URL: ss,
Certificates: nil,
Cached: false,
RevocationDesired: fdb.Exists(c, "revoke"),
Revoked: fdb.Exists(c, "revoked"),
}
fullchain, err := fdb.Bytes(c.Open("fullchain"))
if err == nil {
certs, err := acmeutils.LoadCertificates(fullchain)
if err != nil {
return err
}
xcrt, err := x509.ParseCertificate(certs[0])
if err != nil {
return err
}
keyID := determineKeyIDFromCert(xcrt)
crt.Key = s.keys[keyID]
if crt.Key != nil {
err := c.WriteLink("privkey", fdb.Link{Target: "keys/" + keyID + "/privkey"})
if err != nil {
return err
}
}
crt.Certificates = certs
crt.Cached = true
}
s.certs[certID] = crt
return nil
}
func (s *fdbStore) loadWebrootPaths() {
if len(s.defaultTarget.Request.Challenge.WebrootPaths) != 0 {
// Path list in default target file takes precedence.
return
}
webrootPath, _ := fdb.String(s.db.Collection("conf").Open("webroot-path")) // ignore errors
webrootPath = strings.TrimSpace(webrootPath)
webrootPaths := strings.Split(webrootPath, "\n")
for i := range webrootPaths {
webrootPaths[i] = strings.TrimSpace(webrootPaths[i])
}
if len(webrootPaths) == 1 && webrootPaths[0] == "" {
webrootPaths = nil
}
s.defaultTarget.Request.Challenge.WebrootPaths = webrootPaths
}