func (self *App) Init(config *Config) {
self.config = config
tableConfigs := []*table.TableConfig{}
for _, tableConfig := range config.TableConfigs {
tableConfigs = append(tableConfigs, &table.TableConfig{
Name: tableConfig.Name,
SqlQuery: tableConfig.SqlQuery,
})
}
self.TableService.Init(tableConfigs, neturl.URL(config.Url), config.User, config.Password)
app.web.ResetHandlers()
app.web.Register("/", &TableController{})
app.web.Register("/", NewPortalController(neturl.URL(config.Url)))
}
func (ep forwardEndpoint) Handler(templates *template.Template, ci inject.CopyInject) httpctx.Handler {
u := url.URL(ep)
rp := reverseproxy.NewSingleHostReverseProxy(&u, ci)
rp.Transport = &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}
return rp
}
func (u Url) Validate() report.Report {
// Empty url is valid, indicates an empty file
if u.String() == "" {
return report.Report{}
}
switch url.URL(u).Scheme {
case "http", "https", "oem", "data":
return report.Report{}
}
return report.ReportFromError(ErrInvalidScheme, report.EntryError)
}
func (c *Config) Configure() func(*http.Request, *cache.Datalog) (http.Header, url.URL) {
return func(req *http.Request, datalog *cache.Datalog) (http.Header, url.URL) {
if req.TLS != nil {
datalog.TLS = true
}
d := new(types.FQDN)
d.Set(req.Host)
servable, _ := c.SearchServable(d.PathToRoot())
datalog.Owner = servable.Owner
datalog.Project = servable.Project
datalog.Vhost = servable.Zone
header := make(http.Header)
header.Set("X-Frame-Options", servable.XFO)
header.Set("X-Content-Type-Options", servable.XCTO)
header.Set("X-Download-Options", servable.XDO)
header.Set("X-XSS-Protection", servable.XXSSP)
//header.Set("Content-Security-Policy",servable.CSP)
if req.TLS != nil {
header.Set("Strict-Transport-Security", servable.HSTS)
if servable.PKP != "" {
header.Set("Public-Key-Pins", servable.PKP)
}
}
default_proxy := url.URL(c.Proxied)
candidat_proxy := url.URL(servable.Proxied)
if candidat_proxy.Host == "" {
return header, default_proxy
}
return header, candidat_proxy
}
}
func (u Url) Validate() report.Report {
// Empty url is valid, indicates an empty file
if u.String() == "" {
return report.Report{}
}
switch url.URL(u).Scheme {
case "http", "https", "oem":
return report.Report{}
case "data":
if _, err := dataurl.DecodeString(u.String()); err != nil {
return report.ReportFromError(err, report.EntryError)
}
return report.Report{}
default:
return report.ReportFromError(ErrInvalidScheme, report.EntryError)
}
}
// fetchReferencedConfig fetches, renders, and attempts to verify the requested
// config.
func (e Engine) fetchReferencedConfig(cfgRef types.ConfigReference) (types.Config, error) {
rawCfg, err := util.FetchResource(e.Logger, url.URL(cfgRef.Source))
if err != nil {
return types.Config{}, err
}
if err := util.AssertValid(cfgRef.Verification, rawCfg); err != nil {
return types.Config{}, err
}
cfg, err := config.Parse(rawCfg)
if err != nil {
return types.Config{}, err
}
return e.renderConfig(cfg)
}
func RenderFile(l *log.Logger, f types.File) *File {
var contents []byte
var err error
fetch := func() error {
contents, err = util.FetchResource(l, url.URL(f.Contents.Source))
return err
}
validate := func() error {
return util.AssertValid(f.Contents.Verification, contents)
}
decompress := func() error {
contents, err = decompressFile(l, f, contents)
return err
}
if l.LogOp(fetch, "fetching file %q", f.Path) != nil {
return nil
}
if l.LogOp(validate, "validating file contents") != nil {
return nil
}
if l.LogOp(decompress, "decompressing file contents") != nil {
return nil
}
return &File{
Path: f.Path,
Contents: []byte(contents),
Mode: os.FileMode(f.Mode),
Uid: f.User.Id,
Gid: f.Group.Id,
}
}
// Loads state.json from mesos master
func (rg *RecordGenerator) loadFromMaster(ip, port string) (state.State, error) {
// REFACTOR: state.json security
var sj state.State
u := url.URL(rg.stateEndpoint.With(urls.Host(net.JoinHostPort(ip, port))))
req, err := http.NewRequest("GET", u.String(), nil)
if err != nil {
logging.Error.Println(err)
return state.State{}, err
}
req.Header.Set("Content-Type", "application/json")
req.Header.Set("User-Agent", "Mesos-DNS")
resp, err := rg.httpClient.Do(req)
if err != nil {
logging.Error.Println(err)
return state.State{}, err
}
defer errorutil.Ignore(resp.Body.Close)
body, err := ioutil.ReadAll(resp.Body)
if err != nil {
logging.Error.Println(err)
return state.State{}, err
}
err = json.Unmarshal(body, &sj)
if err != nil {
logging.Error.Println(err)
return state.State{}, err
}
return sj, nil
}
func (ep forwardEndpoint) Handler(templates *template.Template, ci inject.CopyInject) httpctx.Handler {
u := url.URL(ep)
return reverseproxy.NewSingleHostReverseProxy(&u, ci)
}
func (u URL) String() string {
uu := url.URL(u)
return uu.String()
}
// String implements flag.Value.
func (f logFormatFlag) String() string {
u := url.URL(f)
return fmt.Sprintf("%q", u.String())
}
func (u Url) String() string {
tu := url.URL(u)
return (&tu).String()
}
func (wfe *WebFrontEndImpl) Challenge(authz core.Authorization, response http.ResponseWriter, request *http.Request) {
// Check that the requested challenge exists within the authorization
found := false
var challengeIndex int
for i, challenge := range authz.Challenges {
tempURL := url.URL(challenge.URI)
if tempURL.Path == request.URL.Path && tempURL.RawQuery == request.URL.RawQuery {
found = true
challengeIndex = i
break
}
}
if !found {
wfe.sendError(response, "Unable to find challenge", request.URL.RawQuery, http.StatusNotFound)
return
}
switch request.Method {
default:
wfe.sendError(response, "Method not allowed", "", http.StatusMethodNotAllowed)
return
case "POST":
body, _, currReg, err := wfe.verifyPOST(request, true)
if err != nil {
if err == sql.ErrNoRows {
wfe.sendError(response, "No registration exists matching provided key", err, http.StatusForbidden)
} else {
wfe.sendError(response, "Unable to read/verify body", err, http.StatusBadRequest)
}
return
}
if currReg.Agreement == "" {
wfe.sendError(response, "Must agree to subscriber agreement before any further actions", nil, http.StatusForbidden)
return
}
var challengeResponse core.Challenge
if err = json.Unmarshal(body, &challengeResponse); err != nil {
wfe.sendError(response, "Error unmarshaling authorization", err, http.StatusBadRequest)
return
}
// Check that the registration ID matching the key used matches
// the registration ID on the authz object
if currReg.ID != authz.RegistrationID {
wfe.sendError(response, "User registration ID doesn't match registration ID in authorization",
fmt.Sprintf("User: %v != Authorization: %v", currReg.ID, authz.RegistrationID),
http.StatusForbidden)
return
}
// Ask the RA to update this authorization
updatedAuthz, err := wfe.RA.UpdateAuthorization(authz, challengeIndex, challengeResponse)
if err != nil {
wfe.sendError(response, "Unable to update authorization", err, http.StatusInternalServerError)
return
}
challenge := updatedAuthz.Challenges[challengeIndex]
// assumption: UpdateAuthorization does not modify order of challenges
jsonReply, err := json.Marshal(challenge)
if err != nil {
wfe.sendError(response, "Failed to marshal authz", err, http.StatusInternalServerError)
return
}
authzURL := wfe.AuthzBase + string(authz.ID)
challengeURL := url.URL(challenge.URI)
response.Header().Add("Location", challengeURL.String())
response.Header().Set("Content-Type", "application/json")
response.Header().Add("Link", link(authzURL, "up"))
response.WriteHeader(http.StatusAccepted)
if _, err = response.Write(jsonReply); err != nil {
wfe.log.Warning(fmt.Sprintf("Could not write response: %s", err))
}
}
}
func (d *URL) Get() interface{} {
return url.URL(*d)
}
// TestOptionsBootFileURL verifies that Options.BootFileURL properly parses
// and returns a URL, if it is available with OptionBootFileURL.
func TestOptionsBootFileURL(t *testing.T) {
var tests = []struct {
desc string
options Options
u *url.URL
ok bool
err *url.Error
}{
{
desc: "OptionBootFileURL not present in Options map",
},
{
desc: "OptionBootFileURL present in Options map, but invalid URL",
options: Options{
OptionBootFileURL: [][]byte{[]byte("http://www.%a0.com/foo")},
},
err: &url.Error{
Op: "parse",
URL: "http://www.%a0.com/foo",
},
},
{
desc: "OptionBootFileURL present in Options map",
options: Options{
OptionBootFileURL: [][]byte{[]byte("tftp://192.168.1.1:69")},
},
u: &url.URL{
Scheme: "tftp",
Host: "192.168.1.1:69",
},
ok: true,
},
}
for i, tt := range tests {
u, ok, err := tt.options.BootFileURL()
if err != nil {
uerr, ok := err.(*url.Error)
if !ok {
t.Fatalf("[%02d] test %q, not *url.Error", i, tt.desc)
}
if want, got := tt.err.Op, uerr.Op; want != got {
t.Fatalf("[%02d] test %q, unexpected error Op for Options.BootFileURL(): %v != %v",
i, tt.desc, want, got)
}
continue
}
if want, got := tt.ok, ok; want != got {
t.Fatalf("[%02d] test %q, unexpected ok for Options.BootFileURL(): %v != %v",
i, tt.desc, want, got)
}
if !ok {
continue
}
ttuu := url.URL(*tt.u)
uu := url.URL(*u)
if want, got := ttuu.String(), uu.String(); want != got {
t.Fatalf("[%02d] test %q, unexpected value for Options.BootFileURL(): %v != %v",
i, tt.desc, want, got)
}
}
}
func TestNewRegistration(t *testing.T) {
wfe := NewWebFrontEndImpl()
wfe.RA = &MockRegistrationAuthority{}
wfe.SA = &MockSA{}
wfe.Stats, _ = statsd.NewNoopClient()
wfe.SubscriberAgreementURL = "https://letsencrypt.org/be-good"
responseWriter := httptest.NewRecorder()
// GET instead of POST should be rejected
wfe.NewRegistration(responseWriter, &http.Request{
Method: "GET",
})
test.AssertEquals(t, responseWriter.Body.String(), "{\"type\":\"urn:acme:error:malformed\",\"detail\":\"Method not allowed\"}")
// POST, but no body.
responseWriter.Body.Reset()
wfe.NewRegistration(responseWriter, &http.Request{
Method: "POST",
})
test.AssertEquals(t, responseWriter.Body.String(), "{\"type\":\"urn:acme:error:malformed\",\"detail\":\"Unable to read/verify body\"}")
// POST, but body that isn't valid JWS
responseWriter.Body.Reset()
wfe.NewRegistration(responseWriter, &http.Request{
Method: "POST",
Body: makeBody("hi"),
})
test.AssertEquals(t, responseWriter.Body.String(), "{\"type\":\"urn:acme:error:malformed\",\"detail\":\"Unable to read/verify body\"}")
// POST, Properly JWS-signed, but payload is "foo", not base64-encoded JSON.
responseWriter.Body.Reset()
wfe.NewRegistration(responseWriter, &http.Request{
Method: "POST",
Body: makeBody(`
{
"header": {
"alg": "RS256",
"jwk": {
"e": "AQAB",
"kty": "RSA",
"n": "tSwgy3ORGvc7YJI9B2qqkelZRUC6F1S5NwXFvM4w5-M0TsxbFsH5UH6adigV0jzsDJ5imAechcSoOhAh9POceCbPN1sTNwLpNbOLiQQ7RD5mY_pSUHWXNmS9R4NZ3t2fQAzPeW7jOfF0LKuJRGkekx6tXP1uSnNibgpJULNc4208dgBaCHo3mvaE2HV2GmVl1yxwWX5QZZkGQGjNDZYnjFfa2DKVvFs0QbAk21ROm594kAxlRlMMrvqlf24Eq4ERO0ptzpZgm_3j_e4hGRD39gJS7kAzK-j2cacFQ5Qi2Y6wZI2p-FCq_wiYsfEAIkATPBiLKl_6d_Jfcvs_impcXQ"
}
},
"payload": "Zm9vCg",
"signature": "hRt2eYqBd_MyMRNIh8PEIACoFtmBi7BHTLBaAhpSU6zyDAFdEBaX7us4VB9Vo1afOL03Q8iuoRA0AT4akdV_mQTAQ_jhTcVOAeXPr0tB8b8Q11UPQ0tXJYmU4spAW2SapJIvO50ntUaqU05kZd0qw8-noH1Lja-aNnU-tQII4iYVvlTiRJ5g8_CADsvJqOk6FcHuo2mG643TRnhkAxUtazvHyIHeXMxydMMSrpwUwzMtln4ZJYBNx4QGEq6OhpAD_VSp-w8Lq5HOwGQoNs0bPxH1SGrArt67LFQBfjlVr94E1sn26p4vigXm83nJdNhWAMHHE9iV67xN-r29LT-FjA"
}
`),
})
test.AssertEquals(t,
responseWriter.Body.String(),
"{\"type\":\"urn:acme:error:malformed\",\"detail\":\"Error unmarshaling JSON\"}")
// Same signed body, but payload modified by one byte, breaking signature.
// should fail JWS verification.
responseWriter.Body.Reset()
wfe.NewRegistration(responseWriter, &http.Request{
Method: "POST",
Body: makeBody(`
{
"header": {
"alg": "RS256",
"jwk": {
"e": "AQAB",
"kty": "RSA",
"n": "vd7rZIoTLEe-z1_8G1FcXSw9CQFEJgV4g9V277sER7yx5Qjz_Pkf2YVth6wwwFJEmzc0hoKY-MMYFNwBE4hQHw"
}
},
"payload": "xm9vCg",
"signature": "RjUQ679fxJgeAJlxqgvDP_sfGZnJ-1RgWF2qmcbnBWljs6h1qp63pLnJOl13u81bP_bCSjaWkelGG8Ymx_X-aQ"
}
`),
})
test.AssertEquals(t,
responseWriter.Body.String(),
"{\"type\":\"urn:acme:error:malformed\",\"detail\":\"Unable to read/verify body\"}")
responseWriter.Body.Reset()
wfe.NewRegistration(responseWriter, &http.Request{
Method: "POST",
Body: makeBody(signRequest(t, "{\"contact\":[\"tel:123456789\"],\"agreement\":\"https://letsencrypt.org/im-bad\"}")),
})
test.AssertEquals(t,
responseWriter.Body.String(),
"{\"type\":\"urn:acme:error:malformed\",\"detail\":\"Provided agreement URL [https://letsencrypt.org/im-bad] does not match current agreement URL [https://letsencrypt.org/be-good]\"}")
responseWriter.Body.Reset()
wfe.NewRegistration(responseWriter, &http.Request{
Method: "POST",
Body: makeBody(signRequest(t, "{\"contact\":[\"tel:123456789\"],\"agreement\":\"https://letsencrypt.org/be-good\"}")),
})
test.AssertEquals(t, responseWriter.Body.String(), "{\"key\":{\"kty\":\"RSA\",\"n\":\"z2NsNdHeqAiGdPP8KuxfQXat_uatOK9y12SyGpfKw1sfkizBIsNxERjNDke6Wp9MugN9srN3sr2TDkmQ-gK8lfWo0v1uG_QgzJb1vBdf_hH7aejgETRGLNJZOdaKDsyFnWq1WGJq36zsHcd0qhggTk6zVwqczSxdiWIAZzEakIUZ13KxXvoepYLY0Q-rEEQiuX71e4hvhfeJ4l7m_B-awn22UUVvo3kCqmaRlZT-36vmQhDGoBsoUo1KBEU44jfeK5PbNRk7vDJuH0B7qinr_jczHcvyD-2TtPzKaCioMtNh_VZbPNDaG67sYkQlC15-Ff3HPzKKJW2XvkVG91qMvQ\",\"e\":\"AAEAAQ\"},\"recoveryToken\":\"\",\"contact\":[\"tel:123456789\"],\"agreement\":\"https://letsencrypt.org/be-good\",\"thumbprint\":\"\"}")
var reg core.Registration
err := json.Unmarshal([]byte(responseWriter.Body.String()), ®)
test.AssertNotError(t, err, "Couldn't unmarshal returned registration object")
uu := url.URL(reg.Contact[0])
test.AssertEquals(t, uu.String(), "tel:123456789")
}
// MarshalBinary allocates a byte slice containing the data from a URL.
func (u URL) MarshalBinary() ([]byte, error) {
uu := url.URL(u)
return []byte(uu.String()), nil
}
// Get returns the underlying url.URL
func (u *URLFlag) Get() interface{} {
return url.URL(*u)
}
func (u *AcmeURL) String() string {
uu := url.URL(*u)
return uu.String()
}
func (d *URL) String() string {
var u_d *url.URL
*u_d = url.URL(*d)
return u_d.String()
}
func (u AcmeURL) String() string {
url := url.URL(u)
return url.String()
}
func (e *Endpoint) String() string {
u := url.URL(*e)
return u.String()
}
// MarshalJSON encodes an AcmeURL for transfer
func (u AcmeURL) MarshalJSON() ([]byte, error) {
uu := url.URL(u)
return json.Marshal(uu.String())
}
// String reassembles the Resource into a valid URL string.
func (r *Resource) String() string {
u := url.URL(*r)
return u.String()
}
func (wfe *WebFrontEndImpl) challenge(authz core.Authorization, response http.ResponseWriter, request *http.Request, logEvent requestEvent) requestEvent {
// Check that the requested challenge exists within the authorization
found := false
var challengeIndex int
for i, challenge := range authz.Challenges {
tempURL := url.URL(challenge.URI)
if tempURL.Path == request.URL.Path && tempURL.RawQuery == request.URL.RawQuery {
found = true
challengeIndex = i
break
}
}
if !found {
logEvent.Error = "Unable to find challenge"
wfe.sendError(response, logEvent.Error, request.URL.RawQuery, http.StatusNotFound)
return logEvent
}
switch request.Method {
case "GET":
challenge := authz.Challenges[challengeIndex]
jsonReply, err := json.Marshal(challenge)
if err != nil {
logEvent.Error = err.Error()
// InternalServerError because this is a failure to decode data passed in
// by the caller, which got it from the DB.
wfe.sendError(response, "Failed to marshal challenge", err, http.StatusInternalServerError)
return logEvent
}
authzURL := wfe.AuthzBase + string(authz.ID)
challengeURL := url.URL(challenge.URI)
response.Header().Add("Location", challengeURL.String())
response.Header().Set("Content-Type", "application/json")
response.Header().Add("Link", link(authzURL, "up"))
response.WriteHeader(http.StatusAccepted)
if _, err := response.Write(jsonReply); err != nil {
wfe.log.Warning(fmt.Sprintf("Could not write response: %s", err))
logEvent.Error = err.Error()
return logEvent
}
case "POST":
body, _, currReg, err := wfe.verifyPOST(request, true, core.ResourceChallenge)
if err != nil {
logEvent.Error = err.Error()
respMsg := malformedJWS
respCode := http.StatusBadRequest
if err == sql.ErrNoRows {
respMsg = unknownKey
respCode = http.StatusForbidden
}
wfe.sendError(response, respMsg, err, respCode)
return logEvent
}
logEvent.Requester = currReg.ID
logEvent.Contacts = currReg.Contact
// Any version of the agreement is acceptable here. Version match is enforced in
// wfe.Registration when agreeing the first time. Agreement updates happen
// by mailing subscribers and don't require a registration update.
if currReg.Agreement == "" {
logEvent.Error = "Must agree to subscriber agreement before any further actions"
wfe.sendError(response, logEvent.Error, nil, http.StatusForbidden)
return logEvent
}
// Check that the registration ID matching the key used matches
// the registration ID on the authz object
if currReg.ID != authz.RegistrationID {
logEvent.Error = fmt.Sprintf("User: %v != Authorization: %v", currReg.ID, authz.RegistrationID)
wfe.sendError(response, "User registration ID doesn't match registration ID in authorization",
logEvent.Error,
http.StatusForbidden)
return logEvent
}
var challengeResponse core.Challenge
if err = json.Unmarshal(body, &challengeResponse); err != nil {
logEvent.Error = err.Error()
wfe.sendError(response, "Error unmarshaling challenge response", err, http.StatusBadRequest)
return logEvent
}
// Ask the RA to update this authorization
updatedAuthz, err := wfe.RA.UpdateAuthorization(authz, challengeIndex, challengeResponse)
if err != nil {
logEvent.Error = err.Error()
wfe.sendError(response, "Unable to update authorization", err, statusCodeFromError(err))
return logEvent
}
challenge := updatedAuthz.Challenges[challengeIndex]
// assumption: UpdateAuthorization does not modify order of challenges
jsonReply, err := json.Marshal(challenge)
if err != nil {
logEvent.Error = err.Error()
// StatusInternalServerError because we made the challenges, they should be OK
wfe.sendError(response, "Failed to marshal challenge", err, http.StatusInternalServerError)
return logEvent
}
authzURL := wfe.AuthzBase + string(authz.ID)
challengeURL := url.URL(challenge.URI)
response.Header().Add("Location", challengeURL.String())
response.Header().Set("Content-Type", "application/json")
response.Header().Add("Link", link(authzURL, "up"))
response.WriteHeader(http.StatusAccepted)
if _, err = response.Write(jsonReply); err != nil {
logEvent.Error = err.Error()
wfe.log.Warning(fmt.Sprintf("Could not write response: %s", err))
return logEvent
}
}
return logEvent
}
func TestNewRegistration(t *testing.T) {
wfe := setupWFE(t)
wfe.RA = &MockRegistrationAuthority{}
wfe.SA = &MockSA{}
wfe.Stats, _ = statsd.NewNoopClient()
wfe.SubscriberAgreementURL = agreementURL
responseWriter := httptest.NewRecorder()
// GET instead of POST should be rejected
wfe.NewRegistration(responseWriter, &http.Request{
Method: "GET",
})
test.AssertEquals(t, responseWriter.Body.String(), "{\"type\":\"urn:acme:error:malformed\",\"detail\":\"Method not allowed\"}")
// POST, but no body.
responseWriter.Body.Reset()
wfe.NewRegistration(responseWriter, &http.Request{
Method: "POST",
})
test.AssertEquals(t, responseWriter.Body.String(), "{\"type\":\"urn:acme:error:malformed\",\"detail\":\"Unable to read/verify body\"}")
// POST, but body that isn't valid JWS
responseWriter.Body.Reset()
wfe.NewRegistration(responseWriter, &http.Request{
Method: "POST",
Body: makeBody("hi"),
})
test.AssertEquals(t, responseWriter.Body.String(), "{\"type\":\"urn:acme:error:malformed\",\"detail\":\"Unable to read/verify body\"}")
key, err := jose.LoadPrivateKey([]byte(test2KeyPrivatePEM))
test.AssertNotError(t, err, "Failed to load key")
rsaKey, ok := key.(*rsa.PrivateKey)
test.Assert(t, ok, "Couldn't load RSA key")
signer, err := jose.NewSigner("RS256", rsaKey)
test.AssertNotError(t, err, "Failed to make signer")
// POST, Properly JWS-signed, but payload is "foo", not base64-encoded JSON.
responseWriter.Body.Reset()
nonce, err := wfe.nonceService.Nonce()
test.AssertNotError(t, err, "Unable to create nonce")
result, err := signer.Sign([]byte("foo"), nonce)
wfe.NewRegistration(responseWriter, &http.Request{
Method: "POST",
Body: makeBody(result.FullSerialize()),
})
test.AssertEquals(t,
responseWriter.Body.String(),
"{\"type\":\"urn:acme:error:malformed\",\"detail\":\"Error unmarshaling JSON\"}")
// Same signed body, but payload modified by one byte, breaking signature.
// should fail JWS verification.
responseWriter.Body.Reset()
wfe.NewRegistration(responseWriter, &http.Request{
Method: "POST",
Body: makeBody(`
{
"header": {
"alg": "RS256",
"jwk": {
"e": "AQAB",
"kty": "RSA",
"n": "vd7rZIoTLEe-z1_8G1FcXSw9CQFEJgV4g9V277sER7yx5Qjz_Pkf2YVth6wwwFJEmzc0hoKY-MMYFNwBE4hQHw"
}
},
"payload": "xm9vCg",
"signature": "RjUQ679fxJgeAJlxqgvDP_sfGZnJ-1RgWF2qmcbnBWljs6h1qp63pLnJOl13u81bP_bCSjaWkelGG8Ymx_X-aQ"
}
`),
})
test.AssertEquals(t,
responseWriter.Body.String(),
"{\"type\":\"urn:acme:error:malformed\",\"detail\":\"Unable to read/verify body\"}")
responseWriter.Body.Reset()
nonce, err = wfe.nonceService.Nonce()
test.AssertNotError(t, err, "Unable to create nonce")
result, err = signer.Sign(
[]byte("{\"contact\":[\"tel:123456789\"],\"agreement\":\"https://letsencrypt.org/im-bad\"}"),
nonce)
wfe.NewRegistration(responseWriter, &http.Request{
Method: "POST",
Body: makeBody(result.FullSerialize()),
})
test.AssertEquals(t,
responseWriter.Body.String(),
"{\"type\":\"urn:acme:error:malformed\",\"detail\":\"Provided agreement URL [https://letsencrypt.org/im-bad] does not match current agreement URL ["+agreementURL+"]\"}")
responseWriter.Body.Reset()
nonce, err = wfe.nonceService.Nonce()
test.AssertNotError(t, err, "Unable to create nonce")
result, err = signer.Sign([]byte("{\"contact\":[\"tel:123456789\"],\"agreement\":\""+agreementURL+"\"}"), nonce)
wfe.NewRegistration(responseWriter, &http.Request{
Method: "POST",
Body: makeBody(result.FullSerialize()),
})
test.AssertEquals(t, responseWriter.Body.String(), `{"id":0,"key":{"kty":"RSA","n":"qnARLrT7Xz4gRcKyLdydmCr-ey9OuPImX4X40thk3on26FkMznR3fRjs66eLK7mmPcBZ6uOJseURU6wAaZNmemoYx1dMvqvWWIyiQleHSD7Q8vBrhR6uIoO4jAzJZR-ChzZuSDt7iHN-3xUVspu5XGwXU_MVJZshTwp4TaFx5elHIT_ObnTvTOU3Xhish07AbgZKmWsVbXh5s-CrIicU4OexJPgunWZ_YJJueOKmTvnLlTV4MzKR2oZlBKZ27S0-SfdV_QDx_ydle5oMAyKVtlAV35cyPMIsYNwgUGBCdY_2Uzi5eX0lTc7MPRwz6qR1kip-i59VcGcUQgqHV6Fyqw","e":"AAEAAQ"},"recoveryToken":"","contact":["tel:123456789"],"agreement":"http://example.invalid/terms"}`)
var reg core.Registration
err = json.Unmarshal([]byte(responseWriter.Body.String()), ®)
test.AssertNotError(t, err, "Couldn't unmarshal returned registration object")
test.Assert(t, len(reg.Contact) >= 1, "No contact field in registration")
uu := url.URL(reg.Contact[0])
test.AssertEquals(t, uu.String(), "tel:123456789")
test.AssertEquals(
t, responseWriter.Header().Get("Location"),
"/acme/reg/0")
test.AssertEquals(
t, responseWriter.Header().Get("Link"),
"</acme/new-authz>;rel=\"next\"")
key, err = jose.LoadPrivateKey([]byte(test1KeyPrivatePEM))
test.AssertNotError(t, err, "Failed to load key")
rsaKey, ok = key.(*rsa.PrivateKey)
test.Assert(t, ok, "Couldn't load RSA key")
signer, err = jose.NewSigner("RS256", rsaKey)
test.AssertNotError(t, err, "Failed to make signer")
// POST, Valid JSON, Key already in use
responseWriter.Body.Reset()
nonce, err = wfe.nonceService.Nonce()
test.AssertNotError(t, err, "Unable to create nonce")
result, err = signer.Sign([]byte("{\"contact\":[\"tel:123456789\"],\"agreement\":\""+agreementURL+"\"}"), nonce)
wfe.NewRegistration(responseWriter, &http.Request{
Method: "POST",
Body: makeBody(result.FullSerialize()),
})
test.AssertEquals(t,
responseWriter.Body.String(),
"{\"type\":\"urn:acme:error:malformed\",\"detail\":\"Registration key is already in use\"}")
}
