コード例 #1
0
ファイル: storage-fdb.go プロジェクト: falkbizz/acme
func (s *fdbStore) validateAuthorization(account *Account, authName string, c *fdb.Collection) error {
	ss, err := fdb.String(c.Open("expiry"))
	if err != nil {
		return err
	}

	expiry, err := time.Parse(time.RFC3339, strings.TrimSpace(ss))
	if err != nil {
		return err
	}

	azURL, _ := fdb.String(c.Open("url"))
	if !acmeapi.ValidURL(azURL) {
		azURL = ""
	}

	az := &Authorization{
		Name:    authName,
		URL:     strings.TrimSpace(azURL),
		Expires: expiry,
	}

	account.Authorizations[authName] = az
	return nil
}
コード例 #2
0
ファイル: types.go プロジェクト: hlandau/acme
// Validates a target for basic sanity. Returns the first error found or nil.
func (t *Target) Validate() error {
	if t.Request.Provider != "" && !acmeapi.ValidURL(t.Request.Provider) {
		return fmt.Errorf("invalid provider URL: %q", t.Request.Provider)
	}

	return nil
}
コード例 #3
0
ファイル: storage.go プロジェクト: meyskens/acme
// Set the default provider directory URL.
func (s *Store) SetDefaultProvider(providerURL string) error {
	if !acmeapi.ValidURL(providerURL) {
		return fmt.Errorf("invalid provider URL")
	}

	s.defaultTarget.Request.Provider = providerURL
	return s.saveDefaultTarget()
}
コード例 #4
0
ファイル: storage-fdb.go プロジェクト: falkbizz/acme
func (s *fdbStore) validateCert(certID string, c *fdb.Collection) error {
	ss, err := fdb.String(c.Open("url"))
	if err != nil {
		return err
	}

	ss = strings.TrimSpace(ss)
	if !acmeapi.ValidURL(ss) {
		return fmt.Errorf("certificate has invalid URI")
	}

	actualCertID := determineCertificateID(ss)
	if certID != actualCertID {
		return fmt.Errorf("cert ID mismatch: %#v != %#v", certID, actualCertID)
	}

	crt := &Certificate{
		URL:               ss,
		Certificates:      nil,
		Cached:            false,
		RevocationDesired: fdb.Exists(c, "revoke"),
		Revoked:           fdb.Exists(c, "revoked"),
	}

	fullchain, err := fdb.Bytes(c.Open("fullchain"))
	if err == nil {
		certs, err := acmeutils.LoadCertificates(fullchain)
		if err != nil {
			return err
		}

		xcrt, err := x509.ParseCertificate(certs[0])
		if err != nil {
			return err
		}

		keyID := determineKeyIDFromCert(xcrt)
		crt.Key = s.keys[keyID]

		if crt.Key != nil {
			err := c.WriteLink("privkey", fdb.Link{Target: "keys/" + keyID + "/privkey"})
			if err != nil {
				return err
			}
		}

		crt.Certificates = certs
		crt.Cached = true
	}

	s.certs[certID] = crt

	return nil
}
コード例 #5
0
ファイル: reconcile.go プロジェクト: pcarrier/acme
func (r *reconcile) getAccountByDirectoryURL(directoryURL string) (*storage.Account, error) {
	if directoryURL == "" {
		directoryURL = r.store.DefaultTarget().Request.Provider
	}

	if directoryURL == "" {
		directoryURL = acmeendpoints.DefaultEndpoint.DirectoryURL
	}

	if !acmeapi.ValidURL(directoryURL) {
		return nil, fmt.Errorf("directory URL is not a valid HTTPS URL")
	}

	ma := r.store.AccountByDirectoryURL(directoryURL)
	if ma != nil {
		return ma, nil
	}

	return r.createNewAccount(directoryURL)
}
コード例 #6
0
ファイル: storage.go プロジェクト: meyskens/acme
func (s *Store) getAccountByProviderString(p string) (*Account, error) {
	if p == "" && s.defaultTarget != nil {
		p = s.defaultTarget.Request.Provider
	}

	if p == "" {
		p = acmeapi.DefaultDirectoryURL
	}

	if !acmeapi.ValidURL(p) {
		return nil, fmt.Errorf("provider URI is not a valid HTTPS URL")
	}

	for _, a := range s.accounts {
		if a.MatchesURL(p) {
			return a, nil
		}
	}

	return s.createNewAccount(p)
}
コード例 #7
0
ファイル: quickstart.go プロジェクト: pcarrier/acme
func promptServerURL() string {
	var options []interaction.Option
	acmeendpoints.Visit(func(e *acmeendpoints.Endpoint) error {
		t := e.Title
		switch e.Code {
		case "LetsEncryptLive":
			t += " - I want live certificates"
		case "LetsEncryptStaging":
			t += " - I want test certificates"
		}

		options = append(options, interaction.Option{
			Title: t,
			Value: e.DirectoryURL,
		})
		return nil
	})

	options = append(options, interaction.Option{
		Title: "Enter an ACME server URL",
		Value: "url",
	})

	r, err := interaction.Auto.Prompt(&interaction.Challenge{
		Title: "Select ACME Server",
		Body: `Please choose an ACME server from which to request certificates. Your principal choices are the Let's Encrypt Live Server, and the Let's Encrypt Staging Server.

You can use the Let's Encrypt Live Server to get real certificates.

The Let's Encrypt Staging Server does not issue publically trusted certificates. It is useful for development purposes, as it has far higher rate limits than the live server.`,
		ResponseType: interaction.RTSelect,
		Options:      options,
		UniqueID:     "acmetool-quickstart-choose-server",
	})
	log.Fatale(err, "interaction")

	if r.Cancelled {
		os.Exit(1)
		return ""
	}

	if r.Value == "url" {
		for {
			r, err = interaction.Auto.Prompt(&interaction.Challenge{
				Title:        "Select ACME Server",
				Body:         `Please enter the "Directory URL" of an ACME server. This must be an HTTPS URL pointing to the ACME directory for the server.`,
				ResponseType: interaction.RTLineString,
				UniqueID:     "acmetool-quickstart-enter-directory-url",
			})
			log.Fatale(err, "interaction")

			if r.Cancelled {
				os.Exit(1)
				return ""
			}

			if acmeapi.ValidURL(r.Value) {
				break
			}

			interaction.Auto.Prompt(&interaction.Challenge{
				Title:        "Invalid ACME URL",
				Body:         "That was not a valid ACME Directory URL. An ACME Directory URL must be a valid HTTPS URL.",
				ResponseType: interaction.RTAcknowledge,
				UniqueID:     "acmetool-quickstart-invalid-directory-url",
			})
			log.Fatale(err, "interaction")

			if r.Cancelled {
				os.Exit(1)
				return ""
			}
		}
	}

	return r.Value
}