func modelToChallenge(cm *challModel) (core.Challenge, error) {
c := core.Challenge{
Type: cm.Type,
Status: cm.Status,
Validated: cm.Validated,
Token: cm.Token,
TLS: cm.TLS,
}
if len(cm.URI) > 0 {
uri, err := core.ParseAcmeURL(cm.URI)
if err != nil {
return core.Challenge{}, err
}
c.URI = uri
}
if len(cm.Validation) > 0 {
val, err := jose.ParseSigned(string(cm.Validation))
if err != nil {
return core.Challenge{}, err
}
c.Validation = val
}
if len(cm.Error) > 0 {
var problem core.ProblemDetails
err := json.Unmarshal(cm.Error, &problem)
if err != nil {
return core.Challenge{}, err
}
c.Error = &problem
}
if len(cm.ValidationRecord) > 0 {
var vr []core.ValidationRecord
err := json.Unmarshal(cm.ValidationRecord, &vr)
if err != nil {
return core.Challenge{}, err
}
c.ValidationRecord = vr
}
if len(cm.AccountKey) > 0 {
var ak jose.JsonWebKey
err := json.Unmarshal(cm.AccountKey, &ak)
if err != nil {
return core.Challenge{}, err
}
c.AccountKey = &ak
}
return c, nil
}
func (wfe *WebFrontEndImpl) verifyPOST(request *http.Request, regCheck bool, resource core.AcmeResource) ([]byte, *jose.JsonWebKey, core.Registration, error) {
var err error
var reg core.Registration
// Read body
if request.Body == nil {
err = core.MalformedRequestError("No body on POST")
wfe.log.Debug(err.Error())
return nil, nil, reg, err
}
bodyBytes, err := ioutil.ReadAll(request.Body)
if err != nil {
err = core.InternalServerError(err.Error())
wfe.log.Debug(err.Error())
return nil, nil, reg, err
}
body := string(bodyBytes)
// Parse as JWS
parsedJws, err := jose.ParseSigned(body)
if err != nil {
puberr := core.SignatureValidationError("Parse error reading JWS")
wfe.log.Debug(fmt.Sprintf("%v :: %v", puberr.Error(), err.Error()))
return nil, nil, reg, puberr
}
// Verify JWS
// NOTE: It might seem insecure for the WFE to be trusted to verify
// client requests, i.e., that the verification should be done at the
// RA. However the WFE is the RA's only view of the outside world
// *anyway*, so it could always lie about what key was used by faking
// the signature itself.
if len(parsedJws.Signatures) > 1 {
err = core.SignatureValidationError("Too many signatures on POST")
wfe.log.Debug(err.Error())
return nil, nil, reg, err
}
if len(parsedJws.Signatures) == 0 {
err = core.SignatureValidationError("POST JWS not signed")
wfe.log.Debug(err.Error())
return nil, nil, reg, err
}
key := parsedJws.Signatures[0].Header.JsonWebKey
payload, header, err := parsedJws.Verify(key)
if err != nil {
puberr := core.SignatureValidationError("JWS verification error")
wfe.log.Debug(string(body))
wfe.log.Debug(fmt.Sprintf("%v :: %v", puberr.Error(), err.Error()))
return nil, nil, reg, puberr
}
// Check that the request has a known anti-replay nonce
// i.e., Nonce is in protected header and
if err != nil || len(header.Nonce) == 0 {
err = core.SignatureValidationError("JWS has no anti-replay nonce")
wfe.log.Debug(err.Error())
return nil, nil, reg, err
} else if !wfe.nonceService.Valid(header.Nonce) {
err = core.SignatureValidationError(fmt.Sprintf("JWS has invalid anti-replay nonce"))
wfe.log.Debug(err.Error())
return nil, nil, reg, err
}
reg, err = wfe.SA.GetRegistrationByKey(*key)
if err != nil {
// If we are requiring a valid registration, any failure to look up the
// registration is an overall failure to verify.
if regCheck {
return nil, nil, reg, err
}
// Otherwise we just return an empty registration. The caller is expected
// to use the returned key instead.
reg = core.Registration{}
}
// Check that the "resource" field is present and has the correct value
var parsedRequest struct {
Resource string `json:"resource"`
}
err = json.Unmarshal([]byte(payload), &parsedRequest)
if err != nil {
puberr := core.SignatureValidationError("Request payload did not parse as JSON")
wfe.log.Debug(fmt.Sprintf("%v :: %v", puberr.Error(), err.Error()))
return nil, nil, reg, puberr
}
if parsedRequest.Resource == "" {
err = core.MalformedRequestError("Request payload does not specify a resource")
wfe.log.Debug(err.Error())
return nil, nil, reg, err
} else if resource != core.AcmeResource(parsedRequest.Resource) {
err = core.MalformedRequestError(fmt.Sprintf("Request payload has invalid resource: %s != %s", parsedRequest.Resource, resource))
wfe.log.Debug(err.Error())
return nil, nil, reg, err
}
return []byte(payload), key, reg, nil
}
// verifyPOST reads and parses the request body, looks up the Registration
// corresponding to its JWK, verifies the JWS signature, checks that the
// resource field is present and correct in the JWS protected header, and
// returns the JWS payload bytes, the key used to verify, and the corresponding
// Registration (or error). If regCheck is false, verifyPOST will still try to
// look up a registration object, and will return it if found. However, if no
// registration object is found, verifyPOST will attempt to verify the JWS using
// the key in the JWS headers, and return the key plus a dummy registration if
// successful. If a caller passes regCheck = false, it should plan on validating
// the key itself. verifyPOST also appends its errors to requestEvent.Errors so
// code calling it does not need to if they imediately return a response to the
// user.
func (wfe *WebFrontEndImpl) verifyPOST(logEvent *requestEvent, request *http.Request, regCheck bool, resource core.AcmeResource) ([]byte, *jose.JsonWebKey, core.Registration, error) {
var err error
// TODO: We should return a pointer to a registration, which can be nil,
// rather the a registration value with a sentinel value.
// https://github.com/letsencrypt/boulder/issues/877
reg := core.Registration{ID: 0}
if _, ok := request.Header["Content-Length"]; !ok {
err = core.LengthRequiredError("Content-Length header is required for POST.")
wfe.stats.Inc("WFE.HTTP.ClientErrors.LengthRequiredError", 1, 1.0)
logEvent.AddError("missing Content-Length header on POST")
return nil, nil, reg, err
}
// Read body
if request.Body == nil {
err = core.MalformedRequestError("No body on POST")
wfe.stats.Inc("WFE.Errors.NoPOSTBody", 1, 1.0)
logEvent.AddError("no body on POST")
return nil, nil, reg, err
}
bodyBytes, err := ioutil.ReadAll(request.Body)
if err != nil {
err = core.InternalServerError("unable to read request body")
wfe.stats.Inc("WFE.Errors.UnableToReadRequestBody", 1, 1.0)
logEvent.AddError("unable to read request body")
return nil, nil, reg, err
}
body := string(bodyBytes)
// Parse as JWS
parsedJws, err := jose.ParseSigned(body)
if err != nil {
puberr := core.SignatureValidationError("Parse error reading JWS")
wfe.stats.Inc("WFE.Errors.UnableToParseJWS", 1, 1.0)
logEvent.AddError("could not JSON parse body into JWS: %s", err)
return nil, nil, reg, puberr
}
// Verify JWS
// NOTE: It might seem insecure for the WFE to be trusted to verify
// client requests, i.e., that the verification should be done at the
// RA. However the WFE is the RA's only view of the outside world
// *anyway*, so it could always lie about what key was used by faking
// the signature itself.
if len(parsedJws.Signatures) > 1 {
err = core.SignatureValidationError("Too many signatures in POST body")
wfe.stats.Inc("WFE.Errors.TooManyJWSSignaturesInPOST", 1, 1.0)
logEvent.AddError("too many signatures in POST body: %d", len(parsedJws.Signatures))
return nil, nil, reg, err
}
if len(parsedJws.Signatures) == 0 {
err = core.SignatureValidationError("POST JWS not signed")
wfe.stats.Inc("WFE.Errors.JWSNotSignedInPOST", 1, 1.0)
logEvent.AddError("no signatures in POST body")
return nil, nil, reg, err
}
submittedKey := parsedJws.Signatures[0].Header.JsonWebKey
if submittedKey == nil {
err = core.SignatureValidationError("No JWK in JWS header")
wfe.stats.Inc("WFE.Errors.NoJWKInJWSSignatureHeader", 1, 1.0)
logEvent.AddError("no JWK in JWS signature header in POST body")
return nil, nil, reg, err
}
var key *jose.JsonWebKey
reg, err = wfe.SA.GetRegistrationByKey(*submittedKey)
// Special case: If no registration was found, but regCheck is false, use an
// empty registration and the submitted key. The caller is expected to do some
// validation on the returned key.
if _, ok := err.(core.NoSuchRegistrationError); ok && !regCheck {
// When looking up keys from the registrations DB, we can be confident they
// are "good". But when we are verifying against any submitted key, we want
// to check its quality before doing the verify.
if err = core.GoodKey(submittedKey.Key); err != nil {
wfe.stats.Inc("WFE.Errors.JWKRejectedByGoodKey", 1, 1.0)
logEvent.AddError("JWK in request was rejected by GoodKey: %s", err)
return nil, nil, reg, err
}
key = submittedKey
} else if err != nil {
// For all other errors, or if regCheck is true, return error immediately.
wfe.stats.Inc("WFE.Errors.UnableToGetRegistrationByKey", 1, 1.0)
logEvent.AddError("unable to fetch registration by the given JWK: %s", err)
return nil, nil, reg, err
} else {
// If the lookup was successful, use that key.
key = ®.Key
logEvent.Requester = reg.ID
logEvent.Contacts = reg.Contact
}
payload, header, err := parsedJws.Verify(key)
if err != nil {
puberr := core.SignatureValidationError("JWS verification error")
wfe.stats.Inc("WFE.Errors.JWSVerificationFailed", 1, 1.0)
n := len(body)
if n > 100 {
n = 100
}
logEvent.AddError("verification of JWS with the JWK failed: %v; body: %s", err, body[:n])
return nil, nil, reg, puberr
}
// Check that the request has a known anti-replay nonce
// i.e., Nonce is in protected header and
if err != nil || len(header.Nonce) == 0 {
wfe.stats.Inc("WFE.Errors.JWSMissingNonce", 1, 1.0)
logEvent.AddError("JWS is missing an anti-replay nonce")
err = core.SignatureValidationError("JWS has no anti-replay nonce")
return nil, nil, reg, err
} else if !wfe.nonceService.Valid(header.Nonce) {
wfe.stats.Inc("WFE.Errors.JWSInvalidNonce", 1, 1.0)
logEvent.AddError("JWS has an invalid anti-replay nonce")
err = core.SignatureValidationError(fmt.Sprintf("JWS has invalid anti-replay nonce"))
return nil, nil, reg, err
}
// Check that the "resource" field is present and has the correct value
var parsedRequest struct {
Resource string `json:"resource"`
}
err = json.Unmarshal([]byte(payload), &parsedRequest)
if err != nil {
wfe.stats.Inc("WFE.Errors.UnparsableJWSPayload", 1, 1.0)
logEvent.AddError("unable to JSON parse resource from JWS payload: %s", err)
puberr := core.SignatureValidationError("Request payload did not parse as JSON")
return nil, nil, reg, puberr
}
if parsedRequest.Resource == "" {
wfe.stats.Inc("WFE.Errors.NoResourceInJWSPayload", 1, 1.0)
logEvent.AddError("JWS request payload does not specifiy a resource")
err = core.MalformedRequestError("Request payload does not specify a resource")
return nil, nil, reg, err
} else if resource != core.AcmeResource(parsedRequest.Resource) {
wfe.stats.Inc("WFE.Errors.MismatchedResourceInJWSPayload", 1, 1.0)
logEvent.AddError("JWS request payload does not match resource")
err = core.MalformedRequestError(fmt.Sprintf("JWS resource payload does not match the HTTP resource: %s != %s", parsedRequest.Resource, resource))
return nil, nil, reg, err
}
return []byte(payload), key, reg, nil
}
func (wfe *WebFrontEndImpl) verifyPOST(request *http.Request, regCheck bool) ([]byte, *jose.JsonWebKey, core.Registration, error) {
var reg core.Registration
// Read body
if request.Body == nil {
return nil, nil, reg, errors.New("No body on POST")
}
bodyBytes, err := ioutil.ReadAll(request.Body)
if err != nil {
return nil, nil, reg, err
}
body := string(bodyBytes)
// Parse as JWS
parsedJws, err := jose.ParseSigned(body)
if err != nil {
wfe.log.Debug(fmt.Sprintf("Parse error reading JWS: %#v", err))
return nil, nil, reg, err
}
// Verify JWS
// NOTE: It might seem insecure for the WFE to be trusted to verify
// client requests, i.e., that the verification should be done at the
// RA. However the WFE is the RA's only view of the outside world
// *anyway*, so it could always lie about what key was used by faking
// the signature itself.
if len(parsedJws.Signatures) > 1 {
wfe.log.Debug(fmt.Sprintf("Too many signatures on POST"))
return nil, nil, reg, errors.New("Too many signatures on POST")
}
if len(parsedJws.Signatures) == 0 {
wfe.log.Debug(fmt.Sprintf("POST not signed: %s", body))
return nil, nil, reg, errors.New("POST not signed")
}
key := parsedJws.Signatures[0].Header.JsonWebKey
payload, header, err := parsedJws.Verify(key)
if err != nil {
wfe.log.Debug(string(body))
wfe.log.Debug(fmt.Sprintf("JWS verification error: %v", err))
return nil, nil, reg, err
}
// Check that the request has a known anti-replay nonce
// i.e., Nonce is in protected header and
if err != nil || len(header.Nonce) == 0 {
wfe.log.Debug("JWS has no anti-replay nonce")
return nil, nil, reg, errors.New("JWS has no anti-replay nonce")
} else if !wfe.nonceService.Valid(header.Nonce) {
wfe.log.Debug(fmt.Sprintf("JWS has invalid anti-replay nonce: %s", header.Nonce))
return nil, nil, reg, errors.New("JWS has invalid anti-replay nonce")
}
reg, err = wfe.SA.GetRegistrationByKey(*key)
if err != nil {
// If we are requiring a valid registration, any failure to look up the
// registration is an overall failure to verify.
if regCheck {
return nil, nil, reg, err
}
// Otherwise we just return an empty registration. The caller is expected
// to use the returned key instead.
reg = core.Registration{}
}
return []byte(payload), key, reg, nil
}
// verifyPOST reads and parses the request body, looks up the Registration
// corresponding to its JWK, verifies the JWS signature,
// checks that the resource field is present and correct in the JWS protected
// header, and returns the JWS payload bytes, the key used to verify, and the
// corresponding Registration (or error).
// If regCheck is false, verifyPOST will still try to look up a registration
// object, and will return it if found. However, if no registration object is
// found, verifyPOST will attempt to verify the JWS using the key in the JWS
// headers, and return the key plus a dummy registration if successful. If a
// caller passes regCheck = false, it should plan on validating the key itself.
func (wfe *WebFrontEndImpl) verifyPOST(request *http.Request, regCheck bool, resource core.AcmeResource) ([]byte, *jose.JsonWebKey, core.Registration, error) {
var err error
// TODO: We should return a pointer to a registration, which can be nil,
// rather the a registration value with a sentinel value.
// https://github.com/letsencrypt/boulder/issues/877
reg := core.Registration{ID: -1}
if _, ok := request.Header["Content-Length"]; !ok {
err = core.LengthRequiredError("Content-Length header is required for POST.")
wfe.log.Debug(err.Error())
return nil, nil, reg, err
}
// Read body
if request.Body == nil {
err = core.MalformedRequestError("No body on POST")
wfe.log.Debug(err.Error())
return nil, nil, reg, err
}
bodyBytes, err := ioutil.ReadAll(request.Body)
if err != nil {
err = core.InternalServerError(err.Error())
wfe.log.Debug(err.Error())
return nil, nil, reg, err
}
body := string(bodyBytes)
// Parse as JWS
parsedJws, err := jose.ParseSigned(body)
if err != nil {
puberr := core.SignatureValidationError("Parse error reading JWS")
wfe.log.Debug(fmt.Sprintf("%v :: %v", puberr.Error(), err.Error()))
return nil, nil, reg, puberr
}
// Verify JWS
// NOTE: It might seem insecure for the WFE to be trusted to verify
// client requests, i.e., that the verification should be done at the
// RA. However the WFE is the RA's only view of the outside world
// *anyway*, so it could always lie about what key was used by faking
// the signature itself.
if len(parsedJws.Signatures) > 1 {
err = core.SignatureValidationError("Too many signatures on POST")
wfe.log.Debug(err.Error())
return nil, nil, reg, err
}
if len(parsedJws.Signatures) == 0 {
err = core.SignatureValidationError("POST JWS not signed")
wfe.log.Debug(err.Error())
return nil, nil, reg, err
}
submittedKey := parsedJws.Signatures[0].Header.JsonWebKey
if submittedKey == nil {
err = core.SignatureValidationError("No JWK in JWS header")
wfe.log.Debug(err.Error())
return nil, nil, reg, err
}
var key *jose.JsonWebKey
reg, err = wfe.SA.GetRegistrationByKey(*submittedKey)
// Special case: If no registration was found, but regCheck is false, use an
// empty registration and the submitted key. The caller is expected to do some
// validation on the returned key.
if _, ok := err.(core.NoSuchRegistrationError); ok && !regCheck {
// When looking up keys from the registrations DB, we can be confident they
// are "good". But when we are verifying against any submitted key, we want
// to check its quality before doing the verify.
if err = core.GoodKey(submittedKey.Key); err != nil {
return nil, nil, reg, err
}
key = submittedKey
} else if err != nil {
// For all other errors, or if regCheck is true, return error immediately.
return nil, nil, reg, err
} else {
// If the lookup was successful, use that key.
key = ®.Key
}
payload, header, err := parsedJws.Verify(key)
if err != nil {
puberr := core.SignatureValidationError("JWS verification error")
wfe.log.Debug(string(body))
wfe.log.Debug(fmt.Sprintf("%v :: %v", puberr.Error(), err.Error()))
return nil, nil, reg, puberr
}
// Check that the request has a known anti-replay nonce
// i.e., Nonce is in protected header and
if err != nil || len(header.Nonce) == 0 {
err = core.SignatureValidationError("JWS has no anti-replay nonce")
wfe.log.Debug(err.Error())
return nil, nil, reg, err
} else if !wfe.nonceService.Valid(header.Nonce) {
err = core.SignatureValidationError(fmt.Sprintf("JWS has invalid anti-replay nonce"))
wfe.log.Debug(err.Error())
return nil, nil, reg, err
}
// Check that the "resource" field is present and has the correct value
var parsedRequest struct {
Resource string `json:"resource"`
}
err = json.Unmarshal([]byte(payload), &parsedRequest)
if err != nil {
puberr := core.SignatureValidationError("Request payload did not parse as JSON")
wfe.log.Debug(fmt.Sprintf("%v :: %v", puberr.Error(), err.Error()))
return nil, nil, reg, puberr
}
if parsedRequest.Resource == "" {
err = core.MalformedRequestError("Request payload does not specify a resource")
wfe.log.Debug(err.Error())
return nil, nil, reg, err
} else if resource != core.AcmeResource(parsedRequest.Resource) {
err = core.MalformedRequestError(fmt.Sprintf("Request payload has invalid resource: %s != %s", parsedRequest.Resource, resource))
wfe.log.Debug(err.Error())
return nil, nil, reg, err
}
return []byte(payload), key, reg, nil
}