-
Notifications
You must be signed in to change notification settings - Fork 149
/
types.go
113 lines (95 loc) · 2.14 KB
/
types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
package core
import (
"bytes"
"crypto"
"crypto/x509"
"encoding/base64"
"encoding/pem"
"fmt"
"sync"
"time"
"github.com/letsencrypt/pebble/acme"
"gopkg.in/square/go-jose.v2"
)
type Order struct {
sync.RWMutex
acme.Order
ID string
AccountID string
Names []string
ParsedCSR *x509.CertificateRequest
ExpiresDate time.Time
AuthorizationObjects []*Authorization
CertificateObject *Certificate
}
type Account struct {
acme.Account
Key *jose.JSONWebKey `json:"key"`
ID string
}
type Authorization struct {
sync.RWMutex
acme.Authorization
ID string
URL string
ExpiresDate time.Time
Order *Order
}
type Challenge struct {
sync.RWMutex
acme.Challenge
ID string
Authz *Authorization
ValidatedDate time.Time
}
func (ch *Challenge) ExpectedKeyAuthorization(key *jose.JSONWebKey) string {
if key == nil {
panic("ExpectedKeyAuthorization called with nil key")
}
thumbprint, err := key.Thumbprint(crypto.SHA256)
if err != nil {
panic("ExpectedKeyAuthorization: " + err.Error())
}
return ch.Token + "." + base64.RawURLEncoding.EncodeToString(thumbprint)
}
type Certificate struct {
ID string
Cert *x509.Certificate
DER []byte
Issuer *Certificate
}
func (c Certificate) PEM() []byte {
var buf bytes.Buffer
err := pem.Encode(&buf, &pem.Block{
Type: "CERTIFICATE",
Bytes: c.DER,
})
if err != nil {
panic(fmt.Sprintf("Unable to encode certificate %q to PEM: %s",
c.ID, err.Error()))
}
return buf.Bytes()
}
func (c Certificate) Chain() []byte {
chain := make([][]byte, 0)
// Add the leaf certificate
chain = append(chain, c.PEM())
// Add zero or more issuers
issuer := c.Issuer
for {
// if the issuer is nil, or the issuer's issuer is nil then we've reached
// the root of the chain and can break
if issuer == nil || issuer.Issuer == nil {
break
}
chain = append(chain, issuer.PEM())
issuer = issuer.Issuer
}
// Return the chain, leaf cert first
return bytes.Join(chain, nil)
}
type ValidationRecord struct {
URL string
Error *acme.ProblemDetails
ValidatedAt time.Time
}