|
|
@@ -48,14 +48,14 @@ const LetsEncryptURL = "https://acme-v01.api.letsencrypt.org/directory"
|
|
|
// client := &Client{Key: key}
|
|
|
//
|
|
|
type Client struct {
|
|
|
- // HTTPClient optionally specifies an HTTP client to use
|
|
|
- // instead of http.DefaultClient.
|
|
|
- HTTPClient *http.Client
|
|
|
-
|
|
|
// Key is the account key used to register with a CA and sign requests.
|
|
|
// Key.Public() must return a *rsa.PublicKey or *ecdsa.PublicKey.
|
|
|
Key crypto.Signer
|
|
|
|
|
|
+ // HTTPClient optionally specifies an HTTP client to use
|
|
|
+ // instead of http.DefaultClient.
|
|
|
+ HTTPClient *http.Client
|
|
|
+
|
|
|
// DirectoryURL points to the CA directory endpoint.
|
|
|
// If empty, LetsEncryptURL is used.
|
|
|
// Mutating this value after a successful call of Client's Discover method
|
|
|
@@ -195,18 +195,18 @@ func (c *Client) FetchCert(ctx context.Context, url string, bundle bool) ([][]by
|
|
|
}
|
|
|
}
|
|
|
|
|
|
-// AcceptTOS always returns true to indicate the acceptance of a CA Terms of Service
|
|
|
+// AcceptTOS always returns true to indicate the acceptance of a CA's Terms of Service
|
|
|
// during account registration. See Register method of Client for more details.
|
|
|
-func AcceptTOS(string) bool { return true }
|
|
|
+func AcceptTOS(tosURL string) bool { return true }
|
|
|
|
|
|
// Register creates a new account registration by following the "new-reg" flow.
|
|
|
// It returns registered account. The a argument is not modified.
|
|
|
//
|
|
|
-// The registration may require the caller to agree to the CA Terms of Service (TOS).
|
|
|
+// The registration may require the caller to agree to the CA's Terms of Service (TOS).
|
|
|
// If so, and the account has not indicated the acceptance of the terms (see Account for details),
|
|
|
// Register calls prompt with a TOS URL provided by the CA. Prompt should report
|
|
|
// whether the caller agrees to the terms. To always accept the terms, the caller can use AcceptTOS.
|
|
|
-func (c *Client) Register(a *Account, prompt func(tos string) bool) (*Account, error) {
|
|
|
+func (c *Client) Register(a *Account, prompt func(tosURL string) bool) (*Account, error) {
|
|
|
if _, err := c.Discover(); err != nil {
|
|
|
return nil, err
|
|
|
}
|
|
|
@@ -279,10 +279,10 @@ func (c *Client) Authorize(domain string) (*Authorization, error) {
|
|
|
|
|
|
var v wireAuthz
|
|
|
if err := json.NewDecoder(res.Body).Decode(&v); err != nil {
|
|
|
- return nil, fmt.Errorf("Decode: %v", err)
|
|
|
+ return nil, fmt.Errorf("acme: invalid response: %v", err)
|
|
|
}
|
|
|
if v.Status != StatusPending {
|
|
|
- return nil, fmt.Errorf("Unexpected status: %s", v.Status)
|
|
|
+ return nil, fmt.Errorf("acme: unexpected status: %s", v.Status)
|
|
|
}
|
|
|
return v.authorization(res.Header.Get("Location")), nil
|
|
|
}
|
|
|
@@ -301,7 +301,7 @@ func (c *Client) GetAuthz(url string) (*Authorization, error) {
|
|
|
}
|
|
|
var v wireAuthz
|
|
|
if err := json.NewDecoder(res.Body).Decode(&v); err != nil {
|
|
|
- return nil, fmt.Errorf("Decode: %v", err)
|
|
|
+ return nil, fmt.Errorf("acme: invalid response: %v", err)
|
|
|
}
|
|
|
return v.authorization(url), nil
|
|
|
}
|
|
|
@@ -320,7 +320,7 @@ func (c *Client) GetChallenge(url string) (*Challenge, error) {
|
|
|
}
|
|
|
v := wireChallenge{URI: url}
|
|
|
if err := json.NewDecoder(res.Body).Decode(&v); err != nil {
|
|
|
- return nil, fmt.Errorf("Decode: %v", err)
|
|
|
+ return nil, fmt.Errorf("acme: invalid response: %v", err)
|
|
|
}
|
|
|
return v.challenge(), nil
|
|
|
}
|
|
|
@@ -357,7 +357,7 @@ func (c *Client) Accept(chal *Challenge) (*Challenge, error) {
|
|
|
|
|
|
var v wireChallenge
|
|
|
if err := json.NewDecoder(res.Body).Decode(&v); err != nil {
|
|
|
- return nil, fmt.Errorf("Decode: %v", err)
|
|
|
+ return nil, fmt.Errorf("acme: invalid response: %v", err)
|
|
|
}
|
|
|
return v.challenge(), nil
|
|
|
}
|
|
|
@@ -500,7 +500,7 @@ func (c *Client) doReg(url string, typ string, acct *Account) (*Account, error)
|
|
|
Certificates string
|
|
|
}
|
|
|
if err := json.NewDecoder(res.Body).Decode(&v); err != nil {
|
|
|
- return nil, fmt.Errorf("Decode: %v", err)
|
|
|
+ return nil, fmt.Errorf("acme: invalid response: %v", err)
|
|
|
}
|
|
|
return &Account{
|
|
|
URI: res.Header.Get("Location"),
|
|
|
@@ -516,7 +516,7 @@ func (c *Client) doReg(url string, typ string, acct *Account) (*Account, error)
|
|
|
func responseCert(client *http.Client, res *http.Response, bundle bool) ([][]byte, error) {
|
|
|
b, err := ioutil.ReadAll(res.Body)
|
|
|
if err != nil {
|
|
|
- return nil, fmt.Errorf("ReadAll: %v", err)
|
|
|
+ return nil, fmt.Errorf("acme: response stream: %v", err)
|
|
|
}
|
|
|
cert := [][]byte{b}
|
|
|
if !bundle {
|
|
|
@@ -526,7 +526,7 @@ func responseCert(client *http.Client, res *http.Response, bundle bool) ([][]byt
|
|
|
// append ca cert
|
|
|
up := linkHeader(res.Header, "up")
|
|
|
if up == "" {
|
|
|
- return nil, errors.New("rel=up link not found")
|
|
|
+ return nil, errors.New("acme: rel=up link not found")
|
|
|
}
|
|
|
res, err = client.Get(up)
|
|
|
if err != nil {
|
|
|
@@ -580,7 +580,7 @@ func fetchNonce(client *http.Client, url string) (string, error) {
|
|
|
defer resp.Body.Close()
|
|
|
enc := resp.Header.Get("replay-nonce")
|
|
|
if enc == "" {
|
|
|
- return "", errors.New("nonce not found")
|
|
|
+ return "", errors.New("acme: nonce not found")
|
|
|
}
|
|
|
return enc, nil
|
|
|
}
|
Alex Vaghin