rfc8555.go 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412
  1. // Copyright 2019 The Go Authors. All rights reserved.
  2. // Use of this source code is governed by a BSD-style
  3. // license that can be found in the LICENSE file.
  4. package acme
  5. import (
  6. "context"
  7. "crypto"
  8. "encoding/base64"
  9. "encoding/json"
  10. "encoding/pem"
  11. "errors"
  12. "fmt"
  13. "io"
  14. "io/ioutil"
  15. "net/http"
  16. "time"
  17. )
  18. // DeactivateReg permanently disables an existing account associated with c.Key.
  19. // A deactivated account can no longer request certificate issuance or access
  20. // resources related to the account, such as orders or authorizations.
  21. //
  22. // It only works with CAs implementing RFC 8555.
  23. func (c *Client) DeactivateReg(ctx context.Context) error {
  24. url := string(c.accountKID(ctx))
  25. if url == "" {
  26. return ErrNoAccount
  27. }
  28. req := json.RawMessage(`{"status": "deactivated"}`)
  29. res, err := c.post(ctx, nil, url, req, wantStatus(http.StatusOK))
  30. if err != nil {
  31. return err
  32. }
  33. res.Body.Close()
  34. return nil
  35. }
  36. // registerRFC is equivalent to c.Register but for CAs implementing RFC 8555.
  37. // It expects c.Discover to have already been called.
  38. func (c *Client) registerRFC(ctx context.Context, acct *Account, prompt func(tosURL string) bool) (*Account, error) {
  39. c.cacheMu.Lock() // guard c.kid access
  40. defer c.cacheMu.Unlock()
  41. req := struct {
  42. TermsAgreed bool `json:"termsOfServiceAgreed,omitempty"`
  43. Contact []string `json:"contact,omitempty"`
  44. ExternalAccountBinding *jsonWebSignature `json:"externalAccountBinding,omitempty"`
  45. }{
  46. Contact: acct.Contact,
  47. }
  48. if c.dir.Terms != "" {
  49. req.TermsAgreed = prompt(c.dir.Terms)
  50. }
  51. // set 'externalAccountBinding' field if requested
  52. if acct.ExternalAccountBinding != nil {
  53. eabJWS, err := c.encodeExternalAccountBinding(acct.ExternalAccountBinding)
  54. if err != nil {
  55. return nil, fmt.Errorf("acme: failed to encode external account binding: %v", err)
  56. }
  57. req.ExternalAccountBinding = eabJWS
  58. }
  59. res, err := c.post(ctx, c.Key, c.dir.RegURL, req, wantStatus(
  60. http.StatusOK, // account with this key already registered
  61. http.StatusCreated, // new account created
  62. ))
  63. if err != nil {
  64. return nil, err
  65. }
  66. defer res.Body.Close()
  67. a, err := responseAccount(res)
  68. if err != nil {
  69. return nil, err
  70. }
  71. // Cache Account URL even if we return an error to the caller.
  72. // It is by all means a valid and usable "kid" value for future requests.
  73. c.kid = keyID(a.URI)
  74. if res.StatusCode == http.StatusOK {
  75. return nil, ErrAccountAlreadyExists
  76. }
  77. return a, nil
  78. }
  79. // encodeExternalAccountBinding will encode an external account binding stanza
  80. // as described in https://tools.ietf.org/html/rfc8555#section-7.3.4.
  81. func (c *Client) encodeExternalAccountBinding(eab *ExternalAccountBinding) (*jsonWebSignature, error) {
  82. jwk, err := jwkEncode(c.Key.Public())
  83. if err != nil {
  84. return nil, err
  85. }
  86. return jwsWithMAC(eab.Key, eab.KID, c.dir.RegURL, []byte(jwk))
  87. }
  88. // updateRegRFC is equivalent to c.UpdateReg but for CAs implementing RFC 8555.
  89. // It expects c.Discover to have already been called.
  90. func (c *Client) updateRegRFC(ctx context.Context, a *Account) (*Account, error) {
  91. url := string(c.accountKID(ctx))
  92. if url == "" {
  93. return nil, ErrNoAccount
  94. }
  95. req := struct {
  96. Contact []string `json:"contact,omitempty"`
  97. }{
  98. Contact: a.Contact,
  99. }
  100. res, err := c.post(ctx, nil, url, req, wantStatus(http.StatusOK))
  101. if err != nil {
  102. return nil, err
  103. }
  104. defer res.Body.Close()
  105. return responseAccount(res)
  106. }
  107. // getGegRFC is equivalent to c.GetReg but for CAs implementing RFC 8555.
  108. // It expects c.Discover to have already been called.
  109. func (c *Client) getRegRFC(ctx context.Context) (*Account, error) {
  110. req := json.RawMessage(`{"onlyReturnExisting": true}`)
  111. res, err := c.post(ctx, c.Key, c.dir.RegURL, req, wantStatus(http.StatusOK))
  112. if e, ok := err.(*Error); ok && e.ProblemType == "urn:ietf:params:acme:error:accountDoesNotExist" {
  113. return nil, ErrNoAccount
  114. }
  115. if err != nil {
  116. return nil, err
  117. }
  118. defer res.Body.Close()
  119. return responseAccount(res)
  120. }
  121. func responseAccount(res *http.Response) (*Account, error) {
  122. var v struct {
  123. Status string
  124. Contact []string
  125. Orders string
  126. }
  127. if err := json.NewDecoder(res.Body).Decode(&v); err != nil {
  128. return nil, fmt.Errorf("acme: invalid account response: %v", err)
  129. }
  130. return &Account{
  131. URI: res.Header.Get("Location"),
  132. Status: v.Status,
  133. Contact: v.Contact,
  134. OrdersURL: v.Orders,
  135. }, nil
  136. }
  137. // AuthorizeOrder initiates the order-based application for certificate issuance,
  138. // as opposed to pre-authorization in Authorize.
  139. // It is only supported by CAs implementing RFC 8555.
  140. //
  141. // The caller then needs to fetch each authorization with GetAuthorization,
  142. // identify those with StatusPending status and fulfill a challenge using Accept.
  143. // Once all authorizations are satisfied, the caller will typically want to poll
  144. // order status using WaitOrder until it's in StatusReady state.
  145. // To finalize the order and obtain a certificate, the caller submits a CSR with CreateOrderCert.
  146. func (c *Client) AuthorizeOrder(ctx context.Context, id []AuthzID, opt ...OrderOption) (*Order, error) {
  147. dir, err := c.Discover(ctx)
  148. if err != nil {
  149. return nil, err
  150. }
  151. req := struct {
  152. Identifiers []wireAuthzID `json:"identifiers"`
  153. NotBefore string `json:"notBefore,omitempty"`
  154. NotAfter string `json:"notAfter,omitempty"`
  155. }{}
  156. for _, v := range id {
  157. req.Identifiers = append(req.Identifiers, wireAuthzID{
  158. Type: v.Type,
  159. Value: v.Value,
  160. })
  161. }
  162. for _, o := range opt {
  163. switch o := o.(type) {
  164. case orderNotBeforeOpt:
  165. req.NotBefore = time.Time(o).Format(time.RFC3339)
  166. case orderNotAfterOpt:
  167. req.NotAfter = time.Time(o).Format(time.RFC3339)
  168. default:
  169. // Package's fault if we let this happen.
  170. panic(fmt.Sprintf("unsupported order option type %T", o))
  171. }
  172. }
  173. res, err := c.post(ctx, nil, dir.OrderURL, req, wantStatus(http.StatusCreated))
  174. if err != nil {
  175. return nil, err
  176. }
  177. defer res.Body.Close()
  178. return responseOrder(res)
  179. }
  180. // GetOrder retrives an order identified by the given URL.
  181. // For orders created with AuthorizeOrder, the url value is Order.URI.
  182. //
  183. // If a caller needs to poll an order until its status is final,
  184. // see the WaitOrder method.
  185. func (c *Client) GetOrder(ctx context.Context, url string) (*Order, error) {
  186. if _, err := c.Discover(ctx); err != nil {
  187. return nil, err
  188. }
  189. res, err := c.postAsGet(ctx, url, wantStatus(http.StatusOK))
  190. if err != nil {
  191. return nil, err
  192. }
  193. defer res.Body.Close()
  194. return responseOrder(res)
  195. }
  196. // WaitOrder polls an order from the given URL until it is in one of the final states,
  197. // StatusReady, StatusValid or StatusInvalid, the CA responded with a non-retryable error
  198. // or the context is done.
  199. //
  200. // It returns a non-nil Order only if its Status is StatusReady or StatusValid.
  201. // In all other cases WaitOrder returns an error.
  202. // If the Status is StatusInvalid, the returned error is of type *OrderError.
  203. func (c *Client) WaitOrder(ctx context.Context, url string) (*Order, error) {
  204. if _, err := c.Discover(ctx); err != nil {
  205. return nil, err
  206. }
  207. for {
  208. res, err := c.postAsGet(ctx, url, wantStatus(http.StatusOK))
  209. if err != nil {
  210. return nil, err
  211. }
  212. o, err := responseOrder(res)
  213. res.Body.Close()
  214. switch {
  215. case err != nil:
  216. // Skip and retry.
  217. case o.Status == StatusInvalid:
  218. return nil, &OrderError{OrderURL: o.URI, Status: o.Status}
  219. case o.Status == StatusReady || o.Status == StatusValid:
  220. return o, nil
  221. }
  222. d := retryAfter(res.Header.Get("Retry-After"))
  223. if d == 0 {
  224. // Default retry-after.
  225. // Same reasoning as in WaitAuthorization.
  226. d = time.Second
  227. }
  228. t := time.NewTimer(d)
  229. select {
  230. case <-ctx.Done():
  231. t.Stop()
  232. return nil, ctx.Err()
  233. case <-t.C:
  234. // Retry.
  235. }
  236. }
  237. }
  238. func responseOrder(res *http.Response) (*Order, error) {
  239. var v struct {
  240. Status string
  241. Expires time.Time
  242. Identifiers []wireAuthzID
  243. NotBefore time.Time
  244. NotAfter time.Time
  245. Error *wireError
  246. Authorizations []string
  247. Finalize string
  248. Certificate string
  249. }
  250. if err := json.NewDecoder(res.Body).Decode(&v); err != nil {
  251. return nil, fmt.Errorf("acme: error reading order: %v", err)
  252. }
  253. o := &Order{
  254. URI: res.Header.Get("Location"),
  255. Status: v.Status,
  256. Expires: v.Expires,
  257. NotBefore: v.NotBefore,
  258. NotAfter: v.NotAfter,
  259. AuthzURLs: v.Authorizations,
  260. FinalizeURL: v.Finalize,
  261. CertURL: v.Certificate,
  262. }
  263. for _, id := range v.Identifiers {
  264. o.Identifiers = append(o.Identifiers, AuthzID{Type: id.Type, Value: id.Value})
  265. }
  266. if v.Error != nil {
  267. o.Error = v.Error.error(nil /* headers */)
  268. }
  269. return o, nil
  270. }
  271. // CreateOrderCert submits the CSR (Certificate Signing Request) to a CA at the specified URL.
  272. // The URL is the FinalizeURL field of an Order created with AuthorizeOrder.
  273. //
  274. // If the bundle argument is true, the returned value also contain the CA (issuer)
  275. // certificate chain. Otherwise, only a leaf certificate is returned.
  276. // The returned URL can be used to re-fetch the certificate using FetchCert.
  277. //
  278. // This method is only supported by CAs implementing RFC 8555. See CreateCert for pre-RFC CAs.
  279. //
  280. // CreateOrderCert returns an error if the CA's response is unreasonably large.
  281. // Callers are encouraged to parse the returned value to ensure the certificate is valid and has the expected features.
  282. func (c *Client) CreateOrderCert(ctx context.Context, url string, csr []byte, bundle bool) (der [][]byte, certURL string, err error) {
  283. if _, err := c.Discover(ctx); err != nil { // required by c.accountKID
  284. return nil, "", err
  285. }
  286. // RFC describes this as "finalize order" request.
  287. req := struct {
  288. CSR string `json:"csr"`
  289. }{
  290. CSR: base64.RawURLEncoding.EncodeToString(csr),
  291. }
  292. res, err := c.post(ctx, nil, url, req, wantStatus(http.StatusOK))
  293. if err != nil {
  294. return nil, "", err
  295. }
  296. defer res.Body.Close()
  297. o, err := responseOrder(res)
  298. if err != nil {
  299. return nil, "", err
  300. }
  301. // Wait for CA to issue the cert if they haven't.
  302. if o.Status != StatusValid {
  303. o, err = c.WaitOrder(ctx, o.URI)
  304. }
  305. if err != nil {
  306. return nil, "", err
  307. }
  308. // The only acceptable status post finalize and WaitOrder is "valid".
  309. if o.Status != StatusValid {
  310. return nil, "", &OrderError{OrderURL: o.URI, Status: o.Status}
  311. }
  312. crt, err := c.fetchCertRFC(ctx, o.CertURL, bundle)
  313. return crt, o.CertURL, err
  314. }
  315. // fetchCertRFC downloads issued certificate from the given URL.
  316. // It expects the CA to respond with PEM-encoded certificate chain.
  317. //
  318. // The URL argument is the CertURL field of Order.
  319. func (c *Client) fetchCertRFC(ctx context.Context, url string, bundle bool) ([][]byte, error) {
  320. res, err := c.postAsGet(ctx, url, wantStatus(http.StatusOK))
  321. if err != nil {
  322. return nil, err
  323. }
  324. defer res.Body.Close()
  325. // Get all the bytes up to a sane maximum.
  326. // Account very roughly for base64 overhead.
  327. const max = maxCertChainSize + maxCertChainSize/33
  328. b, err := ioutil.ReadAll(io.LimitReader(res.Body, max+1))
  329. if err != nil {
  330. return nil, fmt.Errorf("acme: fetch cert response stream: %v", err)
  331. }
  332. if len(b) > max {
  333. return nil, errors.New("acme: certificate chain is too big")
  334. }
  335. // Decode PEM chain.
  336. var chain [][]byte
  337. for {
  338. var p *pem.Block
  339. p, b = pem.Decode(b)
  340. if p == nil {
  341. break
  342. }
  343. if p.Type != "CERTIFICATE" {
  344. return nil, fmt.Errorf("acme: invalid PEM cert type %q", p.Type)
  345. }
  346. chain = append(chain, p.Bytes)
  347. if !bundle {
  348. return chain, nil
  349. }
  350. if len(chain) > maxChainLen {
  351. return nil, errors.New("acme: certificate chain is too long")
  352. }
  353. }
  354. if len(chain) == 0 {
  355. return nil, errors.New("acme: certificate chain is empty")
  356. }
  357. return chain, nil
  358. }
  359. // sends a cert revocation request in either JWK form when key is non-nil or KID form otherwise.
  360. func (c *Client) revokeCertRFC(ctx context.Context, key crypto.Signer, cert []byte, reason CRLReasonCode) error {
  361. req := &struct {
  362. Cert string `json:"certificate"`
  363. Reason int `json:"reason"`
  364. }{
  365. Cert: base64.RawURLEncoding.EncodeToString(cert),
  366. Reason: int(reason),
  367. }
  368. res, err := c.post(ctx, key, c.dir.RevokeURL, req, wantStatus(http.StatusOK))
  369. if err != nil {
  370. if isAlreadyRevoked(err) {
  371. // Assume it is not an error to revoke an already revoked cert.
  372. return nil
  373. }
  374. return err
  375. }
  376. defer res.Body.Close()
  377. return nil
  378. }
  379. func isAlreadyRevoked(err error) bool {
  380. e, ok := err.(*Error)
  381. return ok && e.ProblemType == "urn:ietf:params:acme:error:alreadyRevoked"
  382. }