acme: format Client and errors
- move required fields before optional in the Client struct
- prefix all errors with "acme: "
- rename tos to tosURL (Terms of Service)
Change-Id: I6914b7e75d1e0559ff8303d390238c2a27145c8e
Reviewed-on: https://go-review.googlesource.com/27010
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
diff --git a/acme/internal/acme/acme.go b/acme/internal/acme/acme.go
index effc0ec..eb60ba5 100644
--- a/acme/internal/acme/acme.go
+++ b/acme/internal/acme/acme.go
@@ -48,14 +48,14 @@
// client := &Client{Key: key}
//
type Client struct {
- // HTTPClient optionally specifies an HTTP client to use
- // instead of http.DefaultClient.
- HTTPClient *http.Client
-
// Key is the account key used to register with a CA and sign requests.
// Key.Public() must return a *rsa.PublicKey or *ecdsa.PublicKey.
Key crypto.Signer
+ // HTTPClient optionally specifies an HTTP client to use
+ // instead of http.DefaultClient.
+ HTTPClient *http.Client
+
// DirectoryURL points to the CA directory endpoint.
// If empty, LetsEncryptURL is used.
// Mutating this value after a successful call of Client's Discover method
@@ -195,18 +195,18 @@
}
}
-// AcceptTOS always returns true to indicate the acceptance of a CA Terms of Service
+// AcceptTOS always returns true to indicate the acceptance of a CA's Terms of Service
// during account registration. See Register method of Client for more details.
-func AcceptTOS(string) bool { return true }
+func AcceptTOS(tosURL string) bool { return true }
// Register creates a new account registration by following the "new-reg" flow.
// It returns registered account. The a argument is not modified.
//
-// The registration may require the caller to agree to the CA Terms of Service (TOS).
+// The registration may require the caller to agree to the CA's Terms of Service (TOS).
// If so, and the account has not indicated the acceptance of the terms (see Account for details),
// Register calls prompt with a TOS URL provided by the CA. Prompt should report
// whether the caller agrees to the terms. To always accept the terms, the caller can use AcceptTOS.
-func (c *Client) Register(a *Account, prompt func(tos string) bool) (*Account, error) {
+func (c *Client) Register(a *Account, prompt func(tosURL string) bool) (*Account, error) {
if _, err := c.Discover(); err != nil {
return nil, err
}
@@ -279,10 +279,10 @@
var v wireAuthz
if err := json.NewDecoder(res.Body).Decode(&v); err != nil {
- return nil, fmt.Errorf("Decode: %v", err)
+ return nil, fmt.Errorf("acme: invalid response: %v", err)
}
if v.Status != StatusPending {
- return nil, fmt.Errorf("Unexpected status: %s", v.Status)
+ return nil, fmt.Errorf("acme: unexpected status: %s", v.Status)
}
return v.authorization(res.Header.Get("Location")), nil
}
@@ -301,7 +301,7 @@
}
var v wireAuthz
if err := json.NewDecoder(res.Body).Decode(&v); err != nil {
- return nil, fmt.Errorf("Decode: %v", err)
+ return nil, fmt.Errorf("acme: invalid response: %v", err)
}
return v.authorization(url), nil
}
@@ -320,7 +320,7 @@
}
v := wireChallenge{URI: url}
if err := json.NewDecoder(res.Body).Decode(&v); err != nil {
- return nil, fmt.Errorf("Decode: %v", err)
+ return nil, fmt.Errorf("acme: invalid response: %v", err)
}
return v.challenge(), nil
}
@@ -357,7 +357,7 @@
var v wireChallenge
if err := json.NewDecoder(res.Body).Decode(&v); err != nil {
- return nil, fmt.Errorf("Decode: %v", err)
+ return nil, fmt.Errorf("acme: invalid response: %v", err)
}
return v.challenge(), nil
}
@@ -500,7 +500,7 @@
Certificates string
}
if err := json.NewDecoder(res.Body).Decode(&v); err != nil {
- return nil, fmt.Errorf("Decode: %v", err)
+ return nil, fmt.Errorf("acme: invalid response: %v", err)
}
return &Account{
URI: res.Header.Get("Location"),
@@ -516,7 +516,7 @@
func responseCert(client *http.Client, res *http.Response, bundle bool) ([][]byte, error) {
b, err := ioutil.ReadAll(res.Body)
if err != nil {
- return nil, fmt.Errorf("ReadAll: %v", err)
+ return nil, fmt.Errorf("acme: response stream: %v", err)
}
cert := [][]byte{b}
if !bundle {
@@ -526,7 +526,7 @@
// append ca cert
up := linkHeader(res.Header, "up")
if up == "" {
- return nil, errors.New("rel=up link not found")
+ return nil, errors.New("acme: rel=up link not found")
}
res, err = client.Get(up)
if err != nil {
@@ -580,7 +580,7 @@
defer resp.Body.Close()
enc := resp.Header.Get("replay-nonce")
if enc == "" {
- return "", errors.New("nonce not found")
+ return "", errors.New("acme: nonce not found")
}
return enc, nil
}
diff --git a/acme/internal/acme/acme_test.go b/acme/internal/acme/acme_test.go
index 3237b09..bb7dd1f 100644
--- a/acme/internal/acme/acme_test.go
+++ b/acme/internal/acme/acme_test.go
@@ -801,6 +801,7 @@
t.Errorf("cert.DNSNames[0] != name: %q vs %q", cert.DNSNames[0], name)
}
}
+
func TestTLSSNI02ChallengeCert(t *testing.T) {
const (
token = "evaGxfADs6pSRb2LAv9IZf17Dt3juxGJ-PCt92wr-oA"
