| // Copyright 2016 The Go Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style |
| // license that can be found in the LICENSE file. |
| |
| // Package autocert provides automatic access to certificates from Let's Encrypt |
| // and any other ACME-based CA. |
| // |
| // This package is a work in progress and makes no API stability promises. |
| package autocert |
| |
| import ( |
| "bytes" |
| "context" |
| "crypto" |
| "crypto/ecdsa" |
| "crypto/elliptic" |
| "crypto/rand" |
| "crypto/rsa" |
| "crypto/tls" |
| "crypto/x509" |
| "crypto/x509/pkix" |
| "encoding/pem" |
| "errors" |
| "fmt" |
| "io" |
| mathrand "math/rand" |
| "net/http" |
| "strconv" |
| "strings" |
| "sync" |
| "time" |
| |
| "golang.org/x/crypto/acme" |
| ) |
| |
| // createCertRetryAfter is how much time to wait before removing a failed state |
| // entry due to an unsuccessful createCert call. |
| // This is a variable instead of a const for testing. |
| // TODO: Consider making it configurable or an exp backoff? |
| var createCertRetryAfter = time.Minute |
| |
| // pseudoRand is safe for concurrent use. |
| var pseudoRand *lockedMathRand |
| |
| func init() { |
| src := mathrand.NewSource(timeNow().UnixNano()) |
| pseudoRand = &lockedMathRand{rnd: mathrand.New(src)} |
| } |
| |
| // AcceptTOS is a Manager.Prompt function that always returns true to |
| // indicate acceptance of the CA's Terms of Service during account |
| // registration. |
| func AcceptTOS(tosURL string) bool { return true } |
| |
| // HostPolicy specifies which host names the Manager is allowed to respond to. |
| // It returns a non-nil error if the host should be rejected. |
| // The returned error is accessible via tls.Conn.Handshake and its callers. |
| // See Manager's HostPolicy field and GetCertificate method docs for more details. |
| type HostPolicy func(ctx context.Context, host string) error |
| |
| // HostWhitelist returns a policy where only the specified host names are allowed. |
| // Only exact matches are currently supported. Subdomains, regexp or wildcard |
| // will not match. |
| func HostWhitelist(hosts ...string) HostPolicy { |
| whitelist := make(map[string]bool, len(hosts)) |
| for _, h := range hosts { |
| whitelist[h] = true |
| } |
| return func(_ context.Context, host string) error { |
| if !whitelist[host] { |
| return errors.New("acme/autocert: host not configured") |
| } |
| return nil |
| } |
| } |
| |
| // defaultHostPolicy is used when Manager.HostPolicy is not set. |
| func defaultHostPolicy(context.Context, string) error { |
| return nil |
| } |
| |
| // Manager is a stateful certificate manager built on top of acme.Client. |
| // It obtains and refreshes certificates automatically, |
| // as well as providing them to a TLS server via tls.Config. |
| // |
| // To preserve issued certificates and improve overall performance, |
| // use a cache implementation of Cache. For instance, DirCache. |
| type Manager struct { |
| // Prompt specifies a callback function to conditionally accept a CA's Terms of Service (TOS). |
| // The registration may require the caller to agree to the CA's TOS. |
| // If so, Manager calls Prompt with a TOS URL provided by the CA. Prompt should report |
| // whether the caller agrees to the terms. |
| // |
| // To always accept the terms, the callers can use AcceptTOS. |
| Prompt func(tosURL string) bool |
| |
| // Cache optionally stores and retrieves previously-obtained certificates. |
| // If nil, certs will only be cached for the lifetime of the Manager. |
| // |
| // Manager passes the Cache certificates data encoded in PEM, with private/public |
| // parts combined in a single Cache.Put call, private key first. |
| Cache Cache |
| |
| // HostPolicy controls which domains the Manager will attempt |
| // to retrieve new certificates for. It does not affect cached certs. |
| // |
| // If non-nil, HostPolicy is called before requesting a new cert. |
| // If nil, all hosts are currently allowed. This is not recommended, |
| // as it opens a potential attack where clients connect to a server |
| // by IP address and pretend to be asking for an incorrect host name. |
| // Manager will attempt to obtain a certificate for that host, incorrectly, |
| // eventually reaching the CA's rate limit for certificate requests |
| // and making it impossible to obtain actual certificates. |
| // |
| // See GetCertificate for more details. |
| HostPolicy HostPolicy |
| |
| // RenewBefore optionally specifies how early certificates should |
| // be renewed before they expire. |
| // |
| // If zero, they're renewed 30 days before expiration. |
| RenewBefore time.Duration |
| |
| // Client is used to perform low-level operations, such as account registration |
| // and requesting new certificates. |
| // If Client is nil, a zero-value acme.Client is used with acme.LetsEncryptURL |
| // directory endpoint and a newly-generated ECDSA P-256 key. |
| // |
| // Mutating the field after the first call of GetCertificate method will have no effect. |
| Client *acme.Client |
| |
| // Email optionally specifies a contact email address. |
| // This is used by CAs, such as Let's Encrypt, to notify about problems |
| // with issued certificates. |
| // |
| // If the Client's account key is already registered, Email is not used. |
| Email string |
| |
| // ForceRSA makes the Manager generate certificates with 2048-bit RSA keys. |
| // |
| // If false, a default is used. Currently the default |
| // is EC-based keys using the P-256 curve. |
| ForceRSA bool |
| |
| clientMu sync.Mutex |
| client *acme.Client // initialized by acmeClient method |
| |
| stateMu sync.Mutex |
| state map[string]*certState // keyed by domain name |
| |
| // tokenCert is keyed by token domain name, which matches server name |
| // of ClientHello. Keys always have ".acme.invalid" suffix. |
| tokenCertMu sync.RWMutex |
| tokenCert map[string]*tls.Certificate |
| |
| // renewal tracks the set of domains currently running renewal timers. |
| // It is keyed by domain name. |
| renewalMu sync.Mutex |
| renewal map[string]*domainRenewal |
| } |
| |
| // GetCertificate implements the tls.Config.GetCertificate hook. |
| // It provides a TLS certificate for hello.ServerName host, including answering |
| // *.acme.invalid (TLS-SNI) challenges. All other fields of hello are ignored. |
| // |
| // If m.HostPolicy is non-nil, GetCertificate calls the policy before requesting |
| // a new cert. A non-nil error returned from m.HostPolicy halts TLS negotiation. |
| // The error is propagated back to the caller of GetCertificate and is user-visible. |
| // This does not affect cached certs. See HostPolicy field description for more details. |
| func (m *Manager) GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error) { |
| if m.Prompt == nil { |
| return nil, errors.New("acme/autocert: Manager.Prompt not set") |
| } |
| |
| name := hello.ServerName |
| if name == "" { |
| return nil, errors.New("acme/autocert: missing server name") |
| } |
| |
| ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute) |
| defer cancel() |
| |
| // check whether this is a token cert requested for TLS-SNI challenge |
| if strings.HasSuffix(name, ".acme.invalid") { |
| m.tokenCertMu.RLock() |
| defer m.tokenCertMu.RUnlock() |
| if cert := m.tokenCert[name]; cert != nil { |
| return cert, nil |
| } |
| if cert, err := m.cacheGet(ctx, name); err == nil { |
| return cert, nil |
| } |
| // TODO: cache error results? |
| return nil, fmt.Errorf("acme/autocert: no token cert for %q", name) |
| } |
| |
| // regular domain |
| name = strings.TrimSuffix(name, ".") // golang.org/issue/18114 |
| cert, err := m.cert(ctx, name) |
| if err == nil { |
| return cert, nil |
| } |
| if err != ErrCacheMiss { |
| return nil, err |
| } |
| |
| // first-time |
| if err := m.hostPolicy()(ctx, name); err != nil { |
| return nil, err |
| } |
| cert, err = m.createCert(ctx, name) |
| if err != nil { |
| return nil, err |
| } |
| m.cachePut(ctx, name, cert) |
| return cert, nil |
| } |
| |
| // cert returns an existing certificate either from m.state or cache. |
| // If a certificate is found in cache but not in m.state, the latter will be filled |
| // with the cached value. |
| func (m *Manager) cert(ctx context.Context, name string) (*tls.Certificate, error) { |
| m.stateMu.Lock() |
| if s, ok := m.state[name]; ok { |
| m.stateMu.Unlock() |
| s.RLock() |
| defer s.RUnlock() |
| return s.tlscert() |
| } |
| defer m.stateMu.Unlock() |
| cert, err := m.cacheGet(ctx, name) |
| if err != nil { |
| return nil, err |
| } |
| signer, ok := cert.PrivateKey.(crypto.Signer) |
| if !ok { |
| return nil, errors.New("acme/autocert: private key cannot sign") |
| } |
| if m.state == nil { |
| m.state = make(map[string]*certState) |
| } |
| s := &certState{ |
| key: signer, |
| cert: cert.Certificate, |
| leaf: cert.Leaf, |
| } |
| m.state[name] = s |
| go m.renew(name, s.key, s.leaf.NotAfter) |
| return cert, nil |
| } |
| |
| // cacheGet always returns a valid certificate, or an error otherwise. |
| // If a cached certficate exists but is not valid, ErrCacheMiss is returned. |
| func (m *Manager) cacheGet(ctx context.Context, domain string) (*tls.Certificate, error) { |
| if m.Cache == nil { |
| return nil, ErrCacheMiss |
| } |
| data, err := m.Cache.Get(ctx, domain) |
| if err != nil { |
| return nil, err |
| } |
| |
| // private |
| priv, pub := pem.Decode(data) |
| if priv == nil || !strings.Contains(priv.Type, "PRIVATE") { |
| return nil, ErrCacheMiss |
| } |
| privKey, err := parsePrivateKey(priv.Bytes) |
| if err != nil { |
| return nil, err |
| } |
| |
| // public |
| var pubDER [][]byte |
| for len(pub) > 0 { |
| var b *pem.Block |
| b, pub = pem.Decode(pub) |
| if b == nil { |
| break |
| } |
| pubDER = append(pubDER, b.Bytes) |
| } |
| if len(pub) > 0 { |
| // Leftover content not consumed by pem.Decode. Corrupt. Ignore. |
| return nil, ErrCacheMiss |
| } |
| |
| // verify and create TLS cert |
| leaf, err := validCert(domain, pubDER, privKey) |
| if err != nil { |
| return nil, ErrCacheMiss |
| } |
| tlscert := &tls.Certificate{ |
| Certificate: pubDER, |
| PrivateKey: privKey, |
| Leaf: leaf, |
| } |
| return tlscert, nil |
| } |
| |
| func (m *Manager) cachePut(ctx context.Context, domain string, tlscert *tls.Certificate) error { |
| if m.Cache == nil { |
| return nil |
| } |
| |
| // contains PEM-encoded data |
| var buf bytes.Buffer |
| |
| // private |
| switch key := tlscert.PrivateKey.(type) { |
| case *ecdsa.PrivateKey: |
| if err := encodeECDSAKey(&buf, key); err != nil { |
| return err |
| } |
| case *rsa.PrivateKey: |
| b := x509.MarshalPKCS1PrivateKey(key) |
| pb := &pem.Block{Type: "RSA PRIVATE KEY", Bytes: b} |
| if err := pem.Encode(&buf, pb); err != nil { |
| return err |
| } |
| default: |
| return errors.New("acme/autocert: unknown private key type") |
| } |
| |
| // public |
| for _, b := range tlscert.Certificate { |
| pb := &pem.Block{Type: "CERTIFICATE", Bytes: b} |
| if err := pem.Encode(&buf, pb); err != nil { |
| return err |
| } |
| } |
| |
| return m.Cache.Put(ctx, domain, buf.Bytes()) |
| } |
| |
| func encodeECDSAKey(w io.Writer, key *ecdsa.PrivateKey) error { |
| b, err := x509.MarshalECPrivateKey(key) |
| if err != nil { |
| return err |
| } |
| pb := &pem.Block{Type: "EC PRIVATE KEY", Bytes: b} |
| return pem.Encode(w, pb) |
| } |
| |
| // createCert starts the domain ownership verification and returns a certificate |
| // for that domain upon success. |
| // |
| // If the domain is already being verified, it waits for the existing verification to complete. |
| // Either way, createCert blocks for the duration of the whole process. |
| func (m *Manager) createCert(ctx context.Context, domain string) (*tls.Certificate, error) { |
| // TODO: maybe rewrite this whole piece using sync.Once |
| state, err := m.certState(domain) |
| if err != nil { |
| return nil, err |
| } |
| // state may exist if another goroutine is already working on it |
| // in which case just wait for it to finish |
| if !state.locked { |
| state.RLock() |
| defer state.RUnlock() |
| return state.tlscert() |
| } |
| |
| // We are the first; state is locked. |
| // Unblock the readers when domain ownership is verified |
| // and the we got the cert or the process failed. |
| defer state.Unlock() |
| state.locked = false |
| |
| der, leaf, err := m.authorizedCert(ctx, state.key, domain) |
| if err != nil { |
| // Remove the failed state after some time, |
| // making the manager call createCert again on the following TLS hello. |
| time.AfterFunc(createCertRetryAfter, func() { |
| defer testDidRemoveState(domain) |
| m.stateMu.Lock() |
| defer m.stateMu.Unlock() |
| // Verify the state hasn't changed and it's still invalid |
| // before deleting. |
| s, ok := m.state[domain] |
| if !ok { |
| return |
| } |
| if _, err := validCert(domain, s.cert, s.key); err == nil { |
| return |
| } |
| delete(m.state, domain) |
| }) |
| return nil, err |
| } |
| state.cert = der |
| state.leaf = leaf |
| go m.renew(domain, state.key, state.leaf.NotAfter) |
| return state.tlscert() |
| } |
| |
| // certState returns a new or existing certState. |
| // If a new certState is returned, state.exist is false and the state is locked. |
| // The returned error is non-nil only in the case where a new state could not be created. |
| func (m *Manager) certState(domain string) (*certState, error) { |
| m.stateMu.Lock() |
| defer m.stateMu.Unlock() |
| if m.state == nil { |
| m.state = make(map[string]*certState) |
| } |
| // existing state |
| if state, ok := m.state[domain]; ok { |
| return state, nil |
| } |
| |
| // new locked state |
| var ( |
| err error |
| key crypto.Signer |
| ) |
| if m.ForceRSA { |
| key, err = rsa.GenerateKey(rand.Reader, 2048) |
| } else { |
| key, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader) |
| } |
| if err != nil { |
| return nil, err |
| } |
| |
| state := &certState{ |
| key: key, |
| locked: true, |
| } |
| state.Lock() // will be unlocked by m.certState caller |
| m.state[domain] = state |
| return state, nil |
| } |
| |
| // authorizedCert starts domain ownership verification process and requests a new cert upon success. |
| // The key argument is the certificate private key. |
| func (m *Manager) authorizedCert(ctx context.Context, key crypto.Signer, domain string) (der [][]byte, leaf *x509.Certificate, err error) { |
| if err := m.verify(ctx, domain); err != nil { |
| return nil, nil, err |
| } |
| client, err := m.acmeClient(ctx) |
| if err != nil { |
| return nil, nil, err |
| } |
| csr, err := certRequest(key, domain) |
| if err != nil { |
| return nil, nil, err |
| } |
| der, _, err = client.CreateCert(ctx, csr, 0, true) |
| if err != nil { |
| return nil, nil, err |
| } |
| leaf, err = validCert(domain, der, key) |
| if err != nil { |
| return nil, nil, err |
| } |
| return der, leaf, nil |
| } |
| |
| // verify starts a new identifier (domain) authorization flow. |
| // It prepares a challenge response and then blocks until the authorization |
| // is marked as "completed" by the CA (either succeeded or failed). |
| // |
| // verify returns nil iff the verification was successful. |
| func (m *Manager) verify(ctx context.Context, domain string) error { |
| client, err := m.acmeClient(ctx) |
| if err != nil { |
| return err |
| } |
| |
| // start domain authorization and get the challenge |
| authz, err := client.Authorize(ctx, domain) |
| if err != nil { |
| return err |
| } |
| // maybe don't need to at all |
| if authz.Status == acme.StatusValid { |
| return nil |
| } |
| |
| // pick a challenge: prefer tls-sni-02 over tls-sni-01 |
| // TODO: consider authz.Combinations |
| var chal *acme.Challenge |
| for _, c := range authz.Challenges { |
| if c.Type == "tls-sni-02" { |
| chal = c |
| break |
| } |
| if c.Type == "tls-sni-01" { |
| chal = c |
| } |
| } |
| if chal == nil { |
| return errors.New("acme/autocert: no supported challenge type found") |
| } |
| |
| // create a token cert for the challenge response |
| var ( |
| cert tls.Certificate |
| name string |
| ) |
| switch chal.Type { |
| case "tls-sni-01": |
| cert, name, err = client.TLSSNI01ChallengeCert(chal.Token) |
| case "tls-sni-02": |
| cert, name, err = client.TLSSNI02ChallengeCert(chal.Token) |
| default: |
| err = fmt.Errorf("acme/autocert: unknown challenge type %q", chal.Type) |
| } |
| if err != nil { |
| return err |
| } |
| m.putTokenCert(ctx, name, &cert) |
| defer func() { |
| // verification has ended at this point |
| // don't need token cert anymore |
| go m.deleteTokenCert(name) |
| }() |
| |
| // ready to fulfill the challenge |
| if _, err := client.Accept(ctx, chal); err != nil { |
| return err |
| } |
| // wait for the CA to validate |
| _, err = client.WaitAuthorization(ctx, authz.URI) |
| return err |
| } |
| |
| // putTokenCert stores the cert under the named key in both m.tokenCert map |
| // and m.Cache. |
| func (m *Manager) putTokenCert(ctx context.Context, name string, cert *tls.Certificate) { |
| m.tokenCertMu.Lock() |
| defer m.tokenCertMu.Unlock() |
| if m.tokenCert == nil { |
| m.tokenCert = make(map[string]*tls.Certificate) |
| } |
| m.tokenCert[name] = cert |
| m.cachePut(ctx, name, cert) |
| } |
| |
| // deleteTokenCert removes the token certificate for the specified domain name |
| // from both m.tokenCert map and m.Cache. |
| func (m *Manager) deleteTokenCert(name string) { |
| m.tokenCertMu.Lock() |
| defer m.tokenCertMu.Unlock() |
| delete(m.tokenCert, name) |
| if m.Cache != nil { |
| m.Cache.Delete(context.Background(), name) |
| } |
| } |
| |
| // renew starts a cert renewal timer loop, one per domain. |
| // |
| // The loop is scheduled in two cases: |
| // - a cert was fetched from cache for the first time (wasn't in m.state) |
| // - a new cert was created by m.createCert |
| // |
| // The key argument is a certificate private key. |
| // The exp argument is the cert expiration time (NotAfter). |
| func (m *Manager) renew(domain string, key crypto.Signer, exp time.Time) { |
| m.renewalMu.Lock() |
| defer m.renewalMu.Unlock() |
| if m.renewal[domain] != nil { |
| // another goroutine is already on it |
| return |
| } |
| if m.renewal == nil { |
| m.renewal = make(map[string]*domainRenewal) |
| } |
| dr := &domainRenewal{m: m, domain: domain, key: key} |
| m.renewal[domain] = dr |
| dr.start(exp) |
| } |
| |
| // stopRenew stops all currently running cert renewal timers. |
| // The timers are not restarted during the lifetime of the Manager. |
| func (m *Manager) stopRenew() { |
| m.renewalMu.Lock() |
| defer m.renewalMu.Unlock() |
| for name, dr := range m.renewal { |
| delete(m.renewal, name) |
| dr.stop() |
| } |
| } |
| |
| func (m *Manager) accountKey(ctx context.Context) (crypto.Signer, error) { |
| const keyName = "acme_account.key" |
| |
| genKey := func() (*ecdsa.PrivateKey, error) { |
| return ecdsa.GenerateKey(elliptic.P256(), rand.Reader) |
| } |
| |
| if m.Cache == nil { |
| return genKey() |
| } |
| |
| data, err := m.Cache.Get(ctx, keyName) |
| if err == ErrCacheMiss { |
| key, err := genKey() |
| if err != nil { |
| return nil, err |
| } |
| var buf bytes.Buffer |
| if err := encodeECDSAKey(&buf, key); err != nil { |
| return nil, err |
| } |
| if err := m.Cache.Put(ctx, keyName, buf.Bytes()); err != nil { |
| return nil, err |
| } |
| return key, nil |
| } |
| if err != nil { |
| return nil, err |
| } |
| |
| priv, _ := pem.Decode(data) |
| if priv == nil || !strings.Contains(priv.Type, "PRIVATE") { |
| return nil, errors.New("acme/autocert: invalid account key found in cache") |
| } |
| return parsePrivateKey(priv.Bytes) |
| } |
| |
| func (m *Manager) acmeClient(ctx context.Context) (*acme.Client, error) { |
| m.clientMu.Lock() |
| defer m.clientMu.Unlock() |
| if m.client != nil { |
| return m.client, nil |
| } |
| |
| client := m.Client |
| if client == nil { |
| client = &acme.Client{DirectoryURL: acme.LetsEncryptURL} |
| } |
| if client.Key == nil { |
| var err error |
| client.Key, err = m.accountKey(ctx) |
| if err != nil { |
| return nil, err |
| } |
| } |
| var contact []string |
| if m.Email != "" { |
| contact = []string{"mailto:" + m.Email} |
| } |
| a := &acme.Account{Contact: contact} |
| _, err := client.Register(ctx, a, m.Prompt) |
| if ae, ok := err.(*acme.Error); err == nil || ok && ae.StatusCode == http.StatusConflict { |
| // conflict indicates the key is already registered |
| m.client = client |
| err = nil |
| } |
| return m.client, err |
| } |
| |
| func (m *Manager) hostPolicy() HostPolicy { |
| if m.HostPolicy != nil { |
| return m.HostPolicy |
| } |
| return defaultHostPolicy |
| } |
| |
| func (m *Manager) renewBefore() time.Duration { |
| if m.RenewBefore > renewJitter { |
| return m.RenewBefore |
| } |
| return 720 * time.Hour // 30 days |
| } |
| |
| // certState is ready when its mutex is unlocked for reading. |
| type certState struct { |
| sync.RWMutex |
| locked bool // locked for read/write |
| key crypto.Signer // private key for cert |
| cert [][]byte // DER encoding |
| leaf *x509.Certificate // parsed cert[0]; always non-nil if cert != nil |
| } |
| |
| // tlscert creates a tls.Certificate from s.key and s.cert. |
| // Callers should wrap it in s.RLock() and s.RUnlock(). |
| func (s *certState) tlscert() (*tls.Certificate, error) { |
| if s.key == nil { |
| return nil, errors.New("acme/autocert: missing signer") |
| } |
| if len(s.cert) == 0 { |
| return nil, errors.New("acme/autocert: missing certificate") |
| } |
| return &tls.Certificate{ |
| PrivateKey: s.key, |
| Certificate: s.cert, |
| Leaf: s.leaf, |
| }, nil |
| } |
| |
| // certRequest creates a certificate request for the given common name cn |
| // and optional SANs. |
| func certRequest(key crypto.Signer, cn string, san ...string) ([]byte, error) { |
| req := &x509.CertificateRequest{ |
| Subject: pkix.Name{CommonName: cn}, |
| DNSNames: san, |
| } |
| return x509.CreateCertificateRequest(rand.Reader, req, key) |
| } |
| |
| // Attempt to parse the given private key DER block. OpenSSL 0.9.8 generates |
| // PKCS#1 private keys by default, while OpenSSL 1.0.0 generates PKCS#8 keys. |
| // OpenSSL ecparam generates SEC1 EC private keys for ECDSA. We try all three. |
| // |
| // Inspired by parsePrivateKey in crypto/tls/tls.go. |
| func parsePrivateKey(der []byte) (crypto.Signer, error) { |
| if key, err := x509.ParsePKCS1PrivateKey(der); err == nil { |
| return key, nil |
| } |
| if key, err := x509.ParsePKCS8PrivateKey(der); err == nil { |
| switch key := key.(type) { |
| case *rsa.PrivateKey: |
| return key, nil |
| case *ecdsa.PrivateKey: |
| return key, nil |
| default: |
| return nil, errors.New("acme/autocert: unknown private key type in PKCS#8 wrapping") |
| } |
| } |
| if key, err := x509.ParseECPrivateKey(der); err == nil { |
| return key, nil |
| } |
| |
| return nil, errors.New("acme/autocert: failed to parse private key") |
| } |
| |
| // validCert parses a cert chain provided as der argument and verifies the leaf, der[0], |
| // corresponds to the private key, as well as the domain match and expiration dates. |
| // It doesn't do any revocation checking. |
| // |
| // The returned value is the verified leaf cert. |
| func validCert(domain string, der [][]byte, key crypto.Signer) (leaf *x509.Certificate, err error) { |
| // parse public part(s) |
| var n int |
| for _, b := range der { |
| n += len(b) |
| } |
| pub := make([]byte, n) |
| n = 0 |
| for _, b := range der { |
| n += copy(pub[n:], b) |
| } |
| x509Cert, err := x509.ParseCertificates(pub) |
| if len(x509Cert) == 0 { |
| return nil, errors.New("acme/autocert: no public key found") |
| } |
| // verify the leaf is not expired and matches the domain name |
| leaf = x509Cert[0] |
| now := timeNow() |
| if now.Before(leaf.NotBefore) { |
| return nil, errors.New("acme/autocert: certificate is not valid yet") |
| } |
| if now.After(leaf.NotAfter) { |
| return nil, errors.New("acme/autocert: expired certificate") |
| } |
| if err := leaf.VerifyHostname(domain); err != nil { |
| return nil, err |
| } |
| // ensure the leaf corresponds to the private key |
| switch pub := leaf.PublicKey.(type) { |
| case *rsa.PublicKey: |
| prv, ok := key.(*rsa.PrivateKey) |
| if !ok { |
| return nil, errors.New("acme/autocert: private key type does not match public key type") |
| } |
| if pub.N.Cmp(prv.N) != 0 { |
| return nil, errors.New("acme/autocert: private key does not match public key") |
| } |
| case *ecdsa.PublicKey: |
| prv, ok := key.(*ecdsa.PrivateKey) |
| if !ok { |
| return nil, errors.New("acme/autocert: private key type does not match public key type") |
| } |
| if pub.X.Cmp(prv.X) != 0 || pub.Y.Cmp(prv.Y) != 0 { |
| return nil, errors.New("acme/autocert: private key does not match public key") |
| } |
| default: |
| return nil, errors.New("acme/autocert: unknown public key algorithm") |
| } |
| return leaf, nil |
| } |
| |
| func retryAfter(v string) time.Duration { |
| if i, err := strconv.Atoi(v); err == nil { |
| return time.Duration(i) * time.Second |
| } |
| if t, err := http.ParseTime(v); err == nil { |
| return t.Sub(timeNow()) |
| } |
| return time.Second |
| } |
| |
| type lockedMathRand struct { |
| sync.Mutex |
| rnd *mathrand.Rand |
| } |
| |
| func (r *lockedMathRand) int63n(max int64) int64 { |
| r.Lock() |
| n := r.rnd.Int63n(max) |
| r.Unlock() |
| return n |
| } |
| |
| // For easier testing. |
| var ( |
| timeNow = time.Now |
| |
| // Called when a state is removed. |
| testDidRemoveState = func(domain string) {} |
| ) |
