acme/types.go - crypto - Git at Google

 package acme

 import (
 	"errors"
 	"fmt"
 	"net/http"
 )

 // ACME server response statuses used to describe Authorization and Challenge states.
 const (
 	StatusUnknown    = "unknown"
 	StatusPending    = "pending"
 	StatusProcessing = "processing"
 	StatusValid      = "valid"
 	StatusInvalid    = "invalid"
 	StatusRevoked    = "revoked"
 )

 // CRLReasonCode identifies the reason for a certificate revocation.
 type CRLReasonCode int

 // CRL reason codes as defined in RFC 5280.
 const (
 	CRLReasonUnspecified          CRLReasonCode = 0
 	CRLReasonKeyCompromise        CRLReasonCode = 1
 	CRLReasonCACompromise         CRLReasonCode = 2
 	CRLReasonAffiliationChanged   CRLReasonCode = 3
 	CRLReasonSuperseded           CRLReasonCode = 4
 	CRLReasonCessationOfOperation CRLReasonCode = 5
 	CRLReasonCertificateHold      CRLReasonCode = 6
 	CRLReasonRemoveFromCRL        CRLReasonCode = 8
 	CRLReasonPrivilegeWithdrawn   CRLReasonCode = 9
 	CRLReasonAACompromise         CRLReasonCode = 10
 )

 var (
 	// ErrAuthorizationFailed indicates that an authorization for an identifier
 	// did not succeed.
 	ErrAuthorizationFailed = errors.New("acme: identifier authorization failed")

 	// ErrUnsupportedKey is returned when an unsupported key type is encountered.
 	ErrUnsupportedKey = errors.New("acme: unknown key type; only RSA and ECDSA are supported")
 )

 // Error is an ACME error, defined in Problem Details for HTTP APIs doc
 // http://tools.ietf.org/html/draft-ietf-appsawg-http-problem.
 type Error struct {
 	// StatusCode is The HTTP status code generated by the origin server.
 	StatusCode int
 	// ProblemType is a URI reference that identifies the problem type,
 	// typically in a "urn:acme:error:xxx" form.
 	ProblemType string
 	// Detail is a human-readable explanation specific to this occurrence of the problem.
 	Detail string
 	// Header is the original server error response headers.
 	Header http.Header
 }

 func (e *Error) Error() string {
 	return fmt.Sprintf("%d %s: %s", e.StatusCode, e.ProblemType, e.Detail)
 }

 // Account is a user account. It is associated with a private key.
 type Account struct {
 	// URI is the account unique ID, which is also a URL used to retrieve
 	// account data from the CA.
 	URI string

 	// Contact is a slice of contact info used during registration.
 	Contact []string

 	// The terms user has agreed to.
 	// A value not matching CurrentTerms indicates that the user hasn't agreed
 	// to the actual Terms of Service of the CA.
 	AgreedTerms string

 	// Actual terms of a CA.
 	CurrentTerms string

 	// Authz is the authorization URL used to initiate a new authz flow.
 	Authz string

 	// Authorizations is a URI from which a list of authorizations
 	// granted to this account can be fetched via a GET request.
 	Authorizations string

 	// Certificates is a URI from which a list of certificates
 	// issued for this account can be fetched via a GET request.
 	Certificates string
 }

 // Directory is ACME server discovery data.
 type Directory struct {
 	// RegURL is an account endpoint URL, allowing for creating new
 	// and modifying existing accounts.
 	RegURL string

 	// AuthzURL is used to initiate Identifier Authorization flow.
 	AuthzURL string

 	// CertURL is a new certificate issuance endpoint URL.
 	CertURL string

 	// RevokeURL is used to initiate a certificate revocation flow.
 	RevokeURL string

 	// Term is a URI identifying the current terms of service.
 	Terms string

 	// Website is an HTTP or HTTPS URL locating a website
 	// providing more information about the ACME server.
 	Website string

 	// CAA consists of lowercase hostname elements, which the ACME server
 	// recognises as referring to itself for the purposes of CAA record validation
 	// as defined in RFC6844.
 	CAA []string
 }

 // Challenge encodes a returned CA challenge.
 type Challenge struct {
 	// Type is the challenge type, e.g. "http-01", "tls-sni-02", "dns-01".
 	Type string

 	// URI is where a challenge response can be posted to.
 	URI string

 	// Token is a random value that uniquely identifies the challenge.
 	Token string

 	// Status identifies the status of this challenge.
 	Status string
 }

 // Authorization encodes an authorization response.
 type Authorization struct {
 	// URI uniquely identifies a authorization.
 	URI string

 	// Status identifies the status of an authorization.
 	Status string

 	// Identifier is what the account is authorized to represent.
 	Identifier AuthzID

 	// Challenges that the client needs to fulfill in order to prove possession
 	// of the identifier (for pending authorizations).
 	// For final authorizations, the challenges that were used.
 	Challenges []*Challenge

 	// A collection of sets of challenges, each of which would be sufficient
 	// to prove possession of the identifier.
 	// Clients must complete a set of challenges that covers at least one set.
 	// Challenges are identified by their indices in the challenges array.
 	// If this field is empty, the client needs to complete all challenges.
 	Combinations [][]int
 }

 // AuthzID is an identifier that an account is authorized to represent.
 type AuthzID struct {
 	Type  string // The type of identifier, e.g. "dns".
 	Value string // The identifier itself, e.g. "example.org".
 }

 // wireAuthz is ACME JSON representation of Authorization objects.
 type wireAuthz struct {
 	Status       string
 	Challenges   []wireChallenge
 	Combinations [][]int
 	Identifier   struct {
 		Type  string
 		Value string
 	}
 }

 func (z *wireAuthz) authorization(uri string) *Authorization {
 	a := &Authorization{
 		URI:          uri,
 		Status:       z.Status,
 		Identifier:   AuthzID{Type: z.Identifier.Type, Value: z.Identifier.Value},
 		Combinations: z.Combinations, // shallow copy
 		Challenges:   make([]*Challenge, len(z.Challenges)),
 	}
 	for i, v := range z.Challenges {
 		a.Challenges[i] = v.challenge()
 	}
 	return a
 }

 // wireChallenge is ACME JSON challenge representation.
 type wireChallenge struct {
 	URI    string `json:"uri"`
 	Type   string
 	Token  string
 	Status string
 }

 func (c *wireChallenge) challenge() *Challenge {
 	v := &Challenge{
 		URI:    c.URI,
 		Type:   c.Type,
 		Token:  c.Token,
 		Status: c.Status,
 	}
 	if v.Status == "" {
 		v.Status = StatusPending
 	}
 	return v
 }
	package acme

	import (
	"errors"
	"fmt"
	"net/http"
	)

	// ACME server response statuses used to describe Authorization and Challenge states.
	const (
	StatusUnknown = "unknown"
	StatusPending = "pending"
	StatusProcessing = "processing"
	StatusValid = "valid"
	StatusInvalid = "invalid"
	StatusRevoked = "revoked"
	)

	// CRLReasonCode identifies the reason for a certificate revocation.
	type CRLReasonCode int

	// CRL reason codes as defined in RFC 5280.
	const (
	CRLReasonUnspecified CRLReasonCode = 0
	CRLReasonKeyCompromise CRLReasonCode = 1
	CRLReasonCACompromise CRLReasonCode = 2
	CRLReasonAffiliationChanged CRLReasonCode = 3
	CRLReasonSuperseded CRLReasonCode = 4
	CRLReasonCessationOfOperation CRLReasonCode = 5
	CRLReasonCertificateHold CRLReasonCode = 6
	CRLReasonRemoveFromCRL CRLReasonCode = 8
	CRLReasonPrivilegeWithdrawn CRLReasonCode = 9
	CRLReasonAACompromise CRLReasonCode = 10
	)

	var (
	// ErrAuthorizationFailed indicates that an authorization for an identifier
	// did not succeed.
	ErrAuthorizationFailed = errors.New("acme: identifier authorization failed")

	// ErrUnsupportedKey is returned when an unsupported key type is encountered.
	ErrUnsupportedKey = errors.New("acme: unknown key type; only RSA and ECDSA are supported")
	)

	// Error is an ACME error, defined in Problem Details for HTTP APIs doc
	// http://tools.ietf.org/html/draft-ietf-appsawg-http-problem.
	type Error struct {
	// StatusCode is The HTTP status code generated by the origin server.
	StatusCode int
	// ProblemType is a URI reference that identifies the problem type,
	// typically in a "urn:acme:error:xxx" form.
	ProblemType string
	// Detail is a human-readable explanation specific to this occurrence of the problem.
	Detail string
	// Header is the original server error response headers.
	Header http.Header
	}

	func (e *Error) Error() string {
	return fmt.Sprintf("%d %s: %s", e.StatusCode, e.ProblemType, e.Detail)
	}

	// Account is a user account. It is associated with a private key.
	type Account struct {
	// URI is the account unique ID, which is also a URL used to retrieve
	// account data from the CA.
	URI string

	// Contact is a slice of contact info used during registration.
	Contact []string

	// The terms user has agreed to.
	// A value not matching CurrentTerms indicates that the user hasn't agreed
	// to the actual Terms of Service of the CA.
	AgreedTerms string

	// Actual terms of a CA.
	CurrentTerms string

	// Authz is the authorization URL used to initiate a new authz flow.
	Authz string

	// Authorizations is a URI from which a list of authorizations
	// granted to this account can be fetched via a GET request.
	Authorizations string

	// Certificates is a URI from which a list of certificates
	// issued for this account can be fetched via a GET request.
	Certificates string
	}

	// Directory is ACME server discovery data.
	type Directory struct {
	// RegURL is an account endpoint URL, allowing for creating new
	// and modifying existing accounts.
	RegURL string

	// AuthzURL is used to initiate Identifier Authorization flow.
	AuthzURL string

	// CertURL is a new certificate issuance endpoint URL.
	CertURL string

	// RevokeURL is used to initiate a certificate revocation flow.
	RevokeURL string

	// Term is a URI identifying the current terms of service.
	Terms string

	// Website is an HTTP or HTTPS URL locating a website
	// providing more information about the ACME server.
	Website string

	// CAA consists of lowercase hostname elements, which the ACME server
	// recognises as referring to itself for the purposes of CAA record validation
	// as defined in RFC6844.
	CAA []string
	}

	// Challenge encodes a returned CA challenge.
	type Challenge struct {
	// Type is the challenge type, e.g. "http-01", "tls-sni-02", "dns-01".
	Type string

	// URI is where a challenge response can be posted to.
	URI string

	// Token is a random value that uniquely identifies the challenge.
	Token string

	// Status identifies the status of this challenge.
	Status string
	}

	// Authorization encodes an authorization response.
	type Authorization struct {
	// URI uniquely identifies a authorization.
	URI string

	// Status identifies the status of an authorization.
	Status string

	// Identifier is what the account is authorized to represent.
	Identifier AuthzID

	// Challenges that the client needs to fulfill in order to prove possession
	// of the identifier (for pending authorizations).
	// For final authorizations, the challenges that were used.
	Challenges []*Challenge

	// A collection of sets of challenges, each of which would be sufficient
	// to prove possession of the identifier.
	// Clients must complete a set of challenges that covers at least one set.
	// Challenges are identified by their indices in the challenges array.
	// If this field is empty, the client needs to complete all challenges.
	Combinations [][]int
	}

	// AuthzID is an identifier that an account is authorized to represent.
	type AuthzID struct {
	Type string // The type of identifier, e.g. "dns".
	Value string // The identifier itself, e.g. "example.org".
	}

	// wireAuthz is ACME JSON representation of Authorization objects.
	type wireAuthz struct {
	Status string
	Challenges []wireChallenge
	Combinations [][]int
	Identifier struct {
	Type string
	Value string
	}
	}

	func (z wireAuthz) authorization(uri string) Authorization {
	a := &Authorization{
	URI: uri,
	Status: z.Status,
	Identifier: AuthzID{Type: z.Identifier.Type, Value: z.Identifier.Value},
	Combinations: z.Combinations, // shallow copy
	Challenges: make([]*Challenge, len(z.Challenges)),
	}
	for i, v := range z.Challenges {
	a.Challenges[i] = v.challenge()
	}
	return a
	}

	// wireChallenge is ACME JSON challenge representation.
	type wireChallenge struct {
	URI string `json:"uri"`
	Type string
	Token string
	Status string
	}

	func (c wireChallenge) challenge() Challenge {
	v := &Challenge{
	URI: c.URI,
	Type: c.Type,
	Token: c.Token,
	Status: c.Status,
	}
	if v.Status == "" {
	v.Status = StatusPending
	}
	return v
	}