aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2019-08-21 17:29:19 +0200
committerGuilhem Moulin <guilhem@fripost.org>2019-08-21 18:05:43 +0200
commitf9d5e53cac1c002e5983efc18e42f5a21444b182 (patch)
treef387ad38594d682a2550002a1c9f3c7e67df736c
parenta3978219bab85e650d963276823cb142ecde6a21 (diff)
Issue GET and POST-as-GET requests (RFC 8555 sec. 6.3)
For the authorizations, order and certificate URLs. See RFC 8555 sec. 7.1.
-rw-r--r--Changelog2
-rwxr-xr-xclient20
2 files changed, 12 insertions, 10 deletions
diff --git a/Changelog b/Changelog
index 948b3f4..0f74a85 100644
--- a/Changelog
+++ b/Changelog
@@ -8,6 +8,8 @@ lacme (0.6) UNRELEASED
drop compatibility symlinks once Bullseye is released.
- Link to RFC 8555 <https://tools.ietf.org/html/rfc8555> instead of the
ACME I-D URL.
+ - Issue GET and POST-as-GET requests (RFC 8555 sec. 6.3) for the
+ authorizations, order and certificate URLs.
-- Guilhem Moulin <guilhem@fripost.org> Mon, 21 Jan 2019 02:07:58 +0100
diff --git a/client b/client
index 9dbcc3f..b567516 100755
--- a/client
+++ b/client
@@ -183,14 +183,14 @@ sub request_json_decode($;$$) {
# encapsulated it in a JSON Web Signature (JWS).
# https://tools.ietf.org/html/rfc8555
#
-sub acme($@) {
- my $uri = shift;
+sub acme($;$) {
+ my ($uri, $h) = @_;
die "Missing nonce\n" unless defined $NONCE;
# Produce the JSON Web Signature: RFC 7515 section 5
my %header = ( alg => 'RS256', nonce => $NONCE, url => $uri );
defined $KID ? ($header{kid} = $KID) : ($header{jwk} = $JWK);
- my $payload = encode_base64url(json()->encode({ @_ }));
+ my $payload = defined $h ? encode_base64url(json()->encode($h)) : "";
my $protected = encode_base64url(json()->encode(\%header));
my $data = $protected .'.'. $payload;
$S->printflush($data, "\r\n");
@@ -220,7 +220,7 @@ sub acme_resource($%) {
request(HEAD => $RES{newNonce});
}
my $uri = $RES{$r} // die "Unknown resource '$r'\n";
- acme($uri, @_);
+ acme($uri, {@_});
}
# Set the key ID (registration URI)
@@ -253,7 +253,7 @@ if ($COMMAND eq 'account') {
if ($r->is_success()) {
$KID = $r->header('Location');
- $r = acme($KID, %h);
+ $r = acme($KID, \%h);
request_json_decode($r, 1, \*STDOUT)
if $r->is_success() and $r->content_type() eq 'application/json';
}
@@ -281,7 +281,7 @@ elsif ($COMMAND eq 'newOrder') {
my $orderurl = $r->header('Location');
foreach (@{$order->{authorizations}}) {
- my $authz = request_json_decode(request(GET => $_));
+ my $authz = request_json_decode(acme($_));
next unless $authz->{status} eq 'pending';
my $identifier = $authz->{identifier}->{value};
@@ -304,7 +304,7 @@ elsif ($COMMAND eq 'newOrder') {
} else {
die "Can't open $challenge->{token}: $!";
}
- my $r = acme($challenge->{url});
+ my $r = acme($challenge->{url}, {});
request_json_decode($r);
}
@@ -313,7 +313,7 @@ elsif ($COMMAND eq 'newOrder') {
my $orderstr = join(', ', map {uc($_->{type}) .":". $_->{value}} @identifiers);
my $certuri;
for (my $i = 0;;) {
- my $r = request('GET' => $orderurl);
+ my $r = acme($orderurl);
my $resp = request_json_decode($r);
if (defined (my $problem = $resp->{error})) { # problem document (RFC 7807)
my $msg = $problem->{status};
@@ -326,7 +326,7 @@ elsif ($COMMAND eq 'newOrder') {
die "Error: Invalid order $orderstr\n";
}
elsif ($status eq "ready") {
- my $r = acme($order->{finalize}, csr => encode_base64url($csr));
+ my $r = acme($order->{finalize}, {csr => encode_base64url($csr)});
my $resp = request_json_decode($r);
$certuri = $resp->{certificate};
last;
@@ -351,7 +351,7 @@ elsif ($COMMAND eq 'newOrder') {
# poll until the cert is available
print STDERR "Certificate URI: $certuri\n";
for (my $i = 0;;) {
- $r = request('GET' => $certuri);
+ $r = acme($certuri);
die request_status_line($r), "\n" unless $r->is_success();
last unless $r->code == 202; # Accepted
my $retry_after = request_retry_after($r) // 1;