mirror of
https://github.com/caddyserver/caddy.git
synced 2024-12-23 22:27:38 -05:00
6f78cc49d1
- Using xenolf/lego's likely-temporary acmev2 branch - Cleaned up vendor folder a little bit (probably more to do) - Temporarily set default CA URL to v2 staging endpoint - Refactored user management a bit; updated tests (biggest change is how we get the email address, which now requires being able to make an ACME client with a User with a private key so that we can get the current ToS URL) - Automatic HTTPS now allows specific wildcard pattern hostnames - Commented out (but kept) the TLS-SNI code, as the challenge type may return in the future in a similar form
101 lines
2.3 KiB
Go
101 lines
2.3 KiB
Go
/*-
|
|
* Copyright 2014 Square Inc.
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
package main
|
|
|
|
import (
|
|
"crypto/x509"
|
|
"encoding/pem"
|
|
"errors"
|
|
"fmt"
|
|
"gopkg.in/square/go-jose.v2"
|
|
)
|
|
|
|
func LoadJSONWebKey(json []byte, pub bool) (*jose.JSONWebKey, error) {
|
|
var jwk jose.JSONWebKey
|
|
err := jwk.UnmarshalJSON(json)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if !jwk.Valid() {
|
|
return nil, errors.New("invalid JWK key")
|
|
}
|
|
if jwk.IsPublic() != pub {
|
|
return nil, errors.New("priv/pub JWK key mismatch")
|
|
}
|
|
return &jwk, nil
|
|
}
|
|
|
|
// LoadPublicKey loads a public key from PEM/DER/JWK-encoded data.
|
|
func LoadPublicKey(data []byte) (interface{}, error) {
|
|
input := data
|
|
|
|
block, _ := pem.Decode(data)
|
|
if block != nil {
|
|
input = block.Bytes
|
|
}
|
|
|
|
// Try to load SubjectPublicKeyInfo
|
|
pub, err0 := x509.ParsePKIXPublicKey(input)
|
|
if err0 == nil {
|
|
return pub, nil
|
|
}
|
|
|
|
cert, err1 := x509.ParseCertificate(input)
|
|
if err1 == nil {
|
|
return cert.PublicKey, nil
|
|
}
|
|
|
|
jwk, err2 := LoadJSONWebKey(data, true)
|
|
if err2 == nil {
|
|
return jwk, nil
|
|
}
|
|
|
|
return nil, fmt.Errorf("square/go-jose: parse error, got '%s', '%s' and '%s'", err0, err1, err2)
|
|
}
|
|
|
|
// LoadPrivateKey loads a private key from PEM/DER/JWK-encoded data.
|
|
func LoadPrivateKey(data []byte) (interface{}, error) {
|
|
input := data
|
|
|
|
block, _ := pem.Decode(data)
|
|
if block != nil {
|
|
input = block.Bytes
|
|
}
|
|
|
|
var priv interface{}
|
|
priv, err0 := x509.ParsePKCS1PrivateKey(input)
|
|
if err0 == nil {
|
|
return priv, nil
|
|
}
|
|
|
|
priv, err1 := x509.ParsePKCS8PrivateKey(input)
|
|
if err1 == nil {
|
|
return priv, nil
|
|
}
|
|
|
|
priv, err2 := x509.ParseECPrivateKey(input)
|
|
if err2 == nil {
|
|
return priv, nil
|
|
}
|
|
|
|
jwk, err3 := LoadJSONWebKey(input, false)
|
|
if err3 == nil {
|
|
return jwk, nil
|
|
}
|
|
|
|
return nil, fmt.Errorf("square/go-jose: parse error, got '%s', '%s', '%s' and '%s'", err0, err1, err2, err3)
|
|
}
|