Cutlery/caddy
1
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2025-11-03 19:17:29 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

caddytls: Don't decode HMAC

Browse Source 
https://caddy.community/t/trouble-with-external-account-hmac/8600?u=matt
This commit is contained in:
Matthew Holt 2020-06-11 15:33:27 -06:00
parent b3bff13f7d
commit 6d03fb48f9
No known key found for this signature in database
GPG Key ID: 2A349DD577D586A5
3 changed files with 7 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
go.mod
View File

@ -6,7 +6,7 @@ require (
github.com/Masterminds/sprig/v3 v3.1.0
github.com/alecthomas/chroma v0.7.4-0.20200517063913-500529fd43c1
github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a
github.com/caddyserver/certmagic v0.11.1
github.com/caddyserver/certmagic v0.11.2-0.20200611213056-77f91b9bbeea
github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac
github.com/go-acme/lego/v3 v3.7.0
github.com/go-chi/chi v4.1.2+incompatible

4
go.sum
View File

@ -116,8 +116,8 @@ github.com/bombsimon/wsl/v2 v2.0.0/go.mod h1:mf25kr/SqFEPhhcxW1+7pxzGlW+hIl/hYTK
github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g=
github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s=
github.com/caddyserver/certmagic v0.11.1 h1:rVbT7DIBH3tv2IQHsIyjFXUpCgrMb5KwganVbnJYsrY=
github.com/caddyserver/certmagic v0.11.1/go.mod h1:fqY1IZk5iqhsj5FU3Vw20Sjq66tEKaanTFYNZ74soMY=
github.com/caddyserver/certmagic v0.11.2-0.20200611213056-77f91b9bbeea h1:JTDqzB3+xUJrUoDkA5iHOnuvy4K/s8ibcZV1YpPYfSI=
github.com/caddyserver/certmagic v0.11.2-0.20200611213056-77f91b9bbeea/go.mod h1:fqY1IZk5iqhsj5FU3Vw20Sjq66tEKaanTFYNZ74soMY=
github.com/cenkalti/backoff/v4 v4.0.0 h1:6VeaLF9aI+MAUQ95106HwWzYZgJJpZ4stumjj6RFYAU=
github.com/cenkalti/backoff/v4 v4.0.0/go.mod h1:eEew/i+1Q6OrCDZh3WiXYv3+nJwBASZ8Bog/87DQnVg=
github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=

13
modules/caddytls/acmeissuer.go
View File

@ -17,7 +17,6 @@ package caddytls
import (
"context"
"crypto/x509"
"encoding/base64"
"fmt"
"io/ioutil"
"net/url"
@ -141,16 +140,12 @@ func (m *ACMEIssuer) makeIssuerTemplate() (certmagic.ACMEManager, error) {
}
if m.ExternalAccount != nil {
hmac, err := base64.StdEncoding.DecodeString(m.ExternalAccount.EncodedHMAC)
if err != nil {
return template, err
}
if m.ExternalAccount.KeyID == "" || len(hmac) == 0 {
if m.ExternalAccount.KeyID == "" || m.ExternalAccount.HMAC == "" {
return template, fmt.Errorf("when an external account binding is specified, both key ID and HMAC are required")
}
template.ExternalAccount = &certmagic.ExternalAccountBinding{
KeyID: m.ExternalAccount.KeyID,
HMAC: hmac,
HMAC: m.ExternalAccount.HMAC,
}
}
@ -238,8 +233,8 @@ type ExternalAccountBinding struct {
// The key identifier.
KeyID string `json:"key_id,omitempty"`
// The base64-encoded HMAC.
EncodedHMAC string `json:"hmac,omitempty"`
// The HMAC.
HMAC string `json:"hmac,omitempty"`
}
// Interface guards