smallstep-certificates/acme/authorization.go

71 lines
1.6 KiB
Go
Raw Normal View History

2021-02-28 18:09:06 +00:00
package acme
2021-02-28 01:05:37 +00:00
import (
"context"
"encoding/json"
"time"
)
// Authorization representst an ACME Authorization.
type Authorization struct {
ID string `json:"-"`
AccountID string `json:"-"`
Token string `json:"-"`
Fingerprint string `json:"-"`
Identifier Identifier `json:"identifier"`
Status Status `json:"status"`
Challenges []*Challenge `json:"challenges"`
Wildcard bool `json:"wildcard"`
ExpiresAt time.Time `json:"expires"`
Error *Error `json:"error,omitempty"`
2021-02-28 01:05:37 +00:00
}
// ToLog enables response logging.
func (az *Authorization) ToLog() (interface{}, error) {
b, err := json.Marshal(az)
if err != nil {
2021-03-05 07:10:46 +00:00
return nil, WrapErrorISE(err, "error marshaling authz for logging")
2021-02-28 01:05:37 +00:00
}
return string(b), nil
}
// UpdateStatus updates the ACME Authorization Status if necessary.
// Changes to the Authorization are saved using the database interface.
func (az *Authorization) UpdateStatus(ctx context.Context, db DB) error {
2021-03-05 07:10:46 +00:00
now := clock.Now()
2021-02-28 01:05:37 +00:00
switch az.Status {
case StatusInvalid:
return nil
case StatusValid:
return nil
case StatusPending:
// check expiry
if now.After(az.ExpiresAt) {
2021-02-28 01:05:37 +00:00
az.Status = StatusInvalid
break
}
var isValid = false
2021-03-01 06:49:20 +00:00
for _, ch := range az.Challenges {
2021-02-28 01:05:37 +00:00
if ch.Status == StatusValid {
isValid = true
break
}
}
if !isValid {
return nil
}
az.Status = StatusValid
2021-03-24 23:50:35 +00:00
az.Error = nil
2021-02-28 01:05:37 +00:00
default:
2021-03-05 07:10:46 +00:00
return NewErrorISE("unrecognized authorization status: %s", az.Status)
2021-02-28 01:05:37 +00:00
}
2021-03-05 07:10:46 +00:00
if err := db.UpdateAuthorization(ctx, az); err != nil {
return WrapErrorISE(err, "error updating authorization")
2021-03-01 06:49:20 +00:00
}
return nil
2021-02-28 01:05:37 +00:00
}