feat: try using the new ClientId & Handle format (i.e. plain URIs)

9 months ago · 90b5347887
parent 39bf889925
commit 90b5347887
5 changed files with 23 additions and 24 deletions
--- a/acme/api/im_integration_test.go
+++ b/acme/api/im_integration_test.go
@ -199,7 +199,7 @@ func TestIMIntegration(t *testing.T) {
 			Identifiers: []acme.Identifier{
 				{
 					Type:  "wireapp-id",
-					Value: `{"name": "Smith, Alice M (QA)", "domain": "example.com", "client-id": "im:wireapp=75d73550-16e0-4027-abfd-0137e32180cc/ed416ce8ecdd9fad@example.com", "handle": "im:wireapp=alice.smith.qa@example.com"}`,
+					Value: `{"name": "Smith, Alice M (QA)", "domain": "example.com", "client-id": "wireapp://lJGYPz0ZRq2kvc_XpdaDlA:ed416ce8ecdd9fad@example.com", "handle": "wireapp://%40alice.smith.qa@example.com"}`,
 				},
 			},
 		}
@ -377,12 +377,12 @@ func TestIMIntegration(t *testing.T) {
 			},
 		})

-		qUserID, err := url.Parse("im:wireapp=75d73550-16e0-4027-abfd-0137e32180cc/ed416ce8ecdd9fad@example.com")
+		qUserID, err := url.Parse("wireapp://lJGYPz0ZRq2kvc_XpdaDlA:ed416ce8ecdd9fad@example.com")
 		if err != nil {
 			t.Fatal("parse user ID URI", err)
 		}
 		_ = qUserID
-		qUserName, err := url.Parse("im:wireapp=alice.smith.qa@example.com")
+		qUserName, err := url.Parse("wireapp://%40alice.smith.qa@example.com")
 		if err != nil {
 			t.Fatal("parse user name URI", err)
 		}
--- a/acme/api/order.go
+++ b/acme/api/order.go
@ -5,6 +5,7 @@ import (
 	"crypto/x509"
 	"encoding/base64"
 	"encoding/json"
+	"go.step.sm/crypto/kms/uri"
 	"net"
 	"net/http"
 	"strings"
@ -54,8 +55,12 @@ func (n *NewOrderRequest) Validate() error {
 			if err != nil {
 				return acme.NewError(acme.ErrorMalformedType, "ID cannot be parsed")
 			}
-			if !strings.HasPrefix(orderValue.ClientID, "im:wireapp=") {
-				return acme.NewError(acme.ErrorMalformedType, "missing client ID prefix")
+			clientIdUri, err := uri.Parse(orderValue.ClientID)
+			if err != nil {
+				return acme.NewError(acme.ErrorMalformedType, "invalid client ID, it's supposed to be a valid URI")
+			}
+			if clientIdUri.Scheme != "wireapp" {
+				return acme.NewError(acme.ErrorMalformedType, "invalid client ID scheme")
 			}
 		default:
 			return acme.NewError(acme.ErrorMalformedType, "identifier type unsupported: %s", id.Type)
--- a/acme/api/order_test.go
+++ b/acme/api/order_test.go
@ -190,7 +190,7 @@ func TestNewOrderRequest_Validate(t *testing.T) {
 			return test{
 				nor: &NewOrderRequest{
 					Identifiers: []acme.Identifier{
-						{Type: "wireapp-id", Value: `{"name": "Smith, Alice M (QA)", "domain": "example.com", "client-id": "im:wireapp=75d73550-16e0-4027-abfd-0137e32180cc/ed416ce8ecdd9fad@example.com", "handle": "im:wireapp=alice.smith.qa@example.com"}`},
+						{Type: "wireapp-id", Value: `{"name": "Smith, Alice M (QA)", "domain": "example.com", "client-id": "wireapp://lJGYPz0ZRq2kvc_XpdaDlA:ed416ce8ecdd9fad@example.com", "handle": "wireapp://%40alice.smith.qa@example.com"}`},
 					},
 					NotAfter:  naf,
 					NotBefore: nbf,
@ -785,7 +785,7 @@ func TestHandler_newAuthorization(t *testing.T) {
 				AccountID: "accID",
 				Identifier: acme.Identifier{
 					Type:  "wireapp",
-					Value: "im:wireapp=user/client@domain",
+					Value: "wireapp://user:client@domain",
 				},
 				Status:    acme.StatusPending,
 				ExpiresAt: clock.Now(),
@ -1699,7 +1699,7 @@ func TestHandler_NewOrder(t *testing.T) {
 			acc := &acme.Account{ID: "accID"}
 			nor := &NewOrderRequest{
 				Identifiers: []acme.Identifier{
-					{Type: "wireapp-id", Value: `{"client-id": "im:wireapp=user/client@domain"}`},
+					{Type: "wireapp-id", Value: `{"client-id": "wireapp://user:client@domain"}`},
 				},
 			}
 			b, err := json.Marshal(nor)
@ -1736,7 +1736,7 @@ func TestHandler_NewOrder(t *testing.T) {
 						assert.Equals(t, ch.AccountID, "accID")
 						assert.NotEquals(t, ch.Token, "")
 						assert.Equals(t, ch.Status, acme.StatusPending)
-						assert.Equals(t, ch.Value, `{"client-id": "im:wireapp=user/client@domain"}`)
+						assert.Equals(t, ch.Value, `{"client-id": "wireapp://user:client@domain"}`)
 						return nil
 					},
 					MockCreateAuthorization: func(ctx context.Context, az *acme.Authorization) error {
--- a/acme/challenge.go
+++ b/acme/challenge.go
@ -19,7 +19,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"log"
 	"net"
 	"net/url"
 	"os"
@ -464,8 +463,6 @@ func wireDPOP01Validate(ctx context.Context, ch *Challenge, db DB, jwk *jose.JSO

 	kid := base64.RawURLEncoding.EncodeToString(rawKid)

-	log.Printf("kid: %s", kid)
-
 	dpopOptions := provisioner.GetOptions().GetDPOPOptions()
 	key := dpopOptions.GetSigningKey()

--- a/wire/id.go
+++ b/wire/id.go
@ -3,7 +3,7 @@ package wire
 import (
 	"encoding/json"
 	"fmt"
-	"strings"
+	"go.step.sm/crypto/kms/uri"
 )

 type WireIDJSON struct {
@ -25,18 +25,15 @@ type ClientID struct {
 }

 func ParseClientID(clientID string) (ClientID, error) {
-	at := strings.SplitN(clientID, "@", 2)
-	if len(at) != 2 {
-		return ClientID{}, fmt.Errorf("could not match client ID format: %s", clientID)
-	}
-	comp := at[0]
-	slash := strings.SplitN(comp, "/", 2)
-	if len(slash) != 2 {
-		return ClientID{}, fmt.Errorf("could not match client ID format: %s", clientID)
+	clientIdUri, err := uri.Parse(clientID)
+	if err != nil {
+		return ClientID{}, fmt.Errorf("invalid client id URI")
 	}
+	username := clientIdUri.User.Username()
+	deviceId, _ := clientIdUri.User.Password()
 	return ClientID{
-		Username: slash[0],
-		DeviceID: slash[1],
-		Domain:   at[1],
+		Username: username,
+		DeviceID: deviceId,
+		Domain:   clientIdUri.Host,
 	}, nil
 }