From c9793561ff5414a41ab7ef093a12cb9ac95848a7 Mon Sep 17 00:00:00 2001
From: Herman Slatman <hermanslatman@hotmail.com>
Date: Mon, 24 Oct 2022 14:14:28 +0200
Subject: [PATCH] Make `meta` object optional in ACME directory response

Harware appliances from Kemp seem to validate the contents of the
`meta` object, even if none of the properties in the `meta` object
is set. According to the RFC, the `meta` object, as well as its
properties are optional, so technically this should be fixed by
the manufacturer.

This commit is to see if we validation of the `meta` object is
skipped if it's not available in the response.
---
 acme/api/handler.go      | 15 ++++++++++-----
 acme/api/handler_test.go |  2 +-
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/acme/api/handler.go b/acme/api/handler.go
index 6ae57ab8..5a41e4d9 100644
--- a/acme/api/handler.go
+++ b/acme/api/handler.go
@@ -205,7 +205,7 @@ type Directory struct {
 	NewOrder   string `json:"newOrder"`
 	RevokeCert string `json:"revokeCert"`
 	KeyChange  string `json:"keyChange"`
-	Meta       Meta   `json:"meta"`
+	Meta       *Meta  `json:"meta,omitempty"`
 }
 
 // ToLog enables response logging for the Directory type.
@@ -228,16 +228,21 @@ func GetDirectory(w http.ResponseWriter, r *http.Request) {
 	}
 
 	linker := acme.MustLinkerFromContext(ctx)
-	render.JSON(w, &Directory{
+	directory := &Directory{
 		NewNonce:   linker.GetLink(ctx, acme.NewNonceLinkType),
 		NewAccount: linker.GetLink(ctx, acme.NewAccountLinkType),
 		NewOrder:   linker.GetLink(ctx, acme.NewOrderLinkType),
 		RevokeCert: linker.GetLink(ctx, acme.RevokeCertLinkType),
 		KeyChange:  linker.GetLink(ctx, acme.KeyChangeLinkType),
-		Meta: Meta{
+	}
+	// Only add the ACME `meta` object when one (or more) of its
+	// properties is set.
+	if acmeProv.RequireEAB {
+		directory.Meta = &Meta{
 			ExternalAccountRequired: acmeProv.RequireEAB,
-		},
-	})
+		}
+	}
+	render.JSON(w, directory)
 }
 
 // NotImplemented returns a 501 and is generally a placeholder for functionality which
diff --git a/acme/api/handler_test.go b/acme/api/handler_test.go
index 822409df..15024e5e 100644
--- a/acme/api/handler_test.go
+++ b/acme/api/handler_test.go
@@ -129,7 +129,7 @@ func TestHandler_GetDirectory(t *testing.T) {
 				NewOrder:   fmt.Sprintf("%s/acme/%s/new-order", baseURL.String(), provName),
 				RevokeCert: fmt.Sprintf("%s/acme/%s/revoke-cert", baseURL.String(), provName),
 				KeyChange:  fmt.Sprintf("%s/acme/%s/key-change", baseURL.String(), provName),
-				Meta: Meta{
+				Meta: &Meta{
 					ExternalAccountRequired: true,
 				},
 			}