2017-06-03 11:34:15 +02:00
|
|
|
-module(acme_challenge).
|
|
|
|
|
2017-06-22 13:47:56 +02:00
|
|
|
-export ([ key_authorization/2,
|
|
|
|
solve_challenge/3
|
2017-06-03 11:34:15 +02:00
|
|
|
]).
|
|
|
|
%% Challenge Types
|
|
|
|
%% ================
|
|
|
|
%% 1. http-01: https://tools.ietf.org/html/draft-ietf-acme-acme-05#section-7.2
|
|
|
|
%% 2. dns-01: https://tools.ietf.org/html/draft-ietf-acme-acme-05#section-7.3
|
|
|
|
%% 3. tls-sni-01: https://tools.ietf.org/html/draft-ietf-acme-acme-05#section-7.4
|
|
|
|
%% 4. (?) oob-01: https://tools.ietf.org/html/draft-ietf-acme-acme-05#section-7.5
|
|
|
|
|
2017-06-17 18:06:39 +02:00
|
|
|
-include("ejabberd.hrl").
|
|
|
|
-include("logger.hrl").
|
|
|
|
-include("xmpp.hrl").
|
2017-06-03 11:34:15 +02:00
|
|
|
|
2017-06-17 18:06:39 +02:00
|
|
|
-include("ejabberd_acme.hrl").
|
|
|
|
|
2017-06-26 18:03:21 +02:00
|
|
|
-spec key_authorization(bitstring(), jose_jwk:key()) -> bitstring().
|
2017-06-03 11:34:15 +02:00
|
|
|
key_authorization(Token, Key) ->
|
2017-06-22 13:47:56 +02:00
|
|
|
Thumbprint = jose_jwk:thumbprint(Key),
|
|
|
|
%% ?INFO_MSG("Thumbprint: ~p~n", [Thumbprint]),
|
|
|
|
KeyAuthorization = erlang:iolist_to_binary([Token, <<".">>, Thumbprint]),
|
|
|
|
KeyAuthorization.
|
2017-06-03 11:34:15 +02:00
|
|
|
|
2017-06-17 18:06:39 +02:00
|
|
|
-spec parse_challenge({proplist()}) -> {ok, acme_challenge()} | {error, _}.
|
|
|
|
parse_challenge(Challenge0) ->
|
2017-06-22 13:47:56 +02:00
|
|
|
try
|
|
|
|
{Challenge} = Challenge0,
|
|
|
|
{<<"type">>,Type} = proplists:lookup(<<"type">>, Challenge),
|
|
|
|
{<<"status">>,Status} = proplists:lookup(<<"status">>, Challenge),
|
|
|
|
{<<"uri">>,Uri} = proplists:lookup(<<"uri">>, Challenge),
|
|
|
|
{<<"token">>,Token} = proplists:lookup(<<"token">>, Challenge),
|
2017-06-26 18:03:21 +02:00
|
|
|
Res =
|
2017-06-22 13:47:56 +02:00
|
|
|
#challenge{
|
|
|
|
type = Type,
|
|
|
|
status = list_to_atom(bitstring_to_list(Status)),
|
|
|
|
uri = bitstring_to_list(Uri),
|
|
|
|
token = Token
|
|
|
|
},
|
|
|
|
{ok, Res}
|
|
|
|
catch
|
|
|
|
_:Error ->
|
|
|
|
{error, Error}
|
|
|
|
end.
|
2017-06-03 11:34:15 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
2017-06-26 18:03:21 +02:00
|
|
|
-spec solve_challenge(bitstring(), [{proplist()}], _) ->
|
|
|
|
{ok, url(), bitstring()} | {error, _}.
|
2017-06-17 18:06:39 +02:00
|
|
|
solve_challenge(ChallengeType, Challenges, Options) ->
|
2017-06-22 13:47:56 +02:00
|
|
|
ParsedChallenges = [parse_challenge(Chall) || Chall <- Challenges],
|
|
|
|
case lists:any(fun is_error/1, ParsedChallenges) of
|
|
|
|
true ->
|
|
|
|
?ERROR_MSG("Error parsing challenges: ~p~n", [Challenges]),
|
|
|
|
{error, parse_challenge};
|
|
|
|
false ->
|
|
|
|
case [C || {ok, C} <- ParsedChallenges, is_challenge_type(ChallengeType, C)] of
|
|
|
|
[Challenge] ->
|
|
|
|
solve_challenge1(Challenge, Options);
|
|
|
|
_ ->
|
|
|
|
?ERROR_MSG("Challenge ~p not found in challenges: ~p~n", [ChallengeType, Challenges]),
|
|
|
|
{error, not_found}
|
|
|
|
end
|
|
|
|
end.
|
2017-06-03 11:34:15 +02:00
|
|
|
|
2017-06-26 18:03:21 +02:00
|
|
|
-spec solve_challenge1(acme_challenge(), {jose_jwk:key(), string()}) ->
|
|
|
|
{ok, url(), bitstring()} | {error, _}.
|
2017-06-17 18:06:39 +02:00
|
|
|
solve_challenge1(Chal = #challenge{type = <<"http-01">>, token=Tkn}, {Key, HttpDir}) ->
|
2017-06-22 13:47:56 +02:00
|
|
|
KeyAuthz = key_authorization(Tkn, Key),
|
|
|
|
FileLocation = HttpDir ++ "/.well-known/acme-challenge/" ++ bitstring_to_list(Tkn),
|
|
|
|
case file:write_file(FileLocation, KeyAuthz) of
|
|
|
|
ok ->
|
|
|
|
{ok, Chal#challenge.uri, KeyAuthz};
|
|
|
|
{error, _} = Err ->
|
|
|
|
?ERROR_MSG("Error writing to file: ~s with reason: ~p~n", [FileLocation, Err]),
|
|
|
|
Err
|
|
|
|
end;
|
2017-06-18 12:20:47 +02:00
|
|
|
%% TODO: Fill stub
|
2017-06-17 18:06:39 +02:00
|
|
|
solve_challenge1(Challenge, _Key) ->
|
2017-06-22 13:47:56 +02:00
|
|
|
?INFO_MSG("Challenge: ~p~n", [Challenge]).
|
2017-06-17 18:06:39 +02:00
|
|
|
|
|
|
|
%% Useful functions
|
|
|
|
|
|
|
|
is_challenge_type(DesiredType, #challenge{type = Type}) when DesiredType =:= Type ->
|
2017-06-22 13:47:56 +02:00
|
|
|
true;
|
2017-06-17 18:06:39 +02:00
|
|
|
is_challenge_type(_DesiredType, #challenge{type = _Type}) ->
|
2017-06-22 13:47:56 +02:00
|
|
|
false.
|
2017-06-17 18:06:39 +02:00
|
|
|
|
2017-06-26 18:03:21 +02:00
|
|
|
-spec is_error({'error', _}) -> 'true';
|
|
|
|
({'ok', _}) -> 'false'.
|
2017-06-17 18:06:39 +02:00
|
|
|
is_error({error, _}) -> true;
|
2017-06-22 13:47:56 +02:00
|
|
|
is_error(_) -> false.
|