From 6d03fb48f9189d286733913f189117d3cced3df5 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 11 Jun 2020 15:33:27 -0600 Subject: [PATCH] caddytls: Don't decode HMAC https://caddy.community/t/trouble-with-external-account-hmac/8600?u=matt --- go.mod | 2 +- go.sum | 4 ++-- modules/caddytls/acmeissuer.go | 13 ++++--------- 3 files changed, 7 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index c0bfd25d..be94561a 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/Masterminds/sprig/v3 v3.1.0 github.com/alecthomas/chroma v0.7.4-0.20200517063913-500529fd43c1 github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a - github.com/caddyserver/certmagic v0.11.1 + github.com/caddyserver/certmagic v0.11.2-0.20200611213056-77f91b9bbeea github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-acme/lego/v3 v3.7.0 github.com/go-chi/chi v4.1.2+incompatible diff --git a/go.sum b/go.sum index a82bf53d..fac10e39 100644 --- a/go.sum +++ b/go.sum @@ -116,8 +116,8 @@ github.com/bombsimon/wsl/v2 v2.0.0/go.mod h1:mf25kr/SqFEPhhcxW1+7pxzGlW+hIl/hYTK github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= -github.com/caddyserver/certmagic v0.11.1 h1:rVbT7DIBH3tv2IQHsIyjFXUpCgrMb5KwganVbnJYsrY= -github.com/caddyserver/certmagic v0.11.1/go.mod h1:fqY1IZk5iqhsj5FU3Vw20Sjq66tEKaanTFYNZ74soMY= +github.com/caddyserver/certmagic v0.11.2-0.20200611213056-77f91b9bbeea h1:JTDqzB3+xUJrUoDkA5iHOnuvy4K/s8ibcZV1YpPYfSI= +github.com/caddyserver/certmagic v0.11.2-0.20200611213056-77f91b9bbeea/go.mod h1:fqY1IZk5iqhsj5FU3Vw20Sjq66tEKaanTFYNZ74soMY= github.com/cenkalti/backoff/v4 v4.0.0 h1:6VeaLF9aI+MAUQ95106HwWzYZgJJpZ4stumjj6RFYAU= github.com/cenkalti/backoff/v4 v4.0.0/go.mod h1:eEew/i+1Q6OrCDZh3WiXYv3+nJwBASZ8Bog/87DQnVg= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go index d6109460..195ddeb3 100644 --- a/modules/caddytls/acmeissuer.go +++ b/modules/caddytls/acmeissuer.go @@ -17,7 +17,6 @@ package caddytls import ( "context" "crypto/x509" - "encoding/base64" "fmt" "io/ioutil" "net/url" @@ -141,16 +140,12 @@ func (m *ACMEIssuer) makeIssuerTemplate() (certmagic.ACMEManager, error) { } if m.ExternalAccount != nil { - hmac, err := base64.StdEncoding.DecodeString(m.ExternalAccount.EncodedHMAC) - if err != nil { - return template, err - } - if m.ExternalAccount.KeyID == "" || len(hmac) == 0 { + if m.ExternalAccount.KeyID == "" || m.ExternalAccount.HMAC == "" { return template, fmt.Errorf("when an external account binding is specified, both key ID and HMAC are required") } template.ExternalAccount = &certmagic.ExternalAccountBinding{ KeyID: m.ExternalAccount.KeyID, - HMAC: hmac, + HMAC: m.ExternalAccount.HMAC, } } @@ -238,8 +233,8 @@ type ExternalAccountBinding struct { // The key identifier. KeyID string `json:"key_id,omitempty"` - // The base64-encoded HMAC. - EncodedHMAC string `json:"hmac,omitempty"` + // The HMAC. + HMAC string `json:"hmac,omitempty"` } // Interface guards