caddytls: Don't decode HMAC

https://caddy.community/t/trouble-with-external-account-hmac/8600?u=matt
caddyserver · Jun 11, 2020 · 6d03fb4 · 6d03fb4
1 parent b3bff13
commit 6d03fb4
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 12 deletions.
diff --git a/go.mod b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/Masterminds/sprig/v3 v3.1.0
 	github.com/alecthomas/chroma v0.7.4-0.20200517063913-500529fd43c1
 	github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a
-	github.com/caddyserver/certmagic v0.11.1
+	github.com/caddyserver/certmagic v0.11.2-0.20200611213056-77f91b9bbeea
 	github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac
 	github.com/go-acme/lego/v3 v3.7.0
 	github.com/go-chi/chi v4.1.2+incompatible

diff --git a/go.sum b/go.sum
@@ -116,8 +116,8 @@ github.com/bombsimon/wsl/v2 v2.0.0/go.mod h1:mf25kr/SqFEPhhcxW1+7pxzGlW+hIl/hYTK
 github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
 github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g=
 github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s=
-github.com/caddyserver/certmagic v0.11.1 h1:rVbT7DIBH3tv2IQHsIyjFXUpCgrMb5KwganVbnJYsrY=
-github.com/caddyserver/certmagic v0.11.1/go.mod h1:fqY1IZk5iqhsj5FU3Vw20Sjq66tEKaanTFYNZ74soMY=
+github.com/caddyserver/certmagic v0.11.2-0.20200611213056-77f91b9bbeea h1:JTDqzB3+xUJrUoDkA5iHOnuvy4K/s8ibcZV1YpPYfSI=
+github.com/caddyserver/certmagic v0.11.2-0.20200611213056-77f91b9bbeea/go.mod h1:fqY1IZk5iqhsj5FU3Vw20Sjq66tEKaanTFYNZ74soMY=
 github.com/cenkalti/backoff/v4 v4.0.0 h1:6VeaLF9aI+MAUQ95106HwWzYZgJJpZ4stumjj6RFYAU=
 github.com/cenkalti/backoff/v4 v4.0.0/go.mod h1:eEew/i+1Q6OrCDZh3WiXYv3+nJwBASZ8Bog/87DQnVg=
 github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=

diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go
@@ -17,7 +17,6 @@ package caddytls
 import (
 	"context"
 	"crypto/x509"
-	"encoding/base64"
 	"fmt"
 	"io/ioutil"
 	"net/url"
@@ -141,16 +140,12 @@ func (m *ACMEIssuer) makeIssuerTemplate() (certmagic.ACMEManager, error) {
 	}
 
 	if m.ExternalAccount != nil {
-		hmac, err := base64.StdEncoding.DecodeString(m.ExternalAccount.EncodedHMAC)
-		if err != nil {
-			return template, err
-		}
-		if m.ExternalAccount.KeyID == "" || len(hmac) == 0 {
+		if m.ExternalAccount.KeyID == "" || m.ExternalAccount.HMAC == "" {
 			return template, fmt.Errorf("when an external account binding is specified, both key ID and HMAC are required")
 		}
 		template.ExternalAccount = &certmagic.ExternalAccountBinding{
 			KeyID: m.ExternalAccount.KeyID,
-			HMAC:  hmac,
+			HMAC:  m.ExternalAccount.HMAC,
 		}
 	}
 
@@ -238,8 +233,8 @@ type ExternalAccountBinding struct {
 	// The key identifier.
 	KeyID string `json:"key_id,omitempty"`
 
-	// The base64-encoded HMAC.
-	EncodedHMAC string `json:"hmac,omitempty"`
+	// The HMAC.
+	HMAC string `json:"hmac,omitempty"`
 }
 
 // Interface guards