Changes

2025-04-29 10:31:33 +02:00
parent 9c293716cf
commit b6c39eda74
1 changed files with 543 additions and 545 deletions
--- a/main.go
+++ b/main.go
@@ -24,14 +24,12 @@ import (
 	"bytes"
 	"context"
 	"crypto"
    "crypto/ecdsa"
    "crypto/elliptic"
 	"crypto/rand"
 	"crypto/sha256"
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"database/sql"
-    "encoding/asn1"
+	"encoding/base64"
 	"encoding/json"
 	"encoding/pem"
 	"errors"
@@ -93,7 +91,7 @@ var (
 // MySQL store (non‑exhaustive)
 // -----------------------------------------------------------------------------
-type mysqlStore struct{
+type mysqlStore struct {
 	db *sql.DB
 }
@@ -224,7 +222,7 @@ type ca struct {
 	db   *mysqlStore
 	mu   sync.RWMutex // guards ocspCache / crlCache
-    ocspCache []byte
+	//ocspCache []byte
 	crlCache []byte
 }
@@ -586,10 +584,8 @@ func (s *server) handleFinalize(ctx context.Context, w http.ResponseWriter, r *h
 		return
 	}
    // order ID is last element
 	orderID := path.Base(r.URL.Path)
    // Parse CSR (DER) – payload contains base64‑encoded CSR per RFC 8555 §7.4
 	var in struct {
 		CSR string `json:"csr"`
 	}
@@ -597,7 +593,7 @@ func (s *server) handleFinalize(ctx context.Context, w http.ResponseWriter, r *h
 		http.Error(w, "bad csr wrapper", 400)
 		return
 	}
-    csrDER, err := jose.Base64URLDecode(in.CSR)
+	csrDER, err := base64.RawURLEncoding.DecodeString(in.CSR)
 	if err != nil {
 		http.Error(w, "bad csr b64", 400)
 		return
@@ -613,8 +609,10 @@ func (s *server) handleFinalize(ctx context.Context, w http.ResponseWriter, r *h
 		return
 	}
-    // Build leaf cert (valid 90 days, key‑usage TLS‑server)
+	// --- FIX: sha256.Sum256 liefert ein [32]byte – zuerst in Variable legen
-    serial := big.NewInt(0).SetBytes(sha256.Sum256([]byte(uuid.New().String()))[:])
+	hash := sha256.Sum256([]byte(uuid.New().String()))
 	serial := new(big.Int).SetBytes(hash[:])
 	tmpl := &x509.Certificate{
 		SerialNumber: serial,
 		Subject:      csr.Subject,
@@ -640,14 +638,12 @@ func (s *server) handleFinalize(ctx context.Context, w http.ResponseWriter, r *h
 		return
 	}
    // Link order → valid & cert URL
 	certURL := fmt.Sprintf("https://%s/acme/cert/%s", r.Host, certID)
 	if _, err := s.db.db.ExecContext(ctx, `UPDATE orders SET status='valid',payload=?,finalize_url=? WHERE id=?`, pay.Data, certURL, orderID); err != nil {
 		http.Error(w, "db", 500)
 		return
 	}
    // Response must include chain (leaf + CA) in PEM order per RFC 8555 §7.4
 	var buf bytes.Buffer
 	_ = pem.Encode(&buf, &pem.Block{Type: "CERTIFICATE", Bytes: der})
 	_ = pem.Encode(&buf, &pem.Block{Type: "CERTIFICATE", Bytes: s.ca.cert.Raw})
@@ -687,7 +683,9 @@ func (s *server) handleRevoke(ctx context.Context, w http.ResponseWriter, r *htt
 	nonce := uuid.New().String()
 	_ = s.db.putNonce(ctx, nonce)
-    s.jsonResponse(w, 200, struct{ Status string `json:"status"` }{Status: "revoked"}, nonce)
+	s.jsonResponse(w, 200, struct {
 		Status string `json:"status"`
 	}{Status: "revoked"}, nonce)
 }
 func (s *server) handleOCSP(ctx context.Context, w http.ResponseWriter, r *http.Request) {