Update path to ARI endpoint (#6859)

Update the document number to the latest version, and remove the /get/ prefix since it now supports both the GET and POST portions of the spec. Also update one piece of tooling to properly get the ARI URL from the directory, rather than hard-coding it.
2023-05-03 15:20:51 -07:00 · 2023-05-03 15:20:51 -07:00 · 02fa680b08
parent b5118dde36
commit 02fa680b08
3 changed files with 33 additions and 5 deletions
--- a/core/objects.go
+++ b/core/objects.go
@ -499,7 +499,7 @@ func RenewalInfoSimple(issued time.Time, expires time.Time) RenewalInfo {
 }

 // RenewalInfoImmediate constructs a `RenewalInfo` object with a suggested
-// window in the past. Per the draft-ietf-acme-ari-00 spec, clients should
+// window in the past. Per the draft-ietf-acme-ari-01 spec, clients should
 // attempt to renew immediately if the suggested window is in the past. The
 // passed `now` is assumed to be a timestamp representing the current moment in
 // time.
--- a/test/ocsp/checkari/main.go
+++ b/test/ocsp/checkari/main.go
@ -88,10 +88,32 @@ func checkARI(baseURL string, certPath string) (*core.RenewalInfo, error) {
 	return ri, nil
 }

+func getARIURL(directory string) (string, error) {
+	resp, err := http.Get(directory)
+	if err != nil {
+		return "", err
+	}
+
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return "", err
+	}
+
+	var dir struct {
+		RenewalInfo string `json:"renewalInfo"`
+	}
+	err = json.Unmarshal(body, &dir)
+	if err != nil {
+		return "", err
+	}
+
+	return dir.RenewalInfo, nil
+}
+
 func main() {
 	flag.Usage = func() {
 		fmt.Fprintf(os.Stderr, `
-checkari [-url https://acme.api/ari/endpoint] FILE [FILE]...
+checkari [-url https://acme.api/directory] FILE [FILE]...

 Tool for querying ARI. Provide a list of filenames for certificates in PEM
 format, and this tool will query for and output the suggested renewal window
@ -100,16 +122,22 @@ for each certificate.
 `)
 		flag.PrintDefaults()
 	}
-	url := flag.String("url", "https://acme-v02.api.letsencrypt.org/get/draft-ietf-acme-ari-00/renewalInfo/", "ACME server's RenewalInfo URL")
+	directory := flag.String("url", "https://acme-v02.api.letsencrypt.org/directory", "ACME server's Directory URL")
 	flag.Parse()
 	if len(flag.Args()) == 0 {
 		flag.Usage()
 		os.Exit(1)
 	}

+	ariPath, err := getARIURL(*directory)
+	if err != nil {
+		fmt.Println(err.Error())
+		os.Exit(1)
+	}
+
 	for _, cert := range flag.Args() {
 		fmt.Printf("%s:\n", cert)
-		window, err := checkARI(*url, cert)
+		window, err := checkARI(ariPath, cert)
 		if err != nil {
 			fmt.Printf("\t%s\n", err)
 		} else {
--- a/wfe2/wfe.go
+++ b/wfe2/wfe.go
@ -73,7 +73,7 @@ const (
 	getCertPath      = getAPIPrefix + "cert/"

 	// Draft or likely-to-change paths
-	renewalInfoPath = getAPIPrefix + "draft-ietf-acme-ari-00/renewalInfo/"
+	renewalInfoPath = "/draft-ietf-acme-ari-01/renewalInfo/"

 	// Non-ACME paths
 	aiaIssuerPath = "/aia/issuer/"