@@ -9,18 +9,27 @@ import (
99 "time"
1010)
1111
12+ type OrderExtension struct {
13+ Profile string
14+ }
15+
1216// NewOrder initiates a new order for a new certificate. This method does not use ACME Renewal Info.
13- func (c Client ) NewOrder (account Account , identifiers []Identifier , profile string ) (Order , error ) {
14- return c .ReplacementOrder (account , nil , identifiers , profile )
17+ func (c Client ) NewOrder (account Account , identifiers []Identifier ) (Order , error ) {
18+ return c .ReplacementOrder (account , nil , identifiers )
1519}
1620
1721// NewOrderDomains takes a list of domain dns identifiers for a new certificate. Essentially a helper function.
18- func (c Client ) NewOrderDomains (account Account , profile string , domains ... string ) (Order , error ) {
22+ func (c Client ) NewOrderDomains (account Account , domains ... string ) (Order , error ) {
1923 var identifiers []Identifier
2024 for _ , d := range domains {
2125 identifiers = append (identifiers , Identifier {Type : "dns" , Value : d })
2226 }
23- return c .ReplacementOrder (account , nil , identifiers , profile )
27+ return c .ReplacementOrder (account , nil , identifiers )
28+ }
29+
30+ // NewOrderExtension takes a struct providing any extensions onto the order
31+ func (c Client ) NewOrderExtension (account Account , identifiers []Identifier , ext OrderExtension ) (Order , error ) {
32+ return c .ReplacementOrderExtension (account , nil , identifiers , ext )
2433}
2534
2635// ReplacementOrder takes an existing *x509.Certificate and initiates a new
@@ -31,7 +40,12 @@ func (c Client) NewOrderDomains(account Account, profile string, domains ...stri
3140// must match the list of identifiers from the parent order to be considered as
3241// a valid replacement order.
3342// See https://datatracker.ietf.org/doc/html/draft-ietf-acme-ari-03#section-5
34- func (c Client ) ReplacementOrder (account Account , oldCert * x509.Certificate , identifiers []Identifier , profile string ) (Order , error ) {
43+ func (c Client ) ReplacementOrder (account Account , oldCert * x509.Certificate , identifiers []Identifier ) (Order , error ) {
44+ return c .ReplacementOrderExtension (account , oldCert , identifiers , OrderExtension {})
45+ }
46+
47+ // ReplacementOrderExtension takes a struct providing any extensions onto the order
48+ func (c Client ) ReplacementOrderExtension (account Account , oldCert * x509.Certificate , identifiers []Identifier , ext OrderExtension ) (Order , error ) {
3549 // If an old cert being replaced is present and the acme directory doesn't list a RenewalInfo endpoint,
3650 // throw an error. This endpoint being present indicates support for ARI.
3751 if oldCert != nil && c .dir .RenewalInfo == "" {
@@ -43,19 +57,19 @@ func (c Client) ReplacementOrder(account Account, oldCert *x509.Certificate, ide
4357 newOrderReq := struct {
4458 Identifiers []Identifier `json:"identifiers"`
4559 Replaces string `json:"replaces,omitempty"`
46- Profile string `json:"profile ,omitempty"`
60+ Profile string `json:"Profile ,omitempty"`
4761 }{
4862 Identifiers : identifiers ,
4963 }
5064
5165 newOrderResp := Order {}
5266
53- if profile != "" {
54- _ , ok := c .Directory ().Meta .Profiles [profile ]
67+ if ext . Profile != "" {
68+ _ , ok := c .Directory ().Meta .Profiles [ext . Profile ]
5569 if ! ok {
56- return Order {}, fmt .Errorf ("requested profile %q not advertised by directory" , profile )
70+ return Order {}, fmt .Errorf ("requested Profile not advertised by directory: %v " , ext . Profile )
5771 }
58- newOrderReq .Profile = profile
72+ newOrderReq .Profile = ext . Profile
5973 }
6074
6175 // If present, add the ari cert ID from the original/old certificate
0 commit comments