1 // Copyright 2018 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
22 // retryTimer encapsulates common logic for retrying unsuccessful requests.
23 // It is not safe for concurrent use.
24 type retryTimer struct {
25 // backoffFn provides backoff delay sequence for retries.
26 // See Client.RetryBackoff doc comment.
27 backoffFn func(n int, r *http.Request, res *http.Response) time.Duration
28 // n is the current retry attempt.
32 func (t *retryTimer) inc() {
36 // backoff pauses the current goroutine as described in Client.RetryBackoff.
37 func (t *retryTimer) backoff(ctx context.Context, r *http.Request, res *http.Response) error {
38 d := t.backoffFn(t.n, r, res)
40 return fmt.Errorf("acme: no more retries for %s; tried %d time(s)", r.URL, t.n)
42 wakeup := time.NewTimer(d)
52 func (c *Client) retryTimer() *retryTimer {
57 return &retryTimer{backoffFn: f}
60 // defaultBackoff provides default Client.RetryBackoff implementation
61 // using a truncated exponential backoff algorithm,
62 // as described in Client.RetryBackoff.
64 // The n argument is always bounded between 1 and 30.
65 // The returned value is always greater than 0.
66 func defaultBackoff(n int, r *http.Request, res *http.Response) time.Duration {
67 const max = 10 * time.Second
68 var jitter time.Duration
69 if x, err := rand.Int(rand.Reader, big.NewInt(1000)); err == nil {
70 // Set the minimum to 1ms to avoid a case where
71 // an invalid Retry-After value is parsed into 0 below,
72 // resulting in the 0 returned value which would unintentionally
74 jitter = (1 + time.Duration(x.Int64())) * time.Millisecond
76 if v, ok := res.Header["Retry-After"]; ok {
77 return retryAfter(v[0]) + jitter
86 d := time.Duration(1<<uint(n-1))*time.Second + jitter
93 // retryAfter parses a Retry-After HTTP header value,
94 // trying to convert v into an int (seconds) or use http.ParseTime otherwise.
95 // It returns zero value if v cannot be parsed.
96 func retryAfter(v string) time.Duration {
97 if i, err := strconv.Atoi(v); err == nil {
98 return time.Duration(i) * time.Second
100 t, err := http.ParseTime(v)
104 return t.Sub(timeNow())
107 // resOkay is a function that reports whether the provided response is okay.
108 // It is expected to keep the response body unread.
109 type resOkay func(*http.Response) bool
111 // wantStatus returns a function which reports whether the code
112 // matches the status code of a response.
113 func wantStatus(codes ...int) resOkay {
114 return func(res *http.Response) bool {
115 for _, code := range codes {
116 if code == res.StatusCode {
124 // get issues an unsigned GET request to the specified URL.
125 // It returns a non-error value only when ok reports true.
127 // get retries unsuccessful attempts according to c.RetryBackoff
128 // until the context is done or a non-retriable error is received.
129 func (c *Client) get(ctx context.Context, url string, ok resOkay) (*http.Response, error) {
130 retry := c.retryTimer()
132 req, err := http.NewRequest("GET", url, nil)
136 res, err := c.doNoRetry(ctx, req)
142 case isRetriable(res.StatusCode):
144 resErr := responseError(res)
146 // Ignore the error value from retry.backoff
147 // and return the one from last retry, as received from the CA.
148 if retry.backoff(ctx, req, res) != nil {
152 defer res.Body.Close()
153 return nil, responseError(res)
158 // post issues a signed POST request in JWS format using the provided key
159 // to the specified URL.
160 // It returns a non-error value only when ok reports true.
162 // post retries unsuccessful attempts according to c.RetryBackoff
163 // until the context is done or a non-retriable error is received.
164 // It uses postNoRetry to make individual requests.
165 func (c *Client) post(ctx context.Context, key crypto.Signer, url string, body interface{}, ok resOkay) (*http.Response, error) {
166 retry := c.retryTimer()
168 res, req, err := c.postNoRetry(ctx, key, url, body)
175 resErr := responseError(res)
178 // Check for bad nonce before isRetriable because it may have been returned
179 // with an unretriable response code such as 400 Bad Request.
180 case isBadNonce(resErr):
181 // Consider any previously stored nonce values to be invalid.
183 case !isRetriable(res.StatusCode):
187 // Ignore the error value from retry.backoff
188 // and return the one from last retry, as received from the CA.
189 if err := retry.backoff(ctx, req, res); err != nil {
195 // postNoRetry signs the body with the given key and POSTs it to the provided url.
196 // The body argument must be JSON-serializable.
197 // It is used by c.post to retry unsuccessful attempts.
198 func (c *Client) postNoRetry(ctx context.Context, key crypto.Signer, url string, body interface{}) (*http.Response, *http.Request, error) {
199 nonce, err := c.popNonce(ctx, url)
203 b, err := jwsEncodeJSON(body, key, nonce)
207 req, err := http.NewRequest("POST", url, bytes.NewReader(b))
211 req.Header.Set("Content-Type", "application/jose+json")
212 res, err := c.doNoRetry(ctx, req)
216 c.addNonce(res.Header)
220 // doNoRetry issues a request req, replacing its context (if any) with ctx.
221 func (c *Client) doNoRetry(ctx context.Context, req *http.Request) (*http.Response, error) {
222 res, err := c.httpClient().Do(req.WithContext(ctx))
226 // Prefer the unadorned context error.
227 // (The acme package had tests assuming this, previously from ctxhttp's
228 // behavior, predating net/http supporting contexts natively)
229 // TODO(bradfitz): reconsider this in the future. But for now this
230 // requires no test updates.
231 return nil, ctx.Err()
239 func (c *Client) httpClient() *http.Client {
240 if c.HTTPClient != nil {
243 return http.DefaultClient
246 // isBadNonce reports whether err is an ACME "badnonce" error.
247 func isBadNonce(err error) bool {
248 // According to the spec badNonce is urn:ietf:params:acme:error:badNonce.
249 // However, ACME servers in the wild return their versions of the error.
250 // See https://tools.ietf.org/html/draft-ietf-acme-acme-02#section-5.4
251 // and https://github.com/letsencrypt/boulder/blob/0e07eacb/docs/acme-divergences.md#section-66.
252 ae, ok := err.(*Error)
253 return ok && strings.HasSuffix(strings.ToLower(ae.ProblemType), ":badnonce")
256 // isRetriable reports whether a request can be retried
257 // based on the response status code.
259 // Note that a "bad nonce" error is returned with a non-retriable 400 Bad Request code.
260 // Callers should parse the response and check with isBadNonce.
261 func isRetriable(code int) bool {
262 return code <= 399 || code >= 500 || code == http.StatusTooManyRequests
265 // responseError creates an error of Error type from resp.
266 func responseError(resp *http.Response) error {
267 // don't care if ReadAll returns an error:
268 // json.Unmarshal will fail in that case anyway
269 b, _ := ioutil.ReadAll(resp.Body)
270 e := &wireError{Status: resp.StatusCode}
271 if err := json.Unmarshal(b, e); err != nil {
272 // this is not a regular error response:
273 // populate detail with anything we received,
274 // e.Status will already contain HTTP response code value
277 e.Detail = resp.Status
280 return e.error(resp.Header)