traefik/pkg/provider/acme/account.go

91 lines
2.2 KiB
Go
Raw Permalink Normal View History

2018-03-05 19:54:04 +00:00
package acme
import (
2018-11-14 09:18:03 +00:00
"context"
2018-03-05 19:54:04 +00:00
"crypto"
"crypto/rand"
"crypto/rsa"
"crypto/x509"
2020-09-04 08:52:03 +00:00
"github.com/go-acme/lego/v4/certcrypto"
"github.com/go-acme/lego/v4/registration"
2022-11-21 17:36:05 +00:00
"github.com/rs/zerolog/log"
2023-02-03 14:24:05 +00:00
"github.com/traefik/traefik/v3/pkg/logs"
2018-03-05 19:54:04 +00:00
)
2020-05-11 10:06:07 +00:00
// Account is used to store lets encrypt registration info.
2018-03-05 19:54:04 +00:00
type Account struct {
Email string
2019-01-07 17:30:06 +00:00
Registration *registration.Resource
2018-03-05 19:54:04 +00:00
PrivateKey []byte
2019-01-07 17:30:06 +00:00
KeyType certcrypto.KeyType
2018-03-05 19:54:04 +00:00
}
2018-03-26 12:12:03 +00:00
const (
2020-05-11 10:06:07 +00:00
// RegistrationURLPathV1Regexp is a regexp which match ACME registration URL in the V1 format.
2018-04-17 21:20:33 +00:00
RegistrationURLPathV1Regexp = `^.*/acme/reg/\d+$`
2018-03-26 12:12:03 +00:00
)
2020-05-11 10:06:07 +00:00
// NewAccount creates an account.
2020-07-07 12:42:03 +00:00
func NewAccount(ctx context.Context, email, keyTypeValue string) (*Account, error) {
2018-11-14 09:18:03 +00:00
keyType := GetKeyType(ctx, keyTypeValue)
2018-03-05 19:54:04 +00:00
// Create a user. New accounts need an email and private key to start
privateKey, err := rsa.GenerateKey(rand.Reader, 4096)
if err != nil {
return nil, err
}
return &Account{
Email: email,
PrivateKey: x509.MarshalPKCS1PrivateKey(privateKey),
KeyType: keyType,
2018-03-05 19:54:04 +00:00
}, nil
}
2020-05-11 10:06:07 +00:00
// GetEmail returns email.
2018-03-05 19:54:04 +00:00
func (a *Account) GetEmail() string {
return a.Email
}
2020-05-11 10:06:07 +00:00
// GetRegistration returns lets encrypt registration resource.
2019-01-07 17:30:06 +00:00
func (a *Account) GetRegistration() *registration.Resource {
2018-03-05 19:54:04 +00:00
return a.Registration
}
2020-05-11 10:06:07 +00:00
// GetPrivateKey returns private key.
2018-03-05 19:54:04 +00:00
func (a *Account) GetPrivateKey() crypto.PrivateKey {
2018-11-14 09:18:03 +00:00
privateKey, err := x509.ParsePKCS1PrivateKey(a.PrivateKey)
if err != nil {
2022-11-21 17:36:05 +00:00
log.Error().Str(logs.ProviderName, "acme").
Err(err).Msgf("Cannot unmarshal private key %+v", a.PrivateKey)
2018-11-14 09:18:03 +00:00
return nil
2018-03-05 19:54:04 +00:00
}
2018-11-14 09:18:03 +00:00
return privateKey
2018-03-05 19:54:04 +00:00
}
2020-05-11 10:06:07 +00:00
// GetKeyType used to determine which algo to used.
2019-01-07 17:30:06 +00:00
func GetKeyType(ctx context.Context, value string) certcrypto.KeyType {
2022-11-21 17:36:05 +00:00
logger := log.Ctx(ctx)
2018-11-14 09:18:03 +00:00
switch value {
case "EC256":
2019-01-07 17:30:06 +00:00
return certcrypto.EC256
case "EC384":
2019-01-07 17:30:06 +00:00
return certcrypto.EC384
case "RSA2048":
2019-01-07 17:30:06 +00:00
return certcrypto.RSA2048
case "RSA4096":
2019-01-07 17:30:06 +00:00
return certcrypto.RSA4096
case "RSA8192":
2019-01-07 17:30:06 +00:00
return certcrypto.RSA8192
2018-07-03 10:44:04 +00:00
case "":
2022-11-21 17:36:05 +00:00
logger.Info().Msgf("The key type is empty. Use default key type %v.", certcrypto.RSA4096)
2019-01-07 17:30:06 +00:00
return certcrypto.RSA4096
default:
2022-11-21 17:36:05 +00:00
logger.Info().Msgf("Unable to determine the key type value %q: falling back on %v.", value, certcrypto.RSA4096)
2019-01-07 17:30:06 +00:00
return certcrypto.RSA4096
}
}