traefik/pkg/provider/acme/account.go

package acme

import (
	"context"
	"crypto"
	"crypto/rand"
	"crypto/rsa"
	"crypto/x509"

	"github.com/containous/traefik/pkg/log"
	"github.com/go-acme/lego/certcrypto"
	"github.com/go-acme/lego/registration"
)

// Account is used to store lets encrypt registration info
type Account struct {
	Email        string
	Registration *registration.Resource
	PrivateKey   []byte
	KeyType      certcrypto.KeyType
}

const (
	// RegistrationURLPathV1Regexp is a regexp which match ACME registration URL in the V1 format
	RegistrationURLPathV1Regexp = `^.*/acme/reg/\d+$`
)

// NewAccount creates an account
func NewAccount(ctx context.Context, email string, keyTypeValue string) (*Account, error) {
	keyType := GetKeyType(ctx, keyTypeValue)

	// Create a user. New accounts need an email and private key to start
	privateKey, err := rsa.GenerateKey(rand.Reader, 4096)
	if err != nil {
		return nil, err
	}

	return &Account{
		Email:      email,
		PrivateKey: x509.MarshalPKCS1PrivateKey(privateKey),
		KeyType:    keyType,
	}, nil
}

// GetEmail returns email
func (a *Account) GetEmail() string {
	return a.Email
}

// GetRegistration returns lets encrypt registration resource
func (a *Account) GetRegistration() *registration.Resource {
	return a.Registration
}

// GetPrivateKey returns private key
func (a *Account) GetPrivateKey() crypto.PrivateKey {
	privateKey, err := x509.ParsePKCS1PrivateKey(a.PrivateKey)
	if err != nil {
		log.WithoutContext().WithField(log.ProviderName, "acme").
			Errorf("Cannot unmarshal private key %+v: %v", a.PrivateKey, err)
		return nil
	}

	return privateKey
}

// GetKeyType used to determine which algo to used
func GetKeyType(ctx context.Context, value string) certcrypto.KeyType {
	logger := log.FromContext(ctx)

	switch value {
	case "EC256":
		return certcrypto.EC256
	case "EC384":
		return certcrypto.EC384
	case "RSA2048":
		return certcrypto.RSA2048
	case "RSA4096":
		return certcrypto.RSA4096
	case "RSA8192":
		return certcrypto.RSA8192
	case "":
		logger.Infof("The key type is empty. Use default key type %v.", certcrypto.RSA4096)
		return certcrypto.RSA4096
	default:
		logger.Infof("Unable to determine the key type value %q: falling back on %v.", value, certcrypto.RSA4096)
		return certcrypto.RSA4096
	}
}
Create ACME Provider 2018-03-05 19:54:04 +00:00			`package acme`

			`import (`
Dynamic Configuration Refactoring 2018-11-14 09:18:03 +00:00			`"context"`
Create ACME Provider 2018-03-05 19:54:04 +00:00			`"crypto"`
			`"crypto/rand"`
			`"crypto/rsa"`
			`"crypto/x509"`

Move code to pkg 2019-03-15 08:42:03 +00:00			`"github.com/containous/traefik/pkg/log"`
Migrate to go-acme/lego. 2019-03-14 10:04:04 +00:00			`"github.com/go-acme/lego/certcrypto"`
			`"github.com/go-acme/lego/registration"`
Create ACME Provider 2018-03-05 19:54:04 +00:00			`)`

			`// Account is used to store lets encrypt registration info`
			`type Account struct {`
			`Email string`
Update Lego 2019-01-07 17:30:06 +00:00			`Registration *registration.Resource`
Create ACME Provider 2018-03-05 19:54:04 +00:00			`PrivateKey []byte`
Update Lego 2019-01-07 17:30:06 +00:00			`KeyType certcrypto.KeyType`
Create ACME Provider 2018-03-05 19:54:04 +00:00			`}`

ACME V2 Integration 2018-03-26 12:12:03 +00:00			`const (`
			`// RegistrationURLPathV1Regexp is a regexp which match ACME registration URL in the V1 format`
refactor: minor fixes. 2018-04-17 21:20:33 +00:00			RegistrationURLPathV1Regexp = `^.*/acme/reg/\d+$`
ACME V2 Integration 2018-03-26 12:12:03 +00:00			`)`

Create ACME Provider 2018-03-05 19:54:04 +00:00			`// NewAccount creates an account`
Dynamic Configuration Refactoring 2018-11-14 09:18:03 +00:00			`func NewAccount(ctx context.Context, email string, keyTypeValue string) (*Account, error) {`
			`keyType := GetKeyType(ctx, keyTypeValue)`
Add option to select algorithm to generate ACME certificates 2018-05-16 09:44:03 +00:00
Create ACME Provider 2018-03-05 19:54:04 +00:00			`// Create a user. New accounts need an email and private key to start`
			`privateKey, err := rsa.GenerateKey(rand.Reader, 4096)`
			`if err != nil {`
			`return nil, err`
			`}`

			`return &Account{`
			`Email: email,`
			`PrivateKey: x509.MarshalPKCS1PrivateKey(privateKey),`
Add option to select algorithm to generate ACME certificates 2018-05-16 09:44:03 +00:00			`KeyType: keyType,`
Create ACME Provider 2018-03-05 19:54:04 +00:00			`}, nil`
			`}`

			`// GetEmail returns email`
			`func (a *Account) GetEmail() string {`
			`return a.Email`
			`}`

			`// GetRegistration returns lets encrypt registration resource`
Update Lego 2019-01-07 17:30:06 +00:00			`func (a Account) GetRegistration() registration.Resource {`
Create ACME Provider 2018-03-05 19:54:04 +00:00			`return a.Registration`
			`}`

			`// GetPrivateKey returns private key`
			`func (a *Account) GetPrivateKey() crypto.PrivateKey {`
Dynamic Configuration Refactoring 2018-11-14 09:18:03 +00:00			`privateKey, err := x509.ParsePKCS1PrivateKey(a.PrivateKey)`
			`if err != nil {`
			`log.WithoutContext().WithField(log.ProviderName, "acme").`
			`Errorf("Cannot unmarshal private key %+v: %v", a.PrivateKey, err)`
			`return nil`
Create ACME Provider 2018-03-05 19:54:04 +00:00			`}`

Dynamic Configuration Refactoring 2018-11-14 09:18:03 +00:00			`return privateKey`
Create ACME Provider 2018-03-05 19:54:04 +00:00			`}`
Add option to select algorithm to generate ACME certificates 2018-05-16 09:44:03 +00:00
			`// GetKeyType used to determine which algo to used`
Update Lego 2019-01-07 17:30:06 +00:00			`func GetKeyType(ctx context.Context, value string) certcrypto.KeyType {`
Dynamic Configuration Refactoring 2018-11-14 09:18:03 +00:00			`logger := log.FromContext(ctx)`

Add option to select algorithm to generate ACME certificates 2018-05-16 09:44:03 +00:00			`switch value {`
			`case "EC256":`
Update Lego 2019-01-07 17:30:06 +00:00			`return certcrypto.EC256`
Add option to select algorithm to generate ACME certificates 2018-05-16 09:44:03 +00:00			`case "EC384":`
Update Lego 2019-01-07 17:30:06 +00:00			`return certcrypto.EC384`
Add option to select algorithm to generate ACME certificates 2018-05-16 09:44:03 +00:00			`case "RSA2048":`
Update Lego 2019-01-07 17:30:06 +00:00			`return certcrypto.RSA2048`
Add option to select algorithm to generate ACME certificates 2018-05-16 09:44:03 +00:00			`case "RSA4096":`
Update Lego 2019-01-07 17:30:06 +00:00			`return certcrypto.RSA4096`
Add option to select algorithm to generate ACME certificates 2018-05-16 09:44:03 +00:00			`case "RSA8192":`
Update Lego 2019-01-07 17:30:06 +00:00			`return certcrypto.RSA8192`
ACME TLS ALPN 2018-07-03 10:44:04 +00:00			`case "":`
Update Lego 2019-01-07 17:30:06 +00:00			`logger.Infof("The key type is empty. Use default key type %v.", certcrypto.RSA4096)`
			`return certcrypto.RSA4096`
Add option to select algorithm to generate ACME certificates 2018-05-16 09:44:03 +00:00			`default:`
Update Lego 2019-01-07 17:30:06 +00:00			`logger.Infof("Unable to determine the key type value %q: falling back on %v.", value, certcrypto.RSA4096)`
			`return certcrypto.RSA4096`
Add option to select algorithm to generate ACME certificates 2018-05-16 09:44:03 +00:00			`}`
			`}`