2018-03-05 19:54:04 +00:00
|
|
|
package acme
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"encoding/json"
|
2018-07-09 21:28:03 +00:00
|
|
|
"fmt"
|
2018-03-05 19:54:04 +00:00
|
|
|
"io/ioutil"
|
|
|
|
|
"os"
|
2018-03-26 12:12:03 +00:00
|
|
|
"regexp"
|
2018-07-03 10:44:04 +00:00
|
|
|
"sync"
|
2018-03-05 19:54:04 +00:00
|
|
|
|
|
|
|
|
"github.com/containous/traefik/log"
|
|
|
|
|
"github.com/containous/traefik/safe"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
var _ Store = (*LocalStore)(nil)
|
|
|
|
|
|
|
|
|
|
// LocalStore Store implementation for local file
|
|
|
|
|
type LocalStore struct {
|
|
|
|
|
filename string
|
|
|
|
|
storedData *StoredData
|
2018-04-10 08:52:04 +00:00
|
|
|
SaveDataChan chan *StoredData `json:"-"`
|
2018-07-03 10:44:04 +00:00
|
|
|
lock sync.RWMutex
|
2018-03-05 19:54:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// NewLocalStore initializes a new LocalStore with a file name
|
2018-07-03 10:44:04 +00:00
|
|
|
func NewLocalStore(filename string) *LocalStore {
|
|
|
|
|
store := &LocalStore{filename: filename, SaveDataChan: make(chan *StoredData)}
|
2018-03-05 19:54:04 +00:00
|
|
|
store.listenSaveAction()
|
|
|
|
|
return store
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (s *LocalStore) get() (*StoredData, error) {
|
|
|
|
|
if s.storedData == nil {
|
2018-07-03 10:44:04 +00:00
|
|
|
s.storedData = &StoredData{
|
|
|
|
|
HTTPChallenges: make(map[string]map[string][]byte),
|
|
|
|
|
TLSChallenges: make(map[string]*Certificate),
|
|
|
|
|
}
|
2018-03-05 19:54:04 +00:00
|
|
|
|
2018-04-10 08:52:04 +00:00
|
|
|
hasData, err := CheckFile(s.filename)
|
2018-03-05 19:54:04 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2018-04-10 08:52:04 +00:00
|
|
|
if hasData {
|
|
|
|
|
f, err := os.Open(s.filename)
|
|
|
|
|
if err != nil {
|
2018-03-05 19:54:04 +00:00
|
|
|
return nil, err
|
|
|
|
|
}
|
2018-04-10 08:52:04 +00:00
|
|
|
defer f.Close()
|
|
|
|
|
|
|
|
|
|
file, err := ioutil.ReadAll(f)
|
2018-03-26 12:12:03 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2018-04-10 08:52:04 +00:00
|
|
|
|
|
|
|
|
if len(file) > 0 {
|
|
|
|
|
if err := json.Unmarshal(file, s.storedData); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
}
|
2018-04-16 17:34:04 +00:00
|
|
|
|
2018-04-10 08:52:04 +00:00
|
|
|
// Check if ACME Account is in ACME V1 format
|
|
|
|
|
if s.storedData.Account != nil && s.storedData.Account.Registration != nil {
|
|
|
|
|
isOldRegistration, err := regexp.MatchString(RegistrationURLPathV1Regexp, s.storedData.Account.Registration.URI)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if isOldRegistration {
|
2018-05-28 12:40:03 +00:00
|
|
|
log.Debug("Reset ACME account.")
|
2018-04-10 08:52:04 +00:00
|
|
|
s.storedData.Account = nil
|
|
|
|
|
s.SaveDataChan <- s.storedData
|
|
|
|
|
}
|
2018-03-26 12:12:03 +00:00
|
|
|
}
|
2018-04-16 17:34:04 +00:00
|
|
|
|
|
|
|
|
// Delete all certificates with no value
|
|
|
|
|
var certificates []*Certificate
|
|
|
|
|
for _, certificate := range s.storedData.Certificates {
|
|
|
|
|
if len(certificate.Certificate) == 0 || len(certificate.Key) == 0 {
|
|
|
|
|
log.Debugf("Delete certificate %v for domains %v which have no value.", certificate, certificate.Domain.ToStrArray())
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
certificates = append(certificates, certificate)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if len(certificates) < len(s.storedData.Certificates) {
|
|
|
|
|
s.storedData.Certificates = certificates
|
|
|
|
|
s.SaveDataChan <- s.storedData
|
|
|
|
|
}
|
2018-03-26 12:12:03 +00:00
|
|
|
}
|
2018-03-05 19:54:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return s.storedData, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// listenSaveAction listens to a chan to store ACME data in json format into LocalStore.filename
|
|
|
|
|
func (s *LocalStore) listenSaveAction() {
|
|
|
|
|
safe.Go(func() {
|
|
|
|
|
for object := range s.SaveDataChan {
|
|
|
|
|
data, err := json.MarshalIndent(object, "", " ")
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.Error(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = ioutil.WriteFile(s.filename, data, 0600)
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.Error(err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// GetAccount returns ACME Account
|
|
|
|
|
func (s *LocalStore) GetAccount() (*Account, error) {
|
|
|
|
|
storedData, err := s.get()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return storedData.Account, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// SaveAccount stores ACME Account
|
|
|
|
|
func (s *LocalStore) SaveAccount(account *Account) error {
|
|
|
|
|
storedData, err := s.get()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
storedData.Account = account
|
|
|
|
|
s.SaveDataChan <- storedData
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// GetCertificates returns ACME Certificates list
|
|
|
|
|
func (s *LocalStore) GetCertificates() ([]*Certificate, error) {
|
|
|
|
|
storedData, err := s.get()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return storedData.Certificates, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// SaveCertificates stores ACME Certificates list
|
|
|
|
|
func (s *LocalStore) SaveCertificates(certificates []*Certificate) error {
|
|
|
|
|
storedData, err := s.get()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
storedData.Certificates = certificates
|
|
|
|
|
s.SaveDataChan <- storedData
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2018-07-09 21:28:03 +00:00
|
|
|
// GetHTTPChallengeToken Get the http challenge token from the store
|
|
|
|
|
func (s *LocalStore) GetHTTPChallengeToken(token, domain string) ([]byte, error) {
|
|
|
|
|
s.lock.RLock()
|
|
|
|
|
defer s.lock.RUnlock()
|
|
|
|
|
|
|
|
|
|
if s.storedData.HTTPChallenges == nil {
|
|
|
|
|
s.storedData.HTTPChallenges = map[string]map[string][]byte{}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if _, ok := s.storedData.HTTPChallenges[token]; !ok {
|
|
|
|
|
return nil, fmt.Errorf("cannot find challenge for token %v", token)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
result, ok := s.storedData.HTTPChallenges[token][domain]
|
|
|
|
|
if !ok {
|
|
|
|
|
return nil, fmt.Errorf("cannot find challenge for token %v", token)
|
|
|
|
|
}
|
|
|
|
|
return result, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// SetHTTPChallengeToken Set the http challenge token in the store
|
|
|
|
|
func (s *LocalStore) SetHTTPChallengeToken(token, domain string, keyAuth []byte) error {
|
|
|
|
|
s.lock.Lock()
|
|
|
|
|
defer s.lock.Unlock()
|
|
|
|
|
|
|
|
|
|
if s.storedData.HTTPChallenges == nil {
|
|
|
|
|
s.storedData.HTTPChallenges = map[string]map[string][]byte{}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if _, ok := s.storedData.HTTPChallenges[token]; !ok {
|
|
|
|
|
s.storedData.HTTPChallenges[token] = map[string][]byte{}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
s.storedData.HTTPChallenges[token][domain] = []byte(keyAuth)
|
|
|
|
|
return nil
|
2018-03-05 19:54:04 +00:00
|
|
|
}
|
|
|
|
|
|
2018-07-09 21:28:03 +00:00
|
|
|
// RemoveHTTPChallengeToken Remove the http challenge token in the store
|
|
|
|
|
func (s *LocalStore) RemoveHTTPChallengeToken(token, domain string) error {
|
|
|
|
|
s.lock.Lock()
|
|
|
|
|
defer s.lock.Unlock()
|
|
|
|
|
|
|
|
|
|
if s.storedData.HTTPChallenges == nil {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if _, ok := s.storedData.HTTPChallenges[token]; ok {
|
|
|
|
|
if _, domainOk := s.storedData.HTTPChallenges[token][domain]; domainOk {
|
|
|
|
|
delete(s.storedData.HTTPChallenges[token], domain)
|
|
|
|
|
}
|
|
|
|
|
if len(s.storedData.HTTPChallenges[token]) == 0 {
|
|
|
|
|
delete(s.storedData.HTTPChallenges, token)
|
|
|
|
|
}
|
|
|
|
|
}
|
2018-03-05 19:54:04 +00:00
|
|
|
return nil
|
|
|
|
|
}
|
2018-07-03 10:44:04 +00:00
|
|
|
|
|
|
|
|
// AddTLSChallenge Add a certificate to the ACME TLS-ALPN-01 certificates storage
|
|
|
|
|
func (s *LocalStore) AddTLSChallenge(domain string, cert *Certificate) error {
|
|
|
|
|
s.lock.Lock()
|
|
|
|
|
defer s.lock.Unlock()
|
|
|
|
|
|
|
|
|
|
if s.storedData.TLSChallenges == nil {
|
|
|
|
|
s.storedData.TLSChallenges = make(map[string]*Certificate)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
s.storedData.TLSChallenges[domain] = cert
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// GetTLSChallenge Get a certificate from the ACME TLS-ALPN-01 certificates storage
|
|
|
|
|
func (s *LocalStore) GetTLSChallenge(domain string) (*Certificate, error) {
|
|
|
|
|
s.lock.Lock()
|
|
|
|
|
defer s.lock.Unlock()
|
|
|
|
|
|
|
|
|
|
if s.storedData.TLSChallenges == nil {
|
|
|
|
|
s.storedData.TLSChallenges = make(map[string]*Certificate)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return s.storedData.TLSChallenges[domain], nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// RemoveTLSChallenge Remove a certificate from the ACME TLS-ALPN-01 certificates storage
|
|
|
|
|
func (s *LocalStore) RemoveTLSChallenge(domain string) error {
|
|
|
|
|
s.lock.Lock()
|
|
|
|
|
defer s.lock.Unlock()
|
|
|
|
|
|
|
|
|
|
if s.storedData.TLSChallenges == nil {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
delete(s.storedData.TLSChallenges, domain)
|
|
|
|
|
return nil
|
|
|
|
|
}
|
