2018-03-05 19:54:04 +00:00
|
|
|
package acme
|
|
|
|
|
|
|
|
import (
|
2018-11-14 09:18:03 +00:00
|
|
|
"context"
|
2018-07-03 10:44:04 +00:00
|
|
|
"net"
|
|
|
|
"net/http"
|
2018-03-05 19:54:04 +00:00
|
|
|
"time"
|
|
|
|
|
|
|
|
"github.com/cenk/backoff"
|
2018-07-03 10:44:04 +00:00
|
|
|
"github.com/containous/mux"
|
2018-03-05 19:54:04 +00:00
|
|
|
"github.com/containous/traefik/log"
|
|
|
|
"github.com/containous/traefik/safe"
|
2018-05-31 07:30:04 +00:00
|
|
|
"github.com/xenolf/lego/acme"
|
2018-03-05 19:54:04 +00:00
|
|
|
)
|
|
|
|
|
2018-07-03 10:44:04 +00:00
|
|
|
var _ acme.ChallengeProviderTimeout = (*challengeHTTP)(nil)
|
|
|
|
|
|
|
|
type challengeHTTP struct {
|
|
|
|
Store Store
|
|
|
|
}
|
|
|
|
|
2018-11-14 09:18:03 +00:00
|
|
|
// Present presents a challenge to obtain new ACME certificate.
|
2018-07-03 10:44:04 +00:00
|
|
|
func (c *challengeHTTP) Present(domain, token, keyAuth string) error {
|
2018-07-09 23:24:14 +00:00
|
|
|
return c.Store.SetHTTPChallengeToken(token, domain, []byte(keyAuth))
|
2018-07-03 10:44:04 +00:00
|
|
|
}
|
2018-03-05 19:54:04 +00:00
|
|
|
|
2018-11-14 09:18:03 +00:00
|
|
|
// CleanUp cleans the challenges when certificate is obtained.
|
2018-07-03 10:44:04 +00:00
|
|
|
func (c *challengeHTTP) CleanUp(domain, token, keyAuth string) error {
|
2018-07-09 23:24:14 +00:00
|
|
|
return c.Store.RemoveHTTPChallengeToken(token, domain)
|
2018-03-05 19:54:04 +00:00
|
|
|
}
|
|
|
|
|
2018-11-14 09:18:03 +00:00
|
|
|
// Timeout calculates the maximum of time allowed to resolved an ACME challenge.
|
2018-07-03 10:44:04 +00:00
|
|
|
func (c *challengeHTTP) Timeout() (timeout, interval time.Duration) {
|
|
|
|
return 60 * time.Second, 5 * time.Second
|
|
|
|
}
|
|
|
|
|
2018-11-14 09:18:03 +00:00
|
|
|
// Append adds routes on internal router
|
|
|
|
func (p *Provider) Append(router *mux.Router) {
|
2018-07-03 10:44:04 +00:00
|
|
|
router.Methods(http.MethodGet).
|
|
|
|
Path(acme.HTTP01ChallengePath("{token}")).
|
|
|
|
Handler(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
|
|
|
|
vars := mux.Vars(req)
|
2018-11-14 09:18:03 +00:00
|
|
|
|
|
|
|
ctx := log.With(context.Background(), log.Str(log.ProviderName, "acme"))
|
|
|
|
logger := log.FromContext(ctx)
|
|
|
|
|
2018-07-03 10:44:04 +00:00
|
|
|
if token, ok := vars["token"]; ok {
|
|
|
|
domain, _, err := net.SplitHostPort(req.Host)
|
|
|
|
if err != nil {
|
2018-11-14 09:18:03 +00:00
|
|
|
logger.Debugf("Unable to split host and port: %v. Fallback to request host.", err)
|
2018-07-03 10:44:04 +00:00
|
|
|
domain = req.Host
|
|
|
|
}
|
|
|
|
|
2018-11-14 09:18:03 +00:00
|
|
|
tokenValue := getTokenValue(ctx, token, domain, p.Store)
|
2018-07-03 10:44:04 +00:00
|
|
|
if len(tokenValue) > 0 {
|
|
|
|
rw.WriteHeader(http.StatusOK)
|
|
|
|
_, err = rw.Write(tokenValue)
|
|
|
|
if err != nil {
|
2018-11-14 09:18:03 +00:00
|
|
|
logger.Errorf("Unable to write token: %v", err)
|
2018-07-03 10:44:04 +00:00
|
|
|
}
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
rw.WriteHeader(http.StatusNotFound)
|
|
|
|
}))
|
2018-03-05 19:54:04 +00:00
|
|
|
}
|
2018-11-14 09:18:03 +00:00
|
|
|
|
|
|
|
func getTokenValue(ctx context.Context, token, domain string, store Store) []byte {
|
|
|
|
logger := log.FromContext(ctx)
|
|
|
|
logger.Debugf("Retrieving the ACME challenge for token %v...", token)
|
|
|
|
|
|
|
|
var result []byte
|
|
|
|
|
|
|
|
operation := func() error {
|
|
|
|
var err error
|
|
|
|
result, err = store.GetHTTPChallengeToken(token, domain)
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
notify := func(err error, time time.Duration) {
|
|
|
|
logger.Errorf("Error getting challenge for token retrying in %s", time)
|
|
|
|
}
|
|
|
|
|
|
|
|
ebo := backoff.NewExponentialBackOff()
|
|
|
|
ebo.MaxElapsedTime = 60 * time.Second
|
|
|
|
err := backoff.RetryNotify(safe.OperationWithRecover(operation), ebo, notify)
|
|
|
|
if err != nil {
|
|
|
|
logger.Errorf("Cannot retrieve the ACME challenge for token %v: %v", token, err)
|
|
|
|
return []byte{}
|
|
|
|
}
|
|
|
|
|
|
|
|
return result
|
|
|
|
}
|