2018-07-03 12:44:04 +02:00
|
|
|
package acme
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/tls"
|
|
|
|
|
2019-08-03 03:58:23 +02:00
|
|
|
"github.com/containous/traefik/v2/pkg/log"
|
|
|
|
"github.com/containous/traefik/v2/pkg/types"
|
|
|
|
"github.com/go-acme/lego/v3/challenge"
|
|
|
|
"github.com/go-acme/lego/v3/challenge/tlsalpn01"
|
2018-07-03 12:44:04 +02:00
|
|
|
)
|
|
|
|
|
2019-01-07 18:30:06 +01:00
|
|
|
var _ challenge.Provider = (*challengeTLSALPN)(nil)
|
2018-07-03 12:44:04 +02:00
|
|
|
|
|
|
|
type challengeTLSALPN struct {
|
2019-07-19 11:52:04 +02:00
|
|
|
Store ChallengeStore
|
2018-07-03 12:44:04 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
func (c *challengeTLSALPN) Present(domain, token, keyAuth string) error {
|
2018-11-14 10:18:03 +01:00
|
|
|
log.WithoutContext().WithField(log.ProviderName, "acme").
|
|
|
|
Debugf("TLS Challenge Present temp certificate for %s", domain)
|
2018-07-03 12:44:04 +02:00
|
|
|
|
2019-01-07 18:30:06 +01:00
|
|
|
certPEMBlock, keyPEMBlock, err := tlsalpn01.ChallengeBlocks(domain, keyAuth)
|
2018-07-03 12:44:04 +02:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
cert := &Certificate{Certificate: certPEMBlock, Key: keyPEMBlock, Domain: types.Domain{Main: "TEMP-" + domain}}
|
|
|
|
return c.Store.AddTLSChallenge(domain, cert)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *challengeTLSALPN) CleanUp(domain, token, keyAuth string) error {
|
2018-11-14 10:18:03 +01:00
|
|
|
log.WithoutContext().WithField(log.ProviderName, "acme").
|
|
|
|
Debugf("TLS Challenge CleanUp temp certificate for %s", domain)
|
2018-07-03 12:44:04 +02:00
|
|
|
|
|
|
|
return c.Store.RemoveTLSChallenge(domain)
|
|
|
|
}
|
|
|
|
|
|
|
|
// GetTLSALPNCertificate Get the temp certificate for ACME TLS-ALPN-O1 challenge.
|
|
|
|
func (p *Provider) GetTLSALPNCertificate(domain string) (*tls.Certificate, error) {
|
2019-07-19 11:52:04 +02:00
|
|
|
cert, err := p.ChallengeStore.GetTLSChallenge(domain)
|
2018-07-03 12:44:04 +02:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
if cert == nil {
|
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
certificate, err := tls.X509KeyPair(cert.Certificate, cert.Key)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return &certificate, nil
|
|
|
|
}
|