2018-03-05 20:54:04 +01:00
|
|
|
package acme
|
|
|
|
|
|
|
|
import (
|
2018-11-14 10:18:03 +01:00
|
|
|
"context"
|
2018-03-05 20:54:04 +01:00
|
|
|
"crypto"
|
|
|
|
"crypto/rand"
|
|
|
|
"crypto/rsa"
|
|
|
|
"crypto/x509"
|
|
|
|
|
|
|
|
"github.com/containous/traefik/log"
|
2018-05-31 09:30:04 +02:00
|
|
|
"github.com/xenolf/lego/acme"
|
2018-03-05 20:54:04 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
// Account is used to store lets encrypt registration info
|
|
|
|
type Account struct {
|
|
|
|
Email string
|
|
|
|
Registration *acme.RegistrationResource
|
|
|
|
PrivateKey []byte
|
2018-05-16 11:44:03 +02:00
|
|
|
KeyType acme.KeyType
|
2018-03-05 20:54:04 +01:00
|
|
|
}
|
|
|
|
|
2018-03-26 14:12:03 +02:00
|
|
|
const (
|
|
|
|
// RegistrationURLPathV1Regexp is a regexp which match ACME registration URL in the V1 format
|
2018-04-17 23:20:33 +02:00
|
|
|
RegistrationURLPathV1Regexp = `^.*/acme/reg/\d+$`
|
2018-03-26 14:12:03 +02:00
|
|
|
)
|
|
|
|
|
2018-03-05 20:54:04 +01:00
|
|
|
// NewAccount creates an account
|
2018-11-14 10:18:03 +01:00
|
|
|
func NewAccount(ctx context.Context, email string, keyTypeValue string) (*Account, error) {
|
|
|
|
keyType := GetKeyType(ctx, keyTypeValue)
|
2018-05-16 11:44:03 +02:00
|
|
|
|
2018-03-05 20:54:04 +01:00
|
|
|
// Create a user. New accounts need an email and private key to start
|
|
|
|
privateKey, err := rsa.GenerateKey(rand.Reader, 4096)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return &Account{
|
|
|
|
Email: email,
|
|
|
|
PrivateKey: x509.MarshalPKCS1PrivateKey(privateKey),
|
2018-05-16 11:44:03 +02:00
|
|
|
KeyType: keyType,
|
2018-03-05 20:54:04 +01:00
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// GetEmail returns email
|
|
|
|
func (a *Account) GetEmail() string {
|
|
|
|
return a.Email
|
|
|
|
}
|
|
|
|
|
|
|
|
// GetRegistration returns lets encrypt registration resource
|
|
|
|
func (a *Account) GetRegistration() *acme.RegistrationResource {
|
|
|
|
return a.Registration
|
|
|
|
}
|
|
|
|
|
|
|
|
// GetPrivateKey returns private key
|
|
|
|
func (a *Account) GetPrivateKey() crypto.PrivateKey {
|
2018-11-14 10:18:03 +01:00
|
|
|
privateKey, err := x509.ParsePKCS1PrivateKey(a.PrivateKey)
|
|
|
|
if err != nil {
|
|
|
|
log.WithoutContext().WithField(log.ProviderName, "acme").
|
|
|
|
Errorf("Cannot unmarshal private key %+v: %v", a.PrivateKey, err)
|
|
|
|
return nil
|
2018-03-05 20:54:04 +01:00
|
|
|
}
|
|
|
|
|
2018-11-14 10:18:03 +01:00
|
|
|
return privateKey
|
2018-03-05 20:54:04 +01:00
|
|
|
}
|
2018-05-16 11:44:03 +02:00
|
|
|
|
|
|
|
// GetKeyType used to determine which algo to used
|
2018-11-14 10:18:03 +01:00
|
|
|
func GetKeyType(ctx context.Context, value string) acme.KeyType {
|
|
|
|
logger := log.FromContext(ctx)
|
|
|
|
|
2018-05-16 11:44:03 +02:00
|
|
|
switch value {
|
|
|
|
case "EC256":
|
|
|
|
return acme.EC256
|
|
|
|
case "EC384":
|
|
|
|
return acme.EC384
|
|
|
|
case "RSA2048":
|
|
|
|
return acme.RSA2048
|
|
|
|
case "RSA4096":
|
|
|
|
return acme.RSA4096
|
|
|
|
case "RSA8192":
|
|
|
|
return acme.RSA8192
|
2018-07-03 12:44:04 +02:00
|
|
|
case "":
|
2018-11-14 10:18:03 +01:00
|
|
|
logger.Infof("The key type is empty. Use default key type %v.", acme.RSA4096)
|
2018-07-03 12:44:04 +02:00
|
|
|
return acme.RSA4096
|
2018-05-16 11:44:03 +02:00
|
|
|
default:
|
2018-11-14 10:18:03 +01:00
|
|
|
logger.Infof("Unable to determine the key type value %q: falling back on %v.", value, acme.RSA4096)
|
2018-05-16 11:44:03 +02:00
|
|
|
return acme.RSA4096
|
|
|
|
}
|
|
|
|
}
|