2016-03-21 11:10:18 +01:00
|
|
|
package acme
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/tls"
|
|
|
|
"sync"
|
|
|
|
|
|
|
|
"crypto/x509"
|
|
|
|
"github.com/xenolf/lego/acme"
|
|
|
|
)
|
|
|
|
|
|
|
|
type wrapperChallengeProvider struct {
|
|
|
|
challengeCerts map[string]*tls.Certificate
|
|
|
|
lock sync.RWMutex
|
|
|
|
}
|
|
|
|
|
|
|
|
func newWrapperChallengeProvider() *wrapperChallengeProvider {
|
|
|
|
return &wrapperChallengeProvider{
|
|
|
|
challengeCerts: map[string]*tls.Certificate{},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *wrapperChallengeProvider) getCertificate(domain string) (cert *tls.Certificate, exists bool) {
|
|
|
|
c.lock.RLock()
|
|
|
|
defer c.lock.RUnlock()
|
|
|
|
if cert, ok := c.challengeCerts[domain]; ok {
|
|
|
|
return cert, true
|
|
|
|
}
|
|
|
|
return nil, false
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *wrapperChallengeProvider) Present(domain, token, keyAuth string) error {
|
2016-06-18 14:51:52 +02:00
|
|
|
cert, _, err := acme.TLSSNI01ChallengeCert(keyAuth)
|
2016-03-21 11:10:18 +01:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
cert.Leaf, err = x509.ParseCertificate(cert.Certificate[0])
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
c.lock.Lock()
|
|
|
|
defer c.lock.Unlock()
|
|
|
|
for i := range cert.Leaf.DNSNames {
|
|
|
|
c.challengeCerts[cert.Leaf.DNSNames[i]] = &cert
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *wrapperChallengeProvider) CleanUp(domain, token, keyAuth string) error {
|
|
|
|
c.lock.Lock()
|
|
|
|
defer c.lock.Unlock()
|
|
|
|
delete(c.challengeCerts, domain)
|
|
|
|
return nil
|
|
|
|
}
|