fix: update lego.
This commit is contained in:
parent
9537449b07
commit
227fab3867
11 changed files with 107 additions and 73 deletions
7
Gopkg.lock
generated
7
Gopkg.lock
generated
|
@ -1704,8 +1704,7 @@
|
|||
revision = "0c8571ac0ce161a5feb57375a9cdf148c98c0f70"
|
||||
|
||||
[[projects]]
|
||||
branch = "master"
|
||||
digest = "1:f3f9f7b883b89edc06283285964a8125b15f31c1634a8ccb2860c8c8b3f6231d"
|
||||
digest = "1:9eab86777ed6cf496e7659b9c67a0b7ebd1d76f55e1771f8bf52fb68f5f2d040"
|
||||
name = "github.com/xenolf/lego"
|
||||
packages = [
|
||||
"acme",
|
||||
|
@ -1784,7 +1783,8 @@
|
|||
"registration",
|
||||
]
|
||||
pruneopts = "NUT"
|
||||
revision = "43401f2475dd1f6cc2e220908f0caba246ea854e"
|
||||
revision = "86c9de3db61436d07de2471508067f18c16c1997"
|
||||
version = "v2.0.1"
|
||||
|
||||
[[projects]]
|
||||
branch = "master"
|
||||
|
@ -2363,7 +2363,6 @@
|
|||
"github.com/vulcand/oxy/ratelimit",
|
||||
"github.com/vulcand/oxy/roundrobin",
|
||||
"github.com/vulcand/oxy/utils",
|
||||
"github.com/xenolf/lego/acme",
|
||||
"github.com/xenolf/lego/certcrypto",
|
||||
"github.com/xenolf/lego/certificate",
|
||||
"github.com/xenolf/lego/challenge",
|
||||
|
|
|
@ -178,9 +178,9 @@
|
|||
name = "github.com/vulcand/oxy"
|
||||
|
||||
[[constraint]]
|
||||
branch = "master"
|
||||
# branch = "master"
|
||||
name = "github.com/xenolf/lego"
|
||||
# version = "1.0.0"
|
||||
version = "2.0.1"
|
||||
|
||||
[[constraint]]
|
||||
name = "google.golang.org/grpc"
|
||||
|
|
|
@ -423,7 +423,7 @@ func (a *ACME) buildACMEClient(account *Account) (*lego.Client, error) {
|
|||
|
||||
config := lego.NewConfig(account)
|
||||
config.CADirURL = caServer
|
||||
config.KeyType = account.KeyType
|
||||
config.Certificate.KeyType = account.KeyType
|
||||
config.UserAgent = fmt.Sprintf("containous-traefik/%s", version.Version)
|
||||
|
||||
client, err := lego.NewClient(config)
|
||||
|
|
|
@ -250,7 +250,7 @@ func (p *Provider) getClient() (*lego.Client, error) {
|
|||
|
||||
config := lego.NewConfig(account)
|
||||
config.CADirURL = caServer
|
||||
config.KeyType = account.KeyType
|
||||
config.Certificate.KeyType = account.KeyType
|
||||
config.UserAgent = fmt.Sprintf("containous-traefik/%s", version.Version)
|
||||
|
||||
client, err := lego.NewClient(config)
|
||||
|
|
4
vendor/github.com/xenolf/lego/acme/api/internal/sender/useragent.go
generated
vendored
4
vendor/github.com/xenolf/lego/acme/api/internal/sender/useragent.go
generated
vendored
|
@ -5,10 +5,10 @@ package sender
|
|||
|
||||
const (
|
||||
// ourUserAgent is the User-Agent of this underlying library package.
|
||||
ourUserAgent = "xenolf-acme/1.2.1"
|
||||
ourUserAgent = "xenolf-acme/2.0.1"
|
||||
|
||||
// ourUserAgentComment is part of the UA comment linked to the version status of this underlying library package.
|
||||
// values: detach|release
|
||||
// NOTE: Update this with each tagged release.
|
||||
ourUserAgentComment = "detach"
|
||||
ourUserAgentComment = "release"
|
||||
)
|
||||
|
|
74
vendor/github.com/xenolf/lego/certificate/certificates.go
generated
vendored
74
vendor/github.com/xenolf/lego/certificate/certificates.go
generated
vendored
|
@ -17,6 +17,7 @@ import (
|
|||
"github.com/xenolf/lego/certcrypto"
|
||||
"github.com/xenolf/lego/challenge"
|
||||
"github.com/xenolf/lego/log"
|
||||
"github.com/xenolf/lego/platform/wait"
|
||||
"golang.org/x/crypto/ocsp"
|
||||
"golang.org/x/net/idna"
|
||||
)
|
||||
|
@ -60,17 +61,24 @@ type resolver interface {
|
|||
Solve(authorizations []acme.Authorization) error
|
||||
}
|
||||
|
||||
type Certifier struct {
|
||||
core *api.Core
|
||||
keyType certcrypto.KeyType
|
||||
resolver resolver
|
||||
type CertifierOptions struct {
|
||||
KeyType certcrypto.KeyType
|
||||
Timeout time.Duration
|
||||
}
|
||||
|
||||
func NewCertifier(core *api.Core, keyType certcrypto.KeyType, resolver resolver) *Certifier {
|
||||
// Certifier A service to obtain/renew/revoke certificates.
|
||||
type Certifier struct {
|
||||
core *api.Core
|
||||
resolver resolver
|
||||
options CertifierOptions
|
||||
}
|
||||
|
||||
// NewCertifier creates a Certifier.
|
||||
func NewCertifier(core *api.Core, resolver resolver, options CertifierOptions) *Certifier {
|
||||
return &Certifier{
|
||||
core: core,
|
||||
keyType: keyType,
|
||||
resolver: resolver,
|
||||
options: options,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -191,7 +199,7 @@ func (c *Certifier) ObtainForCSR(csr x509.CertificateRequest, bundle bool) (*Res
|
|||
func (c *Certifier) getForOrder(domains []string, order acme.ExtendedOrder, bundle bool, privateKey crypto.PrivateKey, mustStaple bool) (*Resource, error) {
|
||||
if privateKey == nil {
|
||||
var err error
|
||||
privateKey, err = certcrypto.GeneratePrivateKey(c.keyType)
|
||||
privateKey, err = certcrypto.GeneratePrivateKey(c.options.KeyType)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -237,9 +245,9 @@ func (c *Certifier) getForCSR(domains []string, order acme.ExtendedOrder, bundle
|
|||
|
||||
if respOrder.Status == acme.StatusValid {
|
||||
// if the certificate is available right away, short cut!
|
||||
ok, err := c.checkResponse(respOrder, certRes, bundle)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
ok, errR := c.checkResponse(respOrder, certRes, bundle)
|
||||
if errR != nil {
|
||||
return nil, errR
|
||||
}
|
||||
|
||||
if ok {
|
||||
|
@ -247,34 +255,26 @@ func (c *Certifier) getForCSR(domains []string, order acme.ExtendedOrder, bundle
|
|||
}
|
||||
}
|
||||
|
||||
return c.waitForCertificate(certRes, order.Location, bundle)
|
||||
}
|
||||
|
||||
func (c *Certifier) waitForCertificate(certRes *Resource, orderURL string, bundle bool) (*Resource, error) {
|
||||
stopTimer := time.NewTimer(30 * time.Second)
|
||||
defer stopTimer.Stop()
|
||||
retryTick := time.NewTicker(500 * time.Millisecond)
|
||||
defer retryTick.Stop()
|
||||
|
||||
for {
|
||||
select {
|
||||
case <-stopTimer.C:
|
||||
return nil, errors.New("certificate polling timed out")
|
||||
case <-retryTick.C:
|
||||
order, err := c.core.Orders.Get(orderURL)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
done, err := c.checkResponse(order, certRes, bundle)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if done {
|
||||
return certRes, nil
|
||||
}
|
||||
}
|
||||
timeout := c.options.Timeout
|
||||
if c.options.Timeout <= 0 {
|
||||
timeout = 30 * time.Second
|
||||
}
|
||||
|
||||
err = wait.For("certificate", timeout, timeout/60, func() (bool, error) {
|
||||
ord, errW := c.core.Orders.Get(order.Location)
|
||||
if errW != nil {
|
||||
return false, errW
|
||||
}
|
||||
|
||||
done, errW := c.checkResponse(ord, certRes, bundle)
|
||||
if errW != nil {
|
||||
return false, errW
|
||||
}
|
||||
|
||||
return done, nil
|
||||
})
|
||||
|
||||
return certRes, err
|
||||
}
|
||||
|
||||
// checkResponse checks to see if the certificate is ready and a link is contained in the response.
|
||||
|
|
3
vendor/github.com/xenolf/lego/lego/client.go
generated
vendored
3
vendor/github.com/xenolf/lego/lego/client.go
generated
vendored
|
@ -53,9 +53,10 @@ func NewClient(config *Config) (*Client, error) {
|
|||
solversManager := resolver.NewSolversManager(core)
|
||||
|
||||
prober := resolver.NewProber(solversManager)
|
||||
certifier := certificate.NewCertifier(core, prober, certificate.CertifierOptions{KeyType: config.Certificate.KeyType, Timeout: config.Certificate.Timeout})
|
||||
|
||||
return &Client{
|
||||
Certificate: certificate.NewCertifier(core, config.KeyType, prober),
|
||||
Certificate: certifier,
|
||||
Challenge: solversManager,
|
||||
Registration: registration.NewRegistrar(core, config.User),
|
||||
core: core,
|
||||
|
|
20
vendor/github.com/xenolf/lego/lego/client_config.go
generated
vendored
20
vendor/github.com/xenolf/lego/lego/client_config.go
generated
vendored
|
@ -35,22 +35,30 @@ const (
|
|||
)
|
||||
|
||||
type Config struct {
|
||||
CADirURL string
|
||||
User registration.User
|
||||
KeyType certcrypto.KeyType
|
||||
UserAgent string
|
||||
HTTPClient *http.Client
|
||||
CADirURL string
|
||||
User registration.User
|
||||
UserAgent string
|
||||
HTTPClient *http.Client
|
||||
Certificate CertificateConfig
|
||||
}
|
||||
|
||||
func NewConfig(user registration.User) *Config {
|
||||
return &Config{
|
||||
CADirURL: LEDirectoryProduction,
|
||||
User: user,
|
||||
KeyType: certcrypto.RSA2048,
|
||||
HTTPClient: createDefaultHTTPClient(),
|
||||
Certificate: CertificateConfig{
|
||||
KeyType: certcrypto.RSA2048,
|
||||
Timeout: 30 * time.Second,
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
type CertificateConfig struct {
|
||||
KeyType certcrypto.KeyType
|
||||
Timeout time.Duration
|
||||
}
|
||||
|
||||
// createDefaultHTTPClient Creates an HTTP client with a reasonable timeout value
|
||||
// and potentially a custom *x509.CertPool
|
||||
// based on the caCertificatesEnvVar environment variable (see the `initCertPool` function)
|
||||
|
|
23
vendor/github.com/xenolf/lego/providers/dns/gcloud/googlecloud.go
generated
vendored
23
vendor/github.com/xenolf/lego/providers/dns/gcloud/googlecloud.go
generated
vendored
|
@ -55,10 +55,12 @@ type DNSProvider struct {
|
|||
// Project name must be passed in the environment variable: GCE_PROJECT.
|
||||
// A Service Account file can be passed in the environment variable: GCE_SERVICE_ACCOUNT_FILE
|
||||
func NewDNSProvider() (*DNSProvider, error) {
|
||||
// Use a service account file if specified via environment variable.
|
||||
if saFile, ok := os.LookupEnv("GCE_SERVICE_ACCOUNT_FILE"); ok {
|
||||
return NewDNSProviderServiceAccount(saFile)
|
||||
}
|
||||
|
||||
// Use default credentials.
|
||||
project := os.Getenv("GCE_PROJECT")
|
||||
return NewDNSProviderCredentials(project)
|
||||
}
|
||||
|
@ -94,15 +96,20 @@ func NewDNSProviderServiceAccount(saFile string) (*DNSProvider, error) {
|
|||
return nil, fmt.Errorf("googlecloud: unable to read Service Account file: %v", err)
|
||||
}
|
||||
|
||||
// read project id from service account file
|
||||
var datJSON struct {
|
||||
ProjectID string `json:"project_id"`
|
||||
// If GCE_PROJECT is non-empty it overrides the project in the service
|
||||
// account file.
|
||||
project := os.Getenv("GCE_PROJECT")
|
||||
if project == "" {
|
||||
// read project id from service account file
|
||||
var datJSON struct {
|
||||
ProjectID string `json:"project_id"`
|
||||
}
|
||||
err = json.Unmarshal(dat, &datJSON)
|
||||
if err != nil || datJSON.ProjectID == "" {
|
||||
return nil, fmt.Errorf("googlecloud: project ID not found in Google Cloud Service Account file")
|
||||
}
|
||||
project = datJSON.ProjectID
|
||||
}
|
||||
err = json.Unmarshal(dat, &datJSON)
|
||||
if err != nil || datJSON.ProjectID == "" {
|
||||
return nil, fmt.Errorf("googlecloud: project ID not found in Google Cloud Service Account file")
|
||||
}
|
||||
project := datJSON.ProjectID
|
||||
|
||||
conf, err := google.JWTConfigFromJSON(dat, dns.NdevClouddnsReadwriteScope)
|
||||
if err != nil {
|
||||
|
|
27
vendor/github.com/xenolf/lego/providers/dns/rfc2136/rfc2136.go
generated
vendored
27
vendor/github.com/xenolf/lego/providers/dns/rfc2136/rfc2136.go
generated
vendored
|
@ -22,16 +22,19 @@ type Config struct {
|
|||
PropagationTimeout time.Duration
|
||||
PollingInterval time.Duration
|
||||
TTL int
|
||||
SequenceInterval time.Duration
|
||||
DNSTimeout time.Duration
|
||||
}
|
||||
|
||||
// NewDefaultConfig returns a default configuration for the DNSProvider
|
||||
func NewDefaultConfig() *Config {
|
||||
return &Config{
|
||||
TSIGAlgorithm: env.GetOrDefaultString("RFC2136_TSIG_ALGORITHM", dns.HmacMD5),
|
||||
TTL: env.GetOrDefaultInt("RFC2136_TTL", dns01.DefaultTTL),
|
||||
PropagationTimeout: env.GetOrDefaultSecond("RFC2136_PROPAGATION_TIMEOUT",
|
||||
env.GetOrDefaultSecond("RFC2136_TIMEOUT", 60*time.Second)),
|
||||
PollingInterval: env.GetOrDefaultSecond("RFC2136_POLLING_INTERVAL", 2*time.Second),
|
||||
TSIGAlgorithm: env.GetOrDefaultString("RFC2136_TSIG_ALGORITHM", dns.HmacMD5),
|
||||
TTL: env.GetOrDefaultInt("RFC2136_TTL", dns01.DefaultTTL),
|
||||
PropagationTimeout: env.GetOrDefaultSecond("RFC2136_PROPAGATION_TIMEOUT", env.GetOrDefaultSecond("RFC2136_TIMEOUT", 60*time.Second)),
|
||||
PollingInterval: env.GetOrDefaultSecond("RFC2136_POLLING_INTERVAL", 2*time.Second),
|
||||
SequenceInterval: env.GetOrDefaultSecond("RFC2136_SEQUENCE_INTERVAL", dns01.DefaultPropagationTimeout),
|
||||
DNSTimeout: env.GetOrDefaultSecond("RFC2136_DNS_TIMEOUT", 10*time.Second),
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -102,13 +105,19 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
|
|||
return d.config.PropagationTimeout, d.config.PollingInterval
|
||||
}
|
||||
|
||||
// Sequential All DNS challenges for this provider will be resolved sequentially.
|
||||
// Returns the interval between each iteration.
|
||||
func (d *DNSProvider) Sequential() time.Duration {
|
||||
return d.config.SequenceInterval
|
||||
}
|
||||
|
||||
// Present creates a TXT record using the specified parameters
|
||||
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
|
||||
fqdn, value := dns01.GetRecord(domain, keyAuth)
|
||||
|
||||
err := d.changeRecord("INSERT", fqdn, value, d.config.TTL)
|
||||
if err != nil {
|
||||
return fmt.Errorf("rfc2136: %v", err)
|
||||
return fmt.Errorf("rfc2136: failed to insert: %v", err)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
@ -119,7 +128,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
|
|||
|
||||
err := d.changeRecord("REMOVE", fqdn, value, d.config.TTL)
|
||||
if err != nil {
|
||||
return fmt.Errorf("rfc2136: %v", err)
|
||||
return fmt.Errorf("rfc2136: failed to remove: %v", err)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
@ -152,7 +161,7 @@ func (d *DNSProvider) changeRecord(action, fqdn, value string, ttl int) error {
|
|||
}
|
||||
|
||||
// Setup client
|
||||
c := new(dns.Client)
|
||||
c := &dns.Client{Timeout: d.config.DNSTimeout}
|
||||
c.SingleInflight = true
|
||||
|
||||
// TSIG authentication / msg signing
|
||||
|
@ -167,7 +176,7 @@ func (d *DNSProvider) changeRecord(action, fqdn, value string, ttl int) error {
|
|||
return fmt.Errorf("DNS update failed: %v", err)
|
||||
}
|
||||
if reply != nil && reply.Rcode != dns.RcodeSuccess {
|
||||
return fmt.Errorf("DNS update failed. Server replied: %s", dns.RcodeToString[reply.Rcode])
|
||||
return fmt.Errorf("DNS update failed: server replied: %s", dns.RcodeToString[reply.Rcode])
|
||||
}
|
||||
|
||||
return nil
|
||||
|
|
14
vendor/github.com/xenolf/lego/providers/dns/transip/transip.go
generated
vendored
14
vendor/github.com/xenolf/lego/providers/dns/transip/transip.go
generated
vendored
|
@ -5,6 +5,7 @@ import (
|
|||
"errors"
|
||||
"fmt"
|
||||
"strings"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
"github.com/transip/gotransip"
|
||||
|
@ -33,8 +34,9 @@ func NewDefaultConfig() *Config {
|
|||
|
||||
// DNSProvider describes a provider for TransIP
|
||||
type DNSProvider struct {
|
||||
config *Config
|
||||
client gotransip.SOAPClient
|
||||
config *Config
|
||||
client gotransip.Client
|
||||
dnsEntriesMu sync.Mutex
|
||||
}
|
||||
|
||||
// NewDNSProvider returns a DNSProvider instance configured for TransIP.
|
||||
|
@ -90,6 +92,10 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
|
|||
// get the subDomain
|
||||
subDomain := strings.TrimSuffix(dns01.UnFqdn(fqdn), "."+domainName)
|
||||
|
||||
// use mutex to prevent race condition from GetInfo until SetDNSEntries
|
||||
d.dnsEntriesMu.Lock()
|
||||
defer d.dnsEntriesMu.Unlock()
|
||||
|
||||
// get all DNS entries
|
||||
info, err := transipdomain.GetInfo(d.client, domainName)
|
||||
if err != nil {
|
||||
|
@ -126,6 +132,10 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
|
|||
// get the subDomain
|
||||
subDomain := strings.TrimSuffix(dns01.UnFqdn(fqdn), "."+domainName)
|
||||
|
||||
// use mutex to prevent race condition from GetInfo until SetDNSEntries
|
||||
d.dnsEntriesMu.Lock()
|
||||
defer d.dnsEntriesMu.Unlock()
|
||||
|
||||
// get all DNS entries
|
||||
info, err := transipdomain.GetInfo(d.client, domainName)
|
||||
if err != nil {
|
||||
|
|
Loading…
Reference in a new issue