baalajimaestro/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

fix: update lego.

Browse source
This commit is contained in:
Ludovic Fernandez 2019-01-11 16:22:03 +01:00 committed by Traefiker Bot
parent 9537449b07
commit 227fab3867
11 changed files with 107 additions and 73 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
Gopkg.lock generated
View file

@ -1704,8 +1704,7 @@
revision = "0c8571ac0ce161a5feb57375a9cdf148c98c0f70" revision = "0c8571ac0ce161a5feb57375a9cdf148c98c0f70"
[[projects]] [[projects]]
branch = "master" digest = "1:9eab86777ed6cf496e7659b9c67a0b7ebd1d76f55e1771f8bf52fb68f5f2d040"
digest = "1:f3f9f7b883b89edc06283285964a8125b15f31c1634a8ccb2860c8c8b3f6231d"
name = "github.com/xenolf/lego" name = "github.com/xenolf/lego"
packages = [ packages = [
"acme", "acme",
@ -1784,7 +1783,8 @@
"registration", "registration",
] ]
pruneopts = "NUT" pruneopts = "NUT"
revision = "43401f2475dd1f6cc2e220908f0caba246ea854e" revision = "86c9de3db61436d07de2471508067f18c16c1997"
version = "v2.0.1"
[[projects]] [[projects]]
branch = "master" branch = "master"
@ -2363,7 +2363,6 @@
"github.com/vulcand/oxy/ratelimit", "github.com/vulcand/oxy/ratelimit",
"github.com/vulcand/oxy/roundrobin", "github.com/vulcand/oxy/roundrobin",
"github.com/vulcand/oxy/utils", "github.com/vulcand/oxy/utils",
"github.com/xenolf/lego/acme",
"github.com/xenolf/lego/certcrypto", "github.com/xenolf/lego/certcrypto",
"github.com/xenolf/lego/certificate", "github.com/xenolf/lego/certificate",
"github.com/xenolf/lego/challenge", "github.com/xenolf/lego/challenge",

4
Gopkg.toml
View file

@ -178,9 +178,9 @@
name = "github.com/vulcand/oxy" name = "github.com/vulcand/oxy"
[[constraint]] [[constraint]]
branch = "master" # branch = "master"
name = "github.com/xenolf/lego" name = "github.com/xenolf/lego"
# version = "1.0.0" version = "2.0.1"
[[constraint]] [[constraint]]
name = "google.golang.org/grpc" name = "google.golang.org/grpc"

2
acme/acme.go
View file

@ -423,7 +423,7 @@ func (a *ACME) buildACMEClient(account *Account) (*lego.Client, error) {
config := lego.NewConfig(account) config := lego.NewConfig(account)
config.CADirURL = caServer config.CADirURL = caServer
config.KeyType = account.KeyType config.Certificate.KeyType = account.KeyType
config.UserAgent = fmt.Sprintf("containous-traefik/%s", version.Version) config.UserAgent = fmt.Sprintf("containous-traefik/%s", version.Version)
client, err := lego.NewClient(config) client, err := lego.NewClient(config)

2
provider/acme/provider.go
View file

@ -250,7 +250,7 @@ func (p *Provider) getClient() (*lego.Client, error) {
config := lego.NewConfig(account) config := lego.NewConfig(account)
config.CADirURL = caServer config.CADirURL = caServer
config.KeyType = account.KeyType config.Certificate.KeyType = account.KeyType
config.UserAgent = fmt.Sprintf("containous-traefik/%s", version.Version) config.UserAgent = fmt.Sprintf("containous-traefik/%s", version.Version)
client, err := lego.NewClient(config) client, err := lego.NewClient(config)

4
vendor/github.com/xenolf/lego/acme/api/internal/sender/useragent.go generated vendored
View file

@ -5,10 +5,10 @@ package sender
const ( const (
// ourUserAgent is the User-Agent of this underlying library package. // ourUserAgent is the User-Agent of this underlying library package.
ourUserAgent = "xenolf-acme/1.2.1" ourUserAgent = "xenolf-acme/2.0.1"
// ourUserAgentComment is part of the UA comment linked to the version status of this underlying library package. // ourUserAgentComment is part of the UA comment linked to the version status of this underlying library package.
// values: detach|release // values: detach|release
// NOTE: Update this with each tagged release. // NOTE: Update this with each tagged release.
ourUserAgentComment = "detach" ourUserAgentComment = "release"
) )

68
vendor/github.com/xenolf/lego/certificate/certificates.go generated vendored
View file

@ -17,6 +17,7 @@ import (
"github.com/xenolf/lego/certcrypto" "github.com/xenolf/lego/certcrypto"
"github.com/xenolf/lego/challenge" "github.com/xenolf/lego/challenge"
"github.com/xenolf/lego/log" "github.com/xenolf/lego/log"
"github.com/xenolf/lego/platform/wait"
"golang.org/x/crypto/ocsp" "golang.org/x/crypto/ocsp"
"golang.org/x/net/idna" "golang.org/x/net/idna"
) )
@ -60,17 +61,24 @@ type resolver interface {
Solve(authorizations []acme.Authorization) error Solve(authorizations []acme.Authorization) error
} }
type Certifier struct { type CertifierOptions struct {
core *api.Core KeyType certcrypto.KeyType
keyType certcrypto.KeyType Timeout time.Duration
resolver resolver
} }
func NewCertifier(core *api.Core, keyType certcrypto.KeyType, resolver resolver) *Certifier { // Certifier A service to obtain/renew/revoke certificates.
type Certifier struct {
core *api.Core
resolver resolver
options CertifierOptions
}
// NewCertifier creates a Certifier.
func NewCertifier(core *api.Core, resolver resolver, options CertifierOptions) *Certifier {
return &Certifier{ return &Certifier{
core: core, core: core,
keyType: keyType,
resolver: resolver, resolver: resolver,
options: options,
} }
} }
@ -191,7 +199,7 @@ func (c *Certifier) ObtainForCSR(csr x509.CertificateRequest, bundle bool) (*Res
func (c *Certifier) getForOrder(domains []string, order acme.ExtendedOrder, bundle bool, privateKey crypto.PrivateKey, mustStaple bool) (*Resource, error) { func (c *Certifier) getForOrder(domains []string, order acme.ExtendedOrder, bundle bool, privateKey crypto.PrivateKey, mustStaple bool) (*Resource, error) {
if privateKey == nil { if privateKey == nil {
var err error var err error
privateKey, err = certcrypto.GeneratePrivateKey(c.keyType) privateKey, err = certcrypto.GeneratePrivateKey(c.options.KeyType)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -237,9 +245,9 @@ func (c *Certifier) getForCSR(domains []string, order acme.ExtendedOrder, bundle
if respOrder.Status == acme.StatusValid { if respOrder.Status == acme.StatusValid {
// if the certificate is available right away, short cut! // if the certificate is available right away, short cut!
ok, err := c.checkResponse(respOrder, certRes, bundle) ok, errR := c.checkResponse(respOrder, certRes, bundle)
if err != nil { if errR != nil {
return nil, err return nil, errR
} }
if ok { if ok {
@ -247,34 +255,26 @@ func (c *Certifier) getForCSR(domains []string, order acme.ExtendedOrder, bundle
} }
} }
return c.waitForCertificate(certRes, order.Location, bundle) timeout := c.options.Timeout
} if c.options.Timeout <= 0 {
timeout = 30 * time.Second
func (c *Certifier) waitForCertificate(certRes *Resource, orderURL string, bundle bool) (*Resource, error) {
stopTimer := time.NewTimer(30 * time.Second)
defer stopTimer.Stop()
retryTick := time.NewTicker(500 * time.Millisecond)
defer retryTick.Stop()
for {
select {
case <-stopTimer.C:
return nil, errors.New("certificate polling timed out")
case <-retryTick.C:
order, err := c.core.Orders.Get(orderURL)
if err != nil {
return nil, err
} }
done, err := c.checkResponse(order, certRes, bundle) err = wait.For("certificate", timeout, timeout/60, func() (bool, error) {
if err != nil { ord, errW := c.core.Orders.Get(order.Location)
return nil, err if errW != nil {
} return false, errW
if done {
return certRes, nil
}
} }
done, errW := c.checkResponse(ord, certRes, bundle)
if errW != nil {
return false, errW
} }
return done, nil
})
return certRes, err
} }
// checkResponse checks to see if the certificate is ready and a link is contained in the response. // checkResponse checks to see if the certificate is ready and a link is contained in the response.

3
vendor/github.com/xenolf/lego/lego/client.go generated vendored
View file

@ -53,9 +53,10 @@ func NewClient(config *Config) (*Client, error) {
solversManager := resolver.NewSolversManager(core) solversManager := resolver.NewSolversManager(core)
prober := resolver.NewProber(solversManager) prober := resolver.NewProber(solversManager)
certifier := certificate.NewCertifier(core, prober, certificate.CertifierOptions{KeyType: config.Certificate.KeyType, Timeout: config.Certificate.Timeout})
return &Client{ return &Client{
Certificate: certificate.NewCertifier(core, config.KeyType, prober), Certificate: certifier,
Challenge: solversManager, Challenge: solversManager,
Registration: registration.NewRegistrar(core, config.User), Registration: registration.NewRegistrar(core, config.User),
core: core, core: core,

12
vendor/github.com/xenolf/lego/lego/client_config.go generated vendored
View file

@ -37,20 +37,28 @@ const (
type Config struct { type Config struct {
CADirURL string CADirURL string
User registration.User User registration.User
KeyType certcrypto.KeyType
UserAgent string UserAgent string
HTTPClient *http.Client HTTPClient *http.Client
Certificate CertificateConfig
} }
func NewConfig(user registration.User) *Config { func NewConfig(user registration.User) *Config {
return &Config{ return &Config{
CADirURL: LEDirectoryProduction, CADirURL: LEDirectoryProduction,
User: user, User: user,
KeyType: certcrypto.RSA2048,
HTTPClient: createDefaultHTTPClient(), HTTPClient: createDefaultHTTPClient(),
Certificate: CertificateConfig{
KeyType: certcrypto.RSA2048,
Timeout: 30 * time.Second,
},
} }
} }
type CertificateConfig struct {
KeyType certcrypto.KeyType
Timeout time.Duration
}
// createDefaultHTTPClient Creates an HTTP client with a reasonable timeout value // createDefaultHTTPClient Creates an HTTP client with a reasonable timeout value
// and potentially a custom *x509.CertPool // and potentially a custom *x509.CertPool
// based on the caCertificatesEnvVar environment variable (see the `initCertPool` function) // based on the caCertificatesEnvVar environment variable (see the `initCertPool` function)

9
vendor/github.com/xenolf/lego/providers/dns/gcloud/googlecloud.go generated vendored
View file

@ -55,10 +55,12 @@ type DNSProvider struct {
// Project name must be passed in the environment variable: GCE_PROJECT. // Project name must be passed in the environment variable: GCE_PROJECT.
// A Service Account file can be passed in the environment variable: GCE_SERVICE_ACCOUNT_FILE // A Service Account file can be passed in the environment variable: GCE_SERVICE_ACCOUNT_FILE
func NewDNSProvider() (*DNSProvider, error) { func NewDNSProvider() (*DNSProvider, error) {
// Use a service account file if specified via environment variable.
if saFile, ok := os.LookupEnv("GCE_SERVICE_ACCOUNT_FILE"); ok { if saFile, ok := os.LookupEnv("GCE_SERVICE_ACCOUNT_FILE"); ok {
return NewDNSProviderServiceAccount(saFile) return NewDNSProviderServiceAccount(saFile)
} }
// Use default credentials.
project := os.Getenv("GCE_PROJECT") project := os.Getenv("GCE_PROJECT")
return NewDNSProviderCredentials(project) return NewDNSProviderCredentials(project)
} }
@ -94,6 +96,10 @@ func NewDNSProviderServiceAccount(saFile string) (*DNSProvider, error) {
return nil, fmt.Errorf("googlecloud: unable to read Service Account file: %v", err) return nil, fmt.Errorf("googlecloud: unable to read Service Account file: %v", err)
} }
// If GCE_PROJECT is non-empty it overrides the project in the service
// account file.
project := os.Getenv("GCE_PROJECT")
if project == "" {
// read project id from service account file // read project id from service account file
var datJSON struct { var datJSON struct {
ProjectID string `json:"project_id"` ProjectID string `json:"project_id"`
@ -102,7 +108,8 @@ func NewDNSProviderServiceAccount(saFile string) (*DNSProvider, error) {
if err != nil || datJSON.ProjectID == "" { if err != nil || datJSON.ProjectID == "" {
return nil, fmt.Errorf("googlecloud: project ID not found in Google Cloud Service Account file") return nil, fmt.Errorf("googlecloud: project ID not found in Google Cloud Service Account file")
} }
project := datJSON.ProjectID project = datJSON.ProjectID
}
conf, err := google.JWTConfigFromJSON(dat, dns.NdevClouddnsReadwriteScope) conf, err := google.JWTConfigFromJSON(dat, dns.NdevClouddnsReadwriteScope)
if err != nil { if err != nil {

21
vendor/github.com/xenolf/lego/providers/dns/rfc2136/rfc2136.go generated vendored
View file

@ -22,6 +22,8 @@ type Config struct {
PropagationTimeout time.Duration PropagationTimeout time.Duration
PollingInterval time.Duration PollingInterval time.Duration
TTL int TTL int
SequenceInterval time.Duration
DNSTimeout time.Duration
} }
// NewDefaultConfig returns a default configuration for the DNSProvider // NewDefaultConfig returns a default configuration for the DNSProvider
@ -29,9 +31,10 @@ func NewDefaultConfig() *Config {
return &Config{ return &Config{
TSIGAlgorithm: env.GetOrDefaultString("RFC2136_TSIG_ALGORITHM", dns.HmacMD5), TSIGAlgorithm: env.GetOrDefaultString("RFC2136_TSIG_ALGORITHM", dns.HmacMD5),
TTL: env.GetOrDefaultInt("RFC2136_TTL", dns01.DefaultTTL), TTL: env.GetOrDefaultInt("RFC2136_TTL", dns01.DefaultTTL),
PropagationTimeout: env.GetOrDefaultSecond("RFC2136_PROPAGATION_TIMEOUT", PropagationTimeout: env.GetOrDefaultSecond("RFC2136_PROPAGATION_TIMEOUT", env.GetOrDefaultSecond("RFC2136_TIMEOUT", 60*time.Second)),
env.GetOrDefaultSecond("RFC2136_TIMEOUT", 60*time.Second)),
PollingInterval: env.GetOrDefaultSecond("RFC2136_POLLING_INTERVAL", 2*time.Second), PollingInterval: env.GetOrDefaultSecond("RFC2136_POLLING_INTERVAL", 2*time.Second),
SequenceInterval: env.GetOrDefaultSecond("RFC2136_SEQUENCE_INTERVAL", dns01.DefaultPropagationTimeout),
DNSTimeout: env.GetOrDefaultSecond("RFC2136_DNS_TIMEOUT", 10*time.Second),
} }
} }
@ -102,13 +105,19 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
return d.config.PropagationTimeout, d.config.PollingInterval return d.config.PropagationTimeout, d.config.PollingInterval
} }
// Sequential All DNS challenges for this provider will be resolved sequentially.
// Returns the interval between each iteration.
func (d *DNSProvider) Sequential() time.Duration {
return d.config.SequenceInterval
}
// Present creates a TXT record using the specified parameters // Present creates a TXT record using the specified parameters
func (d *DNSProvider) Present(domain, token, keyAuth string) error { func (d *DNSProvider) Present(domain, token, keyAuth string) error {
fqdn, value := dns01.GetRecord(domain, keyAuth) fqdn, value := dns01.GetRecord(domain, keyAuth)
err := d.changeRecord("INSERT", fqdn, value, d.config.TTL) err := d.changeRecord("INSERT", fqdn, value, d.config.TTL)
if err != nil { if err != nil {
return fmt.Errorf("rfc2136: %v", err) return fmt.Errorf("rfc2136: failed to insert: %v", err)
} }
return nil return nil
} }
@ -119,7 +128,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
err := d.changeRecord("REMOVE", fqdn, value, d.config.TTL) err := d.changeRecord("REMOVE", fqdn, value, d.config.TTL)
if err != nil { if err != nil {
return fmt.Errorf("rfc2136: %v", err) return fmt.Errorf("rfc2136: failed to remove: %v", err)
} }
return nil return nil
} }
@ -152,7 +161,7 @@ func (d *DNSProvider) changeRecord(action, fqdn, value string, ttl int) error {
} }
// Setup client // Setup client
c := new(dns.Client) c := &dns.Client{Timeout: d.config.DNSTimeout}
c.SingleInflight = true c.SingleInflight = true
// TSIG authentication / msg signing // TSIG authentication / msg signing
@ -167,7 +176,7 @@ func (d *DNSProvider) changeRecord(action, fqdn, value string, ttl int) error {
return fmt.Errorf("DNS update failed: %v", err) return fmt.Errorf("DNS update failed: %v", err)
} }
if reply != nil && reply.Rcode != dns.RcodeSuccess { if reply != nil && reply.Rcode != dns.RcodeSuccess {
return fmt.Errorf("DNS update failed. Server replied: %s", dns.RcodeToString[reply.Rcode]) return fmt.Errorf("DNS update failed: server replied: %s", dns.RcodeToString[reply.Rcode])
} }
return nil return nil

12
vendor/github.com/xenolf/lego/providers/dns/transip/transip.go generated vendored
View file

@ -5,6 +5,7 @@ import (
"errors" "errors"
"fmt" "fmt"
"strings" "strings"
"sync"
"time" "time"
"github.com/transip/gotransip" "github.com/transip/gotransip"
@ -34,7 +35,8 @@ func NewDefaultConfig() *Config {
// DNSProvider describes a provider for TransIP // DNSProvider describes a provider for TransIP
type DNSProvider struct { type DNSProvider struct {
config *Config config *Config
client gotransip.SOAPClient client gotransip.Client
dnsEntriesMu sync.Mutex
} }
// NewDNSProvider returns a DNSProvider instance configured for TransIP. // NewDNSProvider returns a DNSProvider instance configured for TransIP.
@ -90,6 +92,10 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
// get the subDomain // get the subDomain
subDomain := strings.TrimSuffix(dns01.UnFqdn(fqdn), "."+domainName) subDomain := strings.TrimSuffix(dns01.UnFqdn(fqdn), "."+domainName)
// use mutex to prevent race condition from GetInfo until SetDNSEntries
d.dnsEntriesMu.Lock()
defer d.dnsEntriesMu.Unlock()
// get all DNS entries // get all DNS entries
info, err := transipdomain.GetInfo(d.client, domainName) info, err := transipdomain.GetInfo(d.client, domainName)
if err != nil { if err != nil {
@ -126,6 +132,10 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
// get the subDomain // get the subDomain
subDomain := strings.TrimSuffix(dns01.UnFqdn(fqdn), "."+domainName) subDomain := strings.TrimSuffix(dns01.UnFqdn(fqdn), "."+domainName)
// use mutex to prevent race condition from GetInfo until SetDNSEntries
d.dnsEntriesMu.Lock()
defer d.dnsEntriesMu.Unlock()
// get all DNS entries // get all DNS entries
info, err := transipdomain.GetInfo(d.client, domainName) info, err := transipdomain.GetInfo(d.client, domainName)
if err != nil { if err != nil {