From a6f4183cde1e88bd788bc973eefe4c00956d6711 Mon Sep 17 00:00:00 2001
From: Daniel Tomcej <daniel.tomcej@gmail.com>
Date: Wed, 4 Jan 2017 14:23:18 -0700
Subject: [PATCH] Add regex for wildcard certs

fix spacing
---
 acme/acme.go | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/acme/acme.go b/acme/acme.go
index 2beb866a9..2232886b8 100644
--- a/acme/acme.go
+++ b/acme/acme.go
@@ -8,6 +8,7 @@ import (
 	"io/ioutil"
 	fmtlog "log"
 	"os"
+	"regexp"
 	"strings"
 	"time"
 
@@ -45,6 +46,7 @@ type ACME struct {
 	store               cluster.Store
 	challengeProvider   *challengeProvider
 	checkOnDemandDomain func(domain string) bool
+	TLSConfig           *tls.Config `description:"TLS config in case wildcard certs are used"`
 }
 
 //Domains parse []Domain
@@ -120,6 +122,7 @@ func (a *ACME) CreateClusterConfig(leadership *cluster.Leadership, tlsConfig *tl
 	a.checkOnDemandDomain = checkOnDemandDomain
 	tlsConfig.Certificates = append(tlsConfig.Certificates, *a.defaultCertificate)
 	tlsConfig.GetCertificate = a.getCertificate
+	a.TLSConfig = tlsConfig
 	listener := func(object cluster.Object) error {
 		account := object.(*Account)
 		account.Init()
@@ -243,7 +246,7 @@ func (a *ACME) CreateLocalConfig(tlsConfig *tls.Config, checkOnDemandDomain func
 	a.checkOnDemandDomain = checkOnDemandDomain
 	tlsConfig.Certificates = append(tlsConfig.Certificates, *a.defaultCertificate)
 	tlsConfig.GetCertificate = a.getCertificate
-
+	a.TLSConfig = tlsConfig
 	localStore := NewLocalStore(a.Storage)
 	a.store = localStore
 	a.challengeProvider = &challengeProvider{store: a.store}
@@ -331,6 +334,14 @@ func (a *ACME) CreateLocalConfig(tlsConfig *tls.Config, checkOnDemandDomain func
 func (a *ACME) getCertificate(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error) {
 	domain := types.CanonicalDomain(clientHello.ServerName)
 	account := a.store.Get().(*Account)
+	//use regex to test for wildcard certs that might have been added into TLSConfig
+	for k := range a.TLSConfig.NameToCertificate {
+		selector := "^" + strings.Replace(k, "*.", ".*\\.?", -1) + "$"
+		match, _ := regexp.MatchString(selector, domain)
+		if match {
+			return a.TLSConfig.NameToCertificate[k], nil
+		}
+	}
 	if challengeCert, ok := a.challengeProvider.getCertificate(domain); ok {
 		log.Debugf("ACME got challenge %s", domain)
 		return challengeCert, nil