Add regex for wildcard certs

fix spacing
This commit is contained in:
Daniel Tomcej 2017-01-04 14:23:18 -07:00
parent 51e9f3ede2
commit a6f4183cde

View file

@ -8,6 +8,7 @@ import (
"io/ioutil" "io/ioutil"
fmtlog "log" fmtlog "log"
"os" "os"
"regexp"
"strings" "strings"
"time" "time"
@ -45,6 +46,7 @@ type ACME struct {
store cluster.Store store cluster.Store
challengeProvider *challengeProvider challengeProvider *challengeProvider
checkOnDemandDomain func(domain string) bool checkOnDemandDomain func(domain string) bool
TLSConfig *tls.Config `description:"TLS config in case wildcard certs are used"`
} }
//Domains parse []Domain //Domains parse []Domain
@ -120,6 +122,7 @@ func (a *ACME) CreateClusterConfig(leadership *cluster.Leadership, tlsConfig *tl
a.checkOnDemandDomain = checkOnDemandDomain a.checkOnDemandDomain = checkOnDemandDomain
tlsConfig.Certificates = append(tlsConfig.Certificates, *a.defaultCertificate) tlsConfig.Certificates = append(tlsConfig.Certificates, *a.defaultCertificate)
tlsConfig.GetCertificate = a.getCertificate tlsConfig.GetCertificate = a.getCertificate
a.TLSConfig = tlsConfig
listener := func(object cluster.Object) error { listener := func(object cluster.Object) error {
account := object.(*Account) account := object.(*Account)
account.Init() account.Init()
@ -243,7 +246,7 @@ func (a *ACME) CreateLocalConfig(tlsConfig *tls.Config, checkOnDemandDomain func
a.checkOnDemandDomain = checkOnDemandDomain a.checkOnDemandDomain = checkOnDemandDomain
tlsConfig.Certificates = append(tlsConfig.Certificates, *a.defaultCertificate) tlsConfig.Certificates = append(tlsConfig.Certificates, *a.defaultCertificate)
tlsConfig.GetCertificate = a.getCertificate tlsConfig.GetCertificate = a.getCertificate
a.TLSConfig = tlsConfig
localStore := NewLocalStore(a.Storage) localStore := NewLocalStore(a.Storage)
a.store = localStore a.store = localStore
a.challengeProvider = &challengeProvider{store: a.store} a.challengeProvider = &challengeProvider{store: a.store}
@ -331,6 +334,14 @@ func (a *ACME) CreateLocalConfig(tlsConfig *tls.Config, checkOnDemandDomain func
func (a *ACME) getCertificate(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error) { func (a *ACME) getCertificate(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error) {
domain := types.CanonicalDomain(clientHello.ServerName) domain := types.CanonicalDomain(clientHello.ServerName)
account := a.store.Get().(*Account) account := a.store.Get().(*Account)
//use regex to test for wildcard certs that might have been added into TLSConfig
for k := range a.TLSConfig.NameToCertificate {
selector := "^" + strings.Replace(k, "*.", ".*\\.?", -1) + "$"
match, _ := regexp.MatchString(selector, domain)
if match {
return a.TLSConfig.NameToCertificate[k], nil
}
}
if challengeCert, ok := a.challengeProvider.getCertificate(domain); ok { if challengeCert, ok := a.challengeProvider.getCertificate(domain); ok {
log.Debugf("ACME got challenge %s", domain) log.Debugf("ACME got challenge %s", domain)
return challengeCert, nil return challengeCert, nil