traefik/pkg/provider/acme/local_store.go
2019-09-26 11:00:06 +02:00

267 lines
6.7 KiB
Go

package acme
import (
"encoding/json"
"fmt"
"io/ioutil"
"os"
"sync"
"github.com/containous/traefik/v2/pkg/log"
"github.com/containous/traefik/v2/pkg/safe"
)
var _ Store = (*LocalStore)(nil)
// LocalStore Stores implementation for local file
type LocalStore struct {
saveDataChan chan map[string]*StoredData
filename string
lock sync.RWMutex
storedData map[string]*StoredData
}
// NewLocalStore initializes a new LocalStore with a file name
func NewLocalStore(filename string) *LocalStore {
store := &LocalStore{filename: filename, saveDataChan: make(chan map[string]*StoredData)}
store.listenSaveAction()
return store
}
func (s *LocalStore) save(resolverName string, storedData *StoredData) {
s.lock.Lock()
defer s.lock.Unlock()
s.storedData[resolverName] = storedData
s.saveDataChan <- s.storedData
}
func (s *LocalStore) get(resolverName string) (*StoredData, error) {
s.lock.Lock()
defer s.lock.Unlock()
if s.storedData == nil {
s.storedData = map[string]*StoredData{}
hasData, err := CheckFile(s.filename)
if err != nil {
return nil, err
}
if hasData {
logger := log.WithoutContext().WithField(log.ProviderName, "acme")
f, err := os.Open(s.filename)
if err != nil {
return nil, err
}
defer f.Close()
file, err := ioutil.ReadAll(f)
if err != nil {
return nil, err
}
if len(file) > 0 {
if err := json.Unmarshal(file, &s.storedData); err != nil {
return nil, err
}
}
// Delete all certificates with no value
var certificates []*CertAndStore
for _, storedData := range s.storedData {
for _, certificate := range storedData.Certificates {
if len(certificate.Certificate.Certificate) == 0 || len(certificate.Key) == 0 {
logger.Debugf("Deleting empty certificate %v for %v", certificate, certificate.Domain.ToStrArray())
continue
}
certificates = append(certificates, certificate)
}
if len(certificates) < len(storedData.Certificates) {
storedData.Certificates = certificates
s.saveDataChan <- s.storedData
}
}
}
}
if s.storedData[resolverName] == nil {
s.storedData[resolverName] = &StoredData{}
}
return s.storedData[resolverName], nil
}
// listenSaveAction listens to a chan to store ACME data in json format into LocalStore.filename
func (s *LocalStore) listenSaveAction() {
safe.Go(func() {
logger := log.WithoutContext().WithField(log.ProviderName, "acme")
for object := range s.saveDataChan {
data, err := json.MarshalIndent(object, "", " ")
if err != nil {
logger.Error(err)
}
err = ioutil.WriteFile(s.filename, data, 0600)
if err != nil {
logger.Error(err)
}
}
})
}
// GetAccount returns ACME Account
func (s *LocalStore) GetAccount(resolverName string) (*Account, error) {
storedData, err := s.get(resolverName)
if err != nil {
return nil, err
}
return storedData.Account, nil
}
// SaveAccount stores ACME Account
func (s *LocalStore) SaveAccount(resolverName string, account *Account) error {
storedData, err := s.get(resolverName)
if err != nil {
return err
}
storedData.Account = account
s.save(resolverName, storedData)
return nil
}
// GetCertificates returns ACME Certificates list
func (s *LocalStore) GetCertificates(resolverName string) ([]*CertAndStore, error) {
storedData, err := s.get(resolverName)
if err != nil {
return nil, err
}
return storedData.Certificates, nil
}
// SaveCertificates stores ACME Certificates list
func (s *LocalStore) SaveCertificates(resolverName string, certificates []*CertAndStore) error {
storedData, err := s.get(resolverName)
if err != nil {
return err
}
storedData.Certificates = certificates
s.save(resolverName, storedData)
return nil
}
// LocalChallengeStore is an implementation of the ChallengeStore in memory.
type LocalChallengeStore struct {
storedData *StoredChallengeData
lock sync.RWMutex
}
// NewLocalChallengeStore initializes a new LocalChallengeStore.
func NewLocalChallengeStore() *LocalChallengeStore {
return &LocalChallengeStore{
storedData: &StoredChallengeData{
HTTPChallenges: make(map[string]map[string][]byte),
TLSChallenges: make(map[string]*Certificate),
},
}
}
// GetHTTPChallengeToken Get the http challenge token from the store
func (s *LocalChallengeStore) GetHTTPChallengeToken(token, domain string) ([]byte, error) {
s.lock.RLock()
defer s.lock.RUnlock()
if s.storedData.HTTPChallenges == nil {
s.storedData.HTTPChallenges = map[string]map[string][]byte{}
}
if _, ok := s.storedData.HTTPChallenges[token]; !ok {
return nil, fmt.Errorf("cannot find challenge for token %v", token)
}
result, ok := s.storedData.HTTPChallenges[token][domain]
if !ok {
return nil, fmt.Errorf("cannot find challenge for token %v", token)
}
return result, nil
}
// SetHTTPChallengeToken Set the http challenge token in the store
func (s *LocalChallengeStore) SetHTTPChallengeToken(token, domain string, keyAuth []byte) error {
s.lock.Lock()
defer s.lock.Unlock()
if s.storedData.HTTPChallenges == nil {
s.storedData.HTTPChallenges = map[string]map[string][]byte{}
}
if _, ok := s.storedData.HTTPChallenges[token]; !ok {
s.storedData.HTTPChallenges[token] = map[string][]byte{}
}
s.storedData.HTTPChallenges[token][domain] = keyAuth
return nil
}
// RemoveHTTPChallengeToken Remove the http challenge token in the store
func (s *LocalChallengeStore) RemoveHTTPChallengeToken(token, domain string) error {
s.lock.Lock()
defer s.lock.Unlock()
if s.storedData.HTTPChallenges == nil {
return nil
}
if _, ok := s.storedData.HTTPChallenges[token]; ok {
delete(s.storedData.HTTPChallenges[token], domain)
if len(s.storedData.HTTPChallenges[token]) == 0 {
delete(s.storedData.HTTPChallenges, token)
}
}
return nil
}
// AddTLSChallenge Add a certificate to the ACME TLS-ALPN-01 certificates storage
func (s *LocalChallengeStore) AddTLSChallenge(domain string, cert *Certificate) error {
s.lock.Lock()
defer s.lock.Unlock()
if s.storedData.TLSChallenges == nil {
s.storedData.TLSChallenges = make(map[string]*Certificate)
}
s.storedData.TLSChallenges[domain] = cert
return nil
}
// GetTLSChallenge Get a certificate from the ACME TLS-ALPN-01 certificates storage
func (s *LocalChallengeStore) GetTLSChallenge(domain string) (*Certificate, error) {
s.lock.Lock()
defer s.lock.Unlock()
if s.storedData.TLSChallenges == nil {
s.storedData.TLSChallenges = make(map[string]*Certificate)
}
return s.storedData.TLSChallenges[domain], nil
}
// RemoveTLSChallenge Remove a certificate from the ACME TLS-ALPN-01 certificates storage
func (s *LocalChallengeStore) RemoveTLSChallenge(domain string) error {
s.lock.Lock()
defer s.lock.Unlock()
if s.storedData.TLSChallenges == nil {
return nil
}
delete(s.storedData.TLSChallenges, domain)
return nil
}