Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
C
caddy
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
caddy
Commits
01f2b858
Commit
01f2b858
authored
Jan 17, 2019
by
Matthew Holt
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
vendor: Update certmagic and lego
parent
7fe9e13f
Changes
18
Show whitespace changes
Inline
Side-by-side
Showing
18 changed files
with
131 additions
and
142 deletions
+131
-142
vendor/github.com/mholt/certmagic/certmagic.go
vendor/github.com/mholt/certmagic/certmagic.go
+8
-0
vendor/github.com/mholt/certmagic/client.go
vendor/github.com/mholt/certmagic/client.go
+16
-12
vendor/github.com/mholt/certmagic/config.go
vendor/github.com/mholt/certmagic/config.go
+11
-0
vendor/github.com/mholt/certmagic/filestorage.go
vendor/github.com/mholt/certmagic/filestorage.go
+1
-1
vendor/github.com/mholt/certmagic/solvers.go
vendor/github.com/mholt/certmagic/solvers.go
+1
-1
vendor/github.com/mholt/certmagic/storage.go
vendor/github.com/mholt/certmagic/storage.go
+13
-16
vendor/github.com/xenolf/lego/acme/api/api.go
vendor/github.com/xenolf/lego/acme/api/api.go
+1
-1
vendor/github.com/xenolf/lego/acme/api/internal/secure/jws.go
...or/github.com/xenolf/lego/acme/api/internal/secure/jws.go
+1
-1
vendor/github.com/xenolf/lego/acme/api/internal/sender/useragent.go
...hub.com/xenolf/lego/acme/api/internal/sender/useragent.go
+1
-1
vendor/github.com/xenolf/lego/certificate/certificates.go
vendor/github.com/xenolf/lego/certificate/certificates.go
+33
-33
vendor/github.com/xenolf/lego/challenge/dns01/dns_challenge.go
...r/github.com/xenolf/lego/challenge/dns01/dns_challenge.go
+3
-1
vendor/github.com/xenolf/lego/challenge/dns01/precheck.go
vendor/github.com/xenolf/lego/challenge/dns01/precheck.go
+6
-2
vendor/github.com/xenolf/lego/challenge/resolver/prober.go
vendor/github.com/xenolf/lego/challenge/resolver/prober.go
+4
-3
vendor/github.com/xenolf/lego/challenge/resolver/solver_manager.go
...thub.com/xenolf/lego/challenge/resolver/solver_manager.go
+6
-53
vendor/github.com/xenolf/lego/lego/client.go
vendor/github.com/xenolf/lego/lego/client.go
+2
-1
vendor/github.com/xenolf/lego/lego/client_config.go
vendor/github.com/xenolf/lego/lego/client_config.go
+14
-6
vendor/github.com/xenolf/lego/platform/wait/wait.go
vendor/github.com/xenolf/lego/platform/wait/wait.go
+2
-2
vendor/manifest
vendor/manifest
+8
-8
No files found.
vendor/github.com/mholt/certmagic/certmagic.go
View file @
01f2b858
...
...
@@ -476,6 +476,14 @@ var (
// certificates
KeyType
=
certcrypto
.
RSA2048
// The maximum amount of time to allow for
// obtaining a certificate. If empty, the
// default from the underlying lego lib is
// used. If set, it must not be too low so
// as to cancel orders too early, running
// the risk of rate limiting.
CertObtainTimeout
time
.
Duration
// The state needed to operate on-demand TLS
OnDemand
*
OnDemandConfig
...
...
vendor/github.com/mholt/certmagic/client.go
View file @
01f2b858
...
...
@@ -59,10 +59,14 @@ func (cfg *Config) newACMEClient(interactive bool) (*acmeClient, error) {
return
nil
,
err
}
// ensure key type is set
keyType
:=
KeyType
if
cfg
.
KeyType
!=
""
{
keyType
=
cfg
.
KeyType
// ensure key type and timeout are set
keyType
:=
cfg
.
KeyType
if
keyType
==
""
{
keyType
=
KeyType
}
certObtainTimeout
:=
cfg
.
CertObtainTimeout
if
certObtainTimeout
==
0
{
certObtainTimeout
=
CertObtainTimeout
}
// ensure CA URL (directory endpoint) is set
...
...
@@ -93,9 +97,12 @@ func (cfg *Config) newACMEClient(interactive bool) (*acmeClient, error) {
// the client facilitates our communication with the CA server
legoCfg
:=
lego
.
NewConfig
(
&
leUser
)
legoCfg
.
CADirURL
=
caURL
legoCfg
.
KeyType
=
keyType
legoCfg
.
UserAgent
=
buildUAString
()
legoCfg
.
HTTPClient
.
Timeout
=
HTTPTimeout
legoCfg
.
Certificate
=
lego
.
CertificateConfig
{
KeyType
:
keyType
,
Timeout
:
certObtainTimeout
,
}
client
,
err
=
lego
.
NewClient
(
legoCfg
)
if
err
!=
nil
{
cfg
.
acmeClientsMu
.
Unlock
()
...
...
@@ -189,19 +196,16 @@ func (cfg *Config) newACMEClient(interactive bool) (*acmeClient, error) {
})
// disable any challenges that should not be used
var
disabledChallenges
[]
challenge
.
Type
if
cfg
.
DisableHTTPChallenge
{
disabledChallenges
=
append
(
disabledChallenges
,
challenge
.
HTTP01
)
c
.
acmeClient
.
Challenge
.
Remove
(
challenge
.
HTTP01
)
}
if
cfg
.
DisableTLSALPNChallenge
{
disabledChallenges
=
append
(
disabledChallenges
,
challenge
.
TLSALPN01
)
}
if
len
(
disabledChallenges
)
>
0
{
c
.
acmeClient
.
Challenge
.
Exclude
(
disabledChallenges
)
c
.
acmeClient
.
Challenge
.
Remove
(
challenge
.
TLSALPN01
)
}
}
else
{
// Otherwise, use DNS challenge exclusively
c
.
acmeClient
.
Challenge
.
Exclude
([]
challenge
.
Type
{
challenge
.
HTTP01
,
challenge
.
TLSALPN01
})
c
.
acmeClient
.
Challenge
.
Remove
(
challenge
.
HTTP01
)
c
.
acmeClient
.
Challenge
.
Remove
(
challenge
.
TLSALPN01
)
c
.
acmeClient
.
Challenge
.
SetDNS01Provider
(
cfg
.
DNSProvider
)
}
...
...
vendor/github.com/mholt/certmagic/config.go
View file @
01f2b858
...
...
@@ -93,6 +93,14 @@ type Config struct {
// certificates
KeyType
certcrypto
.
KeyType
// The maximum amount of time to allow for
// obtaining a certificate. If empty, the
// default from the underlying lego lib is
// used. If set, it must not be too low so
// as to cancel orders too early, running
// the risk of rate limiting.
CertObtainTimeout
time
.
Duration
// The state needed to operate on-demand TLS
OnDemand
*
OnDemandConfig
...
...
@@ -196,6 +204,9 @@ func NewWithCache(certCache *Cache, cfg Config) *Config {
if
cfg
.
KeyType
==
""
{
cfg
.
KeyType
=
KeyType
}
if
cfg
.
CertObtainTimeout
==
0
{
cfg
.
CertObtainTimeout
=
CertObtainTimeout
}
if
cfg
.
OnDemand
==
nil
{
cfg
.
OnDemand
=
OnDemand
}
...
...
vendor/github.com/mholt/certmagic/filestorage.go
View file @
01f2b858
...
...
@@ -179,7 +179,7 @@ func (fs *FileStorage) String() string {
}
func
(
fs
*
FileStorage
)
lockFilename
(
key
string
)
string
{
return
filepath
.
Join
(
fs
.
lockDir
(),
StorageKeys
.
s
afe
(
key
)
+
".lock"
)
return
filepath
.
Join
(
fs
.
lockDir
(),
StorageKeys
.
S
afe
(
key
)
+
".lock"
)
}
func
(
fs
*
FileStorage
)
lockDir
()
string
{
...
...
vendor/github.com/mholt/certmagic/solvers.go
View file @
01f2b858
...
...
@@ -140,7 +140,7 @@ func (dhs distributedSolver) challengeTokensPrefix() string {
// challengeTokensKey returns the key to use to store and access
// challenge info for domain.
func
(
dhs
distributedSolver
)
challengeTokensKey
(
domain
string
)
string
{
return
filepath
.
Join
(
dhs
.
challengeTokensPrefix
(),
StorageKeys
.
s
afe
(
domain
)
+
".json"
)
return
filepath
.
Join
(
dhs
.
challengeTokensPrefix
(),
StorageKeys
.
S
afe
(
domain
)
+
".json"
)
}
type
challengeInfo
struct
{
...
...
vendor/github.com/mholt/certmagic/storage.go
View file @
01f2b858
...
...
@@ -84,12 +84,9 @@ type Locker interface {
Lock
(
key
string
)
error
// Unlock releases the lock for key. This method must ONLY be
// called after a successful call to TryLock where no Waiter was
// returned, and only after the operation requiring the lock is
// finished, even if it errored or timed out. It is INCORRECT to
// call Unlock if any non-nil value was returned from a call to
// TryLock or if Unlock was not called at all. Unlock should also
// clean up any unused resources allocated during TryLock.
// called after a successful call to Lock, and only after the
// critical section is finished, even if it errored or timed
// out. Unlock cleans up any resources allocated during Lock.
Unlock
(
key
string
)
error
}
...
...
@@ -133,28 +130,28 @@ func (keys KeyBuilder) CAPrefix(ca string) string {
if
err
!=
nil
{
caURL
=
&
url
.
URL
{
Host
:
ca
}
}
return
path
.
Join
(
prefixACME
,
keys
.
s
afe
(
caURL
.
Host
))
return
path
.
Join
(
prefixACME
,
keys
.
S
afe
(
caURL
.
Host
))
}
// SitePrefix returns a key prefix for items associated with
// the site using the given CA URL.
func
(
keys
KeyBuilder
)
SitePrefix
(
ca
,
domain
string
)
string
{
return
path
.
Join
(
keys
.
CAPrefix
(
ca
),
"sites"
,
keys
.
s
afe
(
domain
))
return
path
.
Join
(
keys
.
CAPrefix
(
ca
),
"sites"
,
keys
.
S
afe
(
domain
))
}
// SiteCert returns the path to the certificate file for domain.
func
(
keys
KeyBuilder
)
SiteCert
(
ca
,
domain
string
)
string
{
return
path
.
Join
(
keys
.
SitePrefix
(
ca
,
domain
),
keys
.
s
afe
(
domain
)
+
".crt"
)
return
path
.
Join
(
keys
.
SitePrefix
(
ca
,
domain
),
keys
.
S
afe
(
domain
)
+
".crt"
)
}
// SitePrivateKey returns the path to domain's private key file.
func
(
keys
KeyBuilder
)
SitePrivateKey
(
ca
,
domain
string
)
string
{
return
path
.
Join
(
keys
.
SitePrefix
(
ca
,
domain
),
keys
.
s
afe
(
domain
)
+
".key"
)
return
path
.
Join
(
keys
.
SitePrefix
(
ca
,
domain
),
keys
.
S
afe
(
domain
)
+
".key"
)
}
// SiteMeta returns the path to the domain's asset metadata file.
func
(
keys
KeyBuilder
)
SiteMeta
(
ca
,
domain
string
)
string
{
return
path
.
Join
(
keys
.
SitePrefix
(
ca
,
domain
),
keys
.
s
afe
(
domain
)
+
".json"
)
return
path
.
Join
(
keys
.
SitePrefix
(
ca
,
domain
),
keys
.
S
afe
(
domain
)
+
".json"
)
}
// UsersPrefix returns a key prefix for items related to
...
...
@@ -169,7 +166,7 @@ func (keys KeyBuilder) UserPrefix(ca, email string) string {
if
email
==
""
{
email
=
emptyEmail
}
return
path
.
Join
(
keys
.
UsersPrefix
(
ca
),
keys
.
s
afe
(
email
))
return
path
.
Join
(
keys
.
UsersPrefix
(
ca
),
keys
.
S
afe
(
email
))
}
// UserReg gets the path to the registration file for the user
...
...
@@ -190,7 +187,7 @@ func (keys KeyBuilder) UserPrivateKey(ca, email string) string {
func
(
keys
KeyBuilder
)
OCSPStaple
(
cert
*
Certificate
,
pemBundle
[]
byte
)
string
{
var
ocspFileName
string
if
len
(
cert
.
Names
)
>
0
{
firstName
:=
keys
.
s
afe
(
cert
.
Names
[
0
])
firstName
:=
keys
.
S
afe
(
cert
.
Names
[
0
])
ocspFileName
=
firstName
+
"-"
}
ocspFileName
+=
fastHash
(
pemBundle
)
...
...
@@ -208,7 +205,7 @@ func (keys KeyBuilder) safeUserKey(ca, email, defaultFilename, extension string)
if
filename
==
""
{
filename
=
defaultFilename
}
filename
=
keys
.
s
afe
(
filename
)
filename
=
keys
.
S
afe
(
filename
)
return
path
.
Join
(
keys
.
UserPrefix
(
ca
,
email
),
filename
+
extension
)
}
...
...
@@ -224,9 +221,9 @@ func (keys KeyBuilder) emailUsername(email string) string {
return
email
[
:
at
]
}
//
s
afe standardizes and sanitizes str for use as
//
S
afe standardizes and sanitizes str for use as
// a storage key. This method is idempotent.
func
(
keys
KeyBuilder
)
s
afe
(
str
string
)
string
{
func
(
keys
KeyBuilder
)
S
afe
(
str
string
)
string
{
str
=
strings
.
ToLower
(
str
)
str
=
strings
.
TrimSpace
(
str
)
...
...
vendor/github.com/xenolf/lego/acme/api/api.go
View file @
01f2b858
...
...
@@ -44,7 +44,7 @@ func New(httpClient *http.Client, userAgent string, caDirURL, kid string, privat
jws
:=
secure
.
NewJWS
(
privateKey
,
kid
,
nonceManager
)
c
:=
&
Core
{
doer
:
doer
,
nonceManager
:
nonceManager
,
jws
:
jws
,
directory
:
dir
}
c
:=
&
Core
{
doer
:
doer
,
nonceManager
:
nonceManager
,
jws
:
jws
,
directory
:
dir
,
HTTPClient
:
httpClient
}
c
.
common
.
core
=
c
c
.
Accounts
=
(
*
AccountService
)(
&
c
.
common
)
...
...
vendor/github.com/xenolf/lego/acme/api/internal/secure/jws.go
View file @
01f2b858
...
...
@@ -10,7 +10,7 @@ import (
"fmt"
"github.com/xenolf/lego/acme/api/internal/nonces"
"gopkg.in/square/go-jose.v2"
jose
"gopkg.in/square/go-jose.v2"
)
// JWS Represents a JWS.
...
...
vendor/github.com/xenolf/lego/acme/api/internal/sender/useragent.go
View file @
01f2b858
...
...
@@ -5,7 +5,7 @@ package sender
const
(
// ourUserAgent is the User-Agent of this underlying library package.
ourUserAgent
=
"xenolf-acme/
1.2
.1"
ourUserAgent
=
"xenolf-acme/
2.0
.1"
// ourUserAgentComment is part of the UA comment linked to the version status of this underlying library package.
// values: detach|release
...
...
vendor/github.com/xenolf/lego/certificate/certificates.go
View file @
01f2b858
...
...
@@ -17,6 +17,7 @@ import (
"github.com/xenolf/lego/certcrypto"
"github.com/xenolf/lego/challenge"
"github.com/xenolf/lego/log"
"github.com/xenolf/lego/platform/wait"
"golang.org/x/crypto/ocsp"
"golang.org/x/net/idna"
)
...
...
@@ -60,17 +61,24 @@ type resolver interface {
Solve
(
authorizations
[]
acme
.
Authorization
)
error
}
type
CertifierOptions
struct
{
KeyType
certcrypto
.
KeyType
Timeout
time
.
Duration
}
// Certifier A service to obtain/renew/revoke certificates.
type
Certifier
struct
{
core
*
api
.
Core
keyType
certcrypto
.
KeyType
resolver
resolver
options
CertifierOptions
}
func
NewCertifier
(
core
*
api
.
Core
,
keyType
certcrypto
.
KeyType
,
resolver
resolver
)
*
Certifier
{
// NewCertifier creates a Certifier.
func
NewCertifier
(
core
*
api
.
Core
,
resolver
resolver
,
options
CertifierOptions
)
*
Certifier
{
return
&
Certifier
{
core
:
core
,
keyType
:
keyType
,
resolver
:
resolver
,
options
:
options
,
}
}
...
...
@@ -191,7 +199,7 @@ func (c *Certifier) ObtainForCSR(csr x509.CertificateRequest, bundle bool) (*Res
func
(
c
*
Certifier
)
getForOrder
(
domains
[]
string
,
order
acme
.
ExtendedOrder
,
bundle
bool
,
privateKey
crypto
.
PrivateKey
,
mustStaple
bool
)
(
*
Resource
,
error
)
{
if
privateKey
==
nil
{
var
err
error
privateKey
,
err
=
certcrypto
.
GeneratePrivateKey
(
c
.
k
eyType
)
privateKey
,
err
=
certcrypto
.
GeneratePrivateKey
(
c
.
options
.
K
eyType
)
if
err
!=
nil
{
return
nil
,
err
}
...
...
@@ -237,9 +245,9 @@ func (c *Certifier) getForCSR(domains []string, order acme.ExtendedOrder, bundle
if
respOrder
.
Status
==
acme
.
StatusValid
{
// if the certificate is available right away, short cut!
ok
,
err
:=
c
.
checkResponse
(
respOrder
,
certRes
,
bundle
)
if
err
!=
nil
{
return
nil
,
err
ok
,
err
R
:=
c
.
checkResponse
(
respOrder
,
certRes
,
bundle
)
if
err
R
!=
nil
{
return
nil
,
err
R
}
if
ok
{
...
...
@@ -247,34 +255,26 @@ func (c *Certifier) getForCSR(domains []string, order acme.ExtendedOrder, bundle
}
}
return
c
.
waitForCertificate
(
certRes
,
order
.
Location
,
bundle
)
}
func
(
c
*
Certifier
)
waitForCertificate
(
certRes
*
Resource
,
orderURL
string
,
bundle
bool
)
(
*
Resource
,
error
)
{
stopTimer
:=
time
.
NewTimer
(
30
*
time
.
Second
)
defer
stopTimer
.
Stop
()
retryTick
:=
time
.
NewTicker
(
500
*
time
.
Millisecond
)
defer
retryTick
.
Stop
()
for
{
select
{
case
<-
stopTimer
.
C
:
return
nil
,
errors
.
New
(
"certificate polling timed out"
)
case
<-
retryTick
.
C
:
order
,
err
:=
c
.
core
.
Orders
.
Get
(
orderURL
)
if
err
!=
nil
{
return
nil
,
err
timeout
:=
c
.
options
.
Timeout
if
c
.
options
.
Timeout
<=
0
{
timeout
=
30
*
time
.
Second
}
done
,
err
:=
c
.
checkResponse
(
order
,
certRes
,
bundle
)
if
err
!=
nil
{
return
nil
,
err
}
if
done
{
return
certRes
,
nil
}
err
=
wait
.
For
(
"certificate"
,
timeout
,
timeout
/
60
,
func
()
(
bool
,
error
)
{
ord
,
errW
:=
c
.
core
.
Orders
.
Get
(
order
.
Location
)
if
errW
!=
nil
{
return
false
,
errW
}
done
,
errW
:=
c
.
checkResponse
(
ord
,
certRes
,
bundle
)
if
errW
!=
nil
{
return
false
,
errW
}
return
done
,
nil
})
return
certRes
,
err
}
// checkResponse checks to see if the certificate is ready and a link is contained in the response.
...
...
vendor/github.com/xenolf/lego/challenge/dns01/dns_challenge.go
View file @
01f2b858
...
...
@@ -123,7 +123,7 @@ func (c *Challenge) Solve(authz acme.Authorization) error {
log
.
Infof
(
"[%s] acme: Checking DNS record propagation using %+v"
,
domain
,
recursiveNameservers
)
err
=
wait
.
For
(
timeout
,
interval
,
func
()
(
bool
,
error
)
{
err
=
wait
.
For
(
"propagation"
,
timeout
,
interval
,
func
()
(
bool
,
error
)
{
stop
,
errP
:=
c
.
preCheck
.
call
(
fqdn
,
value
)
if
!
stop
||
errP
!=
nil
{
log
.
Infof
(
"[%s] acme: Waiting for DNS record propagation."
,
domain
)
...
...
@@ -140,6 +140,8 @@ func (c *Challenge) Solve(authz acme.Authorization) error {
// CleanUp cleans the challenge.
func
(
c
*
Challenge
)
CleanUp
(
authz
acme
.
Authorization
)
error
{
log
.
Infof
(
"[%s] acme: Cleaning DNS-01 challenge"
,
challenge
.
GetTargetedDomain
(
authz
))
chlng
,
err
:=
challenge
.
FindChallenge
(
challenge
.
DNS01
,
authz
)
if
err
!=
nil
{
return
err
...
...
vendor/github.com/xenolf/lego/challenge/dns01/precheck.go
View file @
01f2b858
...
...
@@ -91,10 +91,14 @@ func checkAuthoritativeNss(fqdn, value string, nameservers []string) (bool, erro
return
false
,
fmt
.
Errorf
(
"NS %s returned %s for %s"
,
ns
,
dns
.
RcodeToString
[
r
.
Rcode
],
fqdn
)
}
var
records
[]
string
var
found
bool
for
_
,
rr
:=
range
r
.
Answer
{
if
txt
,
ok
:=
rr
.
(
*
dns
.
TXT
);
ok
{
if
strings
.
Join
(
txt
.
Txt
,
""
)
==
value
{
record
:=
strings
.
Join
(
txt
.
Txt
,
""
)
records
=
append
(
records
,
record
)
if
record
==
value
{
found
=
true
break
}
...
...
@@ -102,7 +106,7 @@ func checkAuthoritativeNss(fqdn, value string, nameservers []string) (bool, erro
}
if
!
found
{
return
false
,
fmt
.
Errorf
(
"NS %s did not return the expected TXT record [fqdn: %s
]"
,
ns
,
fqdn
)
return
false
,
fmt
.
Errorf
(
"NS %s did not return the expected TXT record [fqdn: %s
, value: %s]: %s"
,
ns
,
fqdn
,
value
,
strings
.
Join
(
records
,
" ,"
)
)
}
}
...
...
vendor/github.com/xenolf/lego/challenge/resolver/prober.go
View file @
01f2b858
...
...
@@ -110,7 +110,7 @@ func sequentialSolve(authSolvers []*selectedAuthSolver, failures obtainError) {
// Solve challenge
err
:=
authSolver
.
solver
.
Solve
(
authSolver
.
authz
)
if
err
!=
nil
{
failures
[
authSolver
.
authz
.
Identifier
.
Value
]
=
err
failures
[
domain
]
=
err
cleanUp
(
authSolver
.
solver
,
authSolver
.
authz
)
continue
}
...
...
@@ -149,14 +149,15 @@ func parallelSolve(authSolvers []*selectedAuthSolver, failures obtainError) {
// Finally solve all challenges for real
for
_
,
authSolver
:=
range
authSolvers
{
authz
:=
authSolver
.
authz
if
failures
[
authz
.
Identifier
.
Value
]
!=
nil
{
domain
:=
challenge
.
GetTargetedDomain
(
authz
)
if
failures
[
domain
]
!=
nil
{
// already failed in previous loop
continue
}
err
:=
authSolver
.
solver
.
Solve
(
authz
)
if
err
!=
nil
{
failures
[
authz
.
Identifier
.
Value
]
=
err
failures
[
domain
]
=
err
}
}
}
...
...
vendor/github.com/xenolf/lego/challenge/resolver/solver_manager.go
View file @
01f2b858
...
...
@@ -3,7 +3,6 @@ package resolver
import
(
"errors"
"fmt"
"net"
"sort"
"strconv"
"time"
...
...
@@ -21,7 +20,7 @@ type byType []acme.Challenge
func
(
a
byType
)
Len
()
int
{
return
len
(
a
)
}
func
(
a
byType
)
Swap
(
i
,
j
int
)
{
a
[
i
],
a
[
j
]
=
a
[
j
],
a
[
i
]
}
func
(
a
byType
)
Less
(
i
,
j
int
)
bool
{
return
a
[
i
]
.
Type
<
a
[
j
]
.
Type
}
func
(
a
byType
)
Less
(
i
,
j
int
)
bool
{
return
a
[
i
]
.
Type
>
a
[
j
]
.
Type
}
type
SolverManager
struct
{
core
*
api
.
Core
...
...
@@ -29,55 +28,12 @@ type SolverManager struct {
}
func
NewSolversManager
(
core
*
api
.
Core
)
*
SolverManager
{
solvers
:=
map
[
challenge
.
Type
]
solver
{
challenge
.
HTTP01
:
http01
.
NewChallenge
(
core
,
validate
,
&
http01
.
ProviderServer
{}),
challenge
.
TLSALPN01
:
tlsalpn01
.
NewChallenge
(
core
,
validate
,
&
tlsalpn01
.
ProviderServer
{}),
}
return
&
SolverManager
{
solvers
:
solvers
,
solvers
:
map
[
challenge
.
Type
]
solver
{}
,
core
:
core
,
}
}
// SetHTTP01Address specifies a custom interface:port to be used for HTTP based challenges.
// If this option is not used, the default port 80 and all interfaces will be used.
// To only specify a port and no interface use the ":port" notation.
//
// NOTE: This REPLACES any custom HTTP provider previously set by calling
// c.SetProvider with the default HTTP challenge provider.
func
(
c
*
SolverManager
)
SetHTTP01Address
(
iface
string
)
error
{
host
,
port
,
err
:=
net
.
SplitHostPort
(
iface
)
if
err
!=
nil
{
return
err
}
if
chlng
,
ok
:=
c
.
solvers
[
challenge
.
HTTP01
];
ok
{
chlng
.
(
*
http01
.
Challenge
)
.
SetProvider
(
http01
.
NewProviderServer
(
host
,
port
))
}
return
nil
}
// SetTLSALPN01Address specifies a custom interface:port to be used for TLS based challenges.
// If this option is not used, the default port 443 and all interfaces will be used.
// To only specify a port and no interface use the ":port" notation.
//
// NOTE: This REPLACES any custom TLS-ALPN provider previously set by calling
// c.SetProvider with the default TLS-ALPN challenge provider.
func
(
c
*
SolverManager
)
SetTLSALPN01Address
(
iface
string
)
error
{
host
,
port
,
err
:=
net
.
SplitHostPort
(
iface
)
if
err
!=
nil
{
return
err
}
if
chlng
,
ok
:=
c
.
solvers
[
challenge
.
TLSALPN01
];
ok
{
chlng
.
(
*
tlsalpn01
.
Challenge
)
.
SetProvider
(
tlsalpn01
.
NewProviderServer
(
host
,
port
))
}
return
nil
}
// SetHTTP01Provider specifies a custom provider p that can solve the given HTTP-01 challenge.
func
(
c
*
SolverManager
)
SetHTTP01Provider
(
p
challenge
.
Provider
)
error
{
c
.
solvers
[
challenge
.
HTTP01
]
=
http01
.
NewChallenge
(
c
.
core
,
validate
,
p
)
...
...
@@ -96,18 +52,15 @@ func (c *SolverManager) SetDNS01Provider(p challenge.Provider, opts ...dns01.Cha
return
nil
}
// Exclude explicitly removes challenges from the pool for solving.
func
(
c
*
SolverManager
)
Exclude
(
challenges
[]
challenge
.
Type
)
{
// Loop through all challenges and delete the requested one if found.
for
_
,
chlg
:=
range
challenges
{
delete
(
c
.
solvers
,
chlg
)
}
// Remove Remove a challenge type from the available solvers.
func
(
c
*
SolverManager
)
Remove
(
chlgType
challenge
.
Type
)
{
delete
(
c
.
solvers
,
chlgType
)
}
// Checks all challenges from the server in order and returns the first matching solver.
func
(
c
*
SolverManager
)
chooseSolver
(
authz
acme
.
Authorization
)
solver
{
// Allow to have a deterministic challenge order
sort
.
Sort
(
sort
.
Reverse
(
byType
(
authz
.
Challenges
)
))
sort
.
Sort
(
byType
(
authz
.
Challenges
))
domain
:=
challenge
.
GetTargetedDomain
(
authz
)
for
_
,
chlg
:=
range
authz
.
Challenges
{
...
...
vendor/github.com/xenolf/lego/lego/client.go
View file @
01f2b858
...
...
@@ -53,9 +53,10 @@ func NewClient(config *Config) (*Client, error) {
solversManager
:=
resolver
.
NewSolversManager
(
core
)
prober
:=
resolver
.
NewProber
(
solversManager
)
certifier
:=
certificate
.
NewCertifier
(
core
,
prober
,
certificate
.
CertifierOptions
{
KeyType
:
config
.
Certificate
.
KeyType
,
Timeout
:
config
.
Certificate
.
Timeout
})
return
&
Client
{
Certificate
:
certifi
cate
.
NewCertifier
(
core
,
config
.
KeyType
,
prober
)
,
Certificate
:
certifi
er
,
Challenge
:
solversManager
,
Registration
:
registration
.
NewRegistrar
(
core
,
config
.
User
),
core
:
core
,
...
...
vendor/github.com/xenolf/lego/lego/client_config.go
View file @
01f2b858
...
...
@@ -37,20 +37,28 @@ const (
type
Config
struct
{
CADirURL
string
User
registration
.
User
KeyType
certcrypto
.
KeyType
UserAgent
string
HTTPClient
*
http
.
Client
Certificate
CertificateConfig
}
func
NewConfig
(
user
registration
.
User
)
*
Config
{
return
&
Config
{
CADirURL
:
LEDirectoryProduction
,
User
:
user
,
KeyType
:
certcrypto
.
RSA2048
,
HTTPClient
:
createDefaultHTTPClient
(),
Certificate
:
CertificateConfig
{
KeyType
:
certcrypto
.
RSA2048
,
Timeout
:
30
*
time
.
Second
,
},
}
}
type
CertificateConfig
struct
{
KeyType
certcrypto
.
KeyType
Timeout
time
.
Duration
}
// createDefaultHTTPClient Creates an HTTP client with a reasonable timeout value
// and potentially a custom *x509.CertPool
// based on the caCertificatesEnvVar environment variable (see the `initCertPool` function)
...
...
vendor/github.com/xenolf/lego/platform/wait/wait.go
View file @
01f2b858
...
...
@@ -8,8 +8,8 @@ import (
)
// For polls the given function 'f', once every 'interval', up to 'timeout'.
func
For
(
timeout
,
interval
time
.
Duration
,
f
func
()
(
bool
,
error
))
error
{
log
.
Infof
(
"Wait
[timeout: %s, interval: %s]"
,
timeout
,
interval
)
func
For
(
msg
string
,
timeout
,
interval
time
.
Duration
,
f
func
()
(
bool
,
error
))
error
{
log
.
Infof
(
"Wait
for %s [timeout: %s, interval: %s]"
,
msg
,
timeout
,
interval
)
var
lastErr
string
timeUp
:=
time
.
After
(
timeout
)
...
...
vendor/manifest
View file @
01f2b858
...
...
@@ -138,7 +138,7 @@
"importpath": "github.com/mholt/certmagic",
"repository": "https://github.com/mholt/certmagic",
"vcs": "git",
"revision": "
a3b276a1b44e1c2c3dcab752729976ea04f4839b
",
"revision": "
707b20497ed70e559300ae4e91c6fd7db973fffc
",
"branch": "master",
"notests": true
},
...
...
@@ -178,7 +178,7 @@
"importpath": "github.com/xenolf/lego/acme",
"repository": "https://github.com/xenolf/lego",
"vcs": "git",
"revision": "
b05b54d1f69a31ceed92e2995243c5b17821c9e4
",
"revision": "
a43ec709e8034f388aab28d14b97aeed0e7aa98c
",
"branch": "master",
"path": "acme",
"notests": true
...
...
@@ -187,7 +187,7 @@
"importpath": "github.com/xenolf/lego/certcrypto",
"repository": "https://github.com/xenolf/lego",
"vcs": "git",
"revision": "
b05b54d1f69a31ceed92e2995243c5b17821c9e4
",
"revision": "
a43ec709e8034f388aab28d14b97aeed0e7aa98c
",
"branch": "master",
"path": "certcrypto",
"notests": true
...
...
@@ -196,7 +196,7 @@
"importpath": "github.com/xenolf/lego/certificate",
"repository": "https://github.com/xenolf/lego",
"vcs": "git",
"revision": "
b05b54d1f69a31ceed92e2995243c5b17821c9e4
",
"revision": "
a43ec709e8034f388aab28d14b97aeed0e7aa98c
",
"branch": "master",
"path": "certificate",
"notests": true
...
...
@@ -205,7 +205,7 @@
"importpath": "github.com/xenolf/lego/challenge",
"repository": "https://github.com/xenolf/lego",
"vcs": "git",
"revision": "
b05b54d1f69a31ceed92e2995243c5b17821c9e4
",
"revision": "
a43ec709e8034f388aab28d14b97aeed0e7aa98c
",
"branch": "master",
"path": "/challenge",
"notests": true
...
...
@@ -214,7 +214,7 @@
"importpath": "github.com/xenolf/lego/lego",
"repository": "https://github.com/xenolf/lego",
"vcs": "git",
"revision": "
b05b54d1f69a31ceed92e2995243c5b17821c9e4
",
"revision": "
a43ec709e8034f388aab28d14b97aeed0e7aa98c
",
"branch": "master",
"path": "/lego",
"notests": true
...
...
@@ -232,7 +232,7 @@
"importpath": "github.com/xenolf/lego/platform/wait",
"repository": "https://github.com/xenolf/lego",
"vcs": "git",
"revision": "
b05b54d1f69a31ceed92e2995243c5b17821c9e4
",
"revision": "
a43ec709e8034f388aab28d14b97aeed0e7aa98c
",
"branch": "master",
"path": "platform/wait",
"notests": true
...
...
@@ -241,7 +241,7 @@
"importpath": "github.com/xenolf/lego/registration",
"repository": "https://github.com/xenolf/lego",
"vcs": "git",
"revision": "
b05b54d1f69a31ceed92e2995243c5b17821c9e4
",
"revision": "
a43ec709e8034f388aab28d14b97aeed0e7aa98c
",
"branch": "master",
"path": "registration",
"notests": true
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment