mirror of
https://github.com/StackExchange/dnscontrol.git
synced 2025-01-11 09:59:59 +08:00
2ee086d41c
* switch to new go-acme imports from xenolf. Fix api changes * update many vault related dependencies
69 lines
1.5 KiB
Go
69 lines
1.5 KiB
Go
package acme
|
|
|
|
import (
|
|
"crypto"
|
|
"crypto/ecdsa"
|
|
"crypto/elliptic"
|
|
"crypto/rand"
|
|
|
|
"github.com/go-acme/lego/certcrypto"
|
|
"github.com/go-acme/lego/lego"
|
|
"github.com/go-acme/lego/registration"
|
|
)
|
|
|
|
func (c *certManager) getOrCreateAccount() (*Account, error) {
|
|
account, err := c.storage.GetAccount(c.acmeHost)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if account != nil {
|
|
return account, nil
|
|
}
|
|
// register new
|
|
account, err = c.createAccount(c.email)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
err = c.storage.StoreAccount(c.acmeHost, account)
|
|
return account, err
|
|
}
|
|
|
|
func (c *certManager) createAccount(email string) (*Account, error) {
|
|
privateKey, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
acct := &Account{
|
|
key: privateKey,
|
|
Email: c.email,
|
|
}
|
|
config := lego.NewConfig(acct)
|
|
config.CADirURL = c.acmeDirectory
|
|
config.Certificate.KeyType = certcrypto.EC384
|
|
client, err := lego.NewClient(config)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
reg, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
acct.Registration = reg
|
|
return acct, nil
|
|
}
|
|
|
|
type Account struct {
|
|
Email string `json:"email"`
|
|
key *ecdsa.PrivateKey `json:"-"`
|
|
Registration *registration.Resource `json:"registration"`
|
|
}
|
|
|
|
func (a *Account) GetEmail() string {
|
|
return a.Email
|
|
}
|
|
func (a *Account) GetPrivateKey() crypto.PrivateKey {
|
|
return a.key
|
|
}
|
|
func (a *Account) GetRegistration() *registration.Resource {
|
|
return a.Registration
|
|
}
|