2019-03-11 16:56:48 +00:00
|
|
|
package cmd
|
2018-12-06 21:50:17 +00:00
|
|
|
|
|
|
|
import (
|
2019-01-03 15:59:53 +00:00
|
|
|
"net"
|
2018-12-06 21:50:17 +00:00
|
|
|
"strings"
|
|
|
|
"time"
|
|
|
|
|
2020-09-02 01:20:01 +00:00
|
|
|
"github.com/go-acme/lego/v4/challenge"
|
|
|
|
"github.com/go-acme/lego/v4/challenge/dns01"
|
|
|
|
"github.com/go-acme/lego/v4/challenge/http01"
|
2023-07-26 13:44:49 +00:00
|
|
|
"github.com/go-acme/lego/v4/challenge/nns01"
|
2020-09-02 01:20:01 +00:00
|
|
|
"github.com/go-acme/lego/v4/challenge/tlsalpn01"
|
|
|
|
"github.com/go-acme/lego/v4/lego"
|
|
|
|
"github.com/go-acme/lego/v4/log"
|
|
|
|
"github.com/go-acme/lego/v4/providers/dns"
|
|
|
|
"github.com/go-acme/lego/v4/providers/http/memcached"
|
|
|
|
"github.com/go-acme/lego/v4/providers/http/webroot"
|
2022-02-13 11:28:51 +00:00
|
|
|
"github.com/urfave/cli/v2"
|
2018-12-06 21:50:17 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
func setupChallenges(ctx *cli.Context, client *lego.Client) {
|
2023-07-26 13:44:49 +00:00
|
|
|
if !ctx.Bool("http") && !ctx.Bool("tls") && !ctx.IsSet("dns") && !ctx.IsSet("nns") {
|
|
|
|
log.Fatal("No challenge selected. You must specify at least one challenge: `--http`, `--tls`, `--dns`, `--nns`.")
|
2018-12-06 21:50:17 +00:00
|
|
|
}
|
|
|
|
|
2022-02-13 11:28:51 +00:00
|
|
|
if ctx.Bool("http") {
|
2019-01-03 15:59:53 +00:00
|
|
|
err := client.Challenge.SetHTTP01Provider(setupHTTPProvider(ctx))
|
|
|
|
if err != nil {
|
|
|
|
log.Fatal(err)
|
|
|
|
}
|
2018-12-06 21:50:17 +00:00
|
|
|
}
|
|
|
|
|
2022-02-13 11:28:51 +00:00
|
|
|
if ctx.Bool("tls") {
|
2019-01-03 15:59:53 +00:00
|
|
|
err := client.Challenge.SetTLSALPN01Provider(setupTLSProvider(ctx))
|
|
|
|
if err != nil {
|
|
|
|
log.Fatal(err)
|
|
|
|
}
|
2018-12-06 21:50:17 +00:00
|
|
|
}
|
|
|
|
|
2022-02-13 11:28:51 +00:00
|
|
|
if ctx.IsSet("dns") {
|
2018-12-06 21:50:17 +00:00
|
|
|
setupDNS(ctx, client)
|
|
|
|
}
|
2023-07-26 13:44:49 +00:00
|
|
|
|
|
|
|
if ctx.IsSet("nns") {
|
|
|
|
setupNNS(ctx, client)
|
|
|
|
}
|
2018-12-06 21:50:17 +00:00
|
|
|
}
|
|
|
|
|
2019-01-03 15:59:53 +00:00
|
|
|
func setupHTTPProvider(ctx *cli.Context) challenge.Provider {
|
|
|
|
switch {
|
2022-02-13 11:28:51 +00:00
|
|
|
case ctx.IsSet("http.webroot"):
|
|
|
|
ps, err := webroot.NewHTTPProvider(ctx.String("http.webroot"))
|
2019-01-03 15:59:53 +00:00
|
|
|
if err != nil {
|
|
|
|
log.Fatal(err)
|
|
|
|
}
|
|
|
|
return ps
|
2022-02-13 11:28:51 +00:00
|
|
|
case ctx.IsSet("http.memcached-host"):
|
|
|
|
ps, err := memcached.NewMemcachedProvider(ctx.StringSlice("http.memcached-host"))
|
2019-01-03 15:59:53 +00:00
|
|
|
if err != nil {
|
|
|
|
log.Fatal(err)
|
|
|
|
}
|
|
|
|
return ps
|
2022-02-13 11:28:51 +00:00
|
|
|
case ctx.IsSet("http.port"):
|
|
|
|
iface := ctx.String("http.port")
|
2019-01-03 15:59:53 +00:00
|
|
|
if !strings.Contains(iface, ":") {
|
|
|
|
log.Fatalf("The --http switch only accepts interface:port or :port for its argument.")
|
|
|
|
}
|
|
|
|
|
|
|
|
host, port, err := net.SplitHostPort(iface)
|
|
|
|
if err != nil {
|
|
|
|
log.Fatal(err)
|
|
|
|
}
|
|
|
|
|
2019-10-05 11:44:38 +00:00
|
|
|
srv := http01.NewProviderServer(host, port)
|
2022-02-13 11:28:51 +00:00
|
|
|
if header := ctx.String("http.proxy-header"); header != "" {
|
2019-10-05 11:44:38 +00:00
|
|
|
srv.SetProxyHeader(header)
|
|
|
|
}
|
|
|
|
return srv
|
2022-02-13 11:28:51 +00:00
|
|
|
case ctx.Bool("http"):
|
2019-10-05 11:44:38 +00:00
|
|
|
srv := http01.NewProviderServer("", "")
|
2022-02-13 11:28:51 +00:00
|
|
|
if header := ctx.String("http.proxy-header"); header != "" {
|
2019-10-05 11:44:38 +00:00
|
|
|
srv.SetProxyHeader(header)
|
|
|
|
}
|
|
|
|
return srv
|
2019-01-03 15:59:53 +00:00
|
|
|
default:
|
|
|
|
log.Fatal("Invalid HTTP challenge options.")
|
|
|
|
return nil
|
2018-12-06 21:50:17 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-01-03 15:59:53 +00:00
|
|
|
func setupTLSProvider(ctx *cli.Context) challenge.Provider {
|
|
|
|
switch {
|
2022-02-13 11:28:51 +00:00
|
|
|
case ctx.IsSet("tls.port"):
|
|
|
|
iface := ctx.String("tls.port")
|
2019-01-03 15:59:53 +00:00
|
|
|
if !strings.Contains(iface, ":") {
|
|
|
|
log.Fatalf("The --tls switch only accepts interface:port or :port for its argument.")
|
|
|
|
}
|
|
|
|
|
|
|
|
host, port, err := net.SplitHostPort(iface)
|
|
|
|
if err != nil {
|
|
|
|
log.Fatal(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
return tlsalpn01.NewProviderServer(host, port)
|
2022-02-13 11:28:51 +00:00
|
|
|
case ctx.Bool("tls"):
|
2019-01-03 15:59:53 +00:00
|
|
|
return tlsalpn01.NewProviderServer("", "")
|
|
|
|
default:
|
|
|
|
log.Fatal("Invalid HTTP challenge options.")
|
|
|
|
return nil
|
2018-12-06 21:50:17 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func setupDNS(ctx *cli.Context, client *lego.Client) {
|
2022-02-13 11:28:51 +00:00
|
|
|
provider, err := dns.NewDNSChallengeProviderByName(ctx.String("dns"))
|
2018-12-06 21:50:17 +00:00
|
|
|
if err != nil {
|
|
|
|
log.Fatal(err)
|
|
|
|
}
|
|
|
|
|
2022-02-13 11:28:51 +00:00
|
|
|
servers := ctx.StringSlice("dns.resolvers")
|
2018-12-06 21:50:17 +00:00
|
|
|
err = client.Challenge.SetDNS01Provider(provider,
|
|
|
|
dns01.CondOption(len(servers) > 0,
|
2022-02-13 11:28:51 +00:00
|
|
|
dns01.AddRecursiveNameservers(dns01.ParseNameservers(ctx.StringSlice("dns.resolvers")))),
|
|
|
|
dns01.CondOption(ctx.Bool("dns.disable-cp"),
|
2018-12-06 21:50:17 +00:00
|
|
|
dns01.DisableCompletePropagationRequirement()),
|
2022-02-13 11:28:51 +00:00
|
|
|
dns01.CondOption(ctx.IsSet("dns-timeout"),
|
|
|
|
dns01.AddDNSTimeout(time.Duration(ctx.Int("dns-timeout"))*time.Second)),
|
2018-12-06 21:50:17 +00:00
|
|
|
)
|
|
|
|
if err != nil {
|
|
|
|
log.Fatal(err)
|
|
|
|
}
|
|
|
|
}
|
2023-07-26 13:44:49 +00:00
|
|
|
|
|
|
|
func setupNNS(ctx *cli.Context, client *lego.Client) {
|
|
|
|
switch {
|
|
|
|
case !ctx.IsSet("wallet"):
|
|
|
|
log.Fatal("No wallet file provided for nns challenge.")
|
|
|
|
case !ctx.IsSet("wallet.password"):
|
|
|
|
log.Fatal("No password to account from wallet file provided.")
|
|
|
|
}
|
|
|
|
|
|
|
|
nnsServer := ctx.String("nns")
|
|
|
|
wallet := ctx.String("wallet")
|
|
|
|
accAddress := ctx.String("wallet.account-address")
|
|
|
|
accPassword := ctx.String("wallet.password")
|
|
|
|
|
|
|
|
provider, err := nns01.NewNNSProvider(nnsServer, wallet, accAddress, accPassword)
|
|
|
|
if err != nil {
|
|
|
|
log.Fatal(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
err = client.Challenge.SetNNS01Provider(provider)
|
|
|
|
if err != nil {
|
|
|
|
log.Fatal(err)
|
|
|
|
}
|
|
|
|
}
|