lego/cmd/setup_challenges.go

156 lines
4 KiB
Go
Raw Normal View History

2019-03-11 16:56:48 +00:00
package cmd
import (
2019-01-03 15:59:53 +00:00
"net"
"strings"
"time"
2020-09-02 01:20:01 +00:00
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/challenge/http01"
"github.com/go-acme/lego/v4/challenge/nns01"
2020-09-02 01:20:01 +00:00
"github.com/go-acme/lego/v4/challenge/tlsalpn01"
"github.com/go-acme/lego/v4/lego"
"github.com/go-acme/lego/v4/log"
"github.com/go-acme/lego/v4/providers/dns"
"github.com/go-acme/lego/v4/providers/http/memcached"
"github.com/go-acme/lego/v4/providers/http/webroot"
"github.com/urfave/cli/v2"
)
func setupChallenges(ctx *cli.Context, client *lego.Client) {
if !ctx.Bool("http") && !ctx.Bool("tls") && !ctx.IsSet("dns") && !ctx.IsSet("nns") {
log.Fatal("No challenge selected. You must specify at least one challenge: `--http`, `--tls`, `--dns`, `--nns`.")
}
if ctx.Bool("http") {
2019-01-03 15:59:53 +00:00
err := client.Challenge.SetHTTP01Provider(setupHTTPProvider(ctx))
if err != nil {
log.Fatal(err)
}
}
if ctx.Bool("tls") {
2019-01-03 15:59:53 +00:00
err := client.Challenge.SetTLSALPN01Provider(setupTLSProvider(ctx))
if err != nil {
log.Fatal(err)
}
}
if ctx.IsSet("dns") {
setupDNS(ctx, client)
}
if ctx.IsSet("nns") {
setupNNS(ctx, client)
}
}
2019-01-03 15:59:53 +00:00
func setupHTTPProvider(ctx *cli.Context) challenge.Provider {
switch {
case ctx.IsSet("http.webroot"):
ps, err := webroot.NewHTTPProvider(ctx.String("http.webroot"))
2019-01-03 15:59:53 +00:00
if err != nil {
log.Fatal(err)
}
return ps
case ctx.IsSet("http.memcached-host"):
ps, err := memcached.NewMemcachedProvider(ctx.StringSlice("http.memcached-host"))
2019-01-03 15:59:53 +00:00
if err != nil {
log.Fatal(err)
}
return ps
case ctx.IsSet("http.port"):
iface := ctx.String("http.port")
2019-01-03 15:59:53 +00:00
if !strings.Contains(iface, ":") {
log.Fatalf("The --http switch only accepts interface:port or :port for its argument.")
}
host, port, err := net.SplitHostPort(iface)
if err != nil {
log.Fatal(err)
}
srv := http01.NewProviderServer(host, port)
if header := ctx.String("http.proxy-header"); header != "" {
srv.SetProxyHeader(header)
}
return srv
case ctx.Bool("http"):
srv := http01.NewProviderServer("", "")
if header := ctx.String("http.proxy-header"); header != "" {
srv.SetProxyHeader(header)
}
return srv
2019-01-03 15:59:53 +00:00
default:
log.Fatal("Invalid HTTP challenge options.")
return nil
}
}
2019-01-03 15:59:53 +00:00
func setupTLSProvider(ctx *cli.Context) challenge.Provider {
switch {
case ctx.IsSet("tls.port"):
iface := ctx.String("tls.port")
2019-01-03 15:59:53 +00:00
if !strings.Contains(iface, ":") {
log.Fatalf("The --tls switch only accepts interface:port or :port for its argument.")
}
host, port, err := net.SplitHostPort(iface)
if err != nil {
log.Fatal(err)
}
return tlsalpn01.NewProviderServer(host, port)
case ctx.Bool("tls"):
2019-01-03 15:59:53 +00:00
return tlsalpn01.NewProviderServer("", "")
default:
log.Fatal("Invalid HTTP challenge options.")
return nil
}
}
func setupDNS(ctx *cli.Context, client *lego.Client) {
provider, err := dns.NewDNSChallengeProviderByName(ctx.String("dns"))
if err != nil {
log.Fatal(err)
}
servers := ctx.StringSlice("dns.resolvers")
err = client.Challenge.SetDNS01Provider(provider,
dns01.CondOption(len(servers) > 0,
dns01.AddRecursiveNameservers(dns01.ParseNameservers(ctx.StringSlice("dns.resolvers")))),
dns01.CondOption(ctx.Bool("dns.disable-cp"),
dns01.DisableCompletePropagationRequirement()),
dns01.CondOption(ctx.IsSet("dns-timeout"),
dns01.AddDNSTimeout(time.Duration(ctx.Int("dns-timeout"))*time.Second)),
)
if err != nil {
log.Fatal(err)
}
}
func setupNNS(ctx *cli.Context, client *lego.Client) {
switch {
case !ctx.IsSet("wallet"):
log.Fatal("No wallet file provided for nns challenge.")
case !ctx.IsSet("wallet.password"):
log.Fatal("No password to account from wallet file provided.")
}
nnsServer := ctx.String("nns")
wallet := ctx.String("wallet")
accAddress := ctx.String("wallet.account-address")
accPassword := ctx.String("wallet.password")
provider, err := nns01.NewNNSProvider(nnsServer, wallet, accAddress, accPassword)
if err != nil {
log.Fatal(err)
}
err = client.Challenge.SetNNS01Provider(provider)
if err != nil {
log.Fatal(err)
}
}