From cab8e1f55667ab465acc1de83d2d9076d77f9890 Mon Sep 17 00:00:00 2001 From: Alexander Kazarin Date: Fri, 10 Nov 2023 04:15:33 +0300 Subject: [PATCH] regru: client certificate support (#2050) Co-authored-by: Fernandez Ludovic --- cmd/zz_gen_cmd_dnshelp.go | 2 ++ docs/content/dns/zz_gen_regru.md | 2 ++ providers/dns/regru/regru.go | 28 ++++++++++++++++++++++++++++ providers/dns/regru/regru.toml | 2 ++ 4 files changed, 34 insertions(+) diff --git a/cmd/zz_gen_cmd_dnshelp.go b/cmd/zz_gen_cmd_dnshelp.go index 4edcff94..7835c783 100644 --- a/cmd/zz_gen_cmd_dnshelp.go +++ b/cmd/zz_gen_cmd_dnshelp.go @@ -2184,6 +2184,8 @@ func displayDNSHelp(w io.Writer, name string) error { ew.writeln(` - "REGRU_HTTP_TIMEOUT": API request timeout`) ew.writeln(` - "REGRU_POLLING_INTERVAL": Time between DNS propagation check`) ew.writeln(` - "REGRU_PROPAGATION_TIMEOUT": Maximum waiting time for DNS propagation`) + ew.writeln(` - "REGRU_TLS_CERT": authentication certificate`) + ew.writeln(` - "REGRU_TLS_KEY": authentication private key`) ew.writeln(` - "REGRU_TTL": The TTL of the TXT record used for the DNS challenge`) ew.writeln() diff --git a/docs/content/dns/zz_gen_regru.md b/docs/content/dns/zz_gen_regru.md index 0bf667ae..c724cae9 100644 --- a/docs/content/dns/zz_gen_regru.md +++ b/docs/content/dns/zz_gen_regru.md @@ -52,6 +52,8 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}). | `REGRU_HTTP_TIMEOUT` | API request timeout | | `REGRU_POLLING_INTERVAL` | Time between DNS propagation check | | `REGRU_PROPAGATION_TIMEOUT` | Maximum waiting time for DNS propagation | +| `REGRU_TLS_CERT` | authentication certificate | +| `REGRU_TLS_KEY` | authentication private key | | `REGRU_TTL` | The TTL of the TXT record used for the DNS challenge | The environment variable names can be suffixed by `_FILE` to reference a file instead of a value. diff --git a/providers/dns/regru/regru.go b/providers/dns/regru/regru.go index b9ab272f..3f6f75f3 100644 --- a/providers/dns/regru/regru.go +++ b/providers/dns/regru/regru.go @@ -3,6 +3,7 @@ package regru import ( "context" + "crypto/tls" "errors" "fmt" "net/http" @@ -19,6 +20,8 @@ const ( EnvUsername = envNamespace + "USERNAME" EnvPassword = envNamespace + "PASSWORD" + EnvTLSCert = envNamespace + "TLS_CERT" + EnvTLSKey = envNamespace + "TLS_KEY" EnvTTL = envNamespace + "TTL" EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT" @@ -30,6 +33,8 @@ const ( type Config struct { Username string Password string + TLSCert string + TLSKey string PropagationTimeout time.Duration PollingInterval time.Duration @@ -67,6 +72,8 @@ func NewDNSProvider() (*DNSProvider, error) { config := NewDefaultConfig() config.Username = values[EnvUsername] config.Password = values[EnvPassword] + config.TLSCert = env.GetOrDefaultString(EnvTLSCert, "") + config.TLSKey = env.GetOrDefaultString(EnvTLSKey, "") return NewDNSProviderConfig(config) } @@ -87,6 +94,27 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) { client.HTTPClient = config.HTTPClient } + if config.TLSCert != "" || config.TLSKey != "" { + if config.TLSCert == "" { + return nil, errors.New("regru: TLS certificate is missing") + } + + if config.TLSKey == "" { + return nil, errors.New("regru: TLS key is missing") + } + + tlsCert, err := tls.X509KeyPair([]byte(config.TLSCert), []byte(config.TLSKey)) + if err != nil { + return nil, fmt.Errorf("regru: %w", err) + } + + client.HTTPClient.Transport = &http.Transport{ + TLSClientConfig: &tls.Config{ + Certificates: []tls.Certificate{tlsCert}, + }, + } + } + return &DNSProvider{config: config, client: client}, nil } diff --git a/providers/dns/regru/regru.toml b/providers/dns/regru/regru.toml index 27168d7f..5bdb2c98 100644 --- a/providers/dns/regru/regru.toml +++ b/providers/dns/regru/regru.toml @@ -15,6 +15,8 @@ lego --email you@example.com --dns regru --domains my.example.org run REGRU_USERNAME = "API username" REGRU_PASSWORD = "API password" [Configuration.Additional] + REGRU_TLS_CERT = "authentication certificate" + REGRU_TLS_KEY = "authentication private key" REGRU_POLLING_INTERVAL = "Time between DNS propagation check" REGRU_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation" REGRU_TTL = "The TTL of the TXT record used for the DNS challenge"