forked from TrueCloudLab/lego
refactor: CRLF to LF.
This commit is contained in:
parent
5115a955b2
commit
32052a841e
2 changed files with 294 additions and 294 deletions
|
@ -1,214 +1,214 @@
|
||||||
// Package cloudxns implements a DNS provider for solving the DNS-01 challenge
|
// Package cloudxns implements a DNS provider for solving the DNS-01 challenge
|
||||||
// using cloudxns DNS.
|
// using cloudxns DNS.
|
||||||
package cloudxns
|
package cloudxns
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"crypto/md5"
|
"crypto/md5"
|
||||||
"encoding/hex"
|
"encoding/hex"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
"os"
|
"os"
|
||||||
"strconv"
|
"strconv"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/xenolf/lego/acme"
|
"github.com/xenolf/lego/acme"
|
||||||
)
|
)
|
||||||
|
|
||||||
const cloudXNSBaseURL = "https://www.cloudxns.net/api2/"
|
const cloudXNSBaseURL = "https://www.cloudxns.net/api2/"
|
||||||
|
|
||||||
// DNSProvider is an implementation of the acme.ChallengeProvider interface
|
// DNSProvider is an implementation of the acme.ChallengeProvider interface
|
||||||
type DNSProvider struct {
|
type DNSProvider struct {
|
||||||
apiKey string
|
apiKey string
|
||||||
secretKey string
|
secretKey string
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewDNSProvider returns a DNSProvider instance configured for cloudxns.
|
// NewDNSProvider returns a DNSProvider instance configured for cloudxns.
|
||||||
// Credentials must be passed in the environment variables: CLOUDXNS_API_KEY
|
// Credentials must be passed in the environment variables: CLOUDXNS_API_KEY
|
||||||
// and CLOUDXNS_SECRET_KEY.
|
// and CLOUDXNS_SECRET_KEY.
|
||||||
func NewDNSProvider() (*DNSProvider, error) {
|
func NewDNSProvider() (*DNSProvider, error) {
|
||||||
apiKey := os.Getenv("CLOUDXNS_API_KEY")
|
apiKey := os.Getenv("CLOUDXNS_API_KEY")
|
||||||
secretKey := os.Getenv("CLOUDXNS_SECRET_KEY")
|
secretKey := os.Getenv("CLOUDXNS_SECRET_KEY")
|
||||||
return NewDNSProviderCredentials(apiKey, secretKey)
|
return NewDNSProviderCredentials(apiKey, secretKey)
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewDNSProviderCredentials uses the supplied credentials to return a
|
// NewDNSProviderCredentials uses the supplied credentials to return a
|
||||||
// DNSProvider instance configured for cloudxns.
|
// DNSProvider instance configured for cloudxns.
|
||||||
func NewDNSProviderCredentials(apiKey, secretKey string) (*DNSProvider, error) {
|
func NewDNSProviderCredentials(apiKey, secretKey string) (*DNSProvider, error) {
|
||||||
if apiKey == "" || secretKey == "" {
|
if apiKey == "" || secretKey == "" {
|
||||||
return nil, fmt.Errorf("CloudXNS credentials missing")
|
return nil, fmt.Errorf("CloudXNS credentials missing")
|
||||||
}
|
}
|
||||||
|
|
||||||
return &DNSProvider{
|
return &DNSProvider{
|
||||||
apiKey: apiKey,
|
apiKey: apiKey,
|
||||||
secretKey: secretKey,
|
secretKey: secretKey,
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Present creates a TXT record to fulfil the dns-01 challenge.
|
// Present creates a TXT record to fulfil the dns-01 challenge.
|
||||||
func (c *DNSProvider) Present(domain, token, keyAuth string) error {
|
func (c *DNSProvider) Present(domain, token, keyAuth string) error {
|
||||||
fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)
|
fqdn, value, ttl := acme.DNS01Record(domain, keyAuth)
|
||||||
zoneID, err := c.getHostedZoneID(fqdn)
|
zoneID, err := c.getHostedZoneID(fqdn)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
return c.addTxtRecord(zoneID, fqdn, value, ttl)
|
return c.addTxtRecord(zoneID, fqdn, value, ttl)
|
||||||
}
|
}
|
||||||
|
|
||||||
// CleanUp removes the TXT record matching the specified parameters.
|
// CleanUp removes the TXT record matching the specified parameters.
|
||||||
func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
|
func (c *DNSProvider) CleanUp(domain, token, keyAuth string) error {
|
||||||
fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
|
fqdn, _, _ := acme.DNS01Record(domain, keyAuth)
|
||||||
zoneID, err := c.getHostedZoneID(fqdn)
|
zoneID, err := c.getHostedZoneID(fqdn)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
recordID, err := c.findTxtRecord(zoneID, fqdn)
|
recordID, err := c.findTxtRecord(zoneID, fqdn)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
return c.delTxtRecord(recordID, zoneID)
|
return c.delTxtRecord(recordID, zoneID)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *DNSProvider) getHostedZoneID(fqdn string) (string, error) {
|
func (c *DNSProvider) getHostedZoneID(fqdn string) (string, error) {
|
||||||
type Data struct {
|
type Data struct {
|
||||||
ID string `json:"id"`
|
ID string `json:"id"`
|
||||||
Domain string `json:"domain"`
|
Domain string `json:"domain"`
|
||||||
}
|
}
|
||||||
|
|
||||||
authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
|
authZone, err := acme.FindZoneByFqdn(fqdn, acme.RecursiveNameservers)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
|
|
||||||
result, err := c.makeRequest("GET", "domain", nil)
|
result, err := c.makeRequest("GET", "domain", nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
|
|
||||||
var domains []Data
|
var domains []Data
|
||||||
err = json.Unmarshal(result, &domains)
|
err = json.Unmarshal(result, &domains)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, data := range domains {
|
for _, data := range domains {
|
||||||
if data.Domain == authZone {
|
if data.Domain == authZone {
|
||||||
return data.ID, nil
|
return data.ID, nil
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return "", fmt.Errorf("Zone %s not found in cloudxns for domain %s", authZone, fqdn)
|
return "", fmt.Errorf("Zone %s not found in cloudxns for domain %s", authZone, fqdn)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *DNSProvider) findTxtRecord(zoneID, fqdn string) (string, error) {
|
func (c *DNSProvider) findTxtRecord(zoneID, fqdn string) (string, error) {
|
||||||
result, err := c.makeRequest("GET", fmt.Sprintf("record/%s?host_id=0&offset=0&row_num=2000", zoneID), nil)
|
result, err := c.makeRequest("GET", fmt.Sprintf("record/%s?host_id=0&offset=0&row_num=2000", zoneID), nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
|
|
||||||
var records []cloudXNSRecord
|
var records []cloudXNSRecord
|
||||||
err = json.Unmarshal(result, &records)
|
err = json.Unmarshal(result, &records)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, record := range records {
|
for _, record := range records {
|
||||||
if record.Host == acme.UnFqdn(fqdn) && record.Type == "TXT" {
|
if record.Host == acme.UnFqdn(fqdn) && record.Type == "TXT" {
|
||||||
return record.RecordID, nil
|
return record.RecordID, nil
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return "", fmt.Errorf("No existing record found for %s", fqdn)
|
return "", fmt.Errorf("No existing record found for %s", fqdn)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *DNSProvider) addTxtRecord(zoneID, fqdn, value string, ttl int) error {
|
func (c *DNSProvider) addTxtRecord(zoneID, fqdn, value string, ttl int) error {
|
||||||
id, err := strconv.Atoi(zoneID)
|
id, err := strconv.Atoi(zoneID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
payload := cloudXNSRecord{
|
payload := cloudXNSRecord{
|
||||||
ID: id,
|
ID: id,
|
||||||
Host: acme.UnFqdn(fqdn),
|
Host: acme.UnFqdn(fqdn),
|
||||||
Value: value,
|
Value: value,
|
||||||
Type: "TXT",
|
Type: "TXT",
|
||||||
LineID: 1,
|
LineID: 1,
|
||||||
TTL: ttl,
|
TTL: ttl,
|
||||||
}
|
}
|
||||||
|
|
||||||
body, err := json.Marshal(payload)
|
body, err := json.Marshal(payload)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
_, err = c.makeRequest("POST", "record", body)
|
_, err = c.makeRequest("POST", "record", body)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *DNSProvider) delTxtRecord(recordID, zoneID string) error {
|
func (c *DNSProvider) delTxtRecord(recordID, zoneID string) error {
|
||||||
_, err := c.makeRequest("DELETE", fmt.Sprintf("record/%s/%s", recordID, zoneID), nil)
|
_, err := c.makeRequest("DELETE", fmt.Sprintf("record/%s/%s", recordID, zoneID), nil)
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *DNSProvider) hmac(url, date, body string) string {
|
func (c *DNSProvider) hmac(url, date, body string) string {
|
||||||
sum := md5.Sum([]byte(c.apiKey + url + body + date + c.secretKey))
|
sum := md5.Sum([]byte(c.apiKey + url + body + date + c.secretKey))
|
||||||
return hex.EncodeToString(sum[:])
|
return hex.EncodeToString(sum[:])
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *DNSProvider) makeRequest(method, uri string, body []byte) (json.RawMessage, error) {
|
func (c *DNSProvider) makeRequest(method, uri string, body []byte) (json.RawMessage, error) {
|
||||||
type APIResponse struct {
|
type APIResponse struct {
|
||||||
Code int `json:"code"`
|
Code int `json:"code"`
|
||||||
Message string `json:"message"`
|
Message string `json:"message"`
|
||||||
Data json.RawMessage `json:"data,omitempty"`
|
Data json.RawMessage `json:"data,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
url := cloudXNSBaseURL + uri
|
url := cloudXNSBaseURL + uri
|
||||||
req, err := http.NewRequest(method, url, bytes.NewReader(body))
|
req, err := http.NewRequest(method, url, bytes.NewReader(body))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
requestDate := time.Now().Format(time.RFC1123Z)
|
requestDate := time.Now().Format(time.RFC1123Z)
|
||||||
|
|
||||||
req.Header.Set("API-KEY", c.apiKey)
|
req.Header.Set("API-KEY", c.apiKey)
|
||||||
req.Header.Set("API-REQUEST-DATE", requestDate)
|
req.Header.Set("API-REQUEST-DATE", requestDate)
|
||||||
req.Header.Set("API-HMAC", c.hmac(url, requestDate, string(body)))
|
req.Header.Set("API-HMAC", c.hmac(url, requestDate, string(body)))
|
||||||
req.Header.Set("API-FORMAT", "json")
|
req.Header.Set("API-FORMAT", "json")
|
||||||
|
|
||||||
resp, err := acme.HTTPClient.Do(req)
|
resp, err := acme.HTTPClient.Do(req)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
defer resp.Body.Close()
|
defer resp.Body.Close()
|
||||||
|
|
||||||
var r APIResponse
|
var r APIResponse
|
||||||
err = json.NewDecoder(resp.Body).Decode(&r)
|
err = json.NewDecoder(resp.Body).Decode(&r)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
if r.Code != 1 {
|
if r.Code != 1 {
|
||||||
return nil, fmt.Errorf("CloudXNS API Error: %s", r.Message)
|
return nil, fmt.Errorf("CloudXNS API Error: %s", r.Message)
|
||||||
}
|
}
|
||||||
return r.Data, nil
|
return r.Data, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
type cloudXNSRecord struct {
|
type cloudXNSRecord struct {
|
||||||
ID int `json:"domain_id,omitempty"`
|
ID int `json:"domain_id,omitempty"`
|
||||||
RecordID string `json:"record_id,omitempty"`
|
RecordID string `json:"record_id,omitempty"`
|
||||||
|
|
||||||
Host string `json:"host"`
|
Host string `json:"host"`
|
||||||
Value string `json:"value"`
|
Value string `json:"value"`
|
||||||
Type string `json:"type"`
|
Type string `json:"type"`
|
||||||
LineID int `json:"line_id,string"`
|
LineID int `json:"line_id,string"`
|
||||||
TTL int `json:"ttl,string"`
|
TTL int `json:"ttl,string"`
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,80 +1,80 @@
|
||||||
package cloudxns
|
package cloudxns
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"os"
|
"os"
|
||||||
"testing"
|
"testing"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/stretchr/testify/assert"
|
"github.com/stretchr/testify/assert"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
cxLiveTest bool
|
cxLiveTest bool
|
||||||
cxAPIKey string
|
cxAPIKey string
|
||||||
cxSecretKey string
|
cxSecretKey string
|
||||||
cxDomain string
|
cxDomain string
|
||||||
)
|
)
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
cxAPIKey = os.Getenv("CLOUDXNS_API_KEY")
|
cxAPIKey = os.Getenv("CLOUDXNS_API_KEY")
|
||||||
cxSecretKey = os.Getenv("CLOUDXNS_SECRET_KEY")
|
cxSecretKey = os.Getenv("CLOUDXNS_SECRET_KEY")
|
||||||
cxDomain = os.Getenv("CLOUDXNS_DOMAIN")
|
cxDomain = os.Getenv("CLOUDXNS_DOMAIN")
|
||||||
if len(cxAPIKey) > 0 && len(cxSecretKey) > 0 && len(cxDomain) > 0 {
|
if len(cxAPIKey) > 0 && len(cxSecretKey) > 0 && len(cxDomain) > 0 {
|
||||||
cxLiveTest = true
|
cxLiveTest = true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func restoreCloudXNSEnv() {
|
func restoreCloudXNSEnv() {
|
||||||
os.Setenv("CLOUDXNS_API_KEY", cxAPIKey)
|
os.Setenv("CLOUDXNS_API_KEY", cxAPIKey)
|
||||||
os.Setenv("CLOUDXNS_SECRET_KEY", cxSecretKey)
|
os.Setenv("CLOUDXNS_SECRET_KEY", cxSecretKey)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestNewDNSProviderValid(t *testing.T) {
|
func TestNewDNSProviderValid(t *testing.T) {
|
||||||
os.Setenv("CLOUDXNS_API_KEY", "")
|
os.Setenv("CLOUDXNS_API_KEY", "")
|
||||||
os.Setenv("CLOUDXNS_SECRET_KEY", "")
|
os.Setenv("CLOUDXNS_SECRET_KEY", "")
|
||||||
_, err := NewDNSProviderCredentials("123", "123")
|
_, err := NewDNSProviderCredentials("123", "123")
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
restoreCloudXNSEnv()
|
restoreCloudXNSEnv()
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestNewDNSProviderValidEnv(t *testing.T) {
|
func TestNewDNSProviderValidEnv(t *testing.T) {
|
||||||
os.Setenv("CLOUDXNS_API_KEY", "123")
|
os.Setenv("CLOUDXNS_API_KEY", "123")
|
||||||
os.Setenv("CLOUDXNS_SECRET_KEY", "123")
|
os.Setenv("CLOUDXNS_SECRET_KEY", "123")
|
||||||
_, err := NewDNSProvider()
|
_, err := NewDNSProvider()
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
restoreCloudXNSEnv()
|
restoreCloudXNSEnv()
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestNewDNSProviderMissingCredErr(t *testing.T) {
|
func TestNewDNSProviderMissingCredErr(t *testing.T) {
|
||||||
os.Setenv("CLOUDXNS_API_KEY", "")
|
os.Setenv("CLOUDXNS_API_KEY", "")
|
||||||
os.Setenv("CLOUDXNS_SECRET_KEY", "")
|
os.Setenv("CLOUDXNS_SECRET_KEY", "")
|
||||||
_, err := NewDNSProvider()
|
_, err := NewDNSProvider()
|
||||||
assert.EqualError(t, err, "CloudXNS credentials missing")
|
assert.EqualError(t, err, "CloudXNS credentials missing")
|
||||||
restoreCloudXNSEnv()
|
restoreCloudXNSEnv()
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestCloudXNSPresent(t *testing.T) {
|
func TestCloudXNSPresent(t *testing.T) {
|
||||||
if !cxLiveTest {
|
if !cxLiveTest {
|
||||||
t.Skip("skipping live test")
|
t.Skip("skipping live test")
|
||||||
}
|
}
|
||||||
|
|
||||||
provider, err := NewDNSProviderCredentials(cxAPIKey, cxSecretKey)
|
provider, err := NewDNSProviderCredentials(cxAPIKey, cxSecretKey)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
|
|
||||||
err = provider.Present(cxDomain, "", "123d==")
|
err = provider.Present(cxDomain, "", "123d==")
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestCloudXNSCleanUp(t *testing.T) {
|
func TestCloudXNSCleanUp(t *testing.T) {
|
||||||
if !cxLiveTest {
|
if !cxLiveTest {
|
||||||
t.Skip("skipping live test")
|
t.Skip("skipping live test")
|
||||||
}
|
}
|
||||||
|
|
||||||
time.Sleep(time.Second * 2)
|
time.Sleep(time.Second * 2)
|
||||||
|
|
||||||
provider, err := NewDNSProviderCredentials(cxAPIKey, cxSecretKey)
|
provider, err := NewDNSProviderCredentials(cxAPIKey, cxSecretKey)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
|
|
||||||
err = provider.CleanUp(cxDomain, "", "123d==")
|
err = provider.CleanUp(cxDomain, "", "123d==")
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue