regru: client certificate support (#2050)

Co-authored-by: Fernandez Ludovic <ldez@users.noreply.github.com>
2023-11-10 04:15:33 +03:00 · 2023-11-10 04:15:33 +03:00 · cab8e1f556
commit cab8e1f556
parent d51b5e408b
4 changed files with 34 additions and 0 deletions
--- a/cmd/zz_gen_cmd_dnshelp.go
+++ b/cmd/zz_gen_cmd_dnshelp.go
@ -2184,6 +2184,8 @@ func displayDNSHelp(w io.Writer, name string) error {
 		ew.writeln(`	- "REGRU_HTTP_TIMEOUT":	API request timeout`)
 		ew.writeln(`	- "REGRU_POLLING_INTERVAL":	Time between DNS propagation check`)
 		ew.writeln(`	- "REGRU_PROPAGATION_TIMEOUT":	Maximum waiting time for DNS propagation`)
+		ew.writeln(`	- "REGRU_TLS_CERT":	authentication certificate`)
+		ew.writeln(`	- "REGRU_TLS_KEY":	authentication private key`)
 		ew.writeln(`	- "REGRU_TTL":	The TTL of the TXT record used for the DNS challenge`)

 		ew.writeln()
--- a/docs/content/dns/zz_gen_regru.md
+++ b/docs/content/dns/zz_gen_regru.md
@ -52,6 +52,8 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}).
 | `REGRU_HTTP_TIMEOUT` | API request timeout |
 | `REGRU_POLLING_INTERVAL` | Time between DNS propagation check |
 | `REGRU_PROPAGATION_TIMEOUT` | Maximum waiting time for DNS propagation |
+| `REGRU_TLS_CERT` | authentication certificate |
+| `REGRU_TLS_KEY` | authentication private key |
 | `REGRU_TTL` | The TTL of the TXT record used for the DNS challenge |

 The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
--- a/providers/dns/regru/regru.go
+++ b/providers/dns/regru/regru.go
@ -3,6 +3,7 @@ package regru

 import (
 	"context"
+	"crypto/tls"
 	"errors"
 	"fmt"
 	"net/http"
@ -19,6 +20,8 @@ const (

 	EnvUsername = envNamespace + "USERNAME"
 	EnvPassword = envNamespace + "PASSWORD"
+	EnvTLSCert  = envNamespace + "TLS_CERT"
+	EnvTLSKey   = envNamespace + "TLS_KEY"

 	EnvTTL                = envNamespace + "TTL"
 	EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
@ -30,6 +33,8 @@ const (
 type Config struct {
 	Username string
 	Password string
+	TLSCert  string
+	TLSKey   string

 	PropagationTimeout time.Duration
 	PollingInterval    time.Duration
@ -67,6 +72,8 @@ func NewDNSProvider() (*DNSProvider, error) {
 	config := NewDefaultConfig()
 	config.Username = values[EnvUsername]
 	config.Password = values[EnvPassword]
+	config.TLSCert = env.GetOrDefaultString(EnvTLSCert, "")
+	config.TLSKey = env.GetOrDefaultString(EnvTLSKey, "")

 	return NewDNSProviderConfig(config)
 }
@ -87,6 +94,27 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 		client.HTTPClient = config.HTTPClient
 	}

+	if config.TLSCert != "" || config.TLSKey != "" {
+		if config.TLSCert == "" {
+			return nil, errors.New("regru: TLS certificate is missing")
+		}
+
+		if config.TLSKey == "" {
+			return nil, errors.New("regru: TLS key is missing")
+		}
+
+		tlsCert, err := tls.X509KeyPair([]byte(config.TLSCert), []byte(config.TLSKey))
+		if err != nil {
+			return nil, fmt.Errorf("regru: %w", err)
+		}
+
+		client.HTTPClient.Transport = &http.Transport{
+			TLSClientConfig: &tls.Config{
+				Certificates: []tls.Certificate{tlsCert},
+			},
+		}
+	}
+
 	return &DNSProvider{config: config, client: client}, nil
 }

--- a/providers/dns/regru/regru.toml
+++ b/providers/dns/regru/regru.toml
@ -15,6 +15,8 @@ lego --email you@example.com --dns regru --domains my.example.org run
    REGRU_USERNAME = "API username"
    REGRU_PASSWORD = "API password"
  [Configuration.Additional]
+    REGRU_TLS_CERT = "authentication certificate"
+    REGRU_TLS_KEY = "authentication private key"
    REGRU_POLLING_INTERVAL = "Time between DNS propagation check"
    REGRU_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
    REGRU_TTL = "The TTL of the TXT record used for the DNS challenge"