ZhuoQinghui
4d415a390e
- 重构了 ACME 相关的代码结构,增加了 Apply、GetProvider 和 ReNew函数 - 新增了域名申请功能,包括添加域名和申请证书 - 更新了数据库模型和相关接口,以支持新的域名申请功能 - 引入了 Cloudflare 的 DNS 提供商配置
115 lines
2.6 KiB
Go
115 lines
2.6 KiB
Go
package acme
|
|
|
|
import (
|
|
"acme-mana-server-go/model"
|
|
provider_conf "acme-mana-server-go/vo/provider-conf"
|
|
"crypto/ecdsa"
|
|
"crypto/elliptic"
|
|
"crypto/rand"
|
|
"fmt"
|
|
"github.com/go-acme/lego/v4/certcrypto"
|
|
"github.com/go-acme/lego/v4/certificate"
|
|
"github.com/go-acme/lego/v4/challenge"
|
|
"github.com/go-acme/lego/v4/lego"
|
|
"github.com/go-acme/lego/v4/registration"
|
|
"strings"
|
|
)
|
|
|
|
type DnsHelper interface {
|
|
Apply()
|
|
}
|
|
|
|
// Register 注册
|
|
func Register(email string) *RegisterRes {
|
|
privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
user := User{
|
|
Email: email,
|
|
Key: privateKey,
|
|
}
|
|
config := lego.NewConfig(&user)
|
|
config.CADirURL = lego.LEDirectoryProduction
|
|
config.Certificate.KeyType = certcrypto.RSA2048
|
|
client, err := lego.NewClient(config)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
resource, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
user.Registration = resource
|
|
return user.ToRegister()
|
|
}
|
|
|
|
func Apply(domain *model.Domain, acmeUser *model.AcmeUser) *certificate.Resource {
|
|
res := &RegisterRes{
|
|
Email: acmeUser.Email,
|
|
Registration: acmeUser.Registration,
|
|
PrivateKey: acmeUser.PrivateKey,
|
|
}
|
|
user := &User{}
|
|
user.FromRegister(res)
|
|
|
|
config := lego.NewConfig(user)
|
|
config.CADirURL = lego.LEDirectoryProduction
|
|
config.Certificate.KeyType = certcrypto.RSA2048
|
|
|
|
provider, err := GetProvider(domain.Provider, domain.ProviderConf)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
client, err := lego.NewClient(config)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
err = client.Challenge.SetDNS01Provider(provider)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
hosts := domain.Hosts
|
|
hostArr := strings.Split(hosts, ",")
|
|
request := certificate.ObtainRequest{
|
|
Domains: hostArr,
|
|
}
|
|
|
|
resource, err := client.Certificate.Obtain(request)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
return resource
|
|
}
|
|
|
|
func GetProvider(name string, conf string) (challenge.Provider, error) {
|
|
switch name {
|
|
case "cloudflare":
|
|
return provider_conf.Cloudflare{}.ToProvider(conf)
|
|
default:
|
|
panic("not support")
|
|
}
|
|
}
|
|
|
|
func ReNew(acmeUser *model.AcmeUser) {
|
|
res := &RegisterRes{
|
|
Email: acmeUser.Email,
|
|
Registration: acmeUser.Registration,
|
|
PrivateKey: acmeUser.PrivateKey,
|
|
}
|
|
user := &User{}
|
|
user.FromRegister(res)
|
|
|
|
config := lego.NewConfig(user)
|
|
config.CADirURL = lego.LEDirectoryProduction
|
|
config.Certificate.KeyType = certcrypto.RSA2048
|
|
|
|
resource := certificate.Resource{}
|
|
client, _ := lego.NewClient(config)
|
|
newResource, _ := client.Certificate.RenewWithOptions(resource, &certificate.RenewOptions{})
|
|
fmt.Println(newResource)
|
|
}
|