ACME TLS ALPN

2018-07-03 12:44:04 +02:00 · 2018-07-03 12:44:04 +02:00 · 139f280f35
commit 139f280f35
parent 17ad5153b8
258 changed files with 25528 additions and 1516 deletions
--- a/vendor/github.com/OpenDNS/vegadns2client/LICENSE
+++ b/vendor/github.com/OpenDNS/vegadns2client/LICENSE
@ -0,0 +1,13 @@
+Copyright 2018, Cisco Systems, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
--- a/vendor/github.com/OpenDNS/vegadns2client/client.go
+++ b/vendor/github.com/OpenDNS/vegadns2client/client.go
@ -0,0 +1,71 @@
+package vegadns2client
+
+import (
+	"fmt"
+	"net/http"
+	"net/url"
+	"strings"
+)
+
+// VegaDNSClient - Struct for holding VegaDNSClient specific attributes
+type VegaDNSClient struct {
+	client    http.Client
+	baseurl   string
+	version   string
+	User      string
+	Pass      string
+	APIKey    string
+	APISecret string
+	token     Token
+}
+
+// Send - Central place for sending requests
+// Input: method, endpoint, params
+// Output: *http.Response
+func (vega *VegaDNSClient) Send(method string, endpoint string, params map[string]string) (*http.Response, error) {
+	vegaURL := vega.getURL(endpoint)
+
+	p := url.Values{}
+	for k, v := range params {
+		p.Set(k, v)
+	}
+
+	var err error
+	var req *http.Request
+
+	if (method == "GET") || (method == "DELETE") {
+		vegaURL = fmt.Sprintf("%s?%s", vegaURL, p.Encode())
+		req, err = http.NewRequest(method, vegaURL, nil)
+	} else {
+		req, err = http.NewRequest(method, vegaURL, strings.NewReader(p.Encode()))
+	}
+
+	if err != nil {
+		return nil, fmt.Errorf("Error preparing request: %s", err)
+	}
+
+	if vega.User != "" && vega.Pass != "" {
+		// Basic Auth
+		req.SetBasicAuth(vega.User, vega.Pass)
+	} else if vega.APIKey != "" && vega.APISecret != "" {
+		// OAuth
+		vega.getAuthToken()
+		err = vega.token.valid()
+		if err != nil {
+			return nil, err
+		}
+		req.Header.Set("Authorization", vega.getBearer())
+	}
+
+	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+
+	return vega.client.Do(req)
+}
+
+func (vega *VegaDNSClient) getURL(endpoint string) string {
+	return fmt.Sprintf("%s/%s/%s", vega.baseurl, vega.version, endpoint)
+}
+
+func (vega *VegaDNSClient) stillAuthorized() error {
+	return vega.token.valid()
+}
--- a/vendor/github.com/OpenDNS/vegadns2client/domains.go
+++ b/vendor/github.com/OpenDNS/vegadns2client/domains.go
@ -0,0 +1,80 @@
+package vegadns2client
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"log"
+	"net/http"
+	"strings"
+)
+
+// Domain - struct containing a domain object
+type Domain struct {
+	Status   string `json:"status"`
+	Domain   string `json:"domain"`
+	DomainID int    `json:"domain_id"`
+	OwnerID  int    `json:"owner_id"`
+}
+
+// DomainResponse - api response of a domain list
+type DomainResponse struct {
+	Status  string   `json:"status"`
+	Total   int      `json:"total_domains"`
+	Domains []Domain `json:"domains"`
+}
+
+// GetDomainID - returns the id for a domain
+// Input: domain
+// Output: int, err
+func (vega *VegaDNSClient) GetDomainID(domain string) (int, error) {
+	params := make(map[string]string)
+	params["search"] = domain
+
+	resp, err := vega.Send("GET", "domains", params)
+
+	if err != nil {
+		return -1, fmt.Errorf("Error sending GET to GetDomainID: %s", err)
+	}
+	defer resp.Body.Close()
+	body, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return -1, fmt.Errorf("Error reading response from GET to GetDomainID: %s", err)
+	}
+	if resp.StatusCode != http.StatusOK {
+		return -1, fmt.Errorf("Got bad answer from VegaDNS on GetDomainID. Code: %d. Message: %s", resp.StatusCode, string(body))
+	}
+
+	answer := DomainResponse{}
+	if err := json.Unmarshal(body, &answer); err != nil {
+		return -1, fmt.Errorf("Error unmarshalling body from GetDomainID: %s", err)
+	}
+	log.Println(answer)
+	for _, d := range answer.Domains {
+		if d.Domain == domain {
+			return d.DomainID, nil
+		}
+	}
+
+	return -1, fmt.Errorf("Didnt find domain %s", domain)
+
+}
+
+// GetAuthZone retrieves the closest match to a given
+// domain. Example: Given an argument "a.b.c.d.e", and a VegaDNS
+// hosted domain of "c.d.e", GetClosestMatchingDomain will return
+// "c.d.e".
+func (vega *VegaDNSClient) GetAuthZone(fqdn string) (string, int, error) {
+	fqdn = strings.TrimSuffix(fqdn, ".")
+	numComponents := len(strings.Split(fqdn, "."))
+	for i := 1; i < numComponents; i++ {
+		tmpHostname := strings.SplitN(fqdn, ".", i)[i-1]
+		log.Printf("tmpHostname for i = %d: %s\n", i, tmpHostname)
+		if domainID, err := vega.GetDomainID(tmpHostname); err == nil {
+			log.Printf("Found zone: %s\n\tShortened to %s\n", tmpHostname, strings.TrimSuffix(tmpHostname, "."))
+			return strings.TrimSuffix(tmpHostname, "."), domainID, nil
+		}
+	}
+	log.Println("Unable to find hosted zone in vegadns")
+	return "", -1, fmt.Errorf("Unable to find auth zone for fqdn %s", fqdn)
+}
--- a/vendor/github.com/OpenDNS/vegadns2client/main.go
+++ b/vendor/github.com/OpenDNS/vegadns2client/main.go
@ -0,0 +1,19 @@
+package vegadns2client
+
+import (
+	"net/http"
+	"time"
+)
+
+// NewVegaDNSClient - helper to instantiate a client
+// Input: url string
+// Output: VegaDNSClient
+func NewVegaDNSClient(url string) VegaDNSClient {
+	httpClient := http.Client{Timeout: 15 * time.Second}
+	return VegaDNSClient{
+		client:  httpClient,
+		baseurl: url,
+		version: "1.0",
+		token:   Token{},
+	}
+}
--- a/vendor/github.com/OpenDNS/vegadns2client/records.go
+++ b/vendor/github.com/OpenDNS/vegadns2client/records.go
@ -0,0 +1,113 @@
+package vegadns2client
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+)
+
+// Record - struct representing a Record object
+type Record struct {
+	Name       string `json:"name"`
+	Value      string `json:"value"`
+	RecordType string `json:"record_type"`
+	TTL        int    `json:"ttl"`
+	RecordID   int    `json:"record_id"`
+	LocationID string `json:"location_id"`
+	DomainID   int    `json:"domain_id"`
+}
+
+// RecordsResponse - api response list of records
+type RecordsResponse struct {
+	Status  string   `json:"status"`
+	Total   int      `json:"total_records"`
+	Domain  Domain   `json:"domain"`
+	Records []Record `json:"records"`
+}
+
+// GetRecordID - helper to get the id of a record
+// Input: domainID, record, recordType
+// Output: int
+func (vega *VegaDNSClient) GetRecordID(domainID int, record string, recordType string) (int, error) {
+	params := make(map[string]string)
+	params["domain_id"] = fmt.Sprintf("%d", domainID)
+
+	resp, err := vega.Send("GET", "records", params)
+
+	if err != nil {
+		return -1, fmt.Errorf("Error sending GET to GetRecordID: %s", err)
+	}
+	defer resp.Body.Close()
+	body, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return -1, fmt.Errorf("Error reading response from GetRecordID: %s", err)
+	}
+	if resp.StatusCode != http.StatusOK {
+		return -1, fmt.Errorf("Got bad answer from VegaDNS on GetRecordID. Code: %d. Message: %s", resp.StatusCode, string(body))
+	}
+
+	answer := RecordsResponse{}
+	if err := json.Unmarshal(body, &answer); err != nil {
+		return -1, fmt.Errorf("Error unmarshalling body from GetRecordID: %s", err)
+	}
+
+	for _, r := range answer.Records {
+		if r.Name == record && r.RecordType == recordType {
+			return r.RecordID, nil
+		}
+	}
+
+	return -1, errors.New("Couldnt find record")
+}
+
+// CreateTXT - Creates a TXT record
+// Input: domainID, fqdn, value, ttl
+// Output: nil or error
+func (vega *VegaDNSClient) CreateTXT(domainID int, fqdn string, value string, ttl int) error {
+	params := make(map[string]string)
+
+	params["record_type"] = "TXT"
+	params["ttl"] = fmt.Sprintf("%d", ttl)
+	params["domain_id"] = fmt.Sprintf("%d", domainID)
+	params["name"] = strings.TrimSuffix(fqdn, ".")
+	params["value"] = value
+
+	resp, err := vega.Send("POST", "records", params)
+
+	if err != nil {
+		return fmt.Errorf("Send POST error in CreateTXT: %s", err)
+	}
+	defer resp.Body.Close()
+	body, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return fmt.Errorf("Error reading POST response in CreateTXT: %s", err)
+	}
+	if resp.StatusCode != http.StatusCreated {
+		return fmt.Errorf("Got bad answer from VegaDNS on CreateTXT. Code: %d. Message: %s", resp.StatusCode, string(body))
+	}
+
+	return nil
+}
+
+// DeleteRecord - deletes a record by id
+// Input: recordID
+// Output: nil or error
+func (vega *VegaDNSClient) DeleteRecord(recordID int) error {
+	resp, err := vega.Send("DELETE", fmt.Sprintf("records/%d", recordID), nil)
+	if err != nil {
+		return fmt.Errorf("Send DELETE error in DeleteTXT: %s", err)
+	}
+	defer resp.Body.Close()
+	body, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return fmt.Errorf("Error reading DELETE response in DeleteTXT: %s", err)
+	}
+	if resp.StatusCode != http.StatusOK {
+		return fmt.Errorf("Got bad answer from VegaDNS on DeleteTXT. Code: %d. Message: %s", resp.StatusCode, string(body))
+	}
+
+	return nil
+}
--- a/vendor/github.com/OpenDNS/vegadns2client/tokens.go
+++ b/vendor/github.com/OpenDNS/vegadns2client/tokens.go
@ -0,0 +1,74 @@
+package vegadns2client
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"log"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+// Token - struct to hold token information
+type Token struct {
+	Token     string `json:"access_token"`
+	TokenType string `json:"token_type"`
+	ExpiresIn int    `json:"expires_in"`
+	ExpiresAt time.Time
+}
+
+func (t Token) valid() error {
+	if time.Now().UTC().After(t.ExpiresAt) {
+		return errors.New("Token Expired")
+	}
+	return nil
+}
+
+func (vega *VegaDNSClient) getBearer() string {
+	if vega.token.valid() != nil {
+		vega.getAuthToken()
+	}
+	return vega.token.formatBearer()
+}
+
+func (t Token) formatBearer() string {
+	return fmt.Sprintf("Bearer %s", t.Token)
+}
+
+func (vega *VegaDNSClient) getAuthToken() {
+	tokenEndpoint := vega.getURL("token")
+	v := url.Values{}
+	v.Set("grant_type", "client_credentials")
+
+	req, err := http.NewRequest("POST", tokenEndpoint, strings.NewReader(v.Encode()))
+	if err != nil {
+		log.Fatalf("Error forming POST to getAuthToken: %s", err)
+	}
+	req.SetBasicAuth(vega.APIKey, vega.APISecret)
+	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+
+	issueTime := time.Now().UTC()
+	resp, err := vega.client.Do(req)
+	if err != nil {
+		log.Fatalf("Error sending POST to getAuthToken: %s", err)
+	}
+	defer resp.Body.Close()
+	body, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		log.Fatalf("Error reading response from POST to getAuthToken: %s", err)
+	}
+	if resp.StatusCode != http.StatusOK {
+		log.Fatalf("Got bad answer from VegaDNS on getAuthToken. Code: %d. Message: %s", resp.StatusCode, string(body))
+	}
+	if err := json.Unmarshal(body, &vega.token); err != nil {
+		log.Fatalf("Error unmarshalling body of POST to getAuthToken: %s", err)
+	}
+
+	if vega.token.TokenType != "bearer" {
+		log.Fatal("We don't support anything except bearer tokens")
+	}
+	vega.token.ExpiresAt = issueTime.Add(time.Duration(vega.token.ExpiresIn) * time.Second)
+}