ACME V2 Integration

acme/localStore.go

@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"io/ioutil"
 	"os"
+	"regexp"
 
 	"github.com/containous/traefik/log"
 	"github.com/containous/traefik/provider/acme"
@@ -45,19 +46,41 @@ func (s *LocalStore) Get() (*Account, error) {
 		if err := json.Unmarshal(file, &account); err != nil {
 			return nil, err
 		}
+
+		// Check if ACME Account is in ACME V1 format
+		if account != nil && account.Registration != nil {
+			isOldRegistration, err := regexp.MatchString(acme.RegistrationURLPathV1Regexp, account.Registration.URI)
+			if err != nil {
+				return nil, err
+			}
+
+			if isOldRegistration {
+				account.Email = ""
+				account.Registration = nil
+				account.PrivateKey = nil
+			}
+		}
 	}
+
 	return account, nil
 }
 
 // ConvertToNewFormat converts old acme.json format to the new one and store the result into the file (used for the backward compatibility)
 func ConvertToNewFormat(fileName string) {
 	localStore := acme.NewLocalStore(fileName)
+
 	storeAccount, err := localStore.GetAccount()
 	if err != nil {
 		log.Warnf("Failed to read new account, ACME data conversion is not available : %v", err)
 		return
 	}
 
+	storeCertificates, err := localStore.GetCertificates()
+	if err != nil {
+		log.Warnf("Failed to read new certificates, ACME data conversion is not available : %v", err)
+		return
+	}
+
 	if storeAccount == nil {
 		localStore := NewLocalStore(fileName)
 
@@ -67,8 +90,10 @@ func ConvertToNewFormat(fileName string) {
 			return
 		}
 
-		if account != nil {
-			newAccount := &acme.Account{
+		// Convert ACME data from old to new format
+		newAccount := &acme.Account{}
+		if account != nil && len(account.Email) > 0 {
+			newAccount = &acme.Account{
 				PrivateKey:   account.PrivateKey,
 				Registration: account.Registration,
 				Email:        account.Email,
@@ -82,9 +107,15 @@ func ConvertToNewFormat(fileName string) {
 					Domain:      cert.Domains,
 				})
 			}
-			newLocalStore := acme.NewLocalStore(fileName)
-			newLocalStore.SaveDataChan <- &acme.StoredData{Account: newAccount, Certificates: newCertificates}
+			// If account is in the old format, storeCertificates is nil or empty
+			// and has to be initialized
+			storeCertificates = newCertificates
 		}
+
+		// Store the data in new format into the file even if account is nil
+		// to delete Account in ACME v1 format and keeping the certificates
+		newLocalStore := acme.NewLocalStore(fileName)
+		newLocalStore.SaveDataChan <- &acme.StoredData{Account: newAccount, Certificates: storeCertificates}
 	}
 }
 
@@ -102,15 +133,28 @@ func FromNewToOldFormat(fileName string) (*Account, error) {
 		return nil, err
 	}
 
+	// Convert ACME Account from new to old format
+	// (Needed by the KV stores)
+	var account *Account
 	if storeAccount != nil {
-		account := &Account{}
-		account.Email = storeAccount.Email
-		account.PrivateKey = storeAccount.PrivateKey
-		account.Registration = storeAccount.Registration
-		account.DomainsCertificate = DomainsCertificates{}
+		account = &Account{
+			Email:              storeAccount.Email,
+			PrivateKey:         storeAccount.PrivateKey,
+			Registration:       storeAccount.Registration,
+			DomainsCertificate: DomainsCertificates{},
+		}
+	}
 
+	// Convert ACME Certificates from new to old format
+	// (Needed by the KV stores)
+	if len(storeCertificates) > 0 {
+		// Account can be nil if data are migrated from new format
+		// with a ACME V1 Account
+		if account == nil {
+			account = &Account{}
+		}
 		for _, cert := range storeCertificates {
-			_, err = account.DomainsCertificate.addCertificateForDomains(&Certificate{
+			_, err := account.DomainsCertificate.addCertificateForDomains(&Certificate{
 				Domain:      cert.Domain.Main,
 				Certificate: cert.Certificate,
 				PrivateKey:  cert.Key,
@@ -119,7 +163,7 @@ func FromNewToOldFormat(fileName string) (*Account, error) {
 				return nil, err
 			}
 		}
-		return account, nil
 	}
-	return nil, nil
+
+	return account, nil
 }