Migrate to go-acme/lego.

2019-03-14 11:04:04 +01:00 · 2019-03-14 11:04:04 +01:00 · 87da7520de
commit 87da7520de
parent 4a68d29ce2
286 changed files with 14021 additions and 2501 deletions
--- a/vendor/github.com/go-acme/lego/providers/dns/dnsmadeeasy/dnsmadeeasy.go
+++ b/vendor/github.com/go-acme/lego/providers/dns/dnsmadeeasy/dnsmadeeasy.go
@ -0,0 +1,163 @@
+// Package dnsmadeeasy implements a DNS provider for solving the DNS-01 challenge using DNS Made Easy.
+package dnsmadeeasy
+
+import (
+	"crypto/tls"
+	"errors"
+	"fmt"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/go-acme/lego/challenge/dns01"
+	"github.com/go-acme/lego/platform/config/env"
+	"github.com/go-acme/lego/providers/dns/dnsmadeeasy/internal"
+)
+
+// Config is used to configure the creation of the DNSProvider
+type Config struct {
+	BaseURL            string
+	APIKey             string
+	APISecret          string
+	Sandbox            bool
+	HTTPClient         *http.Client
+	PropagationTimeout time.Duration
+	PollingInterval    time.Duration
+	TTL                int
+}
+
+// NewDefaultConfig returns a default configuration for the DNSProvider
+func NewDefaultConfig() *Config {
+	return &Config{
+		TTL:                env.GetOrDefaultInt("DNSMADEEASY_TTL", dns01.DefaultTTL),
+		PropagationTimeout: env.GetOrDefaultSecond("DNSMADEEASY_PROPAGATION_TIMEOUT", dns01.DefaultPropagationTimeout),
+		PollingInterval:    env.GetOrDefaultSecond("DNSMADEEASY_POLLING_INTERVAL", dns01.DefaultPollingInterval),
+		HTTPClient: &http.Client{
+			Timeout: env.GetOrDefaultSecond("DNSMADEEASY_HTTP_TIMEOUT", 10*time.Second),
+			Transport: &http.Transport{
+				TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+			},
+		},
+	}
+}
+
+// DNSProvider is an implementation of the acme.ChallengeProvider interface that uses
+// DNSMadeEasy's DNS API to manage TXT records for a domain.
+type DNSProvider struct {
+	config *Config
+	client *internal.Client
+}
+
+// NewDNSProvider returns a DNSProvider instance configured for DNSMadeEasy DNS.
+// Credentials must be passed in the environment variables:
+// DNSMADEEASY_API_KEY and DNSMADEEASY_API_SECRET.
+func NewDNSProvider() (*DNSProvider, error) {
+	values, err := env.Get("DNSMADEEASY_API_KEY", "DNSMADEEASY_API_SECRET")
+	if err != nil {
+		return nil, fmt.Errorf("dnsmadeeasy: %v", err)
+	}
+
+	config := NewDefaultConfig()
+	config.Sandbox = env.GetOrDefaultBool("DNSMADEEASY_SANDBOX", false)
+	config.APIKey = values["DNSMADEEASY_API_KEY"]
+	config.APISecret = values["DNSMADEEASY_API_SECRET"]
+
+	return NewDNSProviderConfig(config)
+}
+
+// NewDNSProviderConfig return a DNSProvider instance configured for DNS Made Easy.
+func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
+	if config == nil {
+		return nil, errors.New("dnsmadeeasy: the configuration of the DNS provider is nil")
+	}
+
+	var baseURL string
+	if config.Sandbox {
+		baseURL = "https://api.sandbox.dnsmadeeasy.com/V2.0"
+	} else {
+		if len(config.BaseURL) > 0 {
+			baseURL = config.BaseURL
+		} else {
+			baseURL = "https://api.dnsmadeeasy.com/V2.0"
+		}
+	}
+
+	client, err := internal.NewClient(config.APIKey, config.APISecret)
+	if err != nil {
+		return nil, fmt.Errorf("dnsmadeeasy: %v", err)
+	}
+
+	client.HTTPClient = config.HTTPClient
+	client.BaseURL = baseURL
+
+	return &DNSProvider{
+		client: client,
+		config: config,
+	}, nil
+}
+
+// Present creates a TXT record using the specified parameters
+func (d *DNSProvider) Present(domainName, token, keyAuth string) error {
+	fqdn, value := dns01.GetRecord(domainName, keyAuth)
+
+	authZone, err := dns01.FindZoneByFqdn(fqdn)
+	if err != nil {
+		return fmt.Errorf("dnsmadeeasy: unable to find zone for %s: %v", fqdn, err)
+	}
+
+	// fetch the domain details
+	domain, err := d.client.GetDomain(authZone)
+	if err != nil {
+		return fmt.Errorf("dnsmadeeasy: unable to get domain for zone %s: %v", authZone, err)
+	}
+
+	// create the TXT record
+	name := strings.Replace(fqdn, "."+authZone, "", 1)
+	record := &internal.Record{Type: "TXT", Name: name, Value: value, TTL: d.config.TTL}
+
+	err = d.client.CreateRecord(domain, record)
+	if err != nil {
+		return fmt.Errorf("dnsmadeeasy: unable to create record for %s: %v", name, err)
+	}
+	return nil
+}
+
+// CleanUp removes the TXT records matching the specified parameters
+func (d *DNSProvider) CleanUp(domainName, token, keyAuth string) error {
+	fqdn, _ := dns01.GetRecord(domainName, keyAuth)
+
+	authZone, err := dns01.FindZoneByFqdn(fqdn)
+	if err != nil {
+		return fmt.Errorf("dnsmadeeasy: unable to find zone for %s: %v", fqdn, err)
+	}
+
+	// fetch the domain details
+	domain, err := d.client.GetDomain(authZone)
+	if err != nil {
+		return fmt.Errorf("dnsmadeeasy: unable to get domain for zone %s: %v", authZone, err)
+	}
+
+	// find matching records
+	name := strings.Replace(fqdn, "."+authZone, "", 1)
+	records, err := d.client.GetRecords(domain, name, "TXT")
+	if err != nil {
+		return fmt.Errorf("dnsmadeeasy: unable to get records for domain %s: %v", domain.Name, err)
+	}
+
+	// delete records
+	var lastError error
+	for _, record := range *records {
+		err = d.client.DeleteRecord(record)
+		if err != nil {
+			lastError = fmt.Errorf("dnsmadeeasy: unable to delete record [id=%d, name=%s]: %v", record.ID, record.Name, err)
+		}
+	}
+
+	return lastError
+}
+
+// Timeout returns the timeout and interval to use when checking for DNS propagation.
+// Adjusting here to cope with spikes in propagation times.
+func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
+	return d.config.PropagationTimeout, d.config.PollingInterval
+}
--- a/vendor/github.com/go-acme/lego/providers/dns/dnsmadeeasy/internal/client.go
+++ b/vendor/github.com/go-acme/lego/providers/dns/dnsmadeeasy/internal/client.go
@ -0,0 +1,173 @@
+package internal
+
+import (
+	"bytes"
+	"crypto/hmac"
+	"crypto/sha1"
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"time"
+)
+
+// Domain holds the DNSMadeEasy API representation of a Domain
+type Domain struct {
+	ID   int    `json:"id"`
+	Name string `json:"name"`
+}
+
+// Record holds the DNSMadeEasy API representation of a Domain Record
+type Record struct {
+	ID       int    `json:"id"`
+	Type     string `json:"type"`
+	Name     string `json:"name"`
+	Value    string `json:"value"`
+	TTL      int    `json:"ttl"`
+	SourceID int    `json:"sourceId"`
+}
+
+type recordsResponse struct {
+	Records *[]Record `json:"data"`
+}
+
+// Client DNSMadeEasy client
+type Client struct {
+	apiKey     string
+	apiSecret  string
+	BaseURL    string
+	HTTPClient *http.Client
+}
+
+// NewClient creates a DNSMadeEasy client
+func NewClient(apiKey string, apiSecret string) (*Client, error) {
+	if apiKey == "" {
+		return nil, fmt.Errorf("credentials missing: API key")
+	}
+
+	if apiSecret == "" {
+		return nil, fmt.Errorf("credentials missing: API secret")
+	}
+
+	return &Client{
+		apiKey:     apiKey,
+		apiSecret:  apiSecret,
+		HTTPClient: &http.Client{},
+	}, nil
+}
+
+// GetDomain gets a domain
+func (c *Client) GetDomain(authZone string) (*Domain, error) {
+	domainName := authZone[0 : len(authZone)-1]
+	resource := fmt.Sprintf("%s%s", "/dns/managed/name?domainname=", domainName)
+
+	resp, err := c.sendRequest(http.MethodGet, resource, nil)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	domain := &Domain{}
+	err = json.NewDecoder(resp.Body).Decode(&domain)
+	if err != nil {
+		return nil, err
+	}
+
+	return domain, nil
+}
+
+// GetRecords gets all TXT records
+func (c *Client) GetRecords(domain *Domain, recordName, recordType string) (*[]Record, error) {
+	resource := fmt.Sprintf("%s/%d/%s%s%s%s", "/dns/managed", domain.ID, "records?recordName=", recordName, "&type=", recordType)
+
+	resp, err := c.sendRequest(http.MethodGet, resource, nil)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	records := &recordsResponse{}
+	err = json.NewDecoder(resp.Body).Decode(&records)
+	if err != nil {
+		return nil, err
+	}
+
+	return records.Records, nil
+}
+
+// CreateRecord creates a TXT records
+func (c *Client) CreateRecord(domain *Domain, record *Record) error {
+	url := fmt.Sprintf("%s/%d/%s", "/dns/managed", domain.ID, "records")
+
+	resp, err := c.sendRequest(http.MethodPost, url, record)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	return nil
+}
+
+// DeleteRecord deletes a TXT records
+func (c *Client) DeleteRecord(record Record) error {
+	resource := fmt.Sprintf("%s/%d/%s/%d", "/dns/managed", record.SourceID, "records", record.ID)
+
+	resp, err := c.sendRequest(http.MethodDelete, resource, nil)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	return nil
+}
+
+func (c *Client) sendRequest(method, resource string, payload interface{}) (*http.Response, error) {
+	url := fmt.Sprintf("%s%s", c.BaseURL, resource)
+
+	body, err := json.Marshal(payload)
+	if err != nil {
+		return nil, err
+	}
+
+	timestamp := time.Now().UTC().Format(time.RFC1123)
+	signature, err := computeHMAC(timestamp, c.apiSecret)
+	if err != nil {
+		return nil, err
+	}
+
+	req, err := http.NewRequest(method, url, bytes.NewReader(body))
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Set("x-dnsme-apiKey", c.apiKey)
+	req.Header.Set("x-dnsme-requestDate", timestamp)
+	req.Header.Set("x-dnsme-hmac", signature)
+	req.Header.Set("accept", "application/json")
+	req.Header.Set("content-type", "application/json")
+
+	resp, err := c.HTTPClient.Do(req)
+	if err != nil {
+		return nil, err
+	}
+
+	if resp.StatusCode > 299 {
+		body, err := ioutil.ReadAll(resp.Body)
+		if err != nil {
+			return nil, fmt.Errorf("request failed with HTTP status code %d", resp.StatusCode)
+		}
+		return nil, fmt.Errorf("request failed with HTTP status code %d: %s", resp.StatusCode, string(body))
+	}
+
+	return resp, nil
+}
+
+func computeHMAC(message string, secret string) (string, error) {
+	key := []byte(secret)
+	h := hmac.New(sha1.New, key)
+	_, err := h.Write([]byte(message))
+	if err != nil {
+		return "", err
+	}
+	return hex.EncodeToString(h.Sum(nil)), nil
+}