Update Lego

2019-01-07 18:30:06 +01:00 · 2019-01-07 18:30:06 +01:00 · 9b2423aaba
commit 9b2423aaba
parent fc8c24e987
192 changed files with 11105 additions and 8535 deletions
--- a/vendor/github.com/xenolf/lego/lego/client.go
+++ b/vendor/github.com/xenolf/lego/lego/client.go
@ -0,0 +1,73 @@
+package lego
+
+import (
+	"errors"
+	"net/url"
+
+	"github.com/xenolf/lego/acme/api"
+	"github.com/xenolf/lego/certificate"
+	"github.com/xenolf/lego/challenge/resolver"
+	"github.com/xenolf/lego/registration"
+)
+
+// Client is the user-friendly way to ACME
+type Client struct {
+	Certificate  *certificate.Certifier
+	Challenge    *resolver.SolverManager
+	Registration *registration.Registrar
+	core         *api.Core
+}
+
+// NewClient creates a new ACME client on behalf of the user.
+// The client will depend on the ACME directory located at CADirURL for the rest of its actions.
+// A private key of type keyType (see KeyType constants) will be generated when requesting a new certificate if one isn't provided.
+func NewClient(config *Config) (*Client, error) {
+	if config == nil {
+		return nil, errors.New("a configuration must be provided")
+	}
+
+	_, err := url.Parse(config.CADirURL)
+	if err != nil {
+		return nil, err
+	}
+
+	if config.HTTPClient == nil {
+		return nil, errors.New("the HTTP client cannot be nil")
+	}
+
+	privateKey := config.User.GetPrivateKey()
+	if privateKey == nil {
+		return nil, errors.New("private key was nil")
+	}
+
+	var kid string
+	if reg := config.User.GetRegistration(); reg != nil {
+		kid = reg.URI
+	}
+
+	core, err := api.New(config.HTTPClient, config.UserAgent, config.CADirURL, kid, privateKey)
+	if err != nil {
+		return nil, err
+	}
+
+	solversManager := resolver.NewSolversManager(core)
+
+	prober := resolver.NewProber(solversManager)
+
+	return &Client{
+		Certificate:  certificate.NewCertifier(core, config.KeyType, prober),
+		Challenge:    solversManager,
+		Registration: registration.NewRegistrar(core, config.User),
+		core:         core,
+	}, nil
+}
+
+// GetToSURL returns the current ToS URL from the Directory
+func (c *Client) GetToSURL() string {
+	return c.core.GetDirectory().Meta.TermsOfService
+}
+
+// GetExternalAccountRequired returns the External Account Binding requirement of the Directory
+func (c *Client) GetExternalAccountRequired() bool {
+	return c.core.GetDirectory().Meta.ExternalAccountRequired
+}
--- a/vendor/github.com/xenolf/lego/lego/client_config.go
+++ b/vendor/github.com/xenolf/lego/lego/client_config.go
@ -0,0 +1,96 @@
+package lego
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"fmt"
+	"io/ioutil"
+	"net"
+	"net/http"
+	"os"
+	"time"
+
+	"github.com/xenolf/lego/certcrypto"
+	"github.com/xenolf/lego/registration"
+)
+
+const (
+	// caCertificatesEnvVar is the environment variable name that can be used to
+	// specify the path to PEM encoded CA Certificates that can be used to
+	// authenticate an ACME server with a HTTPS certificate not issued by a CA in
+	// the system-wide trusted root list.
+	caCertificatesEnvVar = "LEGO_CA_CERTIFICATES"
+
+	// caServerNameEnvVar is the environment variable name that can be used to
+	// specify the CA server name that can be used to
+	// authenticate an ACME server with a HTTPS certificate not issued by a CA in
+	// the system-wide trusted root list.
+	caServerNameEnvVar = "LEGO_CA_SERVER_NAME"
+
+	// LEDirectoryProduction URL to the Let's Encrypt production
+	LEDirectoryProduction = "https://acme-v02.api.letsencrypt.org/directory"
+
+	// LEDirectoryStaging URL to the Let's Encrypt staging
+	LEDirectoryStaging = "https://acme-staging-v02.api.letsencrypt.org/directory"
+)
+
+type Config struct {
+	CADirURL   string
+	User       registration.User
+	KeyType    certcrypto.KeyType
+	UserAgent  string
+	HTTPClient *http.Client
+}
+
+func NewConfig(user registration.User) *Config {
+	return &Config{
+		CADirURL:   LEDirectoryProduction,
+		User:       user,
+		KeyType:    certcrypto.RSA2048,
+		HTTPClient: createDefaultHTTPClient(),
+	}
+}
+
+// createDefaultHTTPClient Creates an HTTP client with a reasonable timeout value
+// and potentially a custom *x509.CertPool
+// based on the caCertificatesEnvVar environment variable (see the `initCertPool` function)
+func createDefaultHTTPClient() *http.Client {
+	return &http.Client{
+		Transport: &http.Transport{
+			Proxy: http.ProxyFromEnvironment,
+			DialContext: (&net.Dialer{
+				Timeout:   30 * time.Second,
+				KeepAlive: 30 * time.Second,
+			}).DialContext,
+			TLSHandshakeTimeout:   15 * time.Second,
+			ResponseHeaderTimeout: 15 * time.Second,
+			ExpectContinueTimeout: 1 * time.Second,
+			TLSClientConfig: &tls.Config{
+				ServerName: os.Getenv(caServerNameEnvVar),
+				RootCAs:    initCertPool(),
+			},
+		},
+	}
+}
+
+// initCertPool creates a *x509.CertPool populated with the PEM certificates
+// found in the filepath specified in the caCertificatesEnvVar OS environment
+// variable. If the caCertificatesEnvVar is not set then initCertPool will
+// return nil. If there is an error creating a *x509.CertPool from the provided
+// caCertificatesEnvVar value then initCertPool will panic.
+func initCertPool() *x509.CertPool {
+	if customCACertsPath := os.Getenv(caCertificatesEnvVar); customCACertsPath != "" {
+		customCAs, err := ioutil.ReadFile(customCACertsPath)
+		if err != nil {
+			panic(fmt.Sprintf("error reading %s=%q: %v",
+				caCertificatesEnvVar, customCACertsPath, err))
+		}
+		certPool := x509.NewCertPool()
+		if ok := certPool.AppendCertsFromPEM(customCAs); !ok {
+			panic(fmt.Sprintf("error creating x509 cert pool from %s=%q: %v",
+				caCertificatesEnvVar, customCACertsPath, err))
+		}
+		return certPool
+	}
+	return nil
+}