Example #1
0
// createAcmeServiceRegistration creates a ServiceRegistration item for the ACME HTTP challenge
func (s *acmeService) createAcmeServiceRegistration() backend.ServiceRegistration {
	pathPrefix := acme.HTTP01ChallengePath("")
	sr := backend.ServiceRegistration{
		ServiceName: acmeServiceName,
		ServicePort: acmeServicePort,
		EdgePort:    publicHttpPort,
		Public:      true,
		Instances: backend.ServiceInstances{
			backend.ServiceInstance{
				IP:   "127.0.0.1",
				Port: s.HttpProviderConfig.Port,
			},
		},
		Selectors: backend.ServiceSelectors{
			backend.ServiceSelector{
				AllowUnauthorized: true,
				AllowInsecure:     true,
				Weight:            100,
				PathPrefix:        pathPrefix,
			},
		},
		HttpCheckPath: "",
	}
	return sr
}
Example #2
0
// CleanUp removes the file created for the challenge
func (w *HTTPProvider) CleanUp(domain, token, keyAuth string) error {
	var err error
	err = os.Remove(path.Join(w.path, acme.HTTP01ChallengePath(token)))
	if err != nil {
		return fmt.Errorf("Could not remove file in webroot after HTTP challenge -> %v", err)
	}

	return nil
}
Example #3
0
// Present makes the token available at `HTTP01ChallengePath(token)` by creating a file in the given webroot path
func (w *HTTPProvider) Present(domain, token, keyAuth string) error {
	var err error

	challengeFilePath := path.Join(w.path, acme.HTTP01ChallengePath(token))
	err = os.MkdirAll(path.Dir(challengeFilePath), 0755)
	if err != nil {
		return fmt.Errorf("Could not create required directories in webroot for HTTP challenge -> %v", err)
	}

	err = ioutil.WriteFile(challengeFilePath, []byte(keyAuth), 0644)
	if err != nil {
		return fmt.Errorf("Could not write file in webroot for HTTP challenge -> %v", err)
	}

	return nil
}
Example #4
0
func TestMemcachedPresentSingleHost(t *testing.T) {
	if len(memcachedHosts) == 0 {
		t.Skip("Skipping memcached tests")
	}
	p, err := NewMemcachedProvider(memcachedHosts[0:1])
	assert.NoError(t, err)

	challengePath := path.Join("/", acme.HTTP01ChallengePath(token))

	err = p.Present(domain, token, keyAuth)
	assert.NoError(t, err)
	mc, err := memcache.New(memcachedHosts[0])
	assert.NoError(t, err)
	i, err := mc.Get(challengePath)
	assert.NoError(t, err)
	assert.Equal(t, i.Value, []byte(keyAuth))
}
Example #5
0
func TestMemcachedPresentMultiHost(t *testing.T) {
	if len(memcachedHosts) <= 1 {
		t.Skip("Skipping memcached multi-host tests")
	}
	p, err := NewMemcachedProvider(memcachedHosts)
	assert.NoError(t, err)

	challengePath := path.Join("/", acme.HTTP01ChallengePath(token))

	err = p.Present(domain, token, keyAuth)
	assert.NoError(t, err)
	for _, host := range memcachedHosts {
		mc, err := memcache.New(host)
		assert.NoError(t, err)
		i, err := mc.Get(challengePath)
		assert.NoError(t, err)
		assert.Equal(t, i.Value, []byte(keyAuth))
	}
}
Example #6
0
func TestMemcachedPresentPartialFailureMultiHost(t *testing.T) {
	if len(memcachedHosts) == 0 {
		t.Skip("Skipping memcached tests")
	}
	hosts := append(memcachedHosts, "5.5.5.5:11211")
	p, err := NewMemcachedProvider(hosts)
	assert.NoError(t, err)

	challengePath := path.Join("/", acme.HTTP01ChallengePath(token))

	err = p.Present(domain, token, keyAuth)
	assert.NoError(t, err)
	for _, host := range memcachedHosts {
		mc, err := memcache.New(host)
		assert.NoError(t, err)
		i, err := mc.Get(challengePath)
		assert.NoError(t, err)
		assert.Equal(t, i.Value, []byte(keyAuth))
	}
}
Example #7
0
// Start launches an HTTP service that handles HTTP challenge requests
func (s *httpChallengeProvider) Start() error {
	pathPrefix := acme.HTTP01ChallengePath("")

	var handler http.HandlerFunc
	handler = func(w http.ResponseWriter, req *http.Request) {
		path := req.URL.Path
		if strings.HasPrefix(path, pathPrefix) && req.Method == "GET" {
			token := path[len(pathPrefix):]
			kAPI := client.NewKeysAPI(s.EtcdClient)
			options := &client.GetOptions{
				Recursive: false,
				Sort:      false,
			}
			r, err := kAPI.Get(context.Background(), s.etcdTokenKey(token), options)
			if err != nil {
				s.Logger.Errorf("Failed to get keyAuth for token '%s': %#v", token, err)
				w.WriteHeader(http.StatusNotFound)
				w.Write([]byte("NOT FOUND"))
				return
			}
			keyAuth := r.Node.Value
			s.Logger.Infof("Found keyAuth for token '%s'", token)
			w.Header().Add("Content-Type", "text/plain")
			w.Write([]byte(keyAuth))
		} else {
			s.Logger.Warning("Unknown token request: %s", path)
			w.Write([]byte("HELLO"))
		}
	}

	listener, err := net.Listen("tcp", net.JoinHostPort("0.0.0.0", strconv.Itoa(s.Port)))
	if err != nil {
		return maskAny(fmt.Errorf("Could not start HTTP server for challenge: %#v", err))
	}

	go http.Serve(listener, handler)
	return nil
}
Example #8
0
// Present makes the token available at `HTTP01ChallengePath(token)` by creating a file in the given webroot path
func (w *MemcachedProvider) Present(domain, token, keyAuth string) error {
	var errs []error

	challengePath := path.Join("/", acme.HTTP01ChallengePath(token))
	for _, host := range w.hosts {
		mc, err := memcache.New(host)
		if err != nil {
			errs = append(errs, err)
			continue
		}
		mc.Add(&memcache.Item{
			Key:        challengePath,
			Value:      []byte(keyAuth),
			Expiration: 60,
		})
	}

	if len(errs) == len(w.hosts) {
		return fmt.Errorf("Unable to store key in any of the memcache hosts -> %v", errs)
	}

	return nil
}