Esempio n. 1
0
func (s *fdbStore) SaveAccount(a *Account) error {
	coll := s.db.Collection("accounts/" + a.ID())
	w, err := coll.Create("privkey")
	if err != nil {
		return err
	}
	defer w.CloseAbort()

	err = acmeutils.SavePrivateKey(w, a.PrivateKey)
	if err != nil {
		return err
	}

	w.Close()

	for _, auth := range a.Authorizations {
		c := coll.Collection("authorizations/" + auth.Name)

		err := fdb.WriteBytes(c, "expiry", []byte(auth.Expires.Format(time.RFC3339)))
		if err != nil {
			return err
		}

		err = fdb.WriteBytes(c, "url", []byte(auth.URL))
		if err != nil {
			return err
		}
	}

	return nil
}
Esempio n. 2
0
// Serializes the target to disk. Call after changing any settings.
func (s *fdbStore) SaveTarget(t *Target) error {
	// Some basic validation.
	err := t.Validate()
	if err != nil {
		return err
	}

	if t != s.defaultTarget {
		t.ensureFilename()
	}

	tcopy := *t

	if t == s.defaultTarget {
		tcopy.genericise()
	}

	// don't serialize default request names list
	if tcopy.Request.implicitNames {
		tcopy.Request.Names = nil
	}

	b, err := yaml.Marshal(&tcopy)
	if err != nil {
		return err
	}

	// Save.
	if t == s.defaultTarget {
		return fdb.WriteBytes(s.db.Collection("conf"), "target", b)
	}

	return fdb.WriteBytes(s.db.Collection("desired"), t.Filename, b)
}
Esempio n. 3
0
func (s *Store) requestCertificateForTarget(t *Target) error {
	//return fmt.Errorf("not requesting certificate")
	cl := s.getAccountClient(t.Request.Account)

	err := solver.AssistedUpsertRegistration(cl, nil, context.TODO())
	if err != nil {
		return err
	}

	authsNeeded, err := s.determineNecessaryAuthorizations(t)
	if err != nil {
		return err
	}

	for _, name := range authsNeeded {
		log.Debugf("trying to obtain authorization for %#v", name)
		err := s.obtainAuthorization(name, t.Request.Account)
		if err != nil {
			log.Errore(err, "could not obtain authorization for ", name)
			return err
		}
	}

	csr, err := s.createCSR(t)
	if err != nil {
		return err
	}

	log.Debugf("requesting certificate for %v", t)
	acrt, err := cl.RequestCertificate(csr, context.TODO())
	if err != nil {
		log.Errore(err, "could not request certificate")
		return err
	}

	crt := &Certificate{
		URL: acrt.URI,
	}

	certID := crt.ID()

	c := s.db.Collection("certs/" + certID)

	err = fdb.WriteBytes(c, "url", []byte(crt.URL))
	if err != nil {
		log.Errore(err, "could not write certificate URL")
		return err
	}

	s.certs[certID] = crt

	log.Debugf("downloading certificate which was just requested: %#v", crt.URL)
	err = s.downloadCertificate(crt)
	if err != nil {
		return err
	}

	return nil
}
Esempio n. 4
0
// Set the preferred RSA key size. The size is not validated here, as it is
// clamped later and a higher preferred size may become available in future
// releases.
func (s *Store) SetPreferredRSAKeySize(keySize int) error {
	err := fdb.WriteBytes(s.db.Collection("conf"), "rsa-key-size", []byte(fmt.Sprintf("%d", keySize)))
	if err != nil {
		return err
	}

	s.preferredRSAKeySize = keySize
	return nil
}
Esempio n. 5
0
// Given a certificate URL, imports the certificate into the store. The
// certificate will be retrirved on the next reconcile. If a certificate with
// that URL already exists, this is a no-op and returns nil.
func (s *Store) ImportCertificate(url string) error {
	certID := determineCertificateID(url)
	_, ok := s.certs[certID]
	if ok {
		return nil
	}

	return fdb.WriteBytes(s.db.Collection("certs/"+certID), "url", []byte(url))
}
Esempio n. 6
0
func (s *Store) obtainAuthorization(name string, a *Account, trc *TargetRequestChallenge) error {
	cl := s.getAccountClient(a)

	ccfg := responder.ChallengeConfig{
		WebPaths:     trc.WebrootPaths,
		HTTPPorts:    trc.HTTPPorts,
		PriorKeyFunc: s.getPriorKey,
	}

	az, err := solver.Authorize(cl, name, ccfg, nil, context.TODO())
	if err != nil {
		return err
	}

	err = cl.LoadAuthorization(az, context.TODO())
	if err != nil {
		// Try proceeding anyway.
		return nil
	}

	c := s.db.Collection("accounts/" + a.ID() + "/authorizations/" + name)

	err = fdb.WriteBytes(c, "expiry", []byte(az.Expires.Format(time.RFC3339)))
	if err != nil {
		return err
	}

	err = fdb.WriteBytes(c, "url", []byte(az.URI))
	if err != nil {
		return err
	}

	saz := &Authorization{
		URL:     az.URI,
		Name:    az.Identifier.Value,
		Expires: az.Expires,
	}

	a.Authorizations[az.Identifier.Value] = saz

	return nil
}
Esempio n. 7
0
// Set the preferred webroot paths.
func (s *Store) SetWebrootPaths(paths []string) error {
	confc := s.db.Collection("conf")

	err := fdb.WriteBytes(confc, "webroot-path", []byte(strings.Join(paths, "\n")))
	if err != nil {
		return err
	}

	s.webrootPaths = paths
	return nil
}
Esempio n. 8
0
func (s *Store) saveDefaultTarget() error {
	confc := s.db.Collection("conf")

	b, err := yaml.Marshal(s.defaultTarget)
	if err != nil {
		return err
	}

	err = fdb.WriteBytes(confc, "target", b)
	if err != nil {
		return err
	}

	return nil
}
Esempio n. 9
0
func (s *Store) obtainAuthorization(name string, a *Account) error {
	cl := s.getAccountClient(a)

	az, err := solver.Authorize(cl, name, s.webrootPaths, nil, s.getPriorKey, context.TODO())
	if err != nil {
		return err
	}

	err = cl.LoadAuthorization(az, context.TODO())
	if err != nil {
		// Try proceeding anyway.
		return nil
	}

	c := s.db.Collection("accounts/" + a.ID() + "/authorizations/" + name)

	err = fdb.WriteBytes(c, "expiry", []byte(az.Expires.Format(time.RFC3339)))
	if err != nil {
		return err
	}

	err = fdb.WriteBytes(c, "url", []byte(az.URI))
	if err != nil {
		return err
	}

	saz := &Authorization{
		URL:     az.URI,
		Name:    az.Identifier.Value,
		Expires: az.Expires,
	}

	a.Authorizations[az.Identifier.Value] = saz

	return nil
}
Esempio n. 10
0
func (s *Store) serializeTarget(filename string, tgt *Target) error {
	tcopy := *tgt

	// don't serialize default request names list
	if tcopy.Request.implicitNames {
		tcopy.Request.Names = nil
	}

	b, err := yaml.Marshal(&tcopy)
	if err != nil {
		return err
	}

	c := s.db.Collection("desired")
	return fdb.WriteBytes(c, filename, b)
}
Esempio n. 11
0
// Given a certificate URL, imports the certificate into the store. The
// certificate will be retrirved on the next reconcile. If a certificate with
// that URL already exists, this is a no-op and returns nil.
func (s *fdbStore) ImportCertificate(url string) (*Certificate, error) {
	certID := determineCertificateID(url)
	c, ok := s.certs[certID]
	if ok {
		return c, nil
	}

	err := fdb.WriteBytes(s.db.Collection("certs/"+certID), "url", []byte(url))
	if err != nil {
		return nil, err
	}

	c = &Certificate{
		URL: url,
	}

	s.certs[certID] = c
	return c, nil
}
Esempio n. 12
0
func (s *Store) SaveDefaultTarget() error {
	// Some basic validation.
	err := s.defaultTarget.Validate()
	if err != nil {
		return err
	}

	// Save.
	confc := s.db.Collection("conf")

	b, err := yaml.Marshal(s.defaultTarget)
	if err != nil {
		return err
	}

	err = fdb.WriteBytes(confc, "target", b)
	if err != nil {
		return err
	}

	return nil
}
Esempio n. 13
0
func (s *fdbStore) WriteMiscellaneousConfFile(filename string, data []byte) error {
	return fdb.WriteBytes(s.db.Collection("conf"), filename, data)
}