func (s *fdbStore) SaveAccount(a *Account) error {
coll := s.db.Collection("accounts/" + a.ID())
w, err := coll.Create("privkey")
if err != nil {
return err
}
defer w.CloseAbort()
err = acmeutils.SavePrivateKey(w, a.PrivateKey)
if err != nil {
return err
}
w.Close()
for _, auth := range a.Authorizations {
c := coll.Collection("authorizations/" + auth.Name)
err := fdb.WriteBytes(c, "expiry", []byte(auth.Expires.Format(time.RFC3339)))
if err != nil {
return err
}
err = fdb.WriteBytes(c, "url", []byte(auth.URL))
if err != nil {
return err
}
}
return nil
}
// Serializes the target to disk. Call after changing any settings.
func (s *fdbStore) SaveTarget(t *Target) error {
// Some basic validation.
err := t.Validate()
if err != nil {
return err
}
if t != s.defaultTarget {
t.ensureFilename()
}
tcopy := *t
if t == s.defaultTarget {
tcopy.genericise()
}
// don't serialize default request names list
if tcopy.Request.implicitNames {
tcopy.Request.Names = nil
}
b, err := yaml.Marshal(&tcopy)
if err != nil {
return err
}
// Save.
if t == s.defaultTarget {
return fdb.WriteBytes(s.db.Collection("conf"), "target", b)
}
return fdb.WriteBytes(s.db.Collection("desired"), t.Filename, b)
}
func (s *Store) requestCertificateForTarget(t *Target) error {
//return fmt.Errorf("not requesting certificate")
cl := s.getAccountClient(t.Request.Account)
err := solver.AssistedUpsertRegistration(cl, nil, context.TODO())
if err != nil {
return err
}
authsNeeded, err := s.determineNecessaryAuthorizations(t)
if err != nil {
return err
}
for _, name := range authsNeeded {
log.Debugf("trying to obtain authorization for %#v", name)
err := s.obtainAuthorization(name, t.Request.Account)
if err != nil {
log.Errore(err, "could not obtain authorization for ", name)
return err
}
}
csr, err := s.createCSR(t)
if err != nil {
return err
}
log.Debugf("requesting certificate for %v", t)
acrt, err := cl.RequestCertificate(csr, context.TODO())
if err != nil {
log.Errore(err, "could not request certificate")
return err
}
crt := &Certificate{
URL: acrt.URI,
}
certID := crt.ID()
c := s.db.Collection("certs/" + certID)
err = fdb.WriteBytes(c, "url", []byte(crt.URL))
if err != nil {
log.Errore(err, "could not write certificate URL")
return err
}
s.certs[certID] = crt
log.Debugf("downloading certificate which was just requested: %#v", crt.URL)
err = s.downloadCertificate(crt)
if err != nil {
return err
}
return nil
}
// Set the preferred RSA key size. The size is not validated here, as it is
// clamped later and a higher preferred size may become available in future
// releases.
func (s *Store) SetPreferredRSAKeySize(keySize int) error {
err := fdb.WriteBytes(s.db.Collection("conf"), "rsa-key-size", []byte(fmt.Sprintf("%d", keySize)))
if err != nil {
return err
}
s.preferredRSAKeySize = keySize
return nil
}
// Given a certificate URL, imports the certificate into the store. The
// certificate will be retrirved on the next reconcile. If a certificate with
// that URL already exists, this is a no-op and returns nil.
func (s *Store) ImportCertificate(url string) error {
certID := determineCertificateID(url)
_, ok := s.certs[certID]
if ok {
return nil
}
return fdb.WriteBytes(s.db.Collection("certs/"+certID), "url", []byte(url))
}
func (s *Store) obtainAuthorization(name string, a *Account, trc *TargetRequestChallenge) error {
cl := s.getAccountClient(a)
ccfg := responder.ChallengeConfig{
WebPaths: trc.WebrootPaths,
HTTPPorts: trc.HTTPPorts,
PriorKeyFunc: s.getPriorKey,
}
az, err := solver.Authorize(cl, name, ccfg, nil, context.TODO())
if err != nil {
return err
}
err = cl.LoadAuthorization(az, context.TODO())
if err != nil {
// Try proceeding anyway.
return nil
}
c := s.db.Collection("accounts/" + a.ID() + "/authorizations/" + name)
err = fdb.WriteBytes(c, "expiry", []byte(az.Expires.Format(time.RFC3339)))
if err != nil {
return err
}
err = fdb.WriteBytes(c, "url", []byte(az.URI))
if err != nil {
return err
}
saz := &Authorization{
URL: az.URI,
Name: az.Identifier.Value,
Expires: az.Expires,
}
a.Authorizations[az.Identifier.Value] = saz
return nil
}
// Set the preferred webroot paths.
func (s *Store) SetWebrootPaths(paths []string) error {
confc := s.db.Collection("conf")
err := fdb.WriteBytes(confc, "webroot-path", []byte(strings.Join(paths, "\n")))
if err != nil {
return err
}
s.webrootPaths = paths
return nil
}
func (s *Store) saveDefaultTarget() error {
confc := s.db.Collection("conf")
b, err := yaml.Marshal(s.defaultTarget)
if err != nil {
return err
}
err = fdb.WriteBytes(confc, "target", b)
if err != nil {
return err
}
return nil
}
func (s *Store) obtainAuthorization(name string, a *Account) error {
cl := s.getAccountClient(a)
az, err := solver.Authorize(cl, name, s.webrootPaths, nil, s.getPriorKey, context.TODO())
if err != nil {
return err
}
err = cl.LoadAuthorization(az, context.TODO())
if err != nil {
// Try proceeding anyway.
return nil
}
c := s.db.Collection("accounts/" + a.ID() + "/authorizations/" + name)
err = fdb.WriteBytes(c, "expiry", []byte(az.Expires.Format(time.RFC3339)))
if err != nil {
return err
}
err = fdb.WriteBytes(c, "url", []byte(az.URI))
if err != nil {
return err
}
saz := &Authorization{
URL: az.URI,
Name: az.Identifier.Value,
Expires: az.Expires,
}
a.Authorizations[az.Identifier.Value] = saz
return nil
}
func (s *Store) serializeTarget(filename string, tgt *Target) error {
tcopy := *tgt
// don't serialize default request names list
if tcopy.Request.implicitNames {
tcopy.Request.Names = nil
}
b, err := yaml.Marshal(&tcopy)
if err != nil {
return err
}
c := s.db.Collection("desired")
return fdb.WriteBytes(c, filename, b)
}
// Given a certificate URL, imports the certificate into the store. The
// certificate will be retrirved on the next reconcile. If a certificate with
// that URL already exists, this is a no-op and returns nil.
func (s *fdbStore) ImportCertificate(url string) (*Certificate, error) {
certID := determineCertificateID(url)
c, ok := s.certs[certID]
if ok {
return c, nil
}
err := fdb.WriteBytes(s.db.Collection("certs/"+certID), "url", []byte(url))
if err != nil {
return nil, err
}
c = &Certificate{
URL: url,
}
s.certs[certID] = c
return c, nil
}
func (s *Store) SaveDefaultTarget() error {
// Some basic validation.
err := s.defaultTarget.Validate()
if err != nil {
return err
}
// Save.
confc := s.db.Collection("conf")
b, err := yaml.Marshal(s.defaultTarget)
if err != nil {
return err
}
err = fdb.WriteBytes(confc, "target", b)
if err != nil {
return err
}
return nil
}
func (s *fdbStore) WriteMiscellaneousConfFile(filename string, data []byte) error {
return fdb.WriteBytes(s.db.Collection("conf"), filename, data)
}