starred/godoxy
1
0
Fork 0
mirror of https://github.com/yusing/godoxy.git synced 2026-04-25 10:18:59 +02:00
Code Issues 18 Packages Projects Releases 10 Wiki Activity

autocert update:

Browse Source 
- save ACME private key to reuse previous registered ACME account
- properly renew certificate with `Certificate.RenewWithOptions` instead of re-obtaining with `Certificate.Obtain`
This commit is contained in:
yusing
2024-11-29 05:06:23 +08:00
parent d3842ec3c3
commit acdb324f7d
4 changed files with 79 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
internal/autocert/config.go
View File

@@ -4,10 +4,13 @@ import (
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"crypto/x509"
"os"
"github.com/go-acme/lego/v4/certcrypto"
"github.com/go-acme/lego/v4/lego"
E "github.com/yusing/go-proxy/internal/error"
"github.com/yusing/go-proxy/internal/logging"
"github.com/yusing/go-proxy/internal/utils"
"github.com/yusing/go-proxy/internal/utils/strutils"
@@ -33,6 +36,9 @@ func NewConfig(cfg *types.AutoCertConfig) *Config {
if cfg.Provider == "" {
cfg.Provider = ProviderLocal
}
if cfg.ACMEKeyPath == "" {
cfg.ACMEKeyPath = ACMEKeyFileDefault
}
return (*Config)(cfg)
}
@@ -62,10 +68,18 @@ func (cfg *Config) GetProvider() (*Provider, E.Error) {
return nil, b.Error()
}
privKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil {
b.Addf("generate private key: %w", err)
return nil, b.Error()
var privKey *ecdsa.PrivateKey
var err error
if privKey, err = cfg.loadACMEKey(); err != nil {
logging.Err(err).Msg("load ACME private key failed, generating one...")
privKey, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil {
return nil, E.New("generate ACME private key").With(err)
}
if err = cfg.saveACMEKey(privKey); err != nil {
return nil, E.New("save ACME private key").With(err)
}
}
user := &User{
@@ -82,3 +96,19 @@ func (cfg *Config) GetProvider() (*Provider, E.Error) {
legoCfg: legoCfg,
}, nil
}
func (cfg *Config) loadACMEKey() (*ecdsa.PrivateKey, error) {
data, err := os.ReadFile(cfg.ACMEKeyPath)
if err != nil {
return nil, err
}
return x509.ParseECPrivateKey(data)
}
func (cfg *Config) saveACMEKey(key *ecdsa.PrivateKey) error {
data, err := x509.MarshalECPrivateKey(key)
if err != nil {
return err
}
return os.WriteFile(cfg.ACMEKeyPath, data, 0o600)
}