diff options
Diffstat (limited to 'clients/autocert/autocert_wrapper.go')
-rw-r--r-- | clients/autocert/autocert_wrapper.go | 46 |
1 files changed, 18 insertions, 28 deletions
diff --git a/clients/autocert/autocert_wrapper.go b/clients/autocert/autocert_wrapper.go index 017490e..f871101 100644 --- a/clients/autocert/autocert_wrapper.go +++ b/clients/autocert/autocert_wrapper.go | |||
@@ -2,24 +2,21 @@ package autocert | |||
2 | 2 | ||
3 | import ( | 3 | import ( |
4 | "context" | 4 | "context" |
5 | "fmt" | ||
6 | "sync" | 5 | "sync" |
7 | 6 | ||
8 | "code.crute.us/mcrute/golib/clients/dns" | 7 | "code.crute.us/mcrute/golib/clients/dns" |
9 | glautocert "code.crute.us/mcrute/golib/crypto/acme/autocert" | 8 | glautocert "code.crute.us/mcrute/golib/crypto/acme/autocert" |
10 | "code.crute.us/mcrute/golib/log" | 9 | "code.crute.us/mcrute/golib/log" |
11 | "code.crute.us/mcrute/golib/secrets" | ||
12 | "code.crute.us/mcrute/golib/service" | 10 | "code.crute.us/mcrute/golib/service" |
13 | 11 | ||
14 | "golang.org/x/crypto/acme/autocert" | 12 | "golang.org/x/crypto/acme/autocert" |
15 | ) | 13 | ) |
16 | 14 | ||
17 | type AutocertConfig struct { | 15 | type AutocertConfig struct { |
18 | Hosts []string | 16 | ApiKey string |
19 | Secrets secrets.Client | 17 | Hosts []string |
20 | SecretName string | 18 | Email string |
21 | Email string | 19 | CertHost string |
22 | CertHost string | ||
23 | } | 20 | } |
24 | 21 | ||
25 | type AutocertWrapper struct { | 22 | type AutocertWrapper struct { |
@@ -37,29 +34,22 @@ func MustNewAutocertWrapper(ctx context.Context, c AutocertConfig) *AutocertWrap | |||
37 | } | 34 | } |
38 | 35 | ||
39 | func NewAutocertWrapper(ctx context.Context, c AutocertConfig) (*AutocertWrapper, error) { | 36 | func NewAutocertWrapper(ctx context.Context, c AutocertConfig) (*AutocertWrapper, error) { |
40 | w := &AutocertWrapper{ | 37 | hl := glautocert.NewACMEHostList(c.Hosts...) |
41 | hl: glautocert.NewACMEHostList(c.Hosts...), | 38 | return &AutocertWrapper{ |
39 | hl: hl, | ||
42 | pr: make(chan string, 10), | 40 | pr: make(chan string, 10), |
43 | } | 41 | Manager: &autocert.Manager{ |
44 | 42 | Cache: autocert.DirCache("ssl/"), | |
45 | apiKey := &secrets.ApiKey{} | 43 | Prompt: autocert.AcceptTOS, |
46 | if _, err := c.Secrets.Secret(ctx, c.SecretName, apiKey); err != nil { | 44 | HostPolicy: hl.HostPolicy, |
47 | return nil, fmt.Errorf("Error fetching credential %s: %w", c.SecretName, err) | 45 | Email: c.Email, |
48 | } | 46 | StapleOCSP: true, |
49 | 47 | DNSManager: &dns.AcmeDNSServiceClient{ | |
50 | w.Manager = &autocert.Manager{ | 48 | URL: c.CertHost, |
51 | Cache: autocert.DirCache("ssl/"), | 49 | ApiKey: c.ApiKey, |
52 | Prompt: autocert.AcceptTOS, | 50 | }, |
53 | HostPolicy: w.hl.HostPolicy, | ||
54 | Email: c.Email, | ||
55 | StapleOCSP: true, | ||
56 | DNSManager: &dns.AcmeDNSServiceClient{ | ||
57 | URL: c.CertHost, | ||
58 | ApiKey: apiKey.Key, | ||
59 | }, | 51 | }, |
60 | } | 52 | }, nil |
61 | |||
62 | return w, nil | ||
63 | } | 53 | } |
64 | 54 | ||
65 | func (w *AutocertWrapper) PrimeCache() error { | 55 | func (w *AutocertWrapper) PrimeCache() error { |