1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
package autocert
import (
"context"
"crypto/tls"
"fmt"
"net"
"code.crute.us/mcrute/golib/log"
"code.crute.us/mcrute/golib/service"
"golang.org/x/net/idna"
)
type CertProvider interface {
GetCertificate(*tls.ClientHelloInfo) (*tls.Certificate, error)
Listener() net.Listener
TLSConfig() *tls.Config
}
type PrimingCertProvider interface {
CertProvider
PrimeCache() error
PrimingReporter(log.LeveledLogger) service.RunnerFunc
}
type ACMEHostList struct {
hosts map[string]bool
}
func NewACMEHostList(hosts ...string) *ACMEHostList {
hl := make(map[string]bool, len(hosts))
for _, h := range hosts {
if h, err := idna.Lookup.ToASCII(h); err == nil {
hl[h] = true
}
}
return &ACMEHostList{hl}
}
func (h *ACMEHostList) HostPolicy(_ context.Context, host string) error {
if !h.hosts[host] {
return fmt.Errorf("acme/autocert: host %q not configured in HostWhitelist", host)
}
return nil
}
func (h *ACMEHostList) Hosts() []string {
out := []string{}
for k, _ := range h.hosts {
out = append(out, k)
}
return out
}
// PrimeCache makes a request to the autocert.Manager.GetCertificate function
// for each host in the host list. It will request ECDSA certificates. This
// will fill a certificate cache if it has not yet been filled and has the side
// effect of starting renewal goroutines for each allowed host.
//
// If reportcb is not nil it will be called with a log message for each host
// that is being primed.
func (h *ACMEHostList) PrimeCache(m CertProvider, report chan<- string) error {
for k, _ := range h.hosts {
if report != nil {
report <- fmt.Sprintf("Priming certificate cache for %s", k)
}
// ECDSA Version
if _, err := m.GetCertificate(&tls.ClientHelloInfo{
ServerName: k,
SignatureSchemes: []tls.SignatureScheme{tls.ECDSAWithP256AndSHA256},
}); err != nil {
return err
}
// RSA Version
if _, err := m.GetCertificate(&tls.ClientHelloInfo{
ServerName: k,
}); err != nil {
return err
}
}
return nil
}
|