a/certmagic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
aad674cda5
certmagic/account.go

457 lines
15 KiB
Go
Raw Normal View History

Initial commit
2018-12-10 13:15:26 +10:00
// Copyright 2015 Matthew Holt
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package certmagic
import (
"bufio"
Look up account in storage first This avoids contacting the server if we already have the account info in storage.
2021-01-21 09:01:53 +10:00
"bytes"
Support account lookup by private key This enables adding existing accounts to storage so they can be used in future ACME transactions, as long as the private key is possessed.
2021-01-21 07:52:08 +10:00
"context"
Initial commit
2018-12-10 13:15:26 +10:00
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"encoding/json"
storage: Require fs.ErrNotExist (fix #168) (#170) Also stop using the deprecated io/ioutil package. Update dependencies. Update Go version in go.mod.
2022-03-08 04:11:20 +10:00
"errors"
Initial commit
2018-12-10 13:15:26 +10:00
"fmt"
"io"
storage: Require fs.ErrNotExist (fix #168) (#170) Also stop using the deprecated io/ioutil package. Update dependencies. Update Go version in go.mod.
2022-03-08 04:11:20 +10:00
"io/fs"
Initial commit
2018-12-10 13:15:26 +10:00
"os"
FileStorage: Fix List(); modify Storage interface (fixes #4) Adding a recursive option to List(), which, if true, causes List to act like a walk function. Also differentiating between "terminal" keys and "non-terminal" in KeyInfo, since sometimes directories are useful, like listing user accounts.
2018-12-13 07:47:22 +10:00
"path"
Initial commit
2018-12-10 13:15:26 +10:00
"sort"
"strings"
Sync discovered contact email (fix #127)
2021-04-13 03:57:11 +10:00
"sync"
Initial commit
2018-12-10 13:15:26 +10:00
Upgrade acmez to v2 beta Adds support for customizing NotBefore/NotAfter times of certs
2024-04-09 06:05:43 +10:00
"github.com/mholt/acmez/v2/acme"
More logging about account loading/creation
2024-06-04 11:47:29 +10:00
"go.uber.org/zap"
Initial commit
2018-12-10 13:15:26 +10:00
)
Replace lego with ACMEz (close #71) (#78)
2020-07-28 08:50:41 +10:00
// getAccount either loads or creates a new account, depending on if
// an account can be found in storage for the given CA + email combo.
Rename ACMEManager -> ACMEIssuer, CertificateManager -> Manager This is necessary to eliminate confusing naming conventions, since now we have Manager types, having an issuer called ACMEManager was confusing. CertificateManager is a redundant name as this package is called CertMagic, so that a Manager manages certificates should be obvious. It's also more succinct. Plus, it's consistent with Issuer which is not named CertificateIssuer.
2022-03-25 03:34:31 +10:00
func (am *ACMEIssuer) getAccount(ctx context.Context, ca, email string) (acme.Account, error) {
Propagate context in the Storage interface methods (#155) * Add context propagation to the Storage interface Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Bump to Go 1.17 * Minor cleanup * filestorage: Honor context cancellation in List() Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2022-03-08 05:26:52 +10:00
acct, err := am.loadAccount(ctx, ca, email)
storage: Require fs.ErrNotExist (fix #168) (#170) Also stop using the deprecated io/ioutil package. Update dependencies. Update Go version in go.mod.
2022-03-08 04:11:20 +10:00
if errors.Is(err, fs.ErrNotExist) {
More logging about account loading/creation
2024-06-04 11:47:29 +10:00
am.Logger.Info("creating new account because no account for configured email is known to us",
zap.String("email", email),
zap.String("ca", ca),
zap.Error(err))
storage: Require fs.ErrNotExist (fix #168) (#170) Also stop using the deprecated io/ioutil package. Update dependencies. Update Go version in go.mod.
2022-03-08 04:11:20 +10:00
return am.newAccount(email)
Look up account in storage first This avoids contacting the server if we already have the account info in storage.
2021-01-21 09:01:53 +10:00
}
More logging about account loading/creation
2024-06-04 11:47:29 +10:00
am.Logger.Debug("using existing ACME account because key found in storage associated with email",
zap.String("email", email),
zap.String("ca", ca))
Look up account in storage first This avoids contacting the server if we already have the account info in storage.
2021-01-21 09:01:53 +10:00
return acct, err
}
// loadAccount loads an account from storage, but does not create a new one.
Rename ACMEManager -> ACMEIssuer, CertificateManager -> Manager This is necessary to eliminate confusing naming conventions, since now we have Manager types, having an issuer called ACMEManager was confusing. CertificateManager is a redundant name as this package is called CertMagic, so that a Manager manages certificates should be obvious. It's also more succinct. Plus, it's consistent with Issuer which is not named CertificateIssuer.
2022-03-25 03:34:31 +10:00
func (am *ACMEIssuer) loadAccount(ctx context.Context, ca, email string) (acme.Account, error) {
Propagate context in the Storage interface methods (#155) * Add context propagation to the Storage interface Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Bump to Go 1.17 * Minor cleanup * filestorage: Honor context cancellation in List() Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2022-03-08 05:26:52 +10:00
regBytes, err := am.config.Storage.Load(ctx, am.storageKeyUserReg(ca, email))
Look up account in storage first This avoids contacting the server if we already have the account info in storage.
2021-01-21 09:01:53 +10:00
if err != nil {
Replace lego with ACMEz (close #71) (#78)
2020-07-28 08:50:41 +10:00
return acme.Account{}, err
}
Propagate context in the Storage interface methods (#155) * Add context propagation to the Storage interface Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Bump to Go 1.17 * Minor cleanup * filestorage: Honor context cancellation in List() Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2022-03-08 05:26:52 +10:00
keyBytes, err := am.config.Storage.Load(ctx, am.storageKeyUserPrivateKey(ca, email))
Replace lego with ACMEz (close #71) (#78)
2020-07-28 08:50:41 +10:00
if err != nil {
return acme.Account{}, err
}
Initial commit
2018-12-10 13:15:26 +10:00
Replace lego with ACMEz (close #71) (#78)
2020-07-28 08:50:41 +10:00
var acct acme.Account
err = json.Unmarshal(regBytes, &acct)
if err != nil {
return acct, err
}
GetCertificate from external certificate sources (Managers) (#163) This work made possible by Tailscale: https://tailscale.com - thank you to the Tailscale team! * Implement custom GetCertificate callback Useful if another entity is managing certificates and can provide its own dynamically during handshakes. * Refactor CustomGetCertificate into OnDemandConfig * Set certs to managed=true This is only sorta true, but it allows handshake-time maintenance of the certificates that are cached from CustomGetCertificate. Our background maintenance routine skips certs that are OnDemand so it should be fine. * Change CustomGetCertificate into interface value Instead of a function * Case-insensitive subject name comparison Hostnames are case-insensitive Also add context to GetCertificate * Export a couple of outrageously useful functions * Allow multiple custom certificate getters Also minor refactoring and enhancements * Fix tests * Rename Getter -> Manager; refactor And don't cache externally managed certs * Minor updates to comments
2022-02-18 07:37:50 +10:00
acct.PrivateKey, err = PEMDecodePrivateKey(keyBytes)
account: handle decodePrivateKey() error in getAccount (#89)
2020-08-27 04:54:29 +10:00
if err != nil {
return acct, fmt.Errorf("could not decode account's private key: %v", err)
}
Gracefully transition existing meta assets to new format The new format is dictated primarily by the ACME spec as implemented by the new acmez/acme package. It makes a lot more sense.
2020-07-31 04:13:45 +10:00
return acct, nil
}
Replace lego with ACMEz (close #71) (#78)
2020-07-28 08:50:41 +10:00
// newAccount generates a new private key for a new ACME account, but
// it does not register or save the account.
Rename ACMEManager -> ACMEIssuer, CertificateManager -> Manager This is necessary to eliminate confusing naming conventions, since now we have Manager types, having an issuer called ACMEManager was confusing. CertificateManager is a redundant name as this package is called CertMagic, so that a Manager manages certificates should be obvious. It's also more succinct. Plus, it's consistent with Issuer which is not named CertificateIssuer.
2022-03-25 03:34:31 +10:00
func (*ACMEIssuer) newAccount(email string) (acme.Account, error) {
Replace lego with ACMEz (close #71) (#78)
2020-07-28 08:50:41 +10:00
var acct acme.Account
if email != "" {
acct.Contact = []string{"mailto:" + email} // TODO: should we abstract the contact scheme?
}
privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil {
return acct, fmt.Errorf("generating private key: %v", err)
}
acct.PrivateKey = privateKey
return acct, nil
Initial commit
2018-12-10 13:15:26 +10:00
}
Look up account in storage first This avoids contacting the server if we already have the account info in storage.
2021-01-21 09:01:53 +10:00
// GetAccount first tries loading the account with the associated private key from storage.
// If it does not exist in storage, it will be retrieved from the ACME server and added to storage.
// The account must already exist; it does not create a new account.
Rename ACMEManager -> ACMEIssuer, CertificateManager -> Manager This is necessary to eliminate confusing naming conventions, since now we have Manager types, having an issuer called ACMEManager was confusing. CertificateManager is a redundant name as this package is called CertMagic, so that a Manager manages certificates should be obvious. It's also more succinct. Plus, it's consistent with Issuer which is not named CertificateIssuer.
2022-03-25 03:34:31 +10:00
func (am *ACMEIssuer) GetAccount(ctx context.Context, privateKeyPEM []byte) (acme.Account, error) {
Use configured email to pin to specific account key in storage (#283) * Use the `email` configuration in the ACME issuer to "pin" an account to a key When the issuer is configured with both an email and key material, these should match -- but that also means we can use the email information to predict the key-key, skipping the potentially expensive storage.List operation. * `continue` when we cannot load the private key for an account Not being able to load this might be caused by a storage problem, or it could have been something we did earlier. In either case we do not know whether this is the account we're looking for, and breaking out now will trigger expensive calls to the ACME server to lookup the account and then save that account again even though it was perfectly fine to begin with. * Add unit tests for the changed behaviors
2024-04-19 05:42:33 +10:00
email := am.getEmail()
if email == "" {
if account, err := am.loadAccountByKey(ctx, privateKeyPEM); err == nil {
return account, nil
}
} else {
keyBytes, err := am.config.Storage.Load(ctx, am.storageKeyUserPrivateKey(am.CA, email))
if err == nil && bytes.Equal(bytes.TrimSpace(keyBytes), bytes.TrimSpace(privateKeyPEM)) {
return am.loadAccount(ctx, am.CA, email)
}
Look up account in storage first This avoids contacting the server if we already have the account info in storage.
2021-01-21 09:01:53 +10:00
}
Use configured email to pin to specific account key in storage (#283) * Use the `email` configuration in the ACME issuer to "pin" an account to a key When the issuer is configured with both an email and key material, these should match -- but that also means we can use the email information to predict the key-key, skipping the potentially expensive storage.List operation. * `continue` when we cannot load the private key for an account Not being able to load this might be caused by a storage problem, or it could have been something we did earlier. In either case we do not know whether this is the account we're looking for, and breaking out now will trigger expensive calls to the ACME server to lookup the account and then save that account again even though it was perfectly fine to begin with. * Add unit tests for the changed behaviors
2024-04-19 05:42:33 +10:00
return am.lookUpAccount(ctx, privateKeyPEM)
Look up account in storage first This avoids contacting the server if we already have the account info in storage.
2021-01-21 09:01:53 +10:00
}
// loadAccountByKey loads the account with the given private key from storage, if it exists.
storage: Require fs.ErrNotExist (fix #168) (#170) Also stop using the deprecated io/ioutil package. Update dependencies. Update Go version in go.mod.
2022-03-08 04:11:20 +10:00
// If it does not exist, an error of type fs.ErrNotExist is returned. This is not very efficient
Look up account in storage first This avoids contacting the server if we already have the account info in storage.
2021-01-21 09:01:53 +10:00
// for lots of accounts.
Rename ACMEManager -> ACMEIssuer, CertificateManager -> Manager This is necessary to eliminate confusing naming conventions, since now we have Manager types, having an issuer called ACMEManager was confusing. CertificateManager is a redundant name as this package is called CertMagic, so that a Manager manages certificates should be obvious. It's also more succinct. Plus, it's consistent with Issuer which is not named CertificateIssuer.
2022-03-25 03:34:31 +10:00
func (am *ACMEIssuer) loadAccountByKey(ctx context.Context, privateKeyPEM []byte) (acme.Account, error) {
Propagate context in the Storage interface methods (#155) * Add context propagation to the Storage interface Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Bump to Go 1.17 * Minor cleanup * filestorage: Honor context cancellation in List() Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2022-03-08 05:26:52 +10:00
accountList, err := am.config.Storage.List(ctx, am.storageKeyUsersPrefix(am.CA), false)
Look up account in storage first This avoids contacting the server if we already have the account info in storage.
2021-01-21 09:01:53 +10:00
if err != nil {
return acme.Account{}, err
}
for _, accountFolderKey := range accountList {
email := path.Base(accountFolderKey)
Propagate context in the Storage interface methods (#155) * Add context propagation to the Storage interface Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Bump to Go 1.17 * Minor cleanup * filestorage: Honor context cancellation in List() Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2022-03-08 05:26:52 +10:00
keyBytes, err := am.config.Storage.Load(ctx, am.storageKeyUserPrivateKey(am.CA, email))
Look up account in storage first This avoids contacting the server if we already have the account info in storage.
2021-01-21 09:01:53 +10:00
if err != nil {
Use configured email to pin to specific account key in storage (#283) * Use the `email` configuration in the ACME issuer to "pin" an account to a key When the issuer is configured with both an email and key material, these should match -- but that also means we can use the email information to predict the key-key, skipping the potentially expensive storage.List operation. * `continue` when we cannot load the private key for an account Not being able to load this might be caused by a storage problem, or it could have been something we did earlier. In either case we do not know whether this is the account we're looking for, and breaking out now will trigger expensive calls to the ACME server to lookup the account and then save that account again even though it was perfectly fine to begin with. * Add unit tests for the changed behaviors
2024-04-19 05:42:33 +10:00
// Try the next account: This one is missing its private key, if it turns out to be the one we're looking
// for we will try to save it again after confirming with the ACME server.
continue
Look up account in storage first This avoids contacting the server if we already have the account info in storage.
2021-01-21 09:01:53 +10:00
}
if bytes.Equal(bytes.TrimSpace(keyBytes), bytes.TrimSpace(privateKeyPEM)) {
Use configured email to pin to specific account key in storage (#283) * Use the `email` configuration in the ACME issuer to "pin" an account to a key When the issuer is configured with both an email and key material, these should match -- but that also means we can use the email information to predict the key-key, skipping the potentially expensive storage.List operation. * `continue` when we cannot load the private key for an account Not being able to load this might be caused by a storage problem, or it could have been something we did earlier. In either case we do not know whether this is the account we're looking for, and breaking out now will trigger expensive calls to the ACME server to lookup the account and then save that account again even though it was perfectly fine to begin with. * Add unit tests for the changed behaviors
2024-04-19 05:42:33 +10:00
// Found the account with the correct private key, try loading it. If this fails we we will follow
// the same procedure as if the private key was not found and confirm with the ACME server before saving
// it again.
Propagate context in the Storage interface methods (#155) * Add context propagation to the Storage interface Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Bump to Go 1.17 * Minor cleanup * filestorage: Honor context cancellation in List() Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2022-03-08 05:26:52 +10:00
return am.loadAccount(ctx, am.CA, email)
Look up account in storage first This avoids contacting the server if we already have the account info in storage.
2021-01-21 09:01:53 +10:00
}
}
storage: Require fs.ErrNotExist (fix #168) (#170) Also stop using the deprecated io/ioutil package. Update dependencies. Update Go version in go.mod.
2022-03-08 04:11:20 +10:00
return acme.Account{}, fs.ErrNotExist
Look up account in storage first This avoids contacting the server if we already have the account info in storage.
2021-01-21 09:01:53 +10:00
}
// lookUpAccount looks up the account associated with privateKeyPEM from the ACME server.
// If the account is found by the server, it will be saved to storage and returned.
Rename ACMEManager -> ACMEIssuer, CertificateManager -> Manager This is necessary to eliminate confusing naming conventions, since now we have Manager types, having an issuer called ACMEManager was confusing. CertificateManager is a redundant name as this package is called CertMagic, so that a Manager manages certificates should be obvious. It's also more succinct. Plus, it's consistent with Issuer which is not named CertificateIssuer.
2022-03-25 03:34:31 +10:00
func (am *ACMEIssuer) lookUpAccount(ctx context.Context, privateKeyPEM []byte) (acme.Account, error) {
Support account lookup by private key This enables adding existing accounts to storage so they can be used in future ACME transactions, as long as the private key is possessed.
2021-01-21 07:52:08 +10:00
client, err := am.newACMEClient(false)
if err != nil {
return acme.Account{}, fmt.Errorf("creating ACME client: %v", err)
}
GetCertificate from external certificate sources (Managers) (#163) This work made possible by Tailscale: https://tailscale.com - thank you to the Tailscale team! * Implement custom GetCertificate callback Useful if another entity is managing certificates and can provide its own dynamically during handshakes. * Refactor CustomGetCertificate into OnDemandConfig * Set certs to managed=true This is only sorta true, but it allows handshake-time maintenance of the certificates that are cached from CustomGetCertificate. Our background maintenance routine skips certs that are OnDemand so it should be fine. * Change CustomGetCertificate into interface value Instead of a function * Case-insensitive subject name comparison Hostnames are case-insensitive Also add context to GetCertificate * Export a couple of outrageously useful functions * Allow multiple custom certificate getters Also minor refactoring and enhancements * Fix tests * Rename Getter -> Manager; refactor And don't cache externally managed certs * Minor updates to comments
2022-02-18 07:37:50 +10:00
privateKey, err := PEMDecodePrivateKey([]byte(privateKeyPEM))
Support account lookup by private key This enables adding existing accounts to storage so they can be used in future ACME transactions, as long as the private key is possessed.
2021-01-21 07:52:08 +10:00
if err != nil {
return acme.Account{}, fmt.Errorf("decoding private key: %v", err)
}
// look up the account
account := acme.Account{PrivateKey: privateKey}
account, err = client.GetAccount(ctx, account)
if err != nil {
return acme.Account{}, fmt.Errorf("looking up account with server: %v", err)
}
// save the account details to storage
Propagate context in the Storage interface methods (#155) * Add context propagation to the Storage interface Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Bump to Go 1.17 * Minor cleanup * filestorage: Honor context cancellation in List() Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2022-03-08 05:26:52 +10:00
err = am.saveAccount(ctx, client.Directory, account)
Support account lookup by private key This enables adding existing accounts to storage so they can be used in future ACME transactions, as long as the private key is possessed.
2021-01-21 07:52:08 +10:00
if err != nil {
return account, fmt.Errorf("could not save account to storage: %v", err)
}
return account, nil
}
Replace lego with ACMEz (close #71) (#78)
2020-07-28 08:50:41 +10:00
// saveAccount persists an ACME account's info and private key to storage.
// It does NOT register the account via ACME or prompt the user.
Rename ACMEManager -> ACMEIssuer, CertificateManager -> Manager This is necessary to eliminate confusing naming conventions, since now we have Manager types, having an issuer called ACMEManager was confusing. CertificateManager is a redundant name as this package is called CertMagic, so that a Manager manages certificates should be obvious. It's also more succinct. Plus, it's consistent with Issuer which is not named CertificateIssuer.
2022-03-25 03:34:31 +10:00
func (am *ACMEIssuer) saveAccount(ctx context.Context, ca string, account acme.Account) error {
Replace lego with ACMEz (close #71) (#78)
2020-07-28 08:50:41 +10:00
regBytes, err := json.MarshalIndent(account, "", "\t")
Initial commit
2018-12-10 13:15:26 +10:00
if err != nil {
Replace lego with ACMEz (close #71) (#78)
2020-07-28 08:50:41 +10:00
return err
Initial commit
2018-12-10 13:15:26 +10:00
}
GetCertificate from external certificate sources (Managers) (#163) This work made possible by Tailscale: https://tailscale.com - thank you to the Tailscale team! * Implement custom GetCertificate callback Useful if another entity is managing certificates and can provide its own dynamically during handshakes. * Refactor CustomGetCertificate into OnDemandConfig * Set certs to managed=true This is only sorta true, but it allows handshake-time maintenance of the certificates that are cached from CustomGetCertificate. Our background maintenance routine skips certs that are OnDemand so it should be fine. * Change CustomGetCertificate into interface value Instead of a function * Case-insensitive subject name comparison Hostnames are case-insensitive Also add context to GetCertificate * Export a couple of outrageously useful functions * Allow multiple custom certificate getters Also minor refactoring and enhancements * Fix tests * Rename Getter -> Manager; refactor And don't cache externally managed certs * Minor updates to comments
2022-02-18 07:37:50 +10:00
keyBytes, err := PEMEncodePrivateKey(account.PrivateKey)
Replace lego with ACMEz (close #71) (#78)
2020-07-28 08:50:41 +10:00
if err != nil {
return err
}
// extract primary contact (email), without scheme (e.g. "mailto:")
primaryContact := getPrimaryContact(account)
all := []keyValue{
{
key: am.storageKeyUserReg(ca, primaryContact),
value: regBytes,
},
{
key: am.storageKeyUserPrivateKey(ca, primaryContact),
value: keyBytes,
},
}
Propagate context in the Storage interface methods (#155) * Add context propagation to the Storage interface Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Bump to Go 1.17 * Minor cleanup * filestorage: Honor context cancellation in List() Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2022-03-08 05:26:52 +10:00
return storeTx(ctx, am.config.Storage, all)
Initial commit
2018-12-10 13:15:26 +10:00
}
Retry with new account if account disappeared remotely (#269) * Retry with new account if account disappeared remotely * Emit log when account is missing from ACME server
2024-03-15 07:35:35 +10:00
// deleteAccountLocally deletes the registration info and private key of the account
// for the given CA from storage.
func (am *ACMEIssuer) deleteAccountLocally(ctx context.Context, ca string, account acme.Account) error {
primaryContact := getPrimaryContact(account)
if err := am.config.Storage.Delete(ctx, am.storageKeyUserReg(ca, primaryContact)); err != nil {
return err
}
return am.config.Storage.Delete(ctx, am.storageKeyUserPrivateKey(ca, primaryContact))
}
Rename getEmail -> setEmail It doesn't really return the email address; it mutates the ACMEIssuer.
2022-07-06 08:56:22 +10:00
// setEmail does everything it can to obtain an email address
Initial commit
2018-12-10 13:15:26 +10:00
// from the user within the scope of memory and storage to use
user: don't create new user in getEmail (#17)
2019-01-22 04:31:57 +10:00
// for ACME TLS. If it cannot get an email address, it does nothing
// (If user is prompted, it will warn the user of
Initial commit
2018-12-10 13:15:26 +10:00
// the consequences of an empty email.) This function MAY prompt
user: don't create new user in getEmail (#17)
2019-01-22 04:31:57 +10:00
// the user for input. If allowPrompts is false, the user
Initial commit
2018-12-10 13:15:26 +10:00
// will NOT be prompted and an empty email may be returned.
Rename getEmail -> setEmail It doesn't really return the email address; it mutates the ACMEIssuer.
2022-07-06 08:56:22 +10:00
func (am *ACMEIssuer) setEmail(ctx context.Context, allowPrompts bool) error {
Major refactor to improve performance, correctness, and extensibility Breaking changes; thank goodness we're not 1.0 yet 😅 - read on! This change completely separates ACME-specific code from the rest of the certificate management process, allowing pluggable sources for certs that aren't ACME. Notably, most of Config was spliced into ACMEManager. Similarly, there's now Default and DefaultACME. Storage structure had to be reconfigured. Certificates are no longer in the acme/ subfolder since they can be obtained by ways other than ACME! Certificates moved to a new certificates/ subfolder. The subfolders in that folder use the path of the ACME endpoint instead of just the host, so that also changed. Be aware that unless you move your certs over, CertMagic will not find them and will attempt to get new ones. That is usually fine for most users, but for extremely large deployments, you will want to move them over first. Old certs path: acme/acme-staging-v02.api.letsencrypt.org/... New certs path: certificates/acme-staging-v02.api.letsencrypt.org-directory/... That's all for significant storage changes! But this refactor also vastly improves performance, especially at scale, and makes CertMagic way more resilient to errors. Retries are done on the staging endpoint by default, so they won't count against your rate limit. If your hardware can handle it, I'm now pretty confident that you can give CertMagic a million domain names and it will gracefully manage them, as fast as it can within internal and external rate limits, even in the presence of errors. Errors will of course slow some things down, but you should be good to go if you're monitoring logs and can fix any misconfigurations or other external errors! Several other mostly-minor enhancements fix bugs, especially at scale. For example, duplicated renewal tasks (that continuously fail) will not pile up on each other: only one will operate, under exponential backoff. Closes #50 and fixes #55
2020-02-22 07:32:57 +10:00
leEmail := am.Email
LooksLikeHTTPChallenge and fix Agreed setting
2019-04-30 00:35:53 +10:00
Sync discovered contact email (fix #127)
2021-04-13 03:57:11 +10:00
// First try package default email, or a discovered email address
Move some tests over Tests originally from Caddy's caddytls package Also fix a few bugs: sorting most recent emails, and nil Config in HTTP challenge handler
2018-12-11 02:59:03 +10:00
if leEmail == "" {
Sync discovered contact email (fix #127)
2021-04-13 03:57:11 +10:00
leEmail = DefaultACME.Email
}
if leEmail == "" {
discoveredEmailMu.Lock()
leEmail = discoveredEmail
discoveredEmailMu.Unlock()
Move some tests over Tests originally from Caddy's caddytls package Also fix a few bugs: sorting most recent emails, and nil Config in HTTP challenge handler
2018-12-11 02:59:03 +10:00
}
LooksLikeHTTPChallenge and fix Agreed setting
2019-04-30 00:35:53 +10:00
Initial commit
2018-12-10 13:15:26 +10:00
// Then try to get most recent user email from storage
Don't re-prompt for email if account already exists Extracting CertMagic out of Caddy was a new and complicated surgery, and although successful, it wasn't without its side-effects. One of them was we slightly altered some of the subtle logic related to getting an email address in order to know which account to use. If an ACME account with an empty email already exists, and no Email is available on the config, that account should be used without prompting the user over and over. If no account exists and no email is available, then yes a prompt is warranted. And of course if an email is set or an account with a non-empty email exists, that should be used without prompts (this was already the case). This commit fixes to align with that expectation, so that accounts with empty emails can be reused, if present. Empty emails should only be used in dev or testing environments; omitting them in production is bad practice.
2019-02-25 16:09:13 +10:00
var gotRecentEmail bool
Initial commit
2018-12-10 13:15:26 +10:00
if leEmail == "" {
Propagate context in the Storage interface methods (#155) * Add context propagation to the Storage interface Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Bump to Go 1.17 * Minor cleanup * filestorage: Honor context cancellation in List() Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2022-03-08 05:26:52 +10:00
leEmail, gotRecentEmail = am.mostRecentAccountEmail(ctx, am.CA)
Initial commit
2018-12-10 13:15:26 +10:00
}
Don't re-prompt for email if account already exists Extracting CertMagic out of Caddy was a new and complicated surgery, and although successful, it wasn't without its side-effects. One of them was we slightly altered some of the subtle logic related to getting an email address in order to know which account to use. If an ACME account with an empty email already exists, and no Email is available on the config, that account should be used without prompting the user over and over. If no account exists and no email is available, then yes a prompt is warranted. And of course if an email is set or an account with a non-empty email exists, that should be used without prompts (this was already the case). This commit fixes to align with that expectation, so that accounts with empty emails can be reused, if present. Empty emails should only be used in dev or testing environments; omitting them in production is bad practice.
2019-02-25 16:09:13 +10:00
if !gotRecentEmail && leEmail == "" && allowPrompts {
user: don't create new user in getEmail (#17)
2019-01-22 04:31:57 +10:00
// Looks like there is no email address readily available,
// so we will have to ask the user if we can.
var err error
Major refactor to improve performance, correctness, and extensibility Breaking changes; thank goodness we're not 1.0 yet 😅 - read on! This change completely separates ACME-specific code from the rest of the certificate management process, allowing pluggable sources for certs that aren't ACME. Notably, most of Config was spliced into ACMEManager. Similarly, there's now Default and DefaultACME. Storage structure had to be reconfigured. Certificates are no longer in the acme/ subfolder since they can be obtained by ways other than ACME! Certificates moved to a new certificates/ subfolder. The subfolders in that folder use the path of the ACME endpoint instead of just the host, so that also changed. Be aware that unless you move your certs over, CertMagic will not find them and will attempt to get new ones. That is usually fine for most users, but for extremely large deployments, you will want to move them over first. Old certs path: acme/acme-staging-v02.api.letsencrypt.org/... New certs path: certificates/acme-staging-v02.api.letsencrypt.org-directory/... That's all for significant storage changes! But this refactor also vastly improves performance, especially at scale, and makes CertMagic way more resilient to errors. Retries are done on the staging endpoint by default, so they won't count against your rate limit. If your hardware can handle it, I'm now pretty confident that you can give CertMagic a million domain names and it will gracefully manage them, as fast as it can within internal and external rate limits, even in the presence of errors. Errors will of course slow some things down, but you should be good to go if you're monitoring logs and can fix any misconfigurations or other external errors! Several other mostly-minor enhancements fix bugs, especially at scale. For example, duplicated renewal tasks (that continuously fail) will not pile up on each other: only one will operate, under exponential backoff. Closes #50 and fixes #55
2020-02-22 07:32:57 +10:00
leEmail, err = am.promptUserForEmail()
Initial commit
2018-12-10 13:15:26 +10:00
if err != nil {
user: don't create new user in getEmail (#17)
2019-01-22 04:31:57 +10:00
return err
Initial commit
2018-12-10 13:15:26 +10:00
}
LooksLikeHTTPChallenge and fix Agreed setting
2019-04-30 00:35:53 +10:00
// User might have just signified their agreement
Fix race conditions (close #195) Also update setting acmez.Client.Logger in accordance with latest acmez commit, which removes redundant logger.
2022-08-02 15:04:11 +10:00
am.mu.Lock()
am.agreed = DefaultACME.Agreed
am.mu.Unlock()
user: don't create new user in getEmail (#17)
2019-01-22 04:31:57 +10:00
}
Don't re-prompt for email if account already exists Extracting CertMagic out of Caddy was a new and complicated surgery, and although successful, it wasn't without its side-effects. One of them was we slightly altered some of the subtle logic related to getting an email address in order to know which account to use. If an ACME account with an empty email already exists, and no Email is available on the config, that account should be used without prompting the user over and over. If no account exists and no email is available, then yes a prompt is warranted. And of course if an email is set or an account with a non-empty email exists, that should be used without prompts (this was already the case). This commit fixes to align with that expectation, so that accounts with empty emails can be reused, if present. Empty emails should only be used in dev or testing environments; omitting them in production is bad practice.
2019-02-25 16:09:13 +10:00
Fix race conditions (close #195) Also update setting acmez.Client.Logger in accordance with latest acmez commit, which removes redundant logger.
2022-08-02 15:04:11 +10:00
// Save the email for later and ensure it is consistent
LooksLikeHTTPChallenge and fix Agreed setting
2019-04-30 00:35:53 +10:00
// for repeated use; then update cfg with the email
Sync discovered contact email (fix #127)
2021-04-13 03:57:11 +10:00
leEmail = strings.TrimSpace(strings.ToLower(leEmail))
discoveredEmailMu.Lock()
if discoveredEmail == "" {
discoveredEmail = leEmail
}
discoveredEmailMu.Unlock()
Fix race conditions (close #195) Also update setting acmez.Client.Logger in accordance with latest acmez commit, which removes redundant logger.
2022-08-02 15:04:11 +10:00
// The unexported email field is the one we use
// because we have thread-safe control over it
am.mu.Lock()
am.email = leEmail
am.mu.Unlock()
Don't re-prompt for email if account already exists Extracting CertMagic out of Caddy was a new and complicated surgery, and although successful, it wasn't without its side-effects. One of them was we slightly altered some of the subtle logic related to getting an email address in order to know which account to use. If an ACME account with an empty email already exists, and no Email is available on the config, that account should be used without prompting the user over and over. If no account exists and no email is available, then yes a prompt is warranted. And of course if an email is set or an account with a non-empty email exists, that should be used without prompts (this was already the case). This commit fixes to align with that expectation, so that accounts with empty emails can be reused, if present. Empty emails should only be used in dev or testing environments; omitting them in production is bad practice.
2019-02-25 16:09:13 +10:00
user: don't create new user in getEmail (#17)
2019-01-22 04:31:57 +10:00
return nil
}
Initial commit
2018-12-10 13:15:26 +10:00
Don't re-prompt for email if account already exists Extracting CertMagic out of Caddy was a new and complicated surgery, and although successful, it wasn't without its side-effects. One of them was we slightly altered some of the subtle logic related to getting an email address in order to know which account to use. If an ACME account with an empty email already exists, and no Email is available on the config, that account should be used without prompting the user over and over. If no account exists and no email is available, then yes a prompt is warranted. And of course if an email is set or an account with a non-empty email exists, that should be used without prompts (this was already the case). This commit fixes to align with that expectation, so that accounts with empty emails can be reused, if present. Empty emails should only be used in dev or testing environments; omitting them in production is bad practice.
2019-02-25 16:09:13 +10:00
// promptUserForEmail prompts the user for an email address
// and returns the email address they entered (which could
// be the empty string). If no error is returned, then Agreed
// will also be set to true, since continuing through the
// prompt signifies agreement.
Rename ACMEManager -> ACMEIssuer, CertificateManager -> Manager This is necessary to eliminate confusing naming conventions, since now we have Manager types, having an issuer called ACMEManager was confusing. CertificateManager is a redundant name as this package is called CertMagic, so that a Manager manages certificates should be obvious. It's also more succinct. Plus, it's consistent with Issuer which is not named CertificateIssuer.
2022-03-25 03:34:31 +10:00
func (am *ACMEIssuer) promptUserForEmail() (string, error) {
user: don't create new user in getEmail (#17)
2019-01-22 04:31:57 +10:00
// prompt the user for an email address and terms agreement
reader := bufio.NewReader(stdin)
Replace lego with ACMEz (close #71) (#78)
2020-07-28 08:50:41 +10:00
am.promptUserAgreement("")
user: don't create new user in getEmail (#17)
2019-01-22 04:31:57 +10:00
fmt.Println("Please enter your email address to signify agreement and to be notified")
fmt.Println("in case of issues. You can leave it blank, but we don't recommend it.")
fmt.Print(" Email address: ")
leEmail, err := reader.ReadString('\n')
if err != nil && err != io.EOF {
return "", fmt.Errorf("reading email address: %v", err)
}
leEmail = strings.TrimSpace(leEmail)
Major refactor to improve performance, correctness, and extensibility Breaking changes; thank goodness we're not 1.0 yet 😅 - read on! This change completely separates ACME-specific code from the rest of the certificate management process, allowing pluggable sources for certs that aren't ACME. Notably, most of Config was spliced into ACMEManager. Similarly, there's now Default and DefaultACME. Storage structure had to be reconfigured. Certificates are no longer in the acme/ subfolder since they can be obtained by ways other than ACME! Certificates moved to a new certificates/ subfolder. The subfolders in that folder use the path of the ACME endpoint instead of just the host, so that also changed. Be aware that unless you move your certs over, CertMagic will not find them and will attempt to get new ones. That is usually fine for most users, but for extremely large deployments, you will want to move them over first. Old certs path: acme/acme-staging-v02.api.letsencrypt.org/... New certs path: certificates/acme-staging-v02.api.letsencrypt.org-directory/... That's all for significant storage changes! But this refactor also vastly improves performance, especially at scale, and makes CertMagic way more resilient to errors. Retries are done on the staging endpoint by default, so they won't count against your rate limit. If your hardware can handle it, I'm now pretty confident that you can give CertMagic a million domain names and it will gracefully manage them, as fast as it can within internal and external rate limits, even in the presence of errors. Errors will of course slow some things down, but you should be good to go if you're monitoring logs and can fix any misconfigurations or other external errors! Several other mostly-minor enhancements fix bugs, especially at scale. For example, duplicated renewal tasks (that continuously fail) will not pile up on each other: only one will operate, under exponential backoff. Closes #50 and fixes #55
2020-02-22 07:32:57 +10:00
DefaultACME.Agreed = true
user: don't create new user in getEmail (#17)
2019-01-22 04:31:57 +10:00
return leEmail, nil
Initial commit
2018-12-10 13:15:26 +10:00
}
// promptUserAgreement simply outputs the standard user
// agreement prompt with the given agreement URL.
// It outputs a newline after the message.
Rename ACMEManager -> ACMEIssuer, CertificateManager -> Manager This is necessary to eliminate confusing naming conventions, since now we have Manager types, having an issuer called ACMEManager was confusing. CertificateManager is a redundant name as this package is called CertMagic, so that a Manager manages certificates should be obvious. It's also more succinct. Plus, it's consistent with Issuer which is not named CertificateIssuer.
2022-03-25 03:34:31 +10:00
func (am *ACMEIssuer) promptUserAgreement(agreementURL string) {
Replace lego with ACMEz (close #71) (#78)
2020-07-28 08:50:41 +10:00
userAgreementPrompt := `Your sites will be served over HTTPS automatically using an automated CA.
By continuing, you agree to the CA's terms of service`
if agreementURL == "" {
fmt.Printf("\n\n%s.\n", userAgreementPrompt)
return
}
fmt.Printf("\n\n%s at:\n %s\n", userAgreementPrompt, agreementURL)
Initial commit
2018-12-10 13:15:26 +10:00
}
// askUserAgreement prompts the user to agree to the agreement
// at the given agreement URL via stdin. It returns whether the
// user agreed or not.
Rename ACMEManager -> ACMEIssuer, CertificateManager -> Manager This is necessary to eliminate confusing naming conventions, since now we have Manager types, having an issuer called ACMEManager was confusing. CertificateManager is a redundant name as this package is called CertMagic, so that a Manager manages certificates should be obvious. It's also more succinct. Plus, it's consistent with Issuer which is not named CertificateIssuer.
2022-03-25 03:34:31 +10:00
func (am *ACMEIssuer) askUserAgreement(agreementURL string) bool {
Major refactor to improve performance, correctness, and extensibility Breaking changes; thank goodness we're not 1.0 yet 😅 - read on! This change completely separates ACME-specific code from the rest of the certificate management process, allowing pluggable sources for certs that aren't ACME. Notably, most of Config was spliced into ACMEManager. Similarly, there's now Default and DefaultACME. Storage structure had to be reconfigured. Certificates are no longer in the acme/ subfolder since they can be obtained by ways other than ACME! Certificates moved to a new certificates/ subfolder. The subfolders in that folder use the path of the ACME endpoint instead of just the host, so that also changed. Be aware that unless you move your certs over, CertMagic will not find them and will attempt to get new ones. That is usually fine for most users, but for extremely large deployments, you will want to move them over first. Old certs path: acme/acme-staging-v02.api.letsencrypt.org/... New certs path: certificates/acme-staging-v02.api.letsencrypt.org-directory/... That's all for significant storage changes! But this refactor also vastly improves performance, especially at scale, and makes CertMagic way more resilient to errors. Retries are done on the staging endpoint by default, so they won't count against your rate limit. If your hardware can handle it, I'm now pretty confident that you can give CertMagic a million domain names and it will gracefully manage them, as fast as it can within internal and external rate limits, even in the presence of errors. Errors will of course slow some things down, but you should be good to go if you're monitoring logs and can fix any misconfigurations or other external errors! Several other mostly-minor enhancements fix bugs, especially at scale. For example, duplicated renewal tasks (that continuously fail) will not pile up on each other: only one will operate, under exponential backoff. Closes #50 and fixes #55
2020-02-22 07:32:57 +10:00
am.promptUserAgreement(agreementURL)
Initial commit
2018-12-10 13:15:26 +10:00
fmt.Print("Do you agree to the terms? (y/n): ")
reader := bufio.NewReader(stdin)
answer, err := reader.ReadString('\n')
if err != nil {
return false
}
answer = strings.ToLower(strings.TrimSpace(answer))
return answer == "y" || answer == "yes"
}
Implement multiple issuer support (#109) * Implement multiple issuer support This change refactors Config.Issuer to be Config.Issuers, an array of issuers. Each Issuer will be tried in turn until one succeeds. During retries, each attempt will try each configured Issuer. When loading certs from storage, CertMagic will look in each Issuer's storage location for a qualifying asset. If multiple Issuers have one in storage then the most-recently-issued cert will be selected. This is a breaking change in that Config now accepts a slice of Issuers rather than a single Issuer. The Revoker field is removed, as supporting it is optional anyway. If the Issuer is also a Revoker, it can be used implicitly to revoke certificates. Also added a const for ZeroSSL's ACME endpoint. * Load matching wildcard on-demand from storage With this change, a config using on-demand TLS can load a certificate for "sub.example.com" from storage using a matching wildcard cert (i.e. "*.example.com") if no better matching certificate is available. * Fix distributed solving with tls-alpn challenges The type assertion in handshake.go was problematic since there's no guarantee that an ACME issuer would be a concrete ACMEManager type. Refactored the code to accept IssuerKey values generally, rather than specific ACMEManager values only. This fixes solving tls-alpn challenges in distributed settings. More cleanup can be done, another time.
2020-11-17 03:53:41 +10:00
func storageKeyACMECAPrefix(issuerKey string) string {
return path.Join(prefixACME, StorageKeys.Safe(issuerKey))
}
Rename ACMEManager -> ACMEIssuer, CertificateManager -> Manager This is necessary to eliminate confusing naming conventions, since now we have Manager types, having an issuer called ACMEManager was confusing. CertificateManager is a redundant name as this package is called CertMagic, so that a Manager manages certificates should be obvious. It's also more succinct. Plus, it's consistent with Issuer which is not named CertificateIssuer.
2022-03-25 03:34:31 +10:00
func (am *ACMEIssuer) storageKeyCAPrefix(caURL string) string {
Implement multiple issuer support (#109) * Implement multiple issuer support This change refactors Config.Issuer to be Config.Issuers, an array of issuers. Each Issuer will be tried in turn until one succeeds. During retries, each attempt will try each configured Issuer. When loading certs from storage, CertMagic will look in each Issuer's storage location for a qualifying asset. If multiple Issuers have one in storage then the most-recently-issued cert will be selected. This is a breaking change in that Config now accepts a slice of Issuers rather than a single Issuer. The Revoker field is removed, as supporting it is optional anyway. If the Issuer is also a Revoker, it can be used implicitly to revoke certificates. Also added a const for ZeroSSL's ACME endpoint. * Load matching wildcard on-demand from storage With this change, a config using on-demand TLS can load a certificate for "sub.example.com" from storage using a matching wildcard cert (i.e. "*.example.com") if no better matching certificate is available. * Fix distributed solving with tls-alpn challenges The type assertion in handshake.go was problematic since there's no guarantee that an ACME issuer would be a concrete ACMEManager type. Refactored the code to accept IssuerKey values generally, rather than specific ACMEManager values only. This fixes solving tls-alpn challenges in distributed settings. More cleanup can be done, another time.
2020-11-17 03:53:41 +10:00
return storageKeyACMECAPrefix(am.issuerKey(caURL))
Major refactor to improve performance, correctness, and extensibility Breaking changes; thank goodness we're not 1.0 yet 😅 - read on! This change completely separates ACME-specific code from the rest of the certificate management process, allowing pluggable sources for certs that aren't ACME. Notably, most of Config was spliced into ACMEManager. Similarly, there's now Default and DefaultACME. Storage structure had to be reconfigured. Certificates are no longer in the acme/ subfolder since they can be obtained by ways other than ACME! Certificates moved to a new certificates/ subfolder. The subfolders in that folder use the path of the ACME endpoint instead of just the host, so that also changed. Be aware that unless you move your certs over, CertMagic will not find them and will attempt to get new ones. That is usually fine for most users, but for extremely large deployments, you will want to move them over first. Old certs path: acme/acme-staging-v02.api.letsencrypt.org/... New certs path: certificates/acme-staging-v02.api.letsencrypt.org-directory/... That's all for significant storage changes! But this refactor also vastly improves performance, especially at scale, and makes CertMagic way more resilient to errors. Retries are done on the staging endpoint by default, so they won't count against your rate limit. If your hardware can handle it, I'm now pretty confident that you can give CertMagic a million domain names and it will gracefully manage them, as fast as it can within internal and external rate limits, even in the presence of errors. Errors will of course slow some things down, but you should be good to go if you're monitoring logs and can fix any misconfigurations or other external errors! Several other mostly-minor enhancements fix bugs, especially at scale. For example, duplicated renewal tasks (that continuously fail) will not pile up on each other: only one will operate, under exponential backoff. Closes #50 and fixes #55
2020-02-22 07:32:57 +10:00
}
Rename ACMEManager -> ACMEIssuer, CertificateManager -> Manager This is necessary to eliminate confusing naming conventions, since now we have Manager types, having an issuer called ACMEManager was confusing. CertificateManager is a redundant name as this package is called CertMagic, so that a Manager manages certificates should be obvious. It's also more succinct. Plus, it's consistent with Issuer which is not named CertificateIssuer.
2022-03-25 03:34:31 +10:00
func (am *ACMEIssuer) storageKeyUsersPrefix(caURL string) string {
Major refactor to improve performance, correctness, and extensibility Breaking changes; thank goodness we're not 1.0 yet 😅 - read on! This change completely separates ACME-specific code from the rest of the certificate management process, allowing pluggable sources for certs that aren't ACME. Notably, most of Config was spliced into ACMEManager. Similarly, there's now Default and DefaultACME. Storage structure had to be reconfigured. Certificates are no longer in the acme/ subfolder since they can be obtained by ways other than ACME! Certificates moved to a new certificates/ subfolder. The subfolders in that folder use the path of the ACME endpoint instead of just the host, so that also changed. Be aware that unless you move your certs over, CertMagic will not find them and will attempt to get new ones. That is usually fine for most users, but for extremely large deployments, you will want to move them over first. Old certs path: acme/acme-staging-v02.api.letsencrypt.org/... New certs path: certificates/acme-staging-v02.api.letsencrypt.org-directory/... That's all for significant storage changes! But this refactor also vastly improves performance, especially at scale, and makes CertMagic way more resilient to errors. Retries are done on the staging endpoint by default, so they won't count against your rate limit. If your hardware can handle it, I'm now pretty confident that you can give CertMagic a million domain names and it will gracefully manage them, as fast as it can within internal and external rate limits, even in the presence of errors. Errors will of course slow some things down, but you should be good to go if you're monitoring logs and can fix any misconfigurations or other external errors! Several other mostly-minor enhancements fix bugs, especially at scale. For example, duplicated renewal tasks (that continuously fail) will not pile up on each other: only one will operate, under exponential backoff. Closes #50 and fixes #55
2020-02-22 07:32:57 +10:00
return path.Join(am.storageKeyCAPrefix(caURL), "users")
}
Rename ACMEManager -> ACMEIssuer, CertificateManager -> Manager This is necessary to eliminate confusing naming conventions, since now we have Manager types, having an issuer called ACMEManager was confusing. CertificateManager is a redundant name as this package is called CertMagic, so that a Manager manages certificates should be obvious. It's also more succinct. Plus, it's consistent with Issuer which is not named CertificateIssuer.
2022-03-25 03:34:31 +10:00
func (am *ACMEIssuer) storageKeyUserPrefix(caURL, email string) string {
Major refactor to improve performance, correctness, and extensibility Breaking changes; thank goodness we're not 1.0 yet 😅 - read on! This change completely separates ACME-specific code from the rest of the certificate management process, allowing pluggable sources for certs that aren't ACME. Notably, most of Config was spliced into ACMEManager. Similarly, there's now Default and DefaultACME. Storage structure had to be reconfigured. Certificates are no longer in the acme/ subfolder since they can be obtained by ways other than ACME! Certificates moved to a new certificates/ subfolder. The subfolders in that folder use the path of the ACME endpoint instead of just the host, so that also changed. Be aware that unless you move your certs over, CertMagic will not find them and will attempt to get new ones. That is usually fine for most users, but for extremely large deployments, you will want to move them over first. Old certs path: acme/acme-staging-v02.api.letsencrypt.org/... New certs path: certificates/acme-staging-v02.api.letsencrypt.org-directory/... That's all for significant storage changes! But this refactor also vastly improves performance, especially at scale, and makes CertMagic way more resilient to errors. Retries are done on the staging endpoint by default, so they won't count against your rate limit. If your hardware can handle it, I'm now pretty confident that you can give CertMagic a million domain names and it will gracefully manage them, as fast as it can within internal and external rate limits, even in the presence of errors. Errors will of course slow some things down, but you should be good to go if you're monitoring logs and can fix any misconfigurations or other external errors! Several other mostly-minor enhancements fix bugs, especially at scale. For example, duplicated renewal tasks (that continuously fail) will not pile up on each other: only one will operate, under exponential backoff. Closes #50 and fixes #55
2020-02-22 07:32:57 +10:00
if email == "" {
email = emptyEmail
}
return path.Join(am.storageKeyUsersPrefix(caURL), StorageKeys.Safe(email))
}
Rename ACMEManager -> ACMEIssuer, CertificateManager -> Manager This is necessary to eliminate confusing naming conventions, since now we have Manager types, having an issuer called ACMEManager was confusing. CertificateManager is a redundant name as this package is called CertMagic, so that a Manager manages certificates should be obvious. It's also more succinct. Plus, it's consistent with Issuer which is not named CertificateIssuer.
2022-03-25 03:34:31 +10:00
func (am *ACMEIssuer) storageKeyUserReg(caURL, email string) string {
Major refactor to improve performance, correctness, and extensibility Breaking changes; thank goodness we're not 1.0 yet 😅 - read on! This change completely separates ACME-specific code from the rest of the certificate management process, allowing pluggable sources for certs that aren't ACME. Notably, most of Config was spliced into ACMEManager. Similarly, there's now Default and DefaultACME. Storage structure had to be reconfigured. Certificates are no longer in the acme/ subfolder since they can be obtained by ways other than ACME! Certificates moved to a new certificates/ subfolder. The subfolders in that folder use the path of the ACME endpoint instead of just the host, so that also changed. Be aware that unless you move your certs over, CertMagic will not find them and will attempt to get new ones. That is usually fine for most users, but for extremely large deployments, you will want to move them over first. Old certs path: acme/acme-staging-v02.api.letsencrypt.org/... New certs path: certificates/acme-staging-v02.api.letsencrypt.org-directory/... That's all for significant storage changes! But this refactor also vastly improves performance, especially at scale, and makes CertMagic way more resilient to errors. Retries are done on the staging endpoint by default, so they won't count against your rate limit. If your hardware can handle it, I'm now pretty confident that you can give CertMagic a million domain names and it will gracefully manage them, as fast as it can within internal and external rate limits, even in the presence of errors. Errors will of course slow some things down, but you should be good to go if you're monitoring logs and can fix any misconfigurations or other external errors! Several other mostly-minor enhancements fix bugs, especially at scale. For example, duplicated renewal tasks (that continuously fail) will not pile up on each other: only one will operate, under exponential backoff. Closes #50 and fixes #55
2020-02-22 07:32:57 +10:00
return am.storageSafeUserKey(caURL, email, "registration", ".json")
}
Rename ACMEManager -> ACMEIssuer, CertificateManager -> Manager This is necessary to eliminate confusing naming conventions, since now we have Manager types, having an issuer called ACMEManager was confusing. CertificateManager is a redundant name as this package is called CertMagic, so that a Manager manages certificates should be obvious. It's also more succinct. Plus, it's consistent with Issuer which is not named CertificateIssuer.
2022-03-25 03:34:31 +10:00
func (am *ACMEIssuer) storageKeyUserPrivateKey(caURL, email string) string {
Major refactor to improve performance, correctness, and extensibility Breaking changes; thank goodness we're not 1.0 yet 😅 - read on! This change completely separates ACME-specific code from the rest of the certificate management process, allowing pluggable sources for certs that aren't ACME. Notably, most of Config was spliced into ACMEManager. Similarly, there's now Default and DefaultACME. Storage structure had to be reconfigured. Certificates are no longer in the acme/ subfolder since they can be obtained by ways other than ACME! Certificates moved to a new certificates/ subfolder. The subfolders in that folder use the path of the ACME endpoint instead of just the host, so that also changed. Be aware that unless you move your certs over, CertMagic will not find them and will attempt to get new ones. That is usually fine for most users, but for extremely large deployments, you will want to move them over first. Old certs path: acme/acme-staging-v02.api.letsencrypt.org/... New certs path: certificates/acme-staging-v02.api.letsencrypt.org-directory/... That's all for significant storage changes! But this refactor also vastly improves performance, especially at scale, and makes CertMagic way more resilient to errors. Retries are done on the staging endpoint by default, so they won't count against your rate limit. If your hardware can handle it, I'm now pretty confident that you can give CertMagic a million domain names and it will gracefully manage them, as fast as it can within internal and external rate limits, even in the presence of errors. Errors will of course slow some things down, but you should be good to go if you're monitoring logs and can fix any misconfigurations or other external errors! Several other mostly-minor enhancements fix bugs, especially at scale. For example, duplicated renewal tasks (that continuously fail) will not pile up on each other: only one will operate, under exponential backoff. Closes #50 and fixes #55
2020-02-22 07:32:57 +10:00
return am.storageSafeUserKey(caURL, email, "private", ".key")
}
// storageSafeUserKey returns a key for the given email, with the default
// filename, and the filename ending in the given extension.
Rename ACMEManager -> ACMEIssuer, CertificateManager -> Manager This is necessary to eliminate confusing naming conventions, since now we have Manager types, having an issuer called ACMEManager was confusing. CertificateManager is a redundant name as this package is called CertMagic, so that a Manager manages certificates should be obvious. It's also more succinct. Plus, it's consistent with Issuer which is not named CertificateIssuer.
2022-03-25 03:34:31 +10:00
func (am *ACMEIssuer) storageSafeUserKey(ca, email, defaultFilename, extension string) string {
Major refactor to improve performance, correctness, and extensibility Breaking changes; thank goodness we're not 1.0 yet 😅 - read on! This change completely separates ACME-specific code from the rest of the certificate management process, allowing pluggable sources for certs that aren't ACME. Notably, most of Config was spliced into ACMEManager. Similarly, there's now Default and DefaultACME. Storage structure had to be reconfigured. Certificates are no longer in the acme/ subfolder since they can be obtained by ways other than ACME! Certificates moved to a new certificates/ subfolder. The subfolders in that folder use the path of the ACME endpoint instead of just the host, so that also changed. Be aware that unless you move your certs over, CertMagic will not find them and will attempt to get new ones. That is usually fine for most users, but for extremely large deployments, you will want to move them over first. Old certs path: acme/acme-staging-v02.api.letsencrypt.org/... New certs path: certificates/acme-staging-v02.api.letsencrypt.org-directory/... That's all for significant storage changes! But this refactor also vastly improves performance, especially at scale, and makes CertMagic way more resilient to errors. Retries are done on the staging endpoint by default, so they won't count against your rate limit. If your hardware can handle it, I'm now pretty confident that you can give CertMagic a million domain names and it will gracefully manage them, as fast as it can within internal and external rate limits, even in the presence of errors. Errors will of course slow some things down, but you should be good to go if you're monitoring logs and can fix any misconfigurations or other external errors! Several other mostly-minor enhancements fix bugs, especially at scale. For example, duplicated renewal tasks (that continuously fail) will not pile up on each other: only one will operate, under exponential backoff. Closes #50 and fixes #55
2020-02-22 07:32:57 +10:00
if email == "" {
email = emptyEmail
}
email = strings.ToLower(email)
filename := am.emailUsername(email)
if filename == "" {
filename = defaultFilename
}
filename = StorageKeys.Safe(filename)
return path.Join(am.storageKeyUserPrefix(ca, email), filename+extension)
}
// emailUsername returns the username portion of an email address (part before
// '@') or the original input if it can't find the "@" symbol.
Rename ACMEManager -> ACMEIssuer, CertificateManager -> Manager This is necessary to eliminate confusing naming conventions, since now we have Manager types, having an issuer called ACMEManager was confusing. CertificateManager is a redundant name as this package is called CertMagic, so that a Manager manages certificates should be obvious. It's also more succinct. Plus, it's consistent with Issuer which is not named CertificateIssuer.
2022-03-25 03:34:31 +10:00
func (*ACMEIssuer) emailUsername(email string) string {
Major refactor to improve performance, correctness, and extensibility Breaking changes; thank goodness we're not 1.0 yet 😅 - read on! This change completely separates ACME-specific code from the rest of the certificate management process, allowing pluggable sources for certs that aren't ACME. Notably, most of Config was spliced into ACMEManager. Similarly, there's now Default and DefaultACME. Storage structure had to be reconfigured. Certificates are no longer in the acme/ subfolder since they can be obtained by ways other than ACME! Certificates moved to a new certificates/ subfolder. The subfolders in that folder use the path of the ACME endpoint instead of just the host, so that also changed. Be aware that unless you move your certs over, CertMagic will not find them and will attempt to get new ones. That is usually fine for most users, but for extremely large deployments, you will want to move them over first. Old certs path: acme/acme-staging-v02.api.letsencrypt.org/... New certs path: certificates/acme-staging-v02.api.letsencrypt.org-directory/... That's all for significant storage changes! But this refactor also vastly improves performance, especially at scale, and makes CertMagic way more resilient to errors. Retries are done on the staging endpoint by default, so they won't count against your rate limit. If your hardware can handle it, I'm now pretty confident that you can give CertMagic a million domain names and it will gracefully manage them, as fast as it can within internal and external rate limits, even in the presence of errors. Errors will of course slow some things down, but you should be good to go if you're monitoring logs and can fix any misconfigurations or other external errors! Several other mostly-minor enhancements fix bugs, especially at scale. For example, duplicated renewal tasks (that continuously fail) will not pile up on each other: only one will operate, under exponential backoff. Closes #50 and fixes #55
2020-02-22 07:32:57 +10:00
at := strings.Index(email, "@")
if at == -1 {
return email
} else if at == 0 {
return email[1:]
}
return email[:at]
}
Replace lego with ACMEz (close #71) (#78)
2020-07-28 08:50:41 +10:00
// mostRecentAccountEmail finds the most recently-written account file
Major refactor to improve performance, correctness, and extensibility Breaking changes; thank goodness we're not 1.0 yet 😅 - read on! This change completely separates ACME-specific code from the rest of the certificate management process, allowing pluggable sources for certs that aren't ACME. Notably, most of Config was spliced into ACMEManager. Similarly, there's now Default and DefaultACME. Storage structure had to be reconfigured. Certificates are no longer in the acme/ subfolder since they can be obtained by ways other than ACME! Certificates moved to a new certificates/ subfolder. The subfolders in that folder use the path of the ACME endpoint instead of just the host, so that also changed. Be aware that unless you move your certs over, CertMagic will not find them and will attempt to get new ones. That is usually fine for most users, but for extremely large deployments, you will want to move them over first. Old certs path: acme/acme-staging-v02.api.letsencrypt.org/... New certs path: certificates/acme-staging-v02.api.letsencrypt.org-directory/... That's all for significant storage changes! But this refactor also vastly improves performance, especially at scale, and makes CertMagic way more resilient to errors. Retries are done on the staging endpoint by default, so they won't count against your rate limit. If your hardware can handle it, I'm now pretty confident that you can give CertMagic a million domain names and it will gracefully manage them, as fast as it can within internal and external rate limits, even in the presence of errors. Errors will of course slow some things down, but you should be good to go if you're monitoring logs and can fix any misconfigurations or other external errors! Several other mostly-minor enhancements fix bugs, especially at scale. For example, duplicated renewal tasks (that continuously fail) will not pile up on each other: only one will operate, under exponential backoff. Closes #50 and fixes #55
2020-02-22 07:32:57 +10:00
// in storage. Since this is part of a complex sequence to get a user
Initial commit
2018-12-10 13:15:26 +10:00
// account, errors here are discarded to simplify code flow in
// the caller, and errors are not important here anyway.
Rename ACMEManager -> ACMEIssuer, CertificateManager -> Manager This is necessary to eliminate confusing naming conventions, since now we have Manager types, having an issuer called ACMEManager was confusing. CertificateManager is a redundant name as this package is called CertMagic, so that a Manager manages certificates should be obvious. It's also more succinct. Plus, it's consistent with Issuer which is not named CertificateIssuer.
2022-03-25 03:34:31 +10:00
func (am *ACMEIssuer) mostRecentAccountEmail(ctx context.Context, caURL string) (string, bool) {
Propagate context in the Storage interface methods (#155) * Add context propagation to the Storage interface Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Bump to Go 1.17 * Minor cleanup * filestorage: Honor context cancellation in List() Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2022-03-08 05:26:52 +10:00
accountList, err := am.config.Storage.List(ctx, am.storageKeyUsersPrefix(caURL), false)
Replace lego with ACMEz (close #71) (#78)
2020-07-28 08:50:41 +10:00
if err != nil || len(accountList) == 0 {
Don't re-prompt for email if account already exists Extracting CertMagic out of Caddy was a new and complicated surgery, and although successful, it wasn't without its side-effects. One of them was we slightly altered some of the subtle logic related to getting an email address in order to know which account to use. If an ACME account with an empty email already exists, and no Email is available on the config, that account should be used without prompting the user over and over. If no account exists and no email is available, then yes a prompt is warranted. And of course if an email is set or an account with a non-empty email exists, that should be used without prompts (this was already the case). This commit fixes to align with that expectation, so that accounts with empty emails can be reused, if present. Empty emails should only be used in dev or testing environments; omitting them in production is bad practice.
2019-02-25 16:09:13 +10:00
return "", false
Initial commit
2018-12-10 13:15:26 +10:00
}
When finding most recent user, filter out terminal keys My mac created a .DS_Store file in the users folder which exposed this weird edge case. Valid user accounts must be folders. This heuristic is not perfect (there could still be folders that don't contain user accounts), but it should get us by a little longer until another edge case crops up. Moral is: don't mess with data directories.
2020-03-27 03:03:28 +10:00
// get all the key infos ahead of sorting, because
// we might filter some out
stats := make(map[string]KeyInfo)
Properly splice invalid accounts Related to: https://github.com/caddyserver/caddy/issues/3939 Avoids a panic in the event ALL items listed are "terminal" - the linked specific case is surely a bug in the upstream storage implementation, but we shouldn't panic anyway.
2020-12-29 02:05:11 +10:00
for i := 0; i < len(accountList); i++ {
u := accountList[i]
Propagate context in the Storage interface methods (#155) * Add context propagation to the Storage interface Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Bump to Go 1.17 * Minor cleanup * filestorage: Honor context cancellation in List() Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2022-03-08 05:26:52 +10:00
keyInfo, err := am.config.Storage.Stat(ctx, u)
When finding most recent user, filter out terminal keys My mac created a .DS_Store file in the users folder which exposed this weird edge case. Valid user accounts must be folders. This heuristic is not perfect (there could still be folders that don't contain user accounts), but it should get us by a little longer until another edge case crops up. Moral is: don't mess with data directories.
2020-03-27 03:03:28 +10:00
if err != nil {
continue
}
if keyInfo.IsTerminal {
// I found a bug when macOS created a .DS_Store file in
// the users folder, and CertMagic tried to use that as
// the user email because it was newer than the other one
// which existed... sure, this isn't a perfect fix but
// frankly one's OS shouldn't mess with the data folder
// in the first place.
Replace lego with ACMEz (close #71) (#78)
2020-07-28 08:50:41 +10:00
accountList = append(accountList[:i], accountList[i+1:]...)
Properly splice invalid accounts Related to: https://github.com/caddyserver/caddy/issues/3939 Avoids a panic in the event ALL items listed are "terminal" - the linked specific case is surely a bug in the upstream storage implementation, but we shouldn't panic anyway.
2020-12-29 02:05:11 +10:00
i--
When finding most recent user, filter out terminal keys My mac created a .DS_Store file in the users folder which exposed this weird edge case. Valid user accounts must be folders. This heuristic is not perfect (there could still be folders that don't contain user accounts), but it should get us by a little longer until another edge case crops up. Moral is: don't mess with data directories.
2020-03-27 03:03:28 +10:00
continue
}
stats[u] = keyInfo
}
Replace lego with ACMEz (close #71) (#78)
2020-07-28 08:50:41 +10:00
sort.Slice(accountList, func(i, j int) bool {
iInfo := stats[accountList[i]]
jInfo := stats[accountList[j]]
Move some tests over Tests originally from Caddy's caddytls package Also fix a few bugs: sorting most recent emails, and nil Config in HTTP challenge handler
2018-12-11 02:59:03 +10:00
return jInfo.Modified.Before(iInfo.Modified)
Initial commit
2018-12-10 13:15:26 +10:00
})
When finding most recent user, filter out terminal keys My mac created a .DS_Store file in the users folder which exposed this weird edge case. Valid user accounts must be folders. This heuristic is not perfect (there could still be folders that don't contain user accounts), but it should get us by a little longer until another edge case crops up. Moral is: don't mess with data directories.
2020-03-27 03:03:28 +10:00
Replace lego with ACMEz (close #71) (#78)
2020-07-28 08:50:41 +10:00
if len(accountList) == 0 {
return "", false
}
Propagate context in the Storage interface methods (#155) * Add context propagation to the Storage interface Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Bump to Go 1.17 * Minor cleanup * filestorage: Honor context cancellation in List() Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2022-03-08 05:26:52 +10:00
account, err := am.getAccount(ctx, caURL, path.Base(accountList[0]))
Initial commit
2018-12-10 13:15:26 +10:00
if err != nil {
Don't re-prompt for email if account already exists Extracting CertMagic out of Caddy was a new and complicated surgery, and although successful, it wasn't without its side-effects. One of them was we slightly altered some of the subtle logic related to getting an email address in order to know which account to use. If an ACME account with an empty email already exists, and no Email is available on the config, that account should be used without prompting the user over and over. If no account exists and no email is available, then yes a prompt is warranted. And of course if an email is set or an account with a non-empty email exists, that should be used without prompts (this was already the case). This commit fixes to align with that expectation, so that accounts with empty emails can be reused, if present. Empty emails should only be used in dev or testing environments; omitting them in production is bad practice.
2019-02-25 16:09:13 +10:00
return "", false
Initial commit
2018-12-10 13:15:26 +10:00
}
When finding most recent user, filter out terminal keys My mac created a .DS_Store file in the users folder which exposed this weird edge case. Valid user accounts must be folders. This heuristic is not perfect (there could still be folders that don't contain user accounts), but it should get us by a little longer until another edge case crops up. Moral is: don't mess with data directories.
2020-03-27 03:03:28 +10:00
Replace lego with ACMEz (close #71) (#78)
2020-07-28 08:50:41 +10:00
return getPrimaryContact(account), true
}
Sync ACME account registration (#293) https://caddy.community/t/lets-encrypt-hits-rate-limit-too-many-registrations-for-this-ip/24343
2024-06-06 21:17:18 +10:00
func accountRegLockKey(acc acme.Account) string {
key := "register_acme_account"
if len(acc.Contact) == 0 {
return key
}
key += "_" + getPrimaryContact(acc)
return key
}
Replace lego with ACMEz (close #71) (#78)
2020-07-28 08:50:41 +10:00
// getPrimaryContact returns the first contact on the account (if any)
// without the scheme. (I guess we assume an email address.)
func getPrimaryContact(account acme.Account) string {
// TODO: should this be abstracted with some lower-level helper?
var primaryContact string
if len(account.Contact) > 0 {
primaryContact = account.Contact[0]
if idx := strings.Index(primaryContact, ":"); idx >= 0 {
primaryContact = primaryContact[idx+1:]
}
}
return primaryContact
Initial commit
2018-12-10 13:15:26 +10:00
}
Sync discovered contact email (fix #127)
2021-04-13 03:57:11 +10:00
// When an email address is not explicitly specified, we can remember
// the last one we discovered to avoid having to ask again later.
// (We used to store this in DefaultACME.Email but it was racey; see #127)
var (
discoveredEmail string
discoveredEmailMu sync.Mutex
)
Initial commit
2018-12-10 13:15:26 +10:00
// stdin is used to read the user's input if prompted;
// this is changed by tests during tests.
var stdin = io.ReadWriter(os.Stdin)
// The name of the folder for accounts where the email
// address was not provided; default 'username' if you will,
// but only for local/storage use, not with the CA.
const emptyEmail = "default"
Reference in New Issue Copy Permalink