From 9369237229fa42e8424fc96d9a73bac160edc3c2 Mon Sep 17 00:00:00 2001 From: Alan Yeung Date: Sun, 20 Aug 2023 22:29:15 -0700 Subject: [PATCH] updated EAB --- .gitignore | 4 +++- src/acme.go | 2 +- src/mod/acme/acme.go | 41 +++++++++++++++++++++++++++++++++------ src/mod/acme/autorenew.go | 2 +- 4 files changed, 40 insertions(+), 9 deletions(-) diff --git a/.gitignore b/.gitignore index e164ceb..42aede7 100644 --- a/.gitignore +++ b/.gitignore @@ -31,4 +31,6 @@ src/rules/* src/README.md docker/ContainerTester.sh docker/ImagePublisher.sh -src/mod/acme/test/stackoverflow.pem \ No newline at end of file +src/mod/acme/test/stackoverflow.pem +src/sys.uuid +src/sys.db.lock diff --git a/src/acme.go b/src/acme.go index 72e5883..1bacb51 100644 --- a/src/acme.go +++ b/src/acme.go @@ -38,7 +38,7 @@ func initACME() *acme.ACMEHandler { port = getRandomPort(30000) } - return acme.NewACME("https://acme-staging-v02.api.letsencrypt.org/directory", strconv.Itoa(port)) + return acme.NewACME("https://acme-staging-v02.api.letsencrypt.org/directory", strconv.Itoa(port), "", "") } // create the special routing rule for ACME diff --git a/src/mod/acme/acme.go b/src/mod/acme/acme.go index ec8bc1c..12f8581 100644 --- a/src/mod/acme/acme.go +++ b/src/mod/acme/acme.go @@ -54,18 +54,22 @@ func (u *ACMEUser) GetPrivateKey() crypto.PrivateKey { type ACMEHandler struct { DefaultAcmeServer string Port string + Kid string + HmacEncoded string } // NewACME creates a new ACMEHandler instance. -func NewACME(acmeServer string, port string) *ACMEHandler { +func NewACME(acmeServer string, port string, kid string, hmacEncoded string) *ACMEHandler { return &ACMEHandler{ DefaultAcmeServer: acmeServer, Port: port, + Kid: kid, + HmacEncoded: hmacEncoded, } } // ObtainCert obtains a certificate for the specified domains. -func (a *ACMEHandler) ObtainCert(domains []string, certificateName string, email string, ca string) (bool, error) { +func (a *ACMEHandler) ObtainCert(domains []string, certificateName string, email string, ca string, kid string, hmacEncoded string) (bool, error) { log.Println("[ACME] Obtaining certificate...") // generate private key @@ -113,12 +117,37 @@ func (a *ACMEHandler) ObtainCert(domains []string, certificateName string, email return false, err } + var reg *registration.Resource // New users will need to register - reg, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true}) - if err != nil { - log.Println(err) - return false, err + if client.GetExternalAccountRequired() { + log.Println("External Account Required for this ACME Provider.") + // IF KID and HmacEncoded is overidden + if kid != "" && hmacEncoded != "" { + reg, err = client.Registration.RegisterWithExternalAccountBinding(registration.RegisterEABOptions{ + TermsOfServiceAgreed: true, + Kid: kid, + HmacEncoded: hmacEncoded, + }) + } else { + reg, err = client.Registration.RegisterWithExternalAccountBinding(registration.RegisterEABOptions{ + TermsOfServiceAgreed: true, + Kid: a.Kid, + HmacEncoded: a.HmacEncoded, + }) + } + if err != nil { + log.Println(err) + return false, err + } + //return false, errors.New("External Account Required for this ACME Provider.") + } else { + reg, err = client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true}) + if err != nil { + log.Println(err) + return false, err + } } + adminUser.Registration = reg // obtain the certificate diff --git a/src/mod/acme/autorenew.go b/src/mod/acme/autorenew.go index 211e168..28bee75 100644 --- a/src/mod/acme/autorenew.go +++ b/src/mod/acme/autorenew.go @@ -355,7 +355,7 @@ func (a *AutoRenewer) renewExpiredDomains(certs []*ExpiredCerts) ([]string, erro log.Println("Renewing " + expiredCert.Filepath + " (Might take a few minutes)") fileName := filepath.Base(expiredCert.Filepath) certName := fileName[:len(fileName)-len(filepath.Ext(fileName))] - _, err := a.AcmeHandler.ObtainCert(expiredCert.Domains, certName, a.RenewerConfig.Email, expiredCert.CA) + _, err := a.AcmeHandler.ObtainCert(expiredCert.Domains, certName, a.RenewerConfig.Email, expiredCert.CA, "", "") if err != nil { log.Println("Renew " + fileName + "(" + strings.Join(expiredCert.Domains, ",") + ") failed: " + err.Error()) } else {