marcel/zoraxy
1
0
Fork 0
mirror of https://github.com/tobychui/zoraxy.git synced 2025-06-23 16:03:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

EAB implementation done

Browse Source
This commit is contained in:
Alan Yeung 2023-09-02 18:56:04 -07:00
parent df9deb3fbb
commit b1a14872c3
2 changed files with 57 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/acme.go
View File

@ -38,7 +38,7 @@ func initACME() *acme.ACMEHandler {
port = getRandomPort(30000) port = getRandomPort(30000)
} }
return acme.NewACME("https://acme-staging-v02.api.letsencrypt.org/directory", strconv.Itoa(port), "", "") return acme.NewACME("https://acme-staging-v02.api.letsencrypt.org/directory", strconv.Itoa(port), "./conf/acme_auth.json")
} }
// create the special routing rule for ACME // create the special routing rule for ACME

72
src/mod/acme/acme.go
View File

@ -9,6 +9,7 @@ import (
"crypto/x509" "crypto/x509"
"encoding/json" "encoding/json"
"encoding/pem" "encoding/pem"
"errors"
"fmt" "fmt"
"io/ioutil" "io/ioutil"
"log" "log"
@ -41,6 +42,11 @@ type ACMEUser struct {
key crypto.PrivateKey key crypto.PrivateKey
} }
type EABConfig struct {
Kid string `json:"kid"`
HmacKey string `json:"HmacKey"`
}
// GetEmail returns the email of the ACMEUser. // GetEmail returns the email of the ACMEUser.
func (u *ACMEUser) GetEmail() string { func (u *ACMEUser) GetEmail() string {
return u.Email return u.Email
@ -58,24 +64,35 @@ func (u *ACMEUser) GetPrivateKey() crypto.PrivateKey {
// ACMEHandler handles ACME-related operations. // ACMEHandler handles ACME-related operations.
type ACMEHandler struct { type ACMEHandler struct {
DefaultAcmeServer string DefaultAcmeServer string
Port string Port string
Kid string AuthConfigLocation string
HmacEncoded string
} }
// NewACME creates a new ACMEHandler instance. // NewACME creates a new ACMEHandler instance.
func NewACME(acmeServer string, port string, kid string, hmacEncoded string) *ACMEHandler { func NewACME(acmeServer string, port string, authConfigLocation string) *ACMEHandler {
if !utils.FileExists(authConfigLocation) {
//Create one
os.MkdirAll(filepath.Dir(authConfigLocation), 0775)
js := []byte("{ \"EXAMPLE_CONFIG_PUT_YOUR_SERVICE_DIRECTORY_URL_HERE\": { \"kid\": \"PUT_YOUR_KID_HERE\", \"HmacKey\": \"PUT_YOUR_HMAC_HERE\" } }")
err := os.WriteFile(authConfigLocation, js, 0775)
if err != nil {
log.Fatal("[ACME] Failed to write ACME EAB config")
return nil
}
}
return &ACMEHandler{ return &ACMEHandler{
DefaultAcmeServer: acmeServer, DefaultAcmeServer: acmeServer,
Port: port, Port: port,
Kid: kid, AuthConfigLocation: authConfigLocation,
HmacEncoded: hmacEncoded,
} }
} }
// ObtainCert obtains a certificate for the specified domains. // ObtainCert obtains a certificate for the specified domains.
func (a *ACMEHandler) ObtainCert(domains []string, certificateName string, email string, caName string, caUrl string, skipTLS bool, kid string, hmacEncoded string) (bool, error) { // , kid string, hmacEncoded string
func (a *ACMEHandler) ObtainCert(domains []string, certificateName string, email string, caName string, caUrl string, skipTLS bool) (bool, error) {
log.Println("[ACME] Obtaining certificate...") log.Println("[ACME] Obtaining certificate...")
// generate private key // generate private key
@ -152,18 +169,18 @@ func (a *ACMEHandler) ObtainCert(domains []string, certificateName string, email
if client.GetExternalAccountRequired() { if client.GetExternalAccountRequired() {
log.Println("External Account Required for this ACME Provider.") log.Println("External Account Required for this ACME Provider.")
// IF KID and HmacEncoded is overidden // IF KID and HmacEncoded is overidden
kid, hmacEncoded, err := a.getKidHmac(config.CADirURL)
if err != nil {
log.Println(err)
return false, err
}
log.Println("EAB Credential retrieved.")
if kid != "" && hmacEncoded != "" { if kid != "" && hmacEncoded != "" {
reg, err = client.Registration.RegisterWithExternalAccountBinding(registration.RegisterEABOptions{ reg, err = client.Registration.RegisterWithExternalAccountBinding(registration.RegisterEABOptions{
TermsOfServiceAgreed: true, TermsOfServiceAgreed: true,
Kid: kid, Kid: kid,
HmacEncoded: hmacEncoded, HmacEncoded: hmacEncoded,
}) })
} else {
reg, err = client.Registration.RegisterWithExternalAccountBinding(registration.RegisterEABOptions{
TermsOfServiceAgreed: true,
Kid: a.Kid,
HmacEncoded: a.HmacEncoded,
})
} }
if err != nil { if err != nil {
log.Println(err) log.Println(err)
@ -400,3 +417,26 @@ func loadCertInfoJSON(filename string) (*CertificateInfoJSON, error) {
return certInfo, nil return certInfo, nil
} }
func (a *ACMEHandler) getKidHmac(caName string) (string, string, error) {
var config map[string]EABConfig
jsonData, err := ioutil.ReadFile(a.AuthConfigLocation)
if err != nil {
return "", "", err
}
err = json.Unmarshal([]byte(jsonData), &config)
if err != nil {
return "", "", err
}
// Access the values for dynamic keys
for key, value := range config {
if key == caName {
return value.Kid, value.HmacKey, nil
}
}
return "", "", errors.New("Unable to find appropiate EAB information")
}