2023-02-26 10:02:30 +00:00
|
|
|
package certs
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto"
|
|
|
|
"crypto/ecdsa"
|
|
|
|
"crypto/elliptic"
|
|
|
|
"crypto/rand"
|
|
|
|
"crypto/x509"
|
|
|
|
"encoding/json"
|
|
|
|
"encoding/pem"
|
|
|
|
"os"
|
|
|
|
"path/filepath"
|
|
|
|
"strings"
|
|
|
|
|
|
|
|
"github.com/go-acme/lego/v4/lego"
|
|
|
|
"github.com/go-acme/lego/v4/registration"
|
2024-07-19 00:24:11 +00:00
|
|
|
"local-ip.sh/utils"
|
2023-02-26 10:02:30 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
type Account struct {
|
|
|
|
Registration *registration.Resource
|
|
|
|
key *ecdsa.PrivateKey
|
2023-12-12 21:25:39 +00:00
|
|
|
Email string
|
2023-02-26 10:02:30 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (u *Account) GetEmail() string {
|
|
|
|
return u.Email
|
|
|
|
}
|
2023-12-12 21:25:39 +00:00
|
|
|
|
2023-02-26 10:02:30 +00:00
|
|
|
func (u *Account) GetRegistration() *registration.Resource {
|
|
|
|
return u.Registration
|
|
|
|
}
|
2023-12-12 21:25:39 +00:00
|
|
|
|
2023-02-26 10:02:30 +00:00
|
|
|
func (u *Account) GetPrivateKey() crypto.PrivateKey {
|
|
|
|
return u.key
|
|
|
|
}
|
|
|
|
|
|
|
|
func LoadAccount() *Account {
|
|
|
|
jsonBytes, err := os.ReadFile(accountFilePath)
|
|
|
|
if err != nil {
|
|
|
|
if strings.Contains(err.Error(), "no such file or directory") {
|
|
|
|
RegisterAccount()
|
|
|
|
return LoadAccount()
|
|
|
|
}
|
2024-07-19 00:24:11 +00:00
|
|
|
utils.Logger.Fatal().Err(err).Msg("Failed to load account from existing file")
|
2023-02-26 10:02:30 +00:00
|
|
|
}
|
2024-07-19 00:24:11 +00:00
|
|
|
|
2023-02-26 10:02:30 +00:00
|
|
|
account := &Account{}
|
|
|
|
err = json.Unmarshal(jsonBytes, account)
|
|
|
|
if err != nil {
|
2024-07-19 00:24:11 +00:00
|
|
|
utils.Logger.Fatal().Err(err).Msg("Failed to unmarshal account JSON file")
|
2023-02-26 10:02:30 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
privKey, err := os.ReadFile(keyFilePath)
|
|
|
|
if err != nil {
|
2024-07-19 00:24:11 +00:00
|
|
|
utils.Logger.Fatal().Err(err).Msg("Failed to read account's private key file")
|
2023-02-26 10:02:30 +00:00
|
|
|
}
|
|
|
|
|
2024-07-19 00:24:11 +00:00
|
|
|
account.key = decode(string(privKey))
|
2023-02-26 10:02:30 +00:00
|
|
|
return account
|
|
|
|
}
|
|
|
|
|
|
|
|
func RegisterAccount() {
|
|
|
|
privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
|
|
|
if err != nil {
|
2024-07-19 00:24:11 +00:00
|
|
|
utils.Logger.Fatal().Err(err).Msg("Failed to generate account key")
|
2023-02-26 10:02:30 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
account := &Account{
|
|
|
|
Email: email,
|
|
|
|
key: privateKey,
|
|
|
|
}
|
|
|
|
config := lego.NewConfig(account)
|
|
|
|
config.CADirURL = caDirUrl
|
|
|
|
legoClient, err := lego.NewClient(config)
|
2023-12-12 21:25:39 +00:00
|
|
|
if err != nil {
|
2024-07-19 00:24:11 +00:00
|
|
|
utils.Logger.Fatal().Err(err).Str("CA Directory URL", config.CADirURL).Msg("Failed to initialize lego client")
|
2023-12-12 21:25:39 +00:00
|
|
|
}
|
2023-02-26 10:02:30 +00:00
|
|
|
|
|
|
|
reg, err := legoClient.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
|
2023-12-12 21:25:39 +00:00
|
|
|
if err != nil {
|
2024-07-19 00:24:11 +00:00
|
|
|
utils.Logger.Fatal().Err(err).Str("CA Directory URL", config.CADirURL).Msg("Failed to register account to ACME server")
|
2023-12-12 21:25:39 +00:00
|
|
|
}
|
2023-02-26 10:02:30 +00:00
|
|
|
if reg.Body.Status != "valid" {
|
2024-07-19 00:24:11 +00:00
|
|
|
utils.Logger.Fatal().Err(err).Str("CA Directory URL", config.CADirURL).Msgf("Registration failed with status %s", reg.Body.Status)
|
2023-02-26 10:02:30 +00:00
|
|
|
}
|
2024-07-19 00:24:11 +00:00
|
|
|
|
|
|
|
utils.Logger.Debug().
|
|
|
|
Str("CA Directory URL", config.CADirURL).
|
|
|
|
Bool("TermsOfServiceAgreed", reg.Body.TermsOfServiceAgreed).
|
|
|
|
Msg("Successfully registered account to ACME server")
|
2023-02-26 10:02:30 +00:00
|
|
|
account.Registration = reg
|
|
|
|
|
|
|
|
os.MkdirAll(filepath.Dir(keyFilePath), os.ModePerm)
|
|
|
|
privKey := encode(privateKey)
|
|
|
|
err = os.WriteFile(keyFilePath, []byte(privKey), 0o644)
|
|
|
|
if err != nil {
|
2024-07-19 00:24:11 +00:00
|
|
|
utils.Logger.Fatal().Err(err).Str("path", keyFilePath).Msg("Failed to write account's private key file")
|
2023-02-26 10:02:30 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
jsonBytes, err := json.MarshalIndent(account, "", "\t")
|
|
|
|
if err != nil {
|
2024-07-19 00:24:11 +00:00
|
|
|
utils.Logger.Fatal().Err(err).Msg("Failed to marshal account JSON file")
|
2023-02-26 10:02:30 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
os.MkdirAll(filepath.Dir(accountFilePath), os.ModePerm)
|
|
|
|
err = os.WriteFile(accountFilePath, jsonBytes, 0o600)
|
|
|
|
if err != nil {
|
2024-07-19 00:24:11 +00:00
|
|
|
utils.Logger.Fatal().Err(err).Str("path", accountFilePath).Msg("Failed to write account's JSON file")
|
2023-02-26 10:02:30 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func encode(privateKey *ecdsa.PrivateKey) string {
|
|
|
|
x509Encoded, _ := x509.MarshalECPrivateKey(privateKey)
|
|
|
|
pemEncoded := pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: x509Encoded})
|
|
|
|
|
|
|
|
return string(pemEncoded)
|
|
|
|
}
|
|
|
|
|
|
|
|
func decode(pemEncoded string) *ecdsa.PrivateKey {
|
|
|
|
block, _ := pem.Decode([]byte(pemEncoded))
|
|
|
|
x509Encoded := block.Bytes
|
|
|
|
privateKey, _ := x509.ParseECPrivateKey(x509Encoded)
|
|
|
|
|
|
|
|
return privateKey
|
|
|
|
}
|