115 lines
2.5 KiB
Go
115 lines
2.5 KiB
Go
|
package certs
|
||
|
|
||
|
import (
|
||
|
"crypto"
|
||
|
"crypto/ecdsa"
|
||
|
"crypto/elliptic"
|
||
|
"crypto/rand"
|
||
|
"crypto/x509"
|
||
|
"encoding/json"
|
||
|
"encoding/pem"
|
||
|
"log"
|
||
|
"os"
|
||
|
"path/filepath"
|
||
|
"strings"
|
||
|
|
||
|
"github.com/go-acme/lego/v4/lego"
|
||
|
"github.com/go-acme/lego/v4/registration"
|
||
|
)
|
||
|
|
||
|
type Account struct {
|
||
|
Email string
|
||
|
Registration *registration.Resource
|
||
|
key *ecdsa.PrivateKey
|
||
|
}
|
||
|
|
||
|
func (u *Account) GetEmail() string {
|
||
|
return u.Email
|
||
|
}
|
||
|
func (u *Account) GetRegistration() *registration.Resource {
|
||
|
return u.Registration
|
||
|
}
|
||
|
func (u *Account) GetPrivateKey() crypto.PrivateKey {
|
||
|
return u.key
|
||
|
}
|
||
|
|
||
|
func LoadAccount() *Account {
|
||
|
jsonBytes, err := os.ReadFile(accountFilePath)
|
||
|
if err != nil {
|
||
|
if strings.Contains(err.Error(), "no such file or directory") {
|
||
|
RegisterAccount()
|
||
|
return LoadAccount()
|
||
|
}
|
||
|
log.Fatal(err)
|
||
|
}
|
||
|
account := &Account{}
|
||
|
err = json.Unmarshal(jsonBytes, account)
|
||
|
if err != nil {
|
||
|
log.Fatal(err)
|
||
|
}
|
||
|
|
||
|
privKey, err := os.ReadFile(keyFilePath)
|
||
|
if err != nil {
|
||
|
log.Fatal(err)
|
||
|
}
|
||
|
privateKey := decode(string(privKey))
|
||
|
|
||
|
account.key = privateKey
|
||
|
return account
|
||
|
}
|
||
|
|
||
|
func RegisterAccount() {
|
||
|
privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
||
|
if err != nil {
|
||
|
log.Fatal(err)
|
||
|
}
|
||
|
|
||
|
account := &Account{
|
||
|
Email: email,
|
||
|
key: privateKey,
|
||
|
}
|
||
|
config := lego.NewConfig(account)
|
||
|
config.CADirURL = caDirUrl
|
||
|
legoClient, err := lego.NewClient(config)
|
||
|
|
||
|
reg, err := legoClient.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
|
||
|
if reg.Body.Status != "valid" {
|
||
|
log.Fatalf("registration failed with status %s", reg.Body.Status)
|
||
|
}
|
||
|
log.Println(reg.Body.TermsOfServiceAgreed)
|
||
|
account.Registration = reg
|
||
|
|
||
|
os.MkdirAll(filepath.Dir(keyFilePath), os.ModePerm)
|
||
|
privKey := encode(privateKey)
|
||
|
err = os.WriteFile(keyFilePath, []byte(privKey), 0o644)
|
||
|
if err != nil {
|
||
|
log.Fatal(err)
|
||
|
}
|
||
|
|
||
|
jsonBytes, err := json.MarshalIndent(account, "", "\t")
|
||
|
if err != nil {
|
||
|
log.Fatal(err)
|
||
|
}
|
||
|
|
||
|
os.MkdirAll(filepath.Dir(accountFilePath), os.ModePerm)
|
||
|
err = os.WriteFile(accountFilePath, jsonBytes, 0o600)
|
||
|
if err != nil {
|
||
|
log.Fatal(err)
|
||
|
}
|
||
|
}
|
||
|
|
||
|
func encode(privateKey *ecdsa.PrivateKey) string {
|
||
|
x509Encoded, _ := x509.MarshalECPrivateKey(privateKey)
|
||
|
pemEncoded := pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: x509Encoded})
|
||
|
|
||
|
return string(pemEncoded)
|
||
|
}
|
||
|
|
||
|
func decode(pemEncoded string) *ecdsa.PrivateKey {
|
||
|
block, _ := pem.Decode([]byte(pemEncoded))
|
||
|
x509Encoded := block.Bytes
|
||
|
privateKey, _ := x509.ParseECPrivateKey(x509Encoded)
|
||
|
|
||
|
return privateKey
|
||
|
}
|