From 01f2b85826011577c9a487867d8b6007d0f238f6 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 17 Jan 2019 11:12:01 -0700 Subject: [PATCH] vendor: Update certmagic and lego --- .../github.com/mholt/certmagic/certmagic.go | 8 ++ vendor/github.com/mholt/certmagic/client.go | 28 ++++--- vendor/github.com/mholt/certmagic/config.go | 11 +++ .../github.com/mholt/certmagic/filestorage.go | 2 +- vendor/github.com/mholt/certmagic/solvers.go | 2 +- vendor/github.com/mholt/certmagic/storage.go | 29 ++++---- vendor/github.com/xenolf/lego/acme/api/api.go | 2 +- .../lego/acme/api/internal/secure/jws.go | 2 +- .../acme/api/internal/sender/useragent.go | 2 +- .../xenolf/lego/certificate/certificates.go | 74 +++++++++---------- .../lego/challenge/dns01/dns_challenge.go | 4 +- .../xenolf/lego/challenge/dns01/precheck.go | 8 +- .../xenolf/lego/challenge/resolver/prober.go | 7 +- .../lego/challenge/resolver/solver_manager.go | 59 ++------------- vendor/github.com/xenolf/lego/lego/client.go | 3 +- .../xenolf/lego/lego/client_config.go | 20 +++-- .../xenolf/lego/platform/wait/wait.go | 4 +- vendor/manifest | 16 ++-- 18 files changed, 135 insertions(+), 146 deletions(-) diff --git a/vendor/github.com/mholt/certmagic/certmagic.go b/vendor/github.com/mholt/certmagic/certmagic.go index d7a030d33..8339921ed 100644 --- a/vendor/github.com/mholt/certmagic/certmagic.go +++ b/vendor/github.com/mholt/certmagic/certmagic.go @@ -476,6 +476,14 @@ var ( // certificates KeyType = certcrypto.RSA2048 + // The maximum amount of time to allow for + // obtaining a certificate. If empty, the + // default from the underlying lego lib is + // used. If set, it must not be too low so + // as to cancel orders too early, running + // the risk of rate limiting. + CertObtainTimeout time.Duration + // The state needed to operate on-demand TLS OnDemand *OnDemandConfig diff --git a/vendor/github.com/mholt/certmagic/client.go b/vendor/github.com/mholt/certmagic/client.go index 2af8f9f13..4356628fc 100644 --- a/vendor/github.com/mholt/certmagic/client.go +++ b/vendor/github.com/mholt/certmagic/client.go @@ -59,10 +59,14 @@ func (cfg *Config) newACMEClient(interactive bool) (*acmeClient, error) { return nil, err } - // ensure key type is set - keyType := KeyType - if cfg.KeyType != "" { - keyType = cfg.KeyType + // ensure key type and timeout are set + keyType := cfg.KeyType + if keyType == "" { + keyType = KeyType + } + certObtainTimeout := cfg.CertObtainTimeout + if certObtainTimeout == 0 { + certObtainTimeout = CertObtainTimeout } // ensure CA URL (directory endpoint) is set @@ -93,9 +97,12 @@ func (cfg *Config) newACMEClient(interactive bool) (*acmeClient, error) { // the client facilitates our communication with the CA server legoCfg := lego.NewConfig(&leUser) legoCfg.CADirURL = caURL - legoCfg.KeyType = keyType legoCfg.UserAgent = buildUAString() legoCfg.HTTPClient.Timeout = HTTPTimeout + legoCfg.Certificate = lego.CertificateConfig{ + KeyType: keyType, + Timeout: certObtainTimeout, + } client, err = lego.NewClient(legoCfg) if err != nil { cfg.acmeClientsMu.Unlock() @@ -189,19 +196,16 @@ func (cfg *Config) newACMEClient(interactive bool) (*acmeClient, error) { }) // disable any challenges that should not be used - var disabledChallenges []challenge.Type if cfg.DisableHTTPChallenge { - disabledChallenges = append(disabledChallenges, challenge.HTTP01) + c.acmeClient.Challenge.Remove(challenge.HTTP01) } if cfg.DisableTLSALPNChallenge { - disabledChallenges = append(disabledChallenges, challenge.TLSALPN01) - } - if len(disabledChallenges) > 0 { - c.acmeClient.Challenge.Exclude(disabledChallenges) + c.acmeClient.Challenge.Remove(challenge.TLSALPN01) } } else { // Otherwise, use DNS challenge exclusively - c.acmeClient.Challenge.Exclude([]challenge.Type{challenge.HTTP01, challenge.TLSALPN01}) + c.acmeClient.Challenge.Remove(challenge.HTTP01) + c.acmeClient.Challenge.Remove(challenge.TLSALPN01) c.acmeClient.Challenge.SetDNS01Provider(cfg.DNSProvider) } diff --git a/vendor/github.com/mholt/certmagic/config.go b/vendor/github.com/mholt/certmagic/config.go index 9f256bc59..b1085f3fc 100644 --- a/vendor/github.com/mholt/certmagic/config.go +++ b/vendor/github.com/mholt/certmagic/config.go @@ -93,6 +93,14 @@ type Config struct { // certificates KeyType certcrypto.KeyType + // The maximum amount of time to allow for + // obtaining a certificate. If empty, the + // default from the underlying lego lib is + // used. If set, it must not be too low so + // as to cancel orders too early, running + // the risk of rate limiting. + CertObtainTimeout time.Duration + // The state needed to operate on-demand TLS OnDemand *OnDemandConfig @@ -196,6 +204,9 @@ func NewWithCache(certCache *Cache, cfg Config) *Config { if cfg.KeyType == "" { cfg.KeyType = KeyType } + if cfg.CertObtainTimeout == 0 { + cfg.CertObtainTimeout = CertObtainTimeout + } if cfg.OnDemand == nil { cfg.OnDemand = OnDemand } diff --git a/vendor/github.com/mholt/certmagic/filestorage.go b/vendor/github.com/mholt/certmagic/filestorage.go index adfe1b26b..0de8f746e 100644 --- a/vendor/github.com/mholt/certmagic/filestorage.go +++ b/vendor/github.com/mholt/certmagic/filestorage.go @@ -179,7 +179,7 @@ func (fs *FileStorage) String() string { } func (fs *FileStorage) lockFilename(key string) string { - return filepath.Join(fs.lockDir(), StorageKeys.safe(key)+".lock") + return filepath.Join(fs.lockDir(), StorageKeys.Safe(key)+".lock") } func (fs *FileStorage) lockDir() string { diff --git a/vendor/github.com/mholt/certmagic/solvers.go b/vendor/github.com/mholt/certmagic/solvers.go index 13f470f93..c62b692dc 100644 --- a/vendor/github.com/mholt/certmagic/solvers.go +++ b/vendor/github.com/mholt/certmagic/solvers.go @@ -140,7 +140,7 @@ func (dhs distributedSolver) challengeTokensPrefix() string { // challengeTokensKey returns the key to use to store and access // challenge info for domain. func (dhs distributedSolver) challengeTokensKey(domain string) string { - return filepath.Join(dhs.challengeTokensPrefix(), StorageKeys.safe(domain)+".json") + return filepath.Join(dhs.challengeTokensPrefix(), StorageKeys.Safe(domain)+".json") } type challengeInfo struct { diff --git a/vendor/github.com/mholt/certmagic/storage.go b/vendor/github.com/mholt/certmagic/storage.go index 54d41f6ec..347852d93 100644 --- a/vendor/github.com/mholt/certmagic/storage.go +++ b/vendor/github.com/mholt/certmagic/storage.go @@ -84,12 +84,9 @@ type Locker interface { Lock(key string) error // Unlock releases the lock for key. This method must ONLY be - // called after a successful call to TryLock where no Waiter was - // returned, and only after the operation requiring the lock is - // finished, even if it errored or timed out. It is INCORRECT to - // call Unlock if any non-nil value was returned from a call to - // TryLock or if Unlock was not called at all. Unlock should also - // clean up any unused resources allocated during TryLock. + // called after a successful call to Lock, and only after the + // critical section is finished, even if it errored or timed + // out. Unlock cleans up any resources allocated during Lock. Unlock(key string) error } @@ -133,28 +130,28 @@ func (keys KeyBuilder) CAPrefix(ca string) string { if err != nil { caURL = &url.URL{Host: ca} } - return path.Join(prefixACME, keys.safe(caURL.Host)) + return path.Join(prefixACME, keys.Safe(caURL.Host)) } // SitePrefix returns a key prefix for items associated with // the site using the given CA URL. func (keys KeyBuilder) SitePrefix(ca, domain string) string { - return path.Join(keys.CAPrefix(ca), "sites", keys.safe(domain)) + return path.Join(keys.CAPrefix(ca), "sites", keys.Safe(domain)) } // SiteCert returns the path to the certificate file for domain. func (keys KeyBuilder) SiteCert(ca, domain string) string { - return path.Join(keys.SitePrefix(ca, domain), keys.safe(domain)+".crt") + return path.Join(keys.SitePrefix(ca, domain), keys.Safe(domain)+".crt") } // SitePrivateKey returns the path to domain's private key file. func (keys KeyBuilder) SitePrivateKey(ca, domain string) string { - return path.Join(keys.SitePrefix(ca, domain), keys.safe(domain)+".key") + return path.Join(keys.SitePrefix(ca, domain), keys.Safe(domain)+".key") } // SiteMeta returns the path to the domain's asset metadata file. func (keys KeyBuilder) SiteMeta(ca, domain string) string { - return path.Join(keys.SitePrefix(ca, domain), keys.safe(domain)+".json") + return path.Join(keys.SitePrefix(ca, domain), keys.Safe(domain)+".json") } // UsersPrefix returns a key prefix for items related to @@ -169,7 +166,7 @@ func (keys KeyBuilder) UserPrefix(ca, email string) string { if email == "" { email = emptyEmail } - return path.Join(keys.UsersPrefix(ca), keys.safe(email)) + return path.Join(keys.UsersPrefix(ca), keys.Safe(email)) } // UserReg gets the path to the registration file for the user @@ -190,7 +187,7 @@ func (keys KeyBuilder) UserPrivateKey(ca, email string) string { func (keys KeyBuilder) OCSPStaple(cert *Certificate, pemBundle []byte) string { var ocspFileName string if len(cert.Names) > 0 { - firstName := keys.safe(cert.Names[0]) + firstName := keys.Safe(cert.Names[0]) ocspFileName = firstName + "-" } ocspFileName += fastHash(pemBundle) @@ -208,7 +205,7 @@ func (keys KeyBuilder) safeUserKey(ca, email, defaultFilename, extension string) if filename == "" { filename = defaultFilename } - filename = keys.safe(filename) + filename = keys.Safe(filename) return path.Join(keys.UserPrefix(ca, email), filename+extension) } @@ -224,9 +221,9 @@ func (keys KeyBuilder) emailUsername(email string) string { return email[:at] } -// safe standardizes and sanitizes str for use as +// Safe standardizes and sanitizes str for use as // a storage key. This method is idempotent. -func (keys KeyBuilder) safe(str string) string { +func (keys KeyBuilder) Safe(str string) string { str = strings.ToLower(str) str = strings.TrimSpace(str) diff --git a/vendor/github.com/xenolf/lego/acme/api/api.go b/vendor/github.com/xenolf/lego/acme/api/api.go index e14cd993a..14b18f52b 100644 --- a/vendor/github.com/xenolf/lego/acme/api/api.go +++ b/vendor/github.com/xenolf/lego/acme/api/api.go @@ -44,7 +44,7 @@ func New(httpClient *http.Client, userAgent string, caDirURL, kid string, privat jws := secure.NewJWS(privateKey, kid, nonceManager) - c := &Core{doer: doer, nonceManager: nonceManager, jws: jws, directory: dir} + c := &Core{doer: doer, nonceManager: nonceManager, jws: jws, directory: dir, HTTPClient: httpClient} c.common.core = c c.Accounts = (*AccountService)(&c.common) diff --git a/vendor/github.com/xenolf/lego/acme/api/internal/secure/jws.go b/vendor/github.com/xenolf/lego/acme/api/internal/secure/jws.go index 7645b6e99..6f26c4ea8 100644 --- a/vendor/github.com/xenolf/lego/acme/api/internal/secure/jws.go +++ b/vendor/github.com/xenolf/lego/acme/api/internal/secure/jws.go @@ -10,7 +10,7 @@ import ( "fmt" "github.com/xenolf/lego/acme/api/internal/nonces" - "gopkg.in/square/go-jose.v2" + jose "gopkg.in/square/go-jose.v2" ) // JWS Represents a JWS. diff --git a/vendor/github.com/xenolf/lego/acme/api/internal/sender/useragent.go b/vendor/github.com/xenolf/lego/acme/api/internal/sender/useragent.go index 4b129b6a0..b20964079 100644 --- a/vendor/github.com/xenolf/lego/acme/api/internal/sender/useragent.go +++ b/vendor/github.com/xenolf/lego/acme/api/internal/sender/useragent.go @@ -5,7 +5,7 @@ package sender const ( // ourUserAgent is the User-Agent of this underlying library package. - ourUserAgent = "xenolf-acme/1.2.1" + ourUserAgent = "xenolf-acme/2.0.1" // ourUserAgentComment is part of the UA comment linked to the version status of this underlying library package. // values: detach|release diff --git a/vendor/github.com/xenolf/lego/certificate/certificates.go b/vendor/github.com/xenolf/lego/certificate/certificates.go index e9c041979..10003ac0b 100644 --- a/vendor/github.com/xenolf/lego/certificate/certificates.go +++ b/vendor/github.com/xenolf/lego/certificate/certificates.go @@ -17,6 +17,7 @@ import ( "github.com/xenolf/lego/certcrypto" "github.com/xenolf/lego/challenge" "github.com/xenolf/lego/log" + "github.com/xenolf/lego/platform/wait" "golang.org/x/crypto/ocsp" "golang.org/x/net/idna" ) @@ -60,17 +61,24 @@ type resolver interface { Solve(authorizations []acme.Authorization) error } -type Certifier struct { - core *api.Core - keyType certcrypto.KeyType - resolver resolver +type CertifierOptions struct { + KeyType certcrypto.KeyType + Timeout time.Duration } -func NewCertifier(core *api.Core, keyType certcrypto.KeyType, resolver resolver) *Certifier { +// Certifier A service to obtain/renew/revoke certificates. +type Certifier struct { + core *api.Core + resolver resolver + options CertifierOptions +} + +// NewCertifier creates a Certifier. +func NewCertifier(core *api.Core, resolver resolver, options CertifierOptions) *Certifier { return &Certifier{ core: core, - keyType: keyType, resolver: resolver, + options: options, } } @@ -191,7 +199,7 @@ func (c *Certifier) ObtainForCSR(csr x509.CertificateRequest, bundle bool) (*Res func (c *Certifier) getForOrder(domains []string, order acme.ExtendedOrder, bundle bool, privateKey crypto.PrivateKey, mustStaple bool) (*Resource, error) { if privateKey == nil { var err error - privateKey, err = certcrypto.GeneratePrivateKey(c.keyType) + privateKey, err = certcrypto.GeneratePrivateKey(c.options.KeyType) if err != nil { return nil, err } @@ -237,9 +245,9 @@ func (c *Certifier) getForCSR(domains []string, order acme.ExtendedOrder, bundle if respOrder.Status == acme.StatusValid { // if the certificate is available right away, short cut! - ok, err := c.checkResponse(respOrder, certRes, bundle) - if err != nil { - return nil, err + ok, errR := c.checkResponse(respOrder, certRes, bundle) + if errR != nil { + return nil, errR } if ok { @@ -247,34 +255,26 @@ func (c *Certifier) getForCSR(domains []string, order acme.ExtendedOrder, bundle } } - return c.waitForCertificate(certRes, order.Location, bundle) -} - -func (c *Certifier) waitForCertificate(certRes *Resource, orderURL string, bundle bool) (*Resource, error) { - stopTimer := time.NewTimer(30 * time.Second) - defer stopTimer.Stop() - retryTick := time.NewTicker(500 * time.Millisecond) - defer retryTick.Stop() - - for { - select { - case <-stopTimer.C: - return nil, errors.New("certificate polling timed out") - case <-retryTick.C: - order, err := c.core.Orders.Get(orderURL) - if err != nil { - return nil, err - } - - done, err := c.checkResponse(order, certRes, bundle) - if err != nil { - return nil, err - } - if done { - return certRes, nil - } - } + timeout := c.options.Timeout + if c.options.Timeout <= 0 { + timeout = 30 * time.Second } + + err = wait.For("certificate", timeout, timeout/60, func() (bool, error) { + ord, errW := c.core.Orders.Get(order.Location) + if errW != nil { + return false, errW + } + + done, errW := c.checkResponse(ord, certRes, bundle) + if errW != nil { + return false, errW + } + + return done, nil + }) + + return certRes, err } // checkResponse checks to see if the certificate is ready and a link is contained in the response. diff --git a/vendor/github.com/xenolf/lego/challenge/dns01/dns_challenge.go b/vendor/github.com/xenolf/lego/challenge/dns01/dns_challenge.go index 1dc457afa..c9ef2ee3d 100644 --- a/vendor/github.com/xenolf/lego/challenge/dns01/dns_challenge.go +++ b/vendor/github.com/xenolf/lego/challenge/dns01/dns_challenge.go @@ -123,7 +123,7 @@ func (c *Challenge) Solve(authz acme.Authorization) error { log.Infof("[%s] acme: Checking DNS record propagation using %+v", domain, recursiveNameservers) - err = wait.For(timeout, interval, func() (bool, error) { + err = wait.For("propagation", timeout, interval, func() (bool, error) { stop, errP := c.preCheck.call(fqdn, value) if !stop || errP != nil { log.Infof("[%s] acme: Waiting for DNS record propagation.", domain) @@ -140,6 +140,8 @@ func (c *Challenge) Solve(authz acme.Authorization) error { // CleanUp cleans the challenge. func (c *Challenge) CleanUp(authz acme.Authorization) error { + log.Infof("[%s] acme: Cleaning DNS-01 challenge", challenge.GetTargetedDomain(authz)) + chlng, err := challenge.FindChallenge(challenge.DNS01, authz) if err != nil { return err diff --git a/vendor/github.com/xenolf/lego/challenge/dns01/precheck.go b/vendor/github.com/xenolf/lego/challenge/dns01/precheck.go index 2639dfeaa..63b72cef0 100644 --- a/vendor/github.com/xenolf/lego/challenge/dns01/precheck.go +++ b/vendor/github.com/xenolf/lego/challenge/dns01/precheck.go @@ -91,10 +91,14 @@ func checkAuthoritativeNss(fqdn, value string, nameservers []string) (bool, erro return false, fmt.Errorf("NS %s returned %s for %s", ns, dns.RcodeToString[r.Rcode], fqdn) } + var records []string + var found bool for _, rr := range r.Answer { if txt, ok := rr.(*dns.TXT); ok { - if strings.Join(txt.Txt, "") == value { + record := strings.Join(txt.Txt, "") + records = append(records, record) + if record == value { found = true break } @@ -102,7 +106,7 @@ func checkAuthoritativeNss(fqdn, value string, nameservers []string) (bool, erro } if !found { - return false, fmt.Errorf("NS %s did not return the expected TXT record [fqdn: %s]", ns, fqdn) + return false, fmt.Errorf("NS %s did not return the expected TXT record [fqdn: %s, value: %s]: %s", ns, fqdn, value, strings.Join(records, " ,")) } } diff --git a/vendor/github.com/xenolf/lego/challenge/resolver/prober.go b/vendor/github.com/xenolf/lego/challenge/resolver/prober.go index 1f7aa7e45..2f477f9cc 100644 --- a/vendor/github.com/xenolf/lego/challenge/resolver/prober.go +++ b/vendor/github.com/xenolf/lego/challenge/resolver/prober.go @@ -110,7 +110,7 @@ func sequentialSolve(authSolvers []*selectedAuthSolver, failures obtainError) { // Solve challenge err := authSolver.solver.Solve(authSolver.authz) if err != nil { - failures[authSolver.authz.Identifier.Value] = err + failures[domain] = err cleanUp(authSolver.solver, authSolver.authz) continue } @@ -149,14 +149,15 @@ func parallelSolve(authSolvers []*selectedAuthSolver, failures obtainError) { // Finally solve all challenges for real for _, authSolver := range authSolvers { authz := authSolver.authz - if failures[authz.Identifier.Value] != nil { + domain := challenge.GetTargetedDomain(authz) + if failures[domain] != nil { // already failed in previous loop continue } err := authSolver.solver.Solve(authz) if err != nil { - failures[authz.Identifier.Value] = err + failures[domain] = err } } } diff --git a/vendor/github.com/xenolf/lego/challenge/resolver/solver_manager.go b/vendor/github.com/xenolf/lego/challenge/resolver/solver_manager.go index c6feea820..55faf77ab 100644 --- a/vendor/github.com/xenolf/lego/challenge/resolver/solver_manager.go +++ b/vendor/github.com/xenolf/lego/challenge/resolver/solver_manager.go @@ -3,7 +3,6 @@ package resolver import ( "errors" "fmt" - "net" "sort" "strconv" "time" @@ -21,7 +20,7 @@ type byType []acme.Challenge func (a byType) Len() int { return len(a) } func (a byType) Swap(i, j int) { a[i], a[j] = a[j], a[i] } -func (a byType) Less(i, j int) bool { return a[i].Type < a[j].Type } +func (a byType) Less(i, j int) bool { return a[i].Type > a[j].Type } type SolverManager struct { core *api.Core @@ -29,55 +28,12 @@ type SolverManager struct { } func NewSolversManager(core *api.Core) *SolverManager { - solvers := map[challenge.Type]solver{ - challenge.HTTP01: http01.NewChallenge(core, validate, &http01.ProviderServer{}), - challenge.TLSALPN01: tlsalpn01.NewChallenge(core, validate, &tlsalpn01.ProviderServer{}), - } - return &SolverManager{ - solvers: solvers, + solvers: map[challenge.Type]solver{}, core: core, } } -// SetHTTP01Address specifies a custom interface:port to be used for HTTP based challenges. -// If this option is not used, the default port 80 and all interfaces will be used. -// To only specify a port and no interface use the ":port" notation. -// -// NOTE: This REPLACES any custom HTTP provider previously set by calling -// c.SetProvider with the default HTTP challenge provider. -func (c *SolverManager) SetHTTP01Address(iface string) error { - host, port, err := net.SplitHostPort(iface) - if err != nil { - return err - } - - if chlng, ok := c.solvers[challenge.HTTP01]; ok { - chlng.(*http01.Challenge).SetProvider(http01.NewProviderServer(host, port)) - } - - return nil -} - -// SetTLSALPN01Address specifies a custom interface:port to be used for TLS based challenges. -// If this option is not used, the default port 443 and all interfaces will be used. -// To only specify a port and no interface use the ":port" notation. -// -// NOTE: This REPLACES any custom TLS-ALPN provider previously set by calling -// c.SetProvider with the default TLS-ALPN challenge provider. -func (c *SolverManager) SetTLSALPN01Address(iface string) error { - host, port, err := net.SplitHostPort(iface) - if err != nil { - return err - } - - if chlng, ok := c.solvers[challenge.TLSALPN01]; ok { - chlng.(*tlsalpn01.Challenge).SetProvider(tlsalpn01.NewProviderServer(host, port)) - } - - return nil -} - // SetHTTP01Provider specifies a custom provider p that can solve the given HTTP-01 challenge. func (c *SolverManager) SetHTTP01Provider(p challenge.Provider) error { c.solvers[challenge.HTTP01] = http01.NewChallenge(c.core, validate, p) @@ -96,18 +52,15 @@ func (c *SolverManager) SetDNS01Provider(p challenge.Provider, opts ...dns01.Cha return nil } -// Exclude explicitly removes challenges from the pool for solving. -func (c *SolverManager) Exclude(challenges []challenge.Type) { - // Loop through all challenges and delete the requested one if found. - for _, chlg := range challenges { - delete(c.solvers, chlg) - } +// Remove Remove a challenge type from the available solvers. +func (c *SolverManager) Remove(chlgType challenge.Type) { + delete(c.solvers, chlgType) } // Checks all challenges from the server in order and returns the first matching solver. func (c *SolverManager) chooseSolver(authz acme.Authorization) solver { // Allow to have a deterministic challenge order - sort.Sort(sort.Reverse(byType(authz.Challenges))) + sort.Sort(byType(authz.Challenges)) domain := challenge.GetTargetedDomain(authz) for _, chlg := range authz.Challenges { diff --git a/vendor/github.com/xenolf/lego/lego/client.go b/vendor/github.com/xenolf/lego/lego/client.go index 5235b1de8..1f7b5c8d1 100644 --- a/vendor/github.com/xenolf/lego/lego/client.go +++ b/vendor/github.com/xenolf/lego/lego/client.go @@ -53,9 +53,10 @@ func NewClient(config *Config) (*Client, error) { solversManager := resolver.NewSolversManager(core) prober := resolver.NewProber(solversManager) + certifier := certificate.NewCertifier(core, prober, certificate.CertifierOptions{KeyType: config.Certificate.KeyType, Timeout: config.Certificate.Timeout}) return &Client{ - Certificate: certificate.NewCertifier(core, config.KeyType, prober), + Certificate: certifier, Challenge: solversManager, Registration: registration.NewRegistrar(core, config.User), core: core, diff --git a/vendor/github.com/xenolf/lego/lego/client_config.go b/vendor/github.com/xenolf/lego/lego/client_config.go index 738be86ae..4807fcfe9 100644 --- a/vendor/github.com/xenolf/lego/lego/client_config.go +++ b/vendor/github.com/xenolf/lego/lego/client_config.go @@ -35,22 +35,30 @@ const ( ) type Config struct { - CADirURL string - User registration.User - KeyType certcrypto.KeyType - UserAgent string - HTTPClient *http.Client + CADirURL string + User registration.User + UserAgent string + HTTPClient *http.Client + Certificate CertificateConfig } func NewConfig(user registration.User) *Config { return &Config{ CADirURL: LEDirectoryProduction, User: user, - KeyType: certcrypto.RSA2048, HTTPClient: createDefaultHTTPClient(), + Certificate: CertificateConfig{ + KeyType: certcrypto.RSA2048, + Timeout: 30 * time.Second, + }, } } +type CertificateConfig struct { + KeyType certcrypto.KeyType + Timeout time.Duration +} + // createDefaultHTTPClient Creates an HTTP client with a reasonable timeout value // and potentially a custom *x509.CertPool // based on the caCertificatesEnvVar environment variable (see the `initCertPool` function) diff --git a/vendor/github.com/xenolf/lego/platform/wait/wait.go b/vendor/github.com/xenolf/lego/platform/wait/wait.go index 65090bf86..511e1f28f 100644 --- a/vendor/github.com/xenolf/lego/platform/wait/wait.go +++ b/vendor/github.com/xenolf/lego/platform/wait/wait.go @@ -8,8 +8,8 @@ import ( ) // For polls the given function 'f', once every 'interval', up to 'timeout'. -func For(timeout, interval time.Duration, f func() (bool, error)) error { - log.Infof("Wait [timeout: %s, interval: %s]", timeout, interval) +func For(msg string, timeout, interval time.Duration, f func() (bool, error)) error { + log.Infof("Wait for %s [timeout: %s, interval: %s]", msg, timeout, interval) var lastErr string timeUp := time.After(timeout) diff --git a/vendor/manifest b/vendor/manifest index 322083773..8e126b091 100644 --- a/vendor/manifest +++ b/vendor/manifest @@ -138,7 +138,7 @@ "importpath": "github.com/mholt/certmagic", "repository": "https://github.com/mholt/certmagic", "vcs": "git", - "revision": "a3b276a1b44e1c2c3dcab752729976ea04f4839b", + "revision": "707b20497ed70e559300ae4e91c6fd7db973fffc", "branch": "master", "notests": true }, @@ -178,7 +178,7 @@ "importpath": "github.com/xenolf/lego/acme", "repository": "https://github.com/xenolf/lego", "vcs": "git", - "revision": "b05b54d1f69a31ceed92e2995243c5b17821c9e4", + "revision": "a43ec709e8034f388aab28d14b97aeed0e7aa98c", "branch": "master", "path": "acme", "notests": true @@ -187,7 +187,7 @@ "importpath": "github.com/xenolf/lego/certcrypto", "repository": "https://github.com/xenolf/lego", "vcs": "git", - "revision": "b05b54d1f69a31ceed92e2995243c5b17821c9e4", + "revision": "a43ec709e8034f388aab28d14b97aeed0e7aa98c", "branch": "master", "path": "certcrypto", "notests": true @@ -196,7 +196,7 @@ "importpath": "github.com/xenolf/lego/certificate", "repository": "https://github.com/xenolf/lego", "vcs": "git", - "revision": "b05b54d1f69a31ceed92e2995243c5b17821c9e4", + "revision": "a43ec709e8034f388aab28d14b97aeed0e7aa98c", "branch": "master", "path": "certificate", "notests": true @@ -205,7 +205,7 @@ "importpath": "github.com/xenolf/lego/challenge", "repository": "https://github.com/xenolf/lego", "vcs": "git", - "revision": "b05b54d1f69a31ceed92e2995243c5b17821c9e4", + "revision": "a43ec709e8034f388aab28d14b97aeed0e7aa98c", "branch": "master", "path": "/challenge", "notests": true @@ -214,7 +214,7 @@ "importpath": "github.com/xenolf/lego/lego", "repository": "https://github.com/xenolf/lego", "vcs": "git", - "revision": "b05b54d1f69a31ceed92e2995243c5b17821c9e4", + "revision": "a43ec709e8034f388aab28d14b97aeed0e7aa98c", "branch": "master", "path": "/lego", "notests": true @@ -232,7 +232,7 @@ "importpath": "github.com/xenolf/lego/platform/wait", "repository": "https://github.com/xenolf/lego", "vcs": "git", - "revision": "b05b54d1f69a31ceed92e2995243c5b17821c9e4", + "revision": "a43ec709e8034f388aab28d14b97aeed0e7aa98c", "branch": "master", "path": "platform/wait", "notests": true @@ -241,7 +241,7 @@ "importpath": "github.com/xenolf/lego/registration", "repository": "https://github.com/xenolf/lego", "vcs": "git", - "revision": "b05b54d1f69a31ceed92e2995243c5b17821c9e4", + "revision": "a43ec709e8034f388aab28d14b97aeed0e7aa98c", "branch": "master", "path": "registration", "notests": true