v1.7.16

分支 (16)

标签 (328)

管理

管理

master

v2.4

v2.3

v1.7

v2.2

gh-pages

v2.0

v2.1

v1.4

v1.6

v1.3

v1.2

v1.5

v1.1

v1.0

add-plugin-support

v2.4.2

v2.4.1

v2.4.0

v1.7.28

v1.7.27

v2.4.0-rc2

v2.3.7

v2.3.6

v2.4.0-rc1

v2.3.5

v2.3.4

v2.3.3

v2.3.2

v2.3.1

v2.3.0

v2.3.0-rc7

v2.3.0-rc6

v2.3.0-rc5

v2.2.11

v2.2.10

traefik
/
provider
/
acme
/
challenge_tls.go

package acme

import (
	"crypto/tls"

	"github.com/containous/traefik/log"
	"github.com/containous/traefik/types"
	"github.com/go-acme/lego/challenge"
	"github.com/go-acme/lego/challenge/tlsalpn01"
)

var _ challenge.Provider = (*challengeTLSALPN)(nil)

type challengeTLSALPN struct {
	Store Store
}

func (c *challengeTLSALPN) Present(domain, token, keyAuth string) error {
	log.Debugf("TLS Challenge Present temp certificate for %s", domain)

	certPEMBlock, keyPEMBlock, err := tlsalpn01.ChallengeBlocks(domain, keyAuth)
	if err != nil {
		return err
	}

	cert := &Certificate{Certificate: certPEMBlock, Key: keyPEMBlock, Domain: types.Domain{Main: "TEMP-" + domain}}
	return c.Store.AddTLSChallenge(domain, cert)
}

func (c *challengeTLSALPN) CleanUp(domain, token, keyAuth string) error {
	log.Debugf("TLS Challenge CleanUp temp certificate for %s", domain)

	return c.Store.RemoveTLSChallenge(domain)
}

// GetTLSALPNCertificate Get the temp certificate for ACME TLS-ALPN-O1 challenge.
func (p *Provider) GetTLSALPNCertificate(domain string) (*tls.Certificate, error) {
	cert, err := p.Store.GetTLSChallenge(domain)
	if err != nil {
		return nil, err
	}

	if cert == nil {
		return nil, nil
	}

	certificate, err := tls.X509KeyPair(cert.Certificate, cert.Key)
	if err != nil {
		return nil, err
	}

	return &certificate, nil
}