hatter/acme-client-rs
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

v1.1.0 add dns challenge support

Browse Source
This commit is contained in:
Hatter Jiang
2022-02-02 00:55:56 +08:00
parent d685636417
commit 2bb2c80768
3 changed files with 1089 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1149
Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

3
Cargo.toml
View File

@@ -1,6 +1,6 @@
[package]
name = "acme-client"
version = "1.0.3"
version = "1.1.0"
authors = ["Hatter Jiang <jht5945@gmail.com>"]
edition = "2018"
description = "Acme auto challenge client, acme-client can issue certificates from Let's encrypt"
@@ -25,6 +25,7 @@ urlencoding = "1.0.0"
base64 = "0.11.0"
hmac = "0.7.1"
sha2 = "0.8.1"
aliyun-openapi-core-rust-sdk = "0.3.0"
[profile.release]
codegen-units = 1

45
src/main.rs
View File

@@ -31,6 +31,7 @@ use crate::config::{CertConfig, CERT_NAME, KEY_NAME};
use crate::x509::{X509PublicKeyAlgo, X509EcPublicKeyAlgo};
use std::path::PathBuf;
use rust_util::util_cmd::run_command_and_wait;
use crate::AcmeChallenge::Http;
use crate::dingtalk::send_dingtalk_message;
use crate::network::{get_local_public_ip, get_resolver, resolve_first_ipv4};
use crate::statics::{AcmeStatics, AcmeStatus};
@@ -44,8 +45,21 @@ lazy_static! {
static ref TOKEN_MAP: RwLock<BTreeMap<String, String>> = RwLock::new(BTreeMap::new());
}
#[derive(Debug, Clone, Copy)]
enum AcmeChallenge {
Http,
Dns,
}
impl Default for AcmeChallenge {
fn default() -> Self {
Http
}
}
#[derive(Debug, Default)]
struct AcmeRequest<'a> {
challenge: AcmeChallenge,
contract_email: &'a str,
primary_name: &'a str,
alt_names: &'a [&'a str],
@@ -238,6 +252,7 @@ async fn main() -> tide::Result<()> {
};
let acme_request = AcmeRequest {
challenge: Http,
contract_email: &email,
primary_name,
alt_names: &alt_names,
@@ -273,6 +288,7 @@ async fn main() -> tide::Result<()> {
information!("Domains, main: {}, alt: {:?}", common_name, dns_names);
let alt_names: Vec<&str> = dns_names.iter().map(|n| n.as_str()).collect();
let acme_request = AcmeRequest {
challenge: Http,
contract_email: &email,
primary_name: common_name,
alt_names: &alt_names,
@@ -435,16 +451,29 @@ fn request_acme_certificate(acme_request: AcmeRequest) -> XResult<()> {
debugging!("Start acme certificate http challenge");
let auths = opt_result!(ord_new.authorizations(), "Order auth failed: {}");
for auth in &auths {
let chall = auth.http_challenge();
let token = chall.http_token();
let proof = chall.http_proof();
match acme_request.challenge {
Http => {
let chall = auth.http_challenge();
let token = chall.http_token();
let proof = chall.http_proof();
{
information!("Add acme http challenge: {} -> {}",token, proof);
TOKEN_MAP.write().unwrap().insert(token.to_string(), proof);
{
information!("Add acme http challenge: {} -> {}",token, proof);
TOKEN_MAP.write().unwrap().insert(token.to_string(), proof);
}
debugging!("Valid acme certificate http challenge");
opt_result!(chall.validate(acme_request.timeout), "Validate http challenge failed: {}");
}
Dns => {
let chall = auth.dns_challenge();
let record = format!("_acme-challenge.{}.", auth.domain_name());
let proof = chall.dns_proof();
information!("Add acme dns challenge: {} -> {}",record, proof);
debugging!("Valid acme certificate dns challenge");
opt_result!(chall.validate(acme_request.timeout), "Validate dns challenge failed: {}");
}
}
debugging!("Valid acme certificate http challenge");
opt_result!(chall.validate(acme_request.timeout), "Validate http challenge failed: {}");
}
debugging!("Refresh acme certificate order");