e2m/dispatch
4
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Update dependencies

Browse source
This commit is contained in:
Ken-Håvard Lieng 2019-01-23 08:52:17 +01:00
parent 5e674254f0
commit 815b518c2c
145 changed files with 14129 additions and 4312 deletions
Download patch file Download diff file Expand all files Collapse all files

4
vendor/github.com/xenolf/lego/acme/api/internal/sender/useragent.go generated vendored
View file

@ -5,10 +5,10 @@ package sender
const (
// ourUserAgent is the User-Agent of this underlying library package.
ourUserAgent = "xenolf-acme/1.2.1"
ourUserAgent = "xenolf-acme/2.0.1"
// ourUserAgentComment is part of the UA comment linked to the version status of this underlying library package.
// values: detach|release
// NOTE: Update this with each tagged release.
ourUserAgentComment = "detach"
ourUserAgentComment = "release"
)

74
vendor/github.com/xenolf/lego/certificate/certificates.go generated vendored
View file

@ -17,6 +17,7 @@ import (
"github.com/xenolf/lego/certcrypto"
"github.com/xenolf/lego/challenge"
"github.com/xenolf/lego/log"
"github.com/xenolf/lego/platform/wait"
"golang.org/x/crypto/ocsp"
"golang.org/x/net/idna"
)
@ -60,17 +61,24 @@ type resolver interface {
Solve(authorizations []acme.Authorization) error
}
type Certifier struct {
core *api.Core
keyType certcrypto.KeyType
resolver resolver
type CertifierOptions struct {
KeyType certcrypto.KeyType
Timeout time.Duration
}
func NewCertifier(core *api.Core, keyType certcrypto.KeyType, resolver resolver) *Certifier {
// Certifier A service to obtain/renew/revoke certificates.
type Certifier struct {
core *api.Core
resolver resolver
options CertifierOptions
}
// NewCertifier creates a Certifier.
func NewCertifier(core *api.Core, resolver resolver, options CertifierOptions) *Certifier {
return &Certifier{
core: core,
keyType: keyType,
resolver: resolver,
options: options,
}
}
@ -191,7 +199,7 @@ func (c *Certifier) ObtainForCSR(csr x509.CertificateRequest, bundle bool) (*Res
func (c *Certifier) getForOrder(domains []string, order acme.ExtendedOrder, bundle bool, privateKey crypto.PrivateKey, mustStaple bool) (*Resource, error) {
if privateKey == nil {
var err error
privateKey, err = certcrypto.GeneratePrivateKey(c.keyType)
privateKey, err = certcrypto.GeneratePrivateKey(c.options.KeyType)
if err != nil {
return nil, err
}
@ -237,9 +245,9 @@ func (c *Certifier) getForCSR(domains []string, order acme.ExtendedOrder, bundle
if respOrder.Status == acme.StatusValid {
// if the certificate is available right away, short cut!
ok, err := c.checkResponse(respOrder, certRes, bundle)
if err != nil {
return nil, err
ok, errR := c.checkResponse(respOrder, certRes, bundle)
if errR != nil {
return nil, errR
}
if ok {
@ -247,34 +255,26 @@ func (c *Certifier) getForCSR(domains []string, order acme.ExtendedOrder, bundle
}
}
return c.waitForCertificate(certRes, order.Location, bundle)
}
func (c *Certifier) waitForCertificate(certRes *Resource, orderURL string, bundle bool) (*Resource, error) {
stopTimer := time.NewTimer(30 * time.Second)
defer stopTimer.Stop()
retryTick := time.NewTicker(500 * time.Millisecond)
defer retryTick.Stop()
for {
select {
case <-stopTimer.C:
return nil, errors.New("certificate polling timed out")
case <-retryTick.C:
order, err := c.core.Orders.Get(orderURL)
if err != nil {
return nil, err
}
done, err := c.checkResponse(order, certRes, bundle)
if err != nil {
return nil, err
}
if done {
return certRes, nil
}
}
timeout := c.options.Timeout
if c.options.Timeout <= 0 {
timeout = 30 * time.Second
}
err = wait.For("certificate", timeout, timeout/60, func() (bool, error) {
ord, errW := c.core.Orders.Get(order.Location)
if errW != nil {
return false, errW
}
done, errW := c.checkResponse(ord, certRes, bundle)
if errW != nil {
return false, errW
}
return done, nil
})
return certRes, err
}
// checkResponse checks to see if the certificate is ready and a link is contained in the response.

4
vendor/github.com/xenolf/lego/challenge/dns01/dns_challenge.go generated vendored
View file

@ -123,7 +123,7 @@ func (c *Challenge) Solve(authz acme.Authorization) error {
log.Infof("[%s] acme: Checking DNS record propagation using %+v", domain, recursiveNameservers)
err = wait.For(timeout, interval, func() (bool, error) {
err = wait.For("propagation", timeout, interval, func() (bool, error) {
stop, errP := c.preCheck.call(fqdn, value)
if !stop || errP != nil {
log.Infof("[%s] acme: Waiting for DNS record propagation.", domain)
@ -140,6 +140,8 @@ func (c *Challenge) Solve(authz acme.Authorization) error {
// CleanUp cleans the challenge.
func (c *Challenge) CleanUp(authz acme.Authorization) error {
log.Infof("[%s] acme: Cleaning DNS-01 challenge", challenge.GetTargetedDomain(authz))
chlng, err := challenge.FindChallenge(challenge.DNS01, authz)
if err != nil {
return err

8
vendor/github.com/xenolf/lego/challenge/dns01/precheck.go generated vendored
View file

@ -91,10 +91,14 @@ func checkAuthoritativeNss(fqdn, value string, nameservers []string) (bool, erro
return false, fmt.Errorf("NS %s returned %s for %s", ns, dns.RcodeToString[r.Rcode], fqdn)
}
var records []string
var found bool
for _, rr := range r.Answer {
if txt, ok := rr.(*dns.TXT); ok {
if strings.Join(txt.Txt, "") == value {
record := strings.Join(txt.Txt, "")
records = append(records, record)
if record == value {
found = true
break
}
@ -102,7 +106,7 @@ func checkAuthoritativeNss(fqdn, value string, nameservers []string) (bool, erro
}
if !found {
return false, fmt.Errorf("NS %s did not return the expected TXT record [fqdn: %s]", ns, fqdn)
return false, fmt.Errorf("NS %s did not return the expected TXT record [fqdn: %s, value: %s]: %s", ns, fqdn, value, strings.Join(records, " ,"))
}
}

7
vendor/github.com/xenolf/lego/challenge/resolver/prober.go generated vendored
View file

@ -110,7 +110,7 @@ func sequentialSolve(authSolvers []*selectedAuthSolver, failures obtainError) {
// Solve challenge
err := authSolver.solver.Solve(authSolver.authz)
if err != nil {
failures[authSolver.authz.Identifier.Value] = err
failures[domain] = err
cleanUp(authSolver.solver, authSolver.authz)
continue
}
@ -149,14 +149,15 @@ func parallelSolve(authSolvers []*selectedAuthSolver, failures obtainError) {
// Finally solve all challenges for real
for _, authSolver := range authSolvers {
authz := authSolver.authz
if failures[authz.Identifier.Value] != nil {
domain := challenge.GetTargetedDomain(authz)
if failures[domain] != nil {
// already failed in previous loop
continue
}
err := authSolver.solver.Solve(authz)
if err != nil {
failures[authz.Identifier.Value] = err
failures[domain] = err
}
}
}

59
vendor/github.com/xenolf/lego/challenge/resolver/solver_manager.go generated vendored
View file

@ -3,7 +3,6 @@ package resolver
import (
"errors"
"fmt"
"net"
"sort"
"strconv"
"time"
@ -21,7 +20,7 @@ type byType []acme.Challenge
func (a byType) Len() int { return len(a) }
func (a byType) Swap(i, j int) { a[i], a[j] = a[j], a[i] }
func (a byType) Less(i, j int) bool { return a[i].Type < a[j].Type }
func (a byType) Less(i, j int) bool { return a[i].Type > a[j].Type }
type SolverManager struct {
core *api.Core
@ -29,55 +28,12 @@ type SolverManager struct {
}
func NewSolversManager(core *api.Core) *SolverManager {
solvers := map[challenge.Type]solver{
challenge.HTTP01: http01.NewChallenge(core, validate, &http01.ProviderServer{}),
challenge.TLSALPN01: tlsalpn01.NewChallenge(core, validate, &tlsalpn01.ProviderServer{}),
}
return &SolverManager{
solvers: solvers,
solvers: map[challenge.Type]solver{},
core: core,
}
}
// SetHTTP01Address specifies a custom interface:port to be used for HTTP based challenges.
// If this option is not used, the default port 80 and all interfaces will be used.
// To only specify a port and no interface use the ":port" notation.
//
// NOTE: This REPLACES any custom HTTP provider previously set by calling
// c.SetProvider with the default HTTP challenge provider.
func (c *SolverManager) SetHTTP01Address(iface string) error {
host, port, err := net.SplitHostPort(iface)
if err != nil {
return err
}
if chlng, ok := c.solvers[challenge.HTTP01]; ok {
chlng.(*http01.Challenge).SetProvider(http01.NewProviderServer(host, port))
}
return nil
}
// SetTLSALPN01Address specifies a custom interface:port to be used for TLS based challenges.
// If this option is not used, the default port 443 and all interfaces will be used.
// To only specify a port and no interface use the ":port" notation.
//
// NOTE: This REPLACES any custom TLS-ALPN provider previously set by calling
// c.SetProvider with the default TLS-ALPN challenge provider.
func (c *SolverManager) SetTLSALPN01Address(iface string) error {
host, port, err := net.SplitHostPort(iface)
if err != nil {
return err
}
if chlng, ok := c.solvers[challenge.TLSALPN01]; ok {
chlng.(*tlsalpn01.Challenge).SetProvider(tlsalpn01.NewProviderServer(host, port))
}
return nil
}
// SetHTTP01Provider specifies a custom provider p that can solve the given HTTP-01 challenge.
func (c *SolverManager) SetHTTP01Provider(p challenge.Provider) error {
c.solvers[challenge.HTTP01] = http01.NewChallenge(c.core, validate, p)
@ -96,18 +52,15 @@ func (c *SolverManager) SetDNS01Provider(p challenge.Provider, opts ...dns01.Cha
return nil
}
// Exclude explicitly removes challenges from the pool for solving.
func (c *SolverManager) Exclude(challenges []challenge.Type) {
// Loop through all challenges and delete the requested one if found.
for _, chlg := range challenges {
delete(c.solvers, chlg)
}
// Remove Remove a challenge type from the available solvers.
func (c *SolverManager) Remove(chlgType challenge.Type) {
delete(c.solvers, chlgType)
}
// Checks all challenges from the server in order and returns the first matching solver.
func (c *SolverManager) chooseSolver(authz acme.Authorization) solver {
// Allow to have a deterministic challenge order
sort.Sort(sort.Reverse(byType(authz.Challenges)))
sort.Sort(byType(authz.Challenges))
domain := challenge.GetTargetedDomain(authz)
for _, chlg := range authz.Challenges {

3
vendor/github.com/xenolf/lego/lego/client.go generated vendored
View file

@ -53,9 +53,10 @@ func NewClient(config *Config) (*Client, error) {
solversManager := resolver.NewSolversManager(core)
prober := resolver.NewProber(solversManager)
certifier := certificate.NewCertifier(core, prober, certificate.CertifierOptions{KeyType: config.Certificate.KeyType, Timeout: config.Certificate.Timeout})
return &Client{
Certificate: certificate.NewCertifier(core, config.KeyType, prober),
Certificate: certifier,
Challenge: solversManager,
Registration: registration.NewRegistrar(core, config.User),
core: core,

20
vendor/github.com/xenolf/lego/lego/client_config.go generated vendored
View file

@ -35,22 +35,30 @@ const (
)
type Config struct {
CADirURL string
User registration.User
KeyType certcrypto.KeyType
UserAgent string
HTTPClient *http.Client
CADirURL string
User registration.User
UserAgent string
HTTPClient *http.Client
Certificate CertificateConfig
}
func NewConfig(user registration.User) *Config {
return &Config{
CADirURL: LEDirectoryProduction,
User: user,
KeyType: certcrypto.RSA2048,
HTTPClient: createDefaultHTTPClient(),
Certificate: CertificateConfig{
KeyType: certcrypto.RSA2048,
Timeout: 30 * time.Second,
},
}
}
type CertificateConfig struct {
KeyType certcrypto.KeyType
Timeout time.Duration
}
// createDefaultHTTPClient Creates an HTTP client with a reasonable timeout value
// and potentially a custom *x509.CertPool
// based on the caCertificatesEnvVar environment variable (see the `initCertPool` function)

4
vendor/github.com/xenolf/lego/platform/wait/wait.go generated vendored
View file

@ -8,8 +8,8 @@ import (
)
// For polls the given function 'f', once every 'interval', up to 'timeout'.
func For(timeout, interval time.Duration, f func() (bool, error)) error {
log.Infof("Wait [timeout: %s, interval: %s]", timeout, interval)
func For(msg string, timeout, interval time.Duration, f func() (bool, error)) error {
log.Infof("Wait for %s [timeout: %s, interval: %s]", msg, timeout, interval)
var lastErr string
timeUp := time.After(timeout)