[SSL证书]实现基本的自动申请证书流程

2026-01-04 22:35:48 +08:00 · 2020-11-26 16:39:06 +08:00
parent 29cbabebf5
commit c1c83990d6
18 changed files with 594 additions and 27 deletions
--- a/internal/acme/request.go
+++ b/internal/acme/request.go
@@ -0,0 +1,94 @@
+package acme
+
+import (
+	"github.com/TeaOSLab/EdgeAPI/internal/errors"
+	"github.com/go-acme/lego/v4/certcrypto"
+	"github.com/go-acme/lego/v4/certificate"
+	"github.com/go-acme/lego/v4/lego"
+	acmelog "github.com/go-acme/lego/v4/log"
+	"github.com/go-acme/lego/v4/registration"
+	"io/ioutil"
+	"log"
+)
+
+type Request struct {
+	debug bool
+
+	task *Task
+}
+
+func NewRequest(task *Task) *Request {
+	return &Request{
+		task: task,
+	}
+}
+
+func (this *Request) Debug() {
+	this.debug = true
+}
+
+func (this *Request) Run() (certData []byte, keyData []byte, err error) {
+	if !this.debug {
+		acmelog.Logger = log.New(ioutil.Discard, "", log.LstdFlags)
+	}
+
+	if this.task.User == nil {
+		err = errors.New("'user' must not be nil")
+		return
+	}
+	if this.task.DNSProvider == nil {
+		err = errors.New("'dnsProvider' must not be nil")
+		return
+	}
+	if len(this.task.DNSDomain) == 0 {
+		err = errors.New("'dnsDomain' must not be empty")
+		return
+	}
+	if len(this.task.Domains) == 0 {
+		err = errors.New("'domains' must not be empty")
+		return
+	}
+
+	config := lego.NewConfig(this.task.User)
+	config.Certificate.KeyType = certcrypto.RSA2048
+
+	client, err := lego.NewClient(config)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	// 注册用户
+	resource := this.task.User.GetRegistration()
+	if resource != nil {
+		resource, err = client.Registration.QueryRegistration()
+		if err != nil {
+			return nil, nil, err
+		}
+	} else {
+		resource, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
+		if err != nil {
+			return nil, nil, err
+		}
+		err = this.task.User.Register(resource)
+		if err != nil {
+			return nil, nil, err
+		}
+	}
+
+	err = client.Challenge.SetDNS01Provider(NewDNSProvider(this.task.DNSProvider))
+	if err != nil {
+		return nil, nil, err
+	}
+
+	// 申请证书
+	request := certificate.ObtainRequest{
+		Domains: this.task.Domains,
+		Bundle:  true,
+	}
+	certResource, err := client.Certificate.Obtain(request)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return certResource.Certificate, certResource.PrivateKey, nil
+}