/
lego_client.go
84 lines (70 loc) · 1.95 KB
/
lego_client.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
package cert
import (
"errors"
"github.com/go-acme/lego/v4/certcrypto"
"github.com/go-acme/lego/v4/certificate"
"github.com/go-acme/lego/v4/lego"
"github.com/go-acme/lego/v4/registration"
"log"
)
type MyClient struct {
user *MyUser
client *lego.Client
cADirURL string
resolved bool
}
func NewMyClient(myUser *MyUser, cADirURL string) (*MyClient, error) {
config := lego.NewConfig(myUser)
// This CA URL is configured for a local dev instance of Boulder running in Docker in a VM.
config.CADirURL = cADirURL
config.Certificate.KeyType = certcrypto.RSA2048
client, err := lego.NewClient(config)
if err != nil {
log.Fatalln(err)
}
bestDNS, err := NewDNSProviderBestDNS()
err = client.Challenge.SetDNS01Provider(bestDNS)
if err != nil {
log.Fatalln(err)
}
return &MyClient{user: myUser, client: client, cADirURL: cADirURL, resolved: false}, err
}
func (c *MyClient) Register() error {
// New users will need to register
log.Println("client.Registration.Register")
reg, err := c.client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
if err != nil {
log.Fatalln(err)
} else {
c.user.registration = reg
c.resolved = true
}
return err
}
func (c *MyClient) ResolveRegistration() error {
key, err := c.client.Registration.ResolveAccountByKey()
if err != nil {
log.Fatalln(err)
} else {
c.user.registration = key
c.resolved = true
}
return err
}
func (c *MyClient) GetCert(domain string) (*certificate.Resource, error) {
if !c.resolved {
return nil, errors.New("must Resolve or Register before call API")
}
request := certificate.ObtainRequest{
Domains: []string{domain},
Bundle: true,
}
certificates, err := c.client.Certificate.Obtain(request)
if err != nil {
log.Fatalln(err)
}
//fmt.Printf("%#v\n", certificates)
// Each certificate comes back with the cert bytes, the bytes of the client's
// private key, and a certificate URL. SAVE THESE TO DISK.
return certificates, err
}