-
Notifications
You must be signed in to change notification settings - Fork 0
/
config.go
118 lines (100 loc) · 2.13 KB
/
config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
package main
import (
"errors"
"fmt"
"os"
"strconv"
"strings"
"github.com/devon-mar/acmevault/cert"
)
const (
envCerts = "AV_CERTS"
envExitError = "AV_EXIT_ERROR"
certOptionKeyType = "keytype"
certOptionMustStaple = "muststaple"
certOptionReuseKey = "reusekey"
)
type config struct {
certs []certConfig
exitOnError bool
}
func configFromEnv() (*config, error) {
cfg := &config{}
for _, c := range strings.Split(os.Getenv(envCerts), "\n") {
if c == "" {
continue
}
cc, err := parseCert(c)
if err != nil {
return nil, fmt.Errorf("error parsing cert: %w", err)
}
cfg.certs = append(cfg.certs, *cc)
}
cfg.exitOnError, _ = strconv.ParseBool(os.Getenv(envExitError))
if err := cfg.validate(); err != nil {
return nil, err
}
return cfg, nil
}
func (c *config) validate() error {
if len(c.certs) == 0 {
return errors.New("0 certs found")
}
for _, cc := range c.certs {
if err := cc.validate(); err != nil {
return err
}
}
return nil
}
type certConfig struct {
cert.CertRequest
reuseKey bool
}
func (c *certConfig) validate() error {
if len(c.Domains) == 0 {
return errors.New("cannot have 0 domains")
}
return nil
}
func parseCert(s string) (*certConfig, error) {
cfg := &certConfig{}
split := strings.Split(s, ",")
var options []string
for i, d := range split {
if strings.Contains(d, "=") {
// we're done parsing domains
options = split[i:]
break
}
trimmed := strings.TrimSpace(d)
if len(trimmed) == 0 {
continue
}
cfg.Domains = append(cfg.Domains, trimmed)
}
for _, o := range options {
k, v := splitKV(strings.TrimSpace(o))
if k == "" || v == "" {
return nil, fmt.Errorf("empty key or value: %q", o)
}
switch k {
case certOptionKeyType:
cfg.KeyType = v
case certOptionMustStaple:
cfg.MustStaple, _ = strconv.ParseBool(v)
case certOptionReuseKey:
cfg.reuseKey, _ = strconv.ParseBool(v)
default:
return nil, fmt.Errorf("unsupported cert option %q", k)
}
}
return cfg, nil
}
func splitKV(s string) (string, string) {
split := strings.SplitN(s, "=", 2)
if len(split) != 2 {
return split[0], ""
}
return split[0], split[1]
}