maska/traefik-certs-dumper
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
c2bcf153e9
traefik-certs-dumper/acme.go
Stephan Müller c5cd7b0a0b
fix some errors & add CLI options & extend readme
2019-04-19 19:10:53 +02:00

182 lines
3.9 KiB
Go
Raw Blame History

package main
import (
"encoding/pem"
"fmt"
"io/ioutil"
"log"
"os"
"path/filepath"
"github.com/xenolf/lego/certcrypto"
"github.com/xenolf/lego/registration"
)
// Certificate is a struct which contains all data needed from an ACME certificate
type Certificate struct {
Domain Domain
Certificate []byte
Key []byte
}
// Domain holds a domain name with SANs
type Domain struct {
Main string
SANs []string
}
// Account is used to store lets encrypt registration info
type Account struct {
Email string
Registration *registration.Resource
PrivateKey []byte
KeyType certcrypto.KeyType
}
type fileInfo struct {
Name string
Ext string
}
const (
certsSubDir = "certs"
keysSubDir = "private"
)
// StoredData represents the data managed by the Store
type StoredData struct {
Account *Account
Certificates []*Certificate
HTTPChallenges map[string]map[string][]byte
TLSChallenges map[string]*Certificate
}
func dump(config *Config, data *StoredData) error {
if err := os.RemoveAll(config.Path); err != nil {
return err
}
if !config.DomainSubDir {
if err := os.MkdirAll(filepath.Join(config.Path, certsSubDir), 0755); err != nil {
return err
}
}
if err := os.MkdirAll(filepath.Join(config.Path, keysSubDir), 0755); err != nil {
return err
}
privateKeyPem := extractPEMPrivateKey(data.Account)
err := ioutil.WriteFile(filepath.Join(config.Path, keysSubDir, "letsencrypt"+config.KeyInfo.Ext), privateKeyPem, 0666)
if err != nil {
return err
}
for _, cert := range data.Certificates {
err := writeCert(config.Path, cert, config.CertInfo, config.DomainSubDir)
if err != nil {
return err
}
err = writeKey(config.Path, cert, config.KeyInfo, config.DomainSubDir)
if err != nil {
return err
}
}
if config.Watch {
log.Println("wrote new configuration")
}
if err := tree(config.Path, ""); err != nil {
return err
}
return nil
}
func writeCert(dumpPath string, cert *Certificate, info fileInfo, domainSubDir bool) error {
certPath := filepath.Join(dumpPath, keysSubDir, cert.Domain.Main+info.Ext)
if domainSubDir {
certPath = filepath.Join(dumpPath, cert.Domain.Main, info.Name+info.Ext)
if err := os.MkdirAll(filepath.Join(dumpPath, cert.Domain.Main), 0755); err != nil {
return err
}
}
return ioutil.WriteFile(certPath, cert.Certificate, 0666)
}
func writeKey(dumpPath string, cert *Certificate, info fileInfo, domainSubDir bool) error {
keyPath := filepath.Join(dumpPath, certsSubDir, cert.Domain.Main+info.Ext)
if domainSubDir {
keyPath = filepath.Join(dumpPath, cert.Domain.Main, info.Name+info.Ext)
if err := os.MkdirAll(filepath.Join(dumpPath, cert.Domain.Main), 0755); err != nil {
return err
}
}
return ioutil.WriteFile(keyPath, cert.Key, 0666)
}
func extractPEMPrivateKey(account *Account) []byte {
var block *pem.Block
switch account.KeyType {
case certcrypto.RSA2048, certcrypto.RSA4096, certcrypto.RSA8192:
block = &pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: account.PrivateKey,
}
case certcrypto.EC256, certcrypto.EC384:
block = &pem.Block{
Type: "EC PRIVATE KEY",
Bytes: account.PrivateKey,
}
default:
panic("unsupported key type")
}
return pem.EncodeToMemory(block)
}
func tree(root, indent string) error {
fi, err := os.Stat(root)
if err != nil {
return fmt.Errorf("could not stat %s: %v", root, err)
}
fmt.Println(fi.Name())
if !fi.IsDir() {
return nil
}
fis, err := ioutil.ReadDir(root)
if err != nil {
return fmt.Errorf("could not read dir %s: %v", root, err)
}
var names []string
for _, fi := range fis {
if fi.Name()[0] != '.' {
names = append(names, fi.Name())
}
}
for i, name := range names {
add := "│ "
if i == len(names)-1 {
fmt.Printf(indent + "└──")
add = " "
} else {
fmt.Printf(indent + "├──")
}
if err := tree(filepath.Join(root, name), indent+add); err != nil {
return err
}
}
return nil
}
Reference in New Issue View Git Blame Copy Permalink