From 0113468f26f4e135ff525a427140ba041b657b46 Mon Sep 17 00:00:00 2001 From: rekby Date: Mon, 20 May 2019 09:55:12 +0300 Subject: [PATCH] Add support for save metadata from file. Fix ignore issue timeout from config file. Remove config of subdomains (really doeasn't supported now). Close #64 --- cmd/a_main-packr.go | 2 +- cmd/config.go | 8 +++--- cmd/main.go | 5 +++- cmd/static/default-config.toml | 6 ++-- internal/cert_manager/manager.go | 48 +++++++++++++++++++++++++------- 5 files changed, 50 insertions(+), 19 deletions(-) diff --git a/cmd/a_main-packr.go b/cmd/a_main-packr.go index 556b148c..cb95a54b 100644 --- a/cmd/a_main-packr.go +++ b/cmd/a_main-packr.go @@ -7,5 +7,5 @@ import "github.com/gobuffalo/packr" // You can use the "packr clean" command to clean up this, // and any other packr generated files. func init() { - packr.PackJSONBytes("static", "default-config.toml", "\"W0dlbmVyYWxdCgojIFNlY29uZHMgZm9yIGlzc3VlIGV2ZXJ5IGNlcnRpZmljYXRlLiBDYW5jZWwgaXNzdWUgYW5kIHJldHVybiBlcnJvciBpZiB0aW1lb3V0LgpJc3N1ZVRpbWVvdXQgPSAzMDAKCiMgQ29tbWEgc2VwYXJhdGVkIGZvciBzdWJkb21haW5zIGZvciB0cnkgZ2V0IGNvbW1vbiB1c2VkIHN1YmRvbWFpbnMgaW4gb25lIGNlcnRpZmljYXRlLgpBdXRvSXNzdWVGb3JTdWJkb21haW5zID0gInd3dyIKCiMgUGF0aCB0byBkaXIsIHdoaWNoIHdpbGwgc3RvcmUgc3RhdGUgYW5kIGNlcnRpZmljYXRlcwpTdG9yYWdlRGlyID0gInN0b3JhZ2UiCgojIERpcmVjdG9yeSB1cmwgb2YgYWNtZSBzZXJ2ZXIuCiNUZXN0IHNlcnZlcjogaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvZGlyZWN0b3J5CkFjbWVTZXJ2ZXIgPSAiaHR0cHM6Ly9hY21lLXYwMS5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeSIKCltMb2ddCkVuYWJsZUxvZ1RvRmlsZSA9IHRydWUKRW5hYmxlTG9nVG9TdGRFcnIgPSB0cnVlCgojIHZlcmJvc2UgbGV2ZWwgb2YgbG9nLCBvbmUgb2Y6IGRlYnVnLCBpbmZvLCB3YXJuaW5nLCBlcnJvciwgZmF0YWwKTG9nTGV2ZWwgPSAiaW5mbyIKCiMgRW5hYmxlIHNlbGYgbG9nIHJvdGF0aW5nCkVuYWJsZVJvdGF0ZSA9IHRydWUKCiMgRW5hYmxlIGRldmVsb3BlciBtb2RlOiBtb3JlIHN0YWNrdHJhY2VzIGFuZCBwYW5pYyAoc3RvcCBwcm9ncmFtKSBvbiBzb21lIGludGVybmFsIGVycm9ycy4KRGV2ZWxvcGVyTW9kZSA9IGZhbHNlCgojIFBhdGggdG8gbG9nIGZpbGUKRmlsZSA9ICJsZXRzLXByb3h5LmxvZyIKCiMgUm90YXRlIGxvZyBpZiBjdXJyZW50IGZpbGUgc2l6ZSBtb3JlIHRoYW4gWCBNQgpSb3RhdGVCeVNpemVNQiA9IDEwMAoKIyBDb21wcmVzcyBvbGQgbG9nIHdpdGggZ3ppcCBhZnRlciByb3RhdGUKQ29tcHJlc3NSb3RhdGVkID0gZmFsc2UKCiMgRGVsZXRlIG9sZCBiYWNrdXBzIGFmdGVyIFggZGF5cy4gMCBmb3IgZGlzYWJsZS4KTWF4RGF5cyA9IDEwCgojIERlbGV0ZSBvbGQgYmFja3VwcyBpZiBvbGQgZmlsZSBudW1iZXIgbW9yZSB0aGVuIFguIDAgZm9yIGRpc2FibGUuCk1heENvdW50ID0gMTAKCltQcm94eV0KCiMgRGVmYXVsdCBydWxlIG9mIHNlbGVjdCBkZXN0aW5hdGlvbiBhZGRyZXNzLgojSXQgY2FuIGJlOiBJUCAod2l0aCBkZWZhdWx0IHBvcnQgODApLCA6UG9ydCAoZGVmYXVsdCAtIHNhbWUgSVAgYXMgcmVjZWl2ZSBjb25uZWN0aW9uKSwgSVB2NDpQb3J0IG9yIFtJUHY2XTpQb3J0CkRlZmF1bHRUYXJnZXQgPSAiOjgwIgoKIyBBcnJheSBvZiAnLScgc2VwYXJhdGVkIHBhaXJzIG9yIElQOlBvcnQuIEZvciBleGFtcGxlOgojIFsKIyAgICIxLjIuMy40OjQ0My0yLjIuMi4yOjEyMzQiLAojICAgIjMuMy4zLjM6MzMzLVs6OjFdOjk0IgojICJdCiMgTWVhbjogY29ubmVjdGlvbnMsIGFjY2VwdGVkIG9uIDEuMi4zLjQ6NDQzIHNlbmQgdG8gc2VydmVyIDIuMi4yLjI6MTIzNAojIGFuZCBjb25uZWN0aW9ucyBhY2NlcHRlZCBvbiAzLjMuMy4zOjMzMyBzZW5kIHRvIGlwdjYgOjoxIHBvcnQgOTQKVGFyZ2V0TWFwID0gW10KCiMgQXJyYXkgb2YgY29sb24gc2VwYXJhdGVkIEhlYWRlck5hbWU6SGVhZGVyVmFsdWUgZm9yIGFkZCB0byByZXF1ZXN0IGZvciBiYWNrZW5kLiB7e1ZhbHVlfX0gaXMgc3BlY2lhbCBmb3Jtcywgd2hpY2ggY2FuCiMgaW50ZXJuYWxseSBwYXJzaW5nLiBOb3cgaXQgc3VwcG9ydCBvbmx5IHNwZWNpYWwgdmFsdWVzOgojIHt7Q09OTkVDVElPTl9JRH19IC0gSWQgb2YgYWNjZXB0ZWQgY29ubmVjdGlvbiwgZ2VuZXJhdGVkIGJ5IGxldHMtcHJveHkKIyB7e0hUVFBfUFJPVE99fSAtIHNldCB0byBodHRwL2h0dHBzIGRlcGVuZGVuY2UgaW5jb21pbmcgY29ubmVjdGlvbnMgaGFuZGxlZAojIHt7U09VUkNFX0lQfX0gLSBSZW1vdGUgSVAgb2YgaW5jb21pbmcgY29ubmVjdGlvbgojIHtTT1VSQ0VfUE9SVH19IC0gUmVtb3RlIHBvcnQgb2YgaW5jb21pbmcgY29ubmVjdGlvbgojIHt7U09VUkNFX0lQfX06e3tTT1VSQ0VfUE9SVH19IC0gUmVtb3RlIElQOlBvcnQgb2YgaW5jb21pbmcgY29ubmVjdGlvbi4KIyBOb3cgaXQgYWNjZXB0ZWQgb25seSB0aGlzIHNwZWNpYWwgdmFsdWVzLCB3aGljaCBtdXN0IGJlIGV4YXhsdHkgZXF1YWwgdG8gZXhhbXBsZXMuIEFsbCBvdGhlciB2YWx1ZXMgc2VuZCBhcyBpcy4KIyBCdXQgaXQgY2FuIGNoYW5nZSBhbmQgZXh0ZW5kIGluIGZ1dHVyZS4gRG9lc24ndCB1c2Uge3suLi59fSBhcyBvd24gdmFsdWVzLgojIEV4YW1wbGU6CiMgWyJJUDp7e1NPVVJDRV9JUH19IiwgIlByb3h5OmxldHMtcHJveHkiLCAiUHJvdG9jb2w6e3tIVFRQX1BST1RPfX0iIF0KSGVhZGVycyA9IFtdCgpbQ2hlY2tEb21haW5zXQoKIyBBbGxvdyBkb21haW4gaWYgaXQgcmVzb2x2ZXIgZm9yIG9uZSBvZiBwdWJsaWMgSVBzIG9mIHRoaXMgc2VydmVyLgpJUFNlbGYgPSB0cnVlCgojIEFsbG93IGRvbWFpbiBpZiBpdCByZXNvbHZlciBmb3Igb25lIG9mIHRoZSBpcHMuCklQV2hpdGVMaXN0ID0gIiIKCiMgUmVnZXhwIGluIGdvbGFuZyBzeW50YXggb2YgYmxhY2tsaXN0ZWQgZG9tYWluIGZvciBpc3N1ZSBjZXJ0aWZpY2F0ZS4KI1RoaXMgbGlzdCBvdmVycmlkZWQgYnkgd2hpdGVsaXN0LgpCbGFja0xpc3QgPSAiIgoKIyBSZWdleHAgaW4gZ29sYW5nIHN5bnRheCBvZiB3aGl0ZWxpc3QgZG9tYWlucyBmb3IgaXNzdWUgY2VydGlmaWNhdGUuCiNXaGl0ZWxpc3QgbmVlZCBmb3IgYWxsb3cgcGFydCBvZiBkb21haW5zLCB3aGljaCBleGNsdWRlZCBieSBibGFja2xpc3QuCiMKV2hpdGVMaXN0ID0gIiIKCltMaXN0ZW5dCgojIEJpbmQgYWRkcmVzc2VzIGZvciBUTFMgbGlzdGVuZXJzClRMU0FkZHJlc3NlcyA9IFsiOjQ0MyJdCgojIEJpbmQgYWRkcmVzc2VzIHdpdGhvdXQgVExTIHNlY3VyZSAoZm9yIEhUVFAgcmV2ZXJzZSBwcm94eSBhbmQgaHR0cC0wMSB2YWxpZGF0aW9uIHdpdGhvdXQgcmVkaXJlY3QgdG8gaHR0cHMpClRDUEFkZHJlc3NlcyA9IFtdCg==\"") + packr.PackJSONBytes("static", "default-config.toml", "\"W0dlbmVyYWxdCgojIFNlY29uZHMgZm9yIGlzc3VlIGV2ZXJ5IGNlcnRpZmljYXRlLiBDYW5jZWwgaXNzdWUgYW5kIHJldHVybiBlcnJvciBpZiB0aW1lb3V0LgpJc3N1ZVRpbWVvdXQgPSAzMDAKCiMgUGF0aCB0byBkaXIsIHdoaWNoIHdpbGwgc3RvcmUgc3RhdGUgYW5kIGNlcnRpZmljYXRlcwpTdG9yYWdlRGlyID0gInN0b3JhZ2UiCgojIFN0b3JlIC5qc29uIGluZm8gd2l0aCBjZXJ0aWZpY2F0ZSBtZXRhZGF0YSBuZWFyIGNlcnRpZmljYXRlLgpTdG9yZUpTT05NZXRhZGF0YSA9IHRydWUKCiMgRGlyZWN0b3J5IHVybCBvZiBhY21lIHNlcnZlci4KI1Rlc3Qgc2VydmVyOiBodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9kaXJlY3RvcnkKQWNtZVNlcnZlciA9ICJodHRwczovL2FjbWUtdjAxLmFwaS5sZXRzZW5jcnlwdC5vcmcvZGlyZWN0b3J5IgoKW0xvZ10KRW5hYmxlTG9nVG9GaWxlID0gdHJ1ZQpFbmFibGVMb2dUb1N0ZEVyciA9IHRydWUKCiMgdmVyYm9zZSBsZXZlbCBvZiBsb2csIG9uZSBvZjogZGVidWcsIGluZm8sIHdhcm5pbmcsIGVycm9yLCBmYXRhbApMb2dMZXZlbCA9ICJpbmZvIgoKIyBFbmFibGUgc2VsZiBsb2cgcm90YXRpbmcKRW5hYmxlUm90YXRlID0gdHJ1ZQoKIyBFbmFibGUgZGV2ZWxvcGVyIG1vZGU6IG1vcmUgc3RhY2t0cmFjZXMgYW5kIHBhbmljIChzdG9wIHByb2dyYW0pIG9uIHNvbWUgaW50ZXJuYWwgZXJyb3JzLgpEZXZlbG9wZXJNb2RlID0gZmFsc2UKCiMgUGF0aCB0byBsb2cgZmlsZQpGaWxlID0gImxldHMtcHJveHkubG9nIgoKIyBSb3RhdGUgbG9nIGlmIGN1cnJlbnQgZmlsZSBzaXplIG1vcmUgdGhhbiBYIE1CClJvdGF0ZUJ5U2l6ZU1CID0gMTAwCgojIENvbXByZXNzIG9sZCBsb2cgd2l0aCBnemlwIGFmdGVyIHJvdGF0ZQpDb21wcmVzc1JvdGF0ZWQgPSBmYWxzZQoKIyBEZWxldGUgb2xkIGJhY2t1cHMgYWZ0ZXIgWCBkYXlzLiAwIGZvciBkaXNhYmxlLgpNYXhEYXlzID0gMTAKCiMgRGVsZXRlIG9sZCBiYWNrdXBzIGlmIG9sZCBmaWxlIG51bWJlciBtb3JlIHRoZW4gWC4gMCBmb3IgZGlzYWJsZS4KTWF4Q291bnQgPSAxMAoKW1Byb3h5XQoKIyBEZWZhdWx0IHJ1bGUgb2Ygc2VsZWN0IGRlc3RpbmF0aW9uIGFkZHJlc3MuCiNJdCBjYW4gYmU6IElQICh3aXRoIGRlZmF1bHQgcG9ydCA4MCksIDpQb3J0IChkZWZhdWx0IC0gc2FtZSBJUCBhcyByZWNlaXZlIGNvbm5lY3Rpb24pLCBJUHY0OlBvcnQgb3IgW0lQdjZdOlBvcnQKRGVmYXVsdFRhcmdldCA9ICI6ODAiCgojIEFycmF5IG9mICctJyBzZXBhcmF0ZWQgcGFpcnMgb3IgSVA6UG9ydC4gRm9yIGV4YW1wbGU6CiMgWwojICAgIjEuMi4zLjQ6NDQzLTIuMi4yLjI6MTIzNCIsCiMgICAiMy4zLjMuMzozMzMtWzo6MV06OTQiCiMgIl0KIyBNZWFuOiBjb25uZWN0aW9ucywgYWNjZXB0ZWQgb24gMS4yLjMuNDo0NDMgc2VuZCB0byBzZXJ2ZXIgMi4yLjIuMjoxMjM0CiMgYW5kIGNvbm5lY3Rpb25zIGFjY2VwdGVkIG9uIDMuMy4zLjM6MzMzIHNlbmQgdG8gaXB2NiA6OjEgcG9ydCA5NApUYXJnZXRNYXAgPSBbXQoKIyBBcnJheSBvZiBjb2xvbiBzZXBhcmF0ZWQgSGVhZGVyTmFtZTpIZWFkZXJWYWx1ZSBmb3IgYWRkIHRvIHJlcXVlc3QgZm9yIGJhY2tlbmQuIHt7VmFsdWV9fSBpcyBzcGVjaWFsIGZvcm1zLCB3aGljaCBjYW4KIyBpbnRlcm5hbGx5IHBhcnNpbmcuIE5vdyBpdCBzdXBwb3J0IG9ubHkgc3BlY2lhbCB2YWx1ZXM6CiMge3tDT05ORUNUSU9OX0lEfX0gLSBJZCBvZiBhY2NlcHRlZCBjb25uZWN0aW9uLCBnZW5lcmF0ZWQgYnkgbGV0cy1wcm94eQojIHt7SFRUUF9QUk9UT319IC0gc2V0IHRvIGh0dHAvaHR0cHMgZGVwZW5kZW5jZSBpbmNvbWluZyBjb25uZWN0aW9ucyBoYW5kbGVkCiMge3tTT1VSQ0VfSVB9fSAtIFJlbW90ZSBJUCBvZiBpbmNvbWluZyBjb25uZWN0aW9uCiMge1NPVVJDRV9QT1JUfX0gLSBSZW1vdGUgcG9ydCBvZiBpbmNvbWluZyBjb25uZWN0aW9uCiMge3tTT1VSQ0VfSVB9fTp7e1NPVVJDRV9QT1JUfX0gLSBSZW1vdGUgSVA6UG9ydCBvZiBpbmNvbWluZyBjb25uZWN0aW9uLgojIE5vdyBpdCBhY2NlcHRlZCBvbmx5IHRoaXMgc3BlY2lhbCB2YWx1ZXMsIHdoaWNoIG11c3QgYmUgZXhheGx0eSBlcXVhbCB0byBleGFtcGxlcy4gQWxsIG90aGVyIHZhbHVlcyBzZW5kIGFzIGlzLgojIEJ1dCBpdCBjYW4gY2hhbmdlIGFuZCBleHRlbmQgaW4gZnV0dXJlLiBEb2Vzbid0IHVzZSB7ey4uLn19IGFzIG93biB2YWx1ZXMuCiMgRXhhbXBsZToKIyBbIklQOnt7U09VUkNFX0lQfX0iLCAiUHJveHk6bGV0cy1wcm94eSIsICJQcm90b2NvbDp7e0hUVFBfUFJPVE99fSIgXQpIZWFkZXJzID0gW10KCltDaGVja0RvbWFpbnNdCgojIEFsbG93IGRvbWFpbiBpZiBpdCByZXNvbHZlciBmb3Igb25lIG9mIHB1YmxpYyBJUHMgb2YgdGhpcyBzZXJ2ZXIuCklQU2VsZiA9IHRydWUKCiMgQWxsb3cgZG9tYWluIGlmIGl0IHJlc29sdmVyIGZvciBvbmUgb2YgdGhlIGlwcy4KSVBXaGl0ZUxpc3QgPSAiIgoKIyBSZWdleHAgaW4gZ29sYW5nIHN5bnRheCBvZiBibGFja2xpc3RlZCBkb21haW4gZm9yIGlzc3VlIGNlcnRpZmljYXRlLgojVGhpcyBsaXN0IG92ZXJyaWRlZCBieSB3aGl0ZWxpc3QuCkJsYWNrTGlzdCA9ICIiCgojIFJlZ2V4cCBpbiBnb2xhbmcgc3ludGF4IG9mIHdoaXRlbGlzdCBkb21haW5zIGZvciBpc3N1ZSBjZXJ0aWZpY2F0ZS4KI1doaXRlbGlzdCBuZWVkIGZvciBhbGxvdyBwYXJ0IG9mIGRvbWFpbnMsIHdoaWNoIGV4Y2x1ZGVkIGJ5IGJsYWNrbGlzdC4KIwpXaGl0ZUxpc3QgPSAiIgoKW0xpc3Rlbl0KCiMgQmluZCBhZGRyZXNzZXMgZm9yIFRMUyBsaXN0ZW5lcnMKVExTQWRkcmVzc2VzID0gWyI6NDQzIl0KCiMgQmluZCBhZGRyZXNzZXMgd2l0aG91dCBUTFMgc2VjdXJlIChmb3IgSFRUUCByZXZlcnNlIHByb3h5IGFuZCBodHRwLTAxIHZhbGlkYXRpb24gd2l0aG91dCByZWRpcmVjdCB0byBodHRwcykKVENQQWRkcmVzc2VzID0gW10K\"") } diff --git a/cmd/config.go b/cmd/config.go index 937e93ed..a6bc2ac6 100644 --- a/cmd/config.go +++ b/cmd/config.go @@ -20,10 +20,10 @@ import ( ) type ConfigGeneral struct { - IssueTimeout int - AutoIssueForSubdomains string - StorageDir string - AcmeServer string + IssueTimeout int + StorageDir string + AcmeServer string + StoreJSONMetadata bool } //go:generate packr diff --git a/cmd/main.go b/cmd/main.go index 3db37a13..e3337c16 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -8,6 +8,7 @@ import ( "net/http" "os" "runtime" + "time" "github.com/rekby/lets-proxy2/internal/cert_manager" @@ -57,7 +58,7 @@ func startProgram(config *configType) { logger.Info("StartAutoRenew program version", zap.String("version", version())) err := os.MkdirAll(config.General.StorageDir, defaultDirMode) - log.InfoFatal(logger, err, "Create storage dir") + log.InfoFatal(logger, err, "Create storage dir", zap.String("dir", config.General.StorageDir)) storage := &cache.DiskCache{Dir: config.General.StorageDir} clientManager := acme_client_manager.New(ctx, storage) @@ -66,6 +67,8 @@ func startProgram(config *configType) { log.DebugFatal(logger, err, "Get acme client") certManager := cert_manager.New(acmeClient, storage) + certManager.CertificateIssueTimeout = time.Duration(config.General.IssueTimeout) * time.Second + certManager.SaveJSONMeta = config.General.StoreJSONMetadata certManager.DomainChecker, err = config.CheckDomains.CreateDomainChecker(ctx) log.DebugFatal(logger, err, "Config domain checkers.") diff --git a/cmd/static/default-config.toml b/cmd/static/default-config.toml index a4b3205b..fc3bf093 100644 --- a/cmd/static/default-config.toml +++ b/cmd/static/default-config.toml @@ -3,12 +3,12 @@ # Seconds for issue every certificate. Cancel issue and return error if timeout. IssueTimeout = 300 -# Comma separated for subdomains for try get common used subdomains in one certificate. -AutoIssueForSubdomains = "www" - # Path to dir, which will store state and certificates StorageDir = "storage" +# Store .json info with certificate metadata near certificate. +StoreJSONMetadata = true + # Directory url of acme server. #Test server: https://acme-staging-v02.api.letsencrypt.org/directory AcmeServer = "https://acme-v01.api.letsencrypt.org/directory" diff --git a/internal/cert_manager/manager.go b/internal/cert_manager/manager.go index fac0f1c6..2a7d4017 100644 --- a/internal/cert_manager/manager.go +++ b/internal/cert_manager/manager.go @@ -10,6 +10,7 @@ import ( "crypto/rsa" "crypto/tls" "crypto/x509" + "encoding/json" "encoding/pem" "errors" "fmt" @@ -66,6 +67,7 @@ type Manager struct { DomainChecker DomainChecker EnableHTTPValidation bool EnableTLSValidation bool + SaveJSONMeta bool certForDomainAuthorize cache.Value @@ -441,11 +443,21 @@ func (m *Manager) issueCertificate(ctx context.Context, certName certNameType, d cert, err := validCertDer(domains, der, key, false, time.Now()) log.DebugDPanic(logger, err, "Check certificate is valid") - if err == nil { - storeCertificate(ctx, m.Cache, certName, cert) - return cert, nil + if err != nil { + return nil, err + } + err = storeCertificate(ctx, m.Cache, certName, cert) + log.DebugDPanic(logger, err, "Certificate stored") + if err != nil { + return nil, err + } + if m.SaveJSONMeta { + err = storeCertificateMeta(ctx, m.Cache, certName, cert) + if err != nil { + return nil, err + } } - return nil, err + return cert, nil } func (m *Manager) renewCertInBackground(ctx context.Context, certName certNameType) { @@ -585,11 +597,11 @@ func (m *Manager) deleteCertToken(ctx context.Context, key DomainName) { // It isn't atomic syncronized - caller must not save two certificates with same name same time func storeCertificate(ctx context.Context, cache cache.Cache, certName certNameType, - cert *tls.Certificate) { + cert *tls.Certificate) error { logger := zc.L(ctx) if cache == nil { logger.Debug("Can't save certificate to nil cache") - return + return nil } locked, _ := isCertLocked(ctx, cache, certName) @@ -605,7 +617,7 @@ func storeCertificate(ctx context.Context, cache cache.Cache, certName certNameT err := pem.Encode(&certBuf, &pemBlock) if err != nil { logger.DPanic("Can't encode pem block of certificate", zap.Error(err), zap.Binary("block", block)) - return + return err } } @@ -619,11 +631,11 @@ func storeCertificate(ctx context.Context, cache cache.Cache, certName certNameT err := pem.Encode(&privateKeyBuf, &pemBlock) if err != nil { logger.DPanic("Can't marshal rsa private key", zap.Error(err)) - return + return err } default: logger.DPanic("Unknow private key type", zap.String("type", reflect.TypeOf(cert.PrivateKey).String())) - return + return errors.New("unknow private key type") } if keyType == "" { @@ -636,14 +648,30 @@ func storeCertificate(ctx context.Context, cache cache.Cache, certName certNameT err := cache.Put(ctx, certKeyName, certBuf.Bytes()) if err != nil { logger.Error("Can't store certificate file", zap.Error(err)) - return + return err } err = cache.Put(ctx, keyKeyName, privateKeyBuf.Bytes()) if err != nil { _ = cache.Delete(ctx, certKeyName) logger.Error("Can't store certificate key file", zap.Error(err)) + return err } + return nil +} + +func storeCertificateMeta(ctx context.Context, storage cache.Cache, key certNameType, certificate *tls.Certificate) error { + info := struct { + Domains []string + ExpireDate time.Time + }{ + Domains: certificate.Leaf.DNSNames, + ExpireDate: certificate.Leaf.NotAfter, + } + infoBytes, _ := json.MarshalIndent(info, "", " ") + err := storage.Put(ctx, key.String()+".json", infoBytes) + log.DebugDPanicCtx(ctx, err, "Save cert metadata") + return err } func getCertificate(ctx context.Context, cache cache.Cache, certName certNameType, keyType keyType) (cert *tls.Certificate, err error) {