You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficcontrol.apache.org by GitBox <gi...@apache.org> on 2020/04/21 21:38:07 UTC

[GitHub] [trafficcontrol] mattjackson220 commented on a change in pull request #4625: updated to store Lets Encrypt user account information

mattjackson220 commented on a change in pull request #4625:
URL: https://github.com/apache/trafficcontrol/pull/4625#discussion_r412509451



##########
File path: traffic_ops/traffic_ops_golang/deliveryservice/letsencryptcert.go
##########
@@ -330,7 +374,87 @@ func GetLetsEncryptCertificates(cfg *config.Config, req tc.DeliveryServiceLetsEn
 	}
 	tx2.Commit()
 
+	if foundPreviousAccount {
+		api.CreateChangeLogRawTx(api.ApiChange, "DS: "+*req.DeliveryService+", ID: "+strconv.Itoa(dsID)+", ACTION: Added SSL keys with Lets Encrypt", currentUser, logTx)
+		return nil
+	}
+
+	userKeyDer := x509.MarshalPKCS1PrivateKey(userPrivateKey)
+	if userKeyDer == nil {
+		log.Errorf("marshalling private key: nil der")
+		api.CreateChangeLogRawTx(api.ApiChange, "DS: "+*req.DeliveryService+", ID: "+strconv.Itoa(dsID)+", ACTION: FAILED to add SSL keys with Lets Encrypt", currentUser, logTx)
+		return errors.New("marshalling private key: nil der")
+	}
+	userKeyBuf := bytes.Buffer{}
+	if err := pem.Encode(&userKeyBuf, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: userKeyDer}); err != nil {
+		log.Errorf("pem-encoding private key: " + err.Error())
+		api.CreateChangeLogRawTx(api.ApiChange, "DS: "+*req.DeliveryService+", ID: "+strconv.Itoa(dsID)+", ACTION: FAILED to add SSL keys with Lets Encrypt", currentUser, logTx)
+		return errors.New("pem-encoding private key: " + err.Error())
+	}
+	userKeyPem := userKeyBuf.Bytes()
+	err = storeLEAccountInfo(userTx, myUser.Email, string(userKeyPem), myUser.Registration.URI)
+	if err != nil {
+		log.Errorf("storing user account info: " + err.Error())
+		api.CreateChangeLogRawTx(api.ApiChange, "DS: "+*req.DeliveryService+", ID: "+strconv.Itoa(dsID)+", ACTION: FAILED to add SSL keys with Lets Encrypt", currentUser, logTx)
+		return errors.New("storing user account info: " + err.Error())
+	}
+
 	api.CreateChangeLogRawTx(api.ApiChange, "DS: "+*req.DeliveryService+", ID: "+strconv.Itoa(dsID)+", ACTION: Added SSL keys with Lets Encrypt", currentUser, logTx)
 
 	return nil
 }
+
+func getStoredLetsEncryptInfo(tx *sql.Tx, email string) (*LEInfo, error) {
+	leInfo := LEInfo{}
+	selectQuery := `SELECT email, private_key, uri FROM lets_encrypt_account WHERE email = $1 LIMIT 1`
+	rows, err := tx.Query(selectQuery, email)

Review comment:
       done!




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org