You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficcontrol.apache.org by GitBox <gi...@apache.org> on 2020/04/17 00:04:51 UTC
[GitHub] [trafficcontrol] zrhoffman commented on a change in pull request
#4625: updated to store Lets Encrypt user account information
zrhoffman commented on a change in pull request #4625: updated to store Lets Encrypt user account information
URL: https://github.com/apache/trafficcontrol/pull/4625#discussion_r409895298
##########
File path: traffic_ops/traffic_ops_golang/deliveryservice/letsencryptcert.go
##########
@@ -330,7 +374,86 @@ func GetLetsEncryptCertificates(cfg *config.Config, req tc.DeliveryServiceLetsEn
}
tx2.Commit()
+ if !foundPreviousAccount {
+ userKeyDer := x509.MarshalPKCS1PrivateKey(userPrivateKey)
+ if userKeyDer == nil {
+ log.Errorf("marshalling private key: nil der")
+ api.CreateChangeLogRawTx(api.ApiChange, "DS: "+*req.DeliveryService+", ID: "+strconv.Itoa(dsID)+", ACTION: FAILED to add SSL keys with Lets Encrypt", currentUser, logTx)
+ return errors.New("marshalling private key: nil der")
+ }
+ userKeyBuf := bytes.Buffer{}
+ if err := pem.Encode(&userKeyBuf, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: userKeyDer}); err != nil {
+ log.Errorf("pem-encoding private key: " + err.Error())
+ api.CreateChangeLogRawTx(api.ApiChange, "DS: "+*req.DeliveryService+", ID: "+strconv.Itoa(dsID)+", ACTION: FAILED to add SSL keys with Lets Encrypt", currentUser, logTx)
+ return errors.New("pem-encoding private key: " + err.Error())
+ }
+ userKeyPem := userKeyBuf.Bytes()
+ err = storeLEAccountInfo(userTx, myUser.Email, string(userKeyPem), myUser.Registration.URI)
+ if err != nil {
+ log.Errorf("storing user account info: " + err.Error())
+ api.CreateChangeLogRawTx(api.ApiChange, "DS: "+*req.DeliveryService+", ID: "+strconv.Itoa(dsID)+", ACTION: FAILED to add SSL keys with Lets Encrypt", currentUser, logTx)
+ return errors.New("storing user account info: " + err.Error())
+ }
+ }
+
api.CreateChangeLogRawTx(api.ApiChange, "DS: "+*req.DeliveryService+", ID: "+strconv.Itoa(dsID)+", ACTION: Added SSL keys with Lets Encrypt", currentUser, logTx)
return nil
}
+
+func getStoredLetsEncryptInfo(tx *sql.Tx, email string) (*LEInfo, error) {
+ leInfoList := []LEInfo{}
+ selectQuery := `SELECT email, private_key, uri FROM lets_encrypt_account WHERE email = $1`
+ rows, err := tx.Query(selectQuery, email)
+ if err != nil {
+ return nil, errors.New("getting dns challenge records: " + err.Error())
+ }
+ defer rows.Close()
+
+ for rows.Next() {
+ leInfo := LEInfo{}
+ if err := rows.Scan(&leInfo.Email, &leInfo.Key, &leInfo.URI); err != nil {
+ return nil, errors.New("scanning : lets_encrypt_account " + err.Error())
+ }
+
+ leInfoList = append(leInfoList, leInfo)
+ }
+
+ if len(leInfoList) == 0 {
+ return nil, nil
+ }
+
+ firstInfo := leInfoList[0]
+ decodedKeyBlock, _ := pem.Decode([]byte(*firstInfo.Key))
+ decodedKey, err := x509.ParsePKCS1PrivateKey(decodedKeyBlock.Bytes)
+ if err != nil {
+ return nil, errors.New("decoding private key for user account")
+ }
+ firstInfo.PrivateKey = decodedKey
+
+ return &firstInfo, nil
+}
+
+func storeLEAccountInfo(tx *sql.Tx, email string, privateKey string, uri string) error {
+ q := `INSERT INTO lets_encrypt_account (email, private_key, uri) VALUES ($1, $2, $3)`
+ response, err := tx.Exec(q, email, privateKey, uri)
+ if err != nil {
+ return err
+ } else {
Review comment:
You can take all of this out of `else {}`, it can just come after the `if {}`.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services