File: zerossl.go

package info (click to toggle)
golang-github-eggsampler-acme 3.6.1-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 312 kB
  • sloc: makefile: 47
file content (126 lines) | stat: -rw-r--r-- 2,954 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
 
//go:build ignore
// +build ignore

package main

import (
	"crypto"
	"crypto/ecdsa"
	"crypto/elliptic"
	"crypto/rand"
	"crypto/x509"
	"encoding/json"
	"encoding/pem"
	"fmt"
	"io/ioutil"
	"log"
	"os"

	"github.com/eggsampler/acme/v3"
)

type acmeAccountFile struct {
	PrivateKey string `json:"privateKey"`
	Url        string `json:"url"`
	EABKID     string `json:"eab_kid"`
	EABMAC     string `json:"eab_mac"`
	EABAlgo    string `json:"eab_algo"`
}

const accountFile = "account.json"

func main() {
	client, err := acme.NewClient("https://acme.zerossl.com/v2/DV90")
	iferr(err, "creating client")

	if !client.Directory().Meta.ExternalAccountRequired {
		log.Fatalf("Expected ExternalAccountRequired")
	}

	account, err := loadAccount(client)
	if err != nil {
		account = createAccount(client)
	}

	log.Printf("account: %+v", account)

	orders, err := client.FetchOrderList(account)
	iferr(err, "fetching order list")
	for _, v := range orders.Orders {
		log.Printf("Order: %+v", v)
	}
}

func loadAccount(client acme.Client) (acme.Account, error) {
	raw, err := ioutil.ReadFile(accountFile)
	if err != nil {
		return acme.Account{}, err
	}
	var aaf acmeAccountFile
	if err := json.Unmarshal(raw, &aaf); err != nil {
		return acme.Account{}, err
	}
	account, err := client.UpdateAccount(acme.Account{PrivateKey: pem2key([]byte(aaf.PrivateKey)), URL: aaf.Url})
	if err != nil {
		return acme.Account{}, err
	}
	return account, nil
}

func createAccount(client acme.Client) acme.Account {
	privKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
	iferr(err, "generating priv key")

	// TODO: Enter EAB Credentials as generated at https://app.zerossl.com/developer
	eab := acme.ExternalAccountBinding{
		KeyIdentifier: os.Getenv("EAB_KID"),
		MacKey:        os.Getenv("EAB_HMAC_KEY"),
		Algorithm:     "HS256",
		HashFunc:      crypto.SHA256,
	}

	log.Printf("EAB: %+v", eab)

	account, err := client.NewAccountOptions(privKey, acme.NewAcctOptAgreeTOS(),
		acme.NewAcctOptExternalAccountBinding(eab))
	iferr(err, "creating new account")
	acc := acmeAccountFile{
		PrivateKey: string(key2pem(privKey)),
		Url:        account.URL,
		EABKID:     eab.KeyIdentifier,
		EABMAC:     eab.MacKey,
		EABAlgo:    fmt.Sprintf("%s", eab.HashFunc),
	}
	raw, err := json.Marshal(acc)
	iferr(err, "marshalling acc")
	err = ioutil.WriteFile(accountFile, raw, 0600)
	iferr(err, "writing account file")
	return account
}

func key2pem(certKey *ecdsa.PrivateKey) []byte {
	certKeyEnc, err := x509.MarshalECPrivateKey(certKey)
	if err != nil {
		log.Fatalf("Error encoding key: %v", err)
	}

	return pem.EncodeToMemory(&pem.Block{
		Type:  "EC PRIVATE KEY",
		Bytes: certKeyEnc,
	})
}

func pem2key(data []byte) *ecdsa.PrivateKey {
	b, _ := pem.Decode(data)
	key, err := x509.ParseECPrivateKey(b.Bytes)
	if err != nil {
		log.Fatalf("Error decoding key: %v", err)
	}
	return key
}

func iferr(err error, s string) {
	if err != nil {
		log.Fatalf("%s: %v", s, err)
	}
}