1
0
mirror of https://github.com/go-acme/lego.git synced 2025-01-25 22:47:23 +02:00

256 lines
6.0 KiB
Go
Raw Normal View History

2018-09-08 19:52:36 +09:00
// Package iij implements a DNS provider for solving the DNS-01 challenge using IIJ DNS.
2019-03-11 17:56:48 +01:00
package iij
2018-09-08 19:52:36 +09:00
import (
2020-02-27 19:14:46 +01:00
"errors"
2018-09-08 19:52:36 +09:00
"fmt"
"strconv"
2018-09-08 19:52:36 +09:00
"strings"
"time"
2020-09-02 03:20:01 +02:00
"github.com/go-acme/lego/v4/challenge/dns01"
"github.com/go-acme/lego/v4/platform/config/env"
2018-09-08 19:52:36 +09:00
"github.com/iij/doapi"
"github.com/iij/doapi/protocol"
)
// Environment variables names.
const (
envNamespace = "IIJ_"
EnvAPIAccessKey = envNamespace + "API_ACCESS_KEY"
EnvAPISecretKey = envNamespace + "API_SECRET_KEY"
EnvDoServiceCode = envNamespace + "DO_SERVICE_CODE"
EnvTTL = envNamespace + "TTL"
EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
EnvPollingInterval = envNamespace + "POLLING_INTERVAL"
)
2020-05-08 19:35:25 +02:00
// Config is used to configure the creation of the DNSProvider.
2018-09-08 19:52:36 +09:00
type Config struct {
AccessKey string
SecretKey string
DoServiceCode string
PropagationTimeout time.Duration
PollingInterval time.Duration
TTL int
}
2020-05-08 19:35:25 +02:00
// NewDefaultConfig returns a default configuration for the DNSProvider.
func NewDefaultConfig() *Config {
return &Config{
TTL: env.GetOrDefaultInt(EnvTTL, 300),
PropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 2*time.Minute),
PollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, 4*time.Second),
}
2018-09-08 19:52:36 +09:00
}
2020-05-08 19:35:25 +02:00
// DNSProvider implements the challenge.Provider interface.
2018-09-08 19:52:36 +09:00
type DNSProvider struct {
api *doapi.API
config *Config
}
2020-05-08 19:35:25 +02:00
// NewDNSProvider returns a DNSProvider instance configured for IIJ DNS.
2018-09-08 19:52:36 +09:00
func NewDNSProvider() (*DNSProvider, error) {
values, err := env.Get(EnvAPIAccessKey, EnvAPISecretKey, EnvDoServiceCode)
2018-09-08 19:52:36 +09:00
if err != nil {
2020-02-27 19:14:46 +01:00
return nil, fmt.Errorf("iij: %w", err)
2018-09-08 19:52:36 +09:00
}
config := NewDefaultConfig()
config.AccessKey = values[EnvAPIAccessKey]
config.SecretKey = values[EnvAPISecretKey]
config.DoServiceCode = values[EnvDoServiceCode]
return NewDNSProviderConfig(config)
2018-09-08 19:52:36 +09:00
}
// NewDNSProviderConfig takes a given config
2020-05-08 19:35:25 +02:00
// and returns a custom configured DNSProvider instance.
2018-09-08 19:52:36 +09:00
func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
if config.SecretKey == "" || config.AccessKey == "" || config.DoServiceCode == "" {
2020-02-27 19:14:46 +01:00
return nil, errors.New("iij: credentials missing")
}
2018-09-08 19:52:36 +09:00
return &DNSProvider{
api: doapi.NewAPI(config.AccessKey, config.SecretKey),
config: config,
}, nil
}
// Timeout returns the timeout and interval to use when checking for DNS propagation.
func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
return d.config.PropagationTimeout, d.config.PollingInterval
2018-09-08 19:52:36 +09:00
}
2020-05-08 19:35:25 +02:00
// Present creates a TXT record using the specified parameters.
func (d *DNSProvider) Present(domain, token, keyAuth string) error {
_, value := dns01.GetRecord(domain, keyAuth)
err := d.addTxtRecord(domain, value)
if err != nil {
2020-02-27 19:14:46 +01:00
return fmt.Errorf("iij: %w", err)
}
return nil
2018-09-08 19:52:36 +09:00
}
2020-05-08 19:35:25 +02:00
// CleanUp removes the TXT record matching the specified parameters.
func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
_, value := dns01.GetRecord(domain, keyAuth)
2022-11-25 18:12:21 +01:00
// TODO(ldez) replace domain by FQDN to follow CNAME.
err := d.deleteTxtRecord(domain, value)
if err != nil {
2020-02-27 19:14:46 +01:00
return fmt.Errorf("iij: %w", err)
}
return nil
2018-09-08 19:52:36 +09:00
}
func (d *DNSProvider) addTxtRecord(domain, value string) error {
zones, err := d.listZones()
2018-09-08 19:52:36 +09:00
if err != nil {
return err
}
2022-11-25 18:12:21 +01:00
// TODO(ldez) replace domain by FQDN to follow CNAME.
2018-09-08 19:52:36 +09:00
owner, zone, err := splitDomain(domain, zones)
if err != nil {
return err
}
request := protocol.RecordAdd{
DoServiceCode: d.config.DoServiceCode,
2018-09-08 19:52:36 +09:00
ZoneName: zone,
Owner: owner,
TTL: strconv.Itoa(d.config.TTL),
2018-09-08 19:52:36 +09:00
RecordType: "TXT",
RData: value,
}
response := &protocol.RecordAddResponse{}
if err := doapi.Call(*d.api, request, response); err != nil {
2018-09-08 19:52:36 +09:00
return err
}
return d.commit()
2018-09-08 19:52:36 +09:00
}
func (d *DNSProvider) deleteTxtRecord(domain, value string) error {
zones, err := d.listZones()
2018-09-08 19:52:36 +09:00
if err != nil {
return err
}
owner, zone, err := splitDomain(domain, zones)
if err != nil {
return err
}
id, err := d.findTxtRecord(owner, zone, value)
2018-09-08 19:52:36 +09:00
if err != nil {
return err
}
request := protocol.RecordDelete{
DoServiceCode: d.config.DoServiceCode,
2018-09-08 19:52:36 +09:00
ZoneName: zone,
RecordID: id,
}
response := &protocol.RecordDeleteResponse{}
if err := doapi.Call(*d.api, request, response); err != nil {
2018-09-08 19:52:36 +09:00
return err
}
return d.commit()
2018-09-08 19:52:36 +09:00
}
func (d *DNSProvider) commit() error {
2018-09-08 19:52:36 +09:00
request := protocol.Commit{
DoServiceCode: d.config.DoServiceCode,
2018-09-08 19:52:36 +09:00
}
response := &protocol.CommitResponse{}
return doapi.Call(*d.api, request, response)
2018-09-08 19:52:36 +09:00
}
func (d *DNSProvider) findTxtRecord(owner, zone, value string) (string, error) {
2018-09-08 19:52:36 +09:00
request := protocol.RecordListGet{
DoServiceCode: d.config.DoServiceCode,
2018-09-08 19:52:36 +09:00
ZoneName: zone,
}
response := &protocol.RecordListGetResponse{}
if err := doapi.Call(*d.api, request, response); err != nil {
2018-09-08 19:52:36 +09:00
return "", err
}
var id string
for _, record := range response.RecordList {
if record.Owner == owner && record.RecordType == "TXT" && record.RData == "\""+value+"\"" {
id = record.Id
}
}
if id == "" {
return "", fmt.Errorf("%s record in %s not found", owner, zone)
}
return id, nil
}
func (d *DNSProvider) listZones() ([]string, error) {
2018-09-08 19:52:36 +09:00
request := protocol.ZoneListGet{
DoServiceCode: d.config.DoServiceCode,
2018-09-08 19:52:36 +09:00
}
response := &protocol.ZoneListGetResponse{}
if err := doapi.Call(*d.api, request, response); err != nil {
2018-09-08 19:52:36 +09:00
return nil, err
}
return response.ZoneList, nil
}
func splitDomain(domain string, zones []string) (string, string, error) {
parts := strings.Split(strings.Trim(domain, "."), ".")
var owner string
var zone string
for i := 0; i < len(parts)-1; i++ {
zone = strings.Join(parts[i:], ".")
if zoneContains(zone, zones) {
baseOwner := strings.Join(parts[0:i], ".")
if len(baseOwner) > 0 {
baseOwner = "." + baseOwner
}
owner = "_acme-challenge" + baseOwner
break
}
}
2021-03-04 20:16:59 +01:00
if owner == "" {
2018-09-08 19:52:36 +09:00
return "", "", fmt.Errorf("%s not found", domain)
}
return owner, zone, nil
}
func zoneContains(zone string, zones []string) bool {
for _, z := range zones {
if zone == z {
return true
}
}
return false
}