zrhoffman commented on a change in pull request #4625: updated to store Lets
Encrypt user account information
URL: https://github.com/apache/trafficcontrol/pull/4625#discussion_r409897393
##########
File path: traffic_ops/traffic_ops_golang/deliveryservice/letsencryptcert.go
##########
@@ -330,7 +374,86 @@ func GetLetsEncryptCertificates(cfg *config.Config, req
tc.DeliveryServiceLetsEn
}
tx2.Commit()
+ if !foundPreviousAccount {
+ userKeyDer := x509.MarshalPKCS1PrivateKey(userPrivateKey)
+ if userKeyDer == nil {
+ log.Errorf("marshalling private key: nil der")
+ api.CreateChangeLogRawTx(api.ApiChange, "DS:
"+*req.DeliveryService+", ID: "+strconv.Itoa(dsID)+", ACTION: FAILED to add SSL
keys with Lets Encrypt", currentUser, logTx)
+ return errors.New("marshalling private key: nil der")
+ }
+ userKeyBuf := bytes.Buffer{}
+ if err := pem.Encode(&userKeyBuf, &pem.Block{Type: "RSA PRIVATE
KEY", Bytes: userKeyDer}); err != nil {
+ log.Errorf("pem-encoding private key: " + err.Error())
+ api.CreateChangeLogRawTx(api.ApiChange, "DS:
"+*req.DeliveryService+", ID: "+strconv.Itoa(dsID)+", ACTION: FAILED to add SSL
keys with Lets Encrypt", currentUser, logTx)
+ return errors.New("pem-encoding private key: " +
err.Error())
+ }
+ userKeyPem := userKeyBuf.Bytes()
+ err = storeLEAccountInfo(userTx, myUser.Email,
string(userKeyPem), myUser.Registration.URI)
+ if err != nil {
+ log.Errorf("storing user account info: " + err.Error())
+ api.CreateChangeLogRawTx(api.ApiChange, "DS:
"+*req.DeliveryService+", ID: "+strconv.Itoa(dsID)+", ACTION: FAILED to add SSL
keys with Lets Encrypt", currentUser, logTx)
+ return errors.New("storing user account info: " +
err.Error())
+ }
+ }
+
api.CreateChangeLogRawTx(api.ApiChange, "DS: "+*req.DeliveryService+",
ID: "+strconv.Itoa(dsID)+", ACTION: Added SSL keys with Lets Encrypt",
currentUser, logTx)
return nil
}
+
+func getStoredLetsEncryptInfo(tx *sql.Tx, email string) (*LEInfo, error) {
+ leInfoList := []LEInfo{}
+ selectQuery := `SELECT email, private_key, uri FROM
lets_encrypt_account WHERE email = $1`
+ rows, err := tx.Query(selectQuery, email)
+ if err != nil {
+ return nil, errors.New("getting dns challenge records: " +
err.Error())
+ }
+ defer rows.Close()
+
+ for rows.Next() {
+ leInfo := LEInfo{}
+ if err := rows.Scan(&leInfo.Email, &leInfo.Key, &leInfo.URI);
err != nil {
+ return nil, errors.New("scanning : lets_encrypt_account
" + err.Error())
+ }
+
+ leInfoList = append(leInfoList, leInfo)
+ }
+
+ if len(leInfoList) == 0 {
+ return nil, nil
+ }
+
+ firstInfo := leInfoList[0]
Review comment:
Since this function always only processes the first result in `leInfoList`,
why not limit rows returned to 1, only look for the first row instead of
looping, and reduce `leInfoList`, leInfo`, and `firstInfo` to a single variable?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
