Skip to content

Commit

Permalink
Update Dependencies and use new lego API (#5)
Browse files Browse the repository at this point in the history 
* updates used go version to 1.11.4 and enable go modules
* update to new lego API
* update dependencies
* allow dns provider to be specified
* update and delint READM~E
* add go module cache directory to speed up travis builds
  • Loading branch information
@tisba
tisba authored Dec 26, 2018
1 parent faaf8b3 commit 299d801
Show file tree
Hide file tree
Showing 1,814 changed files with 334,589 additions and 13,560 deletions.
17 changes: 12 additions & 5 deletions .travis.yml
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,22 @@
sudo: false
language: go
env:
global:
- GO111MODULE=on
# GITHUB_TOKEN=${see tisba -> "tisba/fritz-tls goreleaser"}
- secure: uYuSA4gynqKkW3eUVZS3aCpo1eyHnD8yKmoaFeU7xTNqmSEitzzV5Q905ZxHk386/9jIVwpbjDqOi7DQn5mSUIGY6nkVyeFRL4XnjigFecoGHL3CaSh5kRlIGOR3eoclgcC7H22NF5s9ApvGYk8IkxYbhaY625J8xy6XbKSboK9xk1zRtJP5gmFDgkFuCOI56GspJLJgwGwIJd+vlSA8zXPm56hW1R0T23bdz3DiZM6Qm6lBE7AQWYMy9PpRNfxYLbY1LpuQoN5fuvYMLP09vAmgGrrlRQfExn71ACFD4GLM/U4FkxK9XfYyJQyyQ9uYVEHjbLV/nWWgLi3lgP3lskCXEDpYuHCufvAFyfRe1CQu8lmZo29PmtFgjh650D6diMCYVPDxYI3CjcHvK8HUzKYPeeZeq08IZzcMzwFPTD2+5+XaJfny7U3FcXwBCzU63SV/gvapf0xniBEyjnBUMna67l/FkzkBFG7wSE1gB7HbunNs1gQbaKnS7b6Y/Jm4OEz0UtnYPoqOQH/q9WEH/lB4NyrAUEzMIWazCgNxE1ouOUCzUj9f9VyNP8Atw49LnuMycxmn2u+uWABtEdhOu0vgNYS8bymaxbcn2fJTyWNxhaWX1lr0zA1vOqlJ4AI6u9eFetOyQpQjrdwEr8n0duxnGL3DChYSUdj6iKslkkI=
cache:
directories:
- $HOME/.cache/go-build
- $HOME/gopath/pkg/mod
go:
- 1.11.1
- 1.11.x
install:
- go get -v ./...
deploy:
- provider: script
skip_cleanup: true
script: curl -sL https://git.io/goreleaser | bash
on:
tags: true
condition: "$TRAVIS_OS_NAME = linux"
env:
global:
# GITHUB_TOKEN=${see tisba -> "tisba/fritz-tls goreleaser"}
secure: uYuSA4gynqKkW3eUVZS3aCpo1eyHnD8yKmoaFeU7xTNqmSEitzzV5Q905ZxHk386/9jIVwpbjDqOi7DQn5mSUIGY6nkVyeFRL4XnjigFecoGHL3CaSh5kRlIGOR3eoclgcC7H22NF5s9ApvGYk8IkxYbhaY625J8xy6XbKSboK9xk1zRtJP5gmFDgkFuCOI56GspJLJgwGwIJd+vlSA8zXPm56hW1R0T23bdz3DiZM6Qm6lBE7AQWYMy9PpRNfxYLbY1LpuQoN5fuvYMLP09vAmgGrrlRQfExn71ACFD4GLM/U4FkxK9XfYyJQyyQ9uYVEHjbLV/nWWgLi3lgP3lskCXEDpYuHCufvAFyfRe1CQu8lmZo29PmtFgjh650D6diMCYVPDxYI3CjcHvK8HUzKYPeeZeq08IZzcMzwFPTD2+5+XaJfny7U3FcXwBCzU63SV/gvapf0xniBEyjnBUMna67l/FkzkBFG7wSE1gB7HbunNs1gQbaKnS7b6Y/Jm4OEz0UtnYPoqOQH/q9WEH/lB4NyrAUEzMIWazCgNxE1ouOUCzUj9f9VyNP8Atw49LnuMycxmn2u+uWABtEdhOu0vgNYS8bymaxbcn2fJTyWNxhaWX1lr0zA1vOqlJ4AI6u9eFetOyQpQjrdwEr8n0duxnGL3DChYSUdj6iKslkkI=
18 changes: 8 additions & 10 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<!-- markdownlint-disable MD039 -->
<!-- markdownlint-disable MD039 MD041 -->
[ ![Travis CI Status](https://travis-ci.org/tisba/fritz-tls.svg?branch=master)](https://travis-ci.org/tisba/fritz-tls)
[ ![Go Report Card](https://goreportcard.com/badge/github.com/tisba/fritz-tls)](https://goreportcard.com/report/github.com/tisba/fritz-tls)
<!-- markdownlint-enable MD039 -->
<!-- markdownlint-enable MD039 MD041 -->

# FRITZ!Box TLS Certificate Installer

Expand All @@ -14,14 +14,12 @@ Although it should work with other versions as well, it is only tested with:

In case you want to know how to do that manually, take a look at AVM's [knowledge base article](https://en.avm.de/service/fritzbox/fritzbox-7390/knowledge-base/publication/show/1525_Importing-your-own-certificate-to-the-FRITZ-Box/).


## Installation

```console
go get -u github.com/tisba/fritz-tls
```


## Usage

```console
Expand All @@ -42,29 +40,29 @@ fritz-tls --key=./certbot/live/demo.example.com/privkey.pem --fullchain=./certbo
General options are:

* `--help` to get usage information
* `--host` to specify how to talk to your FRITZ!Box (default: `http://fritz.box`)
* `--insecure` to skip TLS verification when talking to `--host` in case it's HTTPS and you currently have a broken or expired TLS certificate.
* `--host` (default: `http://fritz.box`) to specify how to talk to your FRITZ!Box. If you want to login with username and password, specify the user like this: `--host http://tisba@fritz.box`.
* `--insecure` (optional) to skip TLS verification when talking to `--host` in case it's HTTPS and you currently have a broken or expired TLS certificate.
* `--tls-port` (default: `443`) TLS port of FRITZ!Box. This is used for certificate validation after installing.

Let's Encrypt specific (`--auto-cert`) options are:

* `--domain` the domain you want to have your certificate generated for
* `--email` your mail address you want to have registered with Let’s Encrypt
* `--save` to save generated private key and acquired certificate
* `--save` (optional) to save generated private key and acquired certificate
* `--dns-provider` (default `manual`) to specify one of [lego's](https://github.com/xenolf/lego/tree/master/providers/dns) supported DNS providers. Note that you might have to set environment variables to configure your provider, e.g. `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `AWS_REGION` and `AWS_HOSTED_ZONE_ID`. I use name servers by AWS/Route53 and [inwx](https://github.com/xenolf/lego/blob/master/providers/dns/inwx/inwx.go), so I have to provide `INWX_USER`, `INWX_PASSWORD`. I'm not sure if there is a overview, so for now you have to consult the [source](https://github.com/xenolf/lego/tree/master/providers/dns).

Options for non `--auto-cert` mode:

* `--bundle` as an alternative for `--key` and `--fullchain`. The bundle where the password-less private key and certificate are both present.


## TODOs and Ideas

These are some things I'd like to to in the future:

* add validation for private keys and certificate before uploading (avoid trying to upload garbage)
* allow password protected private keys (when not provisioned by LE)
* allow other then DNS-01 Let's Encrypt challenges and make [legos](https://github.com/xenolf/lego) DNS providers available to make things even more automated!
* ask for `--user` if not provided and/or add `--pw-only` flag
* ~~ask for `--user` if not provided (may be empty then) and/or add `--pw-only` flag~~
* ~~allow other then DNS-01 Let's Encrypt challenges and make [legos](https://github.com/xenolf/lego) DNS providers available to make things even more automated!~~
* ~~add `--insecure` to ignore invalid TLS certificates when talking to FRITZ!Box~~
* ~~read FRITZ!Box administrator password from environment~~
* ~~add ability to use already combined private keys and certificate files~~
Expand Down
47 changes: 33 additions & 14 deletions acme.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,28 +6,34 @@ import (
"crypto/rsa"
"log"

"github.com/xenolf/lego/acme"
"github.com/xenolf/lego/certcrypto"
"github.com/xenolf/lego/certificate"
"github.com/xenolf/lego/challenge"
"github.com/xenolf/lego/challenge/dns01"
"github.com/xenolf/lego/lego"
"github.com/xenolf/lego/providers/dns"
"github.com/xenolf/lego/registration"
)

type acmeUser struct {
Email string
Registration *acme.RegistrationResource
Registration *registration.Resource
key crypto.PrivateKey
}

func (u acmeUser) GetEmail() string {
return u.Email
}

func (u acmeUser) GetRegistration() *acme.RegistrationResource {
func (u acmeUser) GetRegistration() *registration.Resource {
return u.Registration
}

func (u acmeUser) GetPrivateKey() crypto.PrivateKey {
return u.key
}

func getCertificate(caDirURL string, domain string, mail string) (*acme.CertificateResource, error) {
func getCertificate(caDirURL string, domain string, mail string, dnsProviderName string) (*certificate.Resource, error) {
const rsaKeySize = 2048
privateKey, err := rsa.GenerateKey(rand.Reader, rsaKeySize)
if err != nil {
Expand All @@ -38,30 +44,43 @@ func getCertificate(caDirURL string, domain string, mail string) (*acme.Certific
key: privateKey,
}

client, err := acme.NewClient(caDirURL, &myUser, acme.RSA2048)
config := lego.NewConfig(&myUser)
config.CADirURL = caDirURL
config.KeyType = certcrypto.RSA2048

client, err := lego.NewClient(config)
if err != nil {
return nil, err
log.Fatal(err)
}

_, err = client.Register(true)
_, err = client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
if err != nil {
log.Fatal(err)
}

// configure manual DNS challenge provider
// and only ask for DNS01 challenge
manualDNS, err := acme.NewDNSProviderManual()
var provider challenge.Provider
switch dnsProviderName {
case "manual":
provider, err = dns01.NewDNSProviderManual()
default:
provider, err = dns.NewDNSChallengeProviderByName(dnsProviderName)
}
if err != nil {
return nil, err
}
err = client.SetChallengeProvider(acme.DNS01, manualDNS)

err = client.Challenge.SetDNS01Provider(provider)
if err != nil {
return nil, err
}
client.ExcludeChallenges([]acme.Challenge{acme.Challenge("http-01"), acme.Challenge("tls-alpn-01")})
client.Challenge.Exclude([]challenge.Type{challenge.HTTP01, challenge.TLSALPN01})

request := certificate.ObtainRequest{
Domains: []string{domain},
Bundle: true,
}

bundle := true
cert, err := client.ObtainCertificate([]string{domain}, bundle, nil, false)
cert, err := client.Certificate.Obtain(request)
if err != nil {
return nil, err
}
Expand Down
10 changes: 9 additions & 1 deletion fritzbox/authentication.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
"fmt"
"io/ioutil"
"net/http"
"net/url"
)

// PerformLogin performs a login and returns SessionInfo including
Expand All @@ -21,7 +22,14 @@ func (fb *FritzBox) PerformLogin(adminPassword string) error {

response := buildResponse(session.Challenge, adminPassword)

session, err = fetchSessionInfo(client, fb.Host+"/login_sid.lua?&username="+fb.User+"&response="+response)
url, err := url.Parse(fb.Host)
if err != nil {
return err
}
user := url.User.Username()
url.User = nil

session, err = fetchSessionInfo(client, url.String()+"/login_sid.lua?&username="+user+"&response="+response)
if err != nil {
return err
}
Expand Down
71 changes: 58 additions & 13 deletions go.mod
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,62 @@
module fritz-tls
module github.com/tisba/fritz-tls

require (
github.com/davecgh/go-spew v1.1.1 // indirect
cloud.google.com/go v0.34.0 // indirect
contrib.go.opencensus.io/exporter/ocagent v0.4.1 // indirect
github.com/Azure/azure-sdk-for-go v24.0.0+incompatible // indirect
github.com/Azure/go-autorest v11.2.8+incompatible // indirect
github.com/JamesClonk/vultr v0.0.0-20181015175859-5673d2d7d620 // indirect
github.com/OpenDNS/vegadns2client v0.0.0-20180418235048-a3fa4a771d87 // indirect
github.com/akamai/AkamaiOPEN-edgegrid-golang v0.6.2 // indirect
github.com/aliyun/alibaba-cloud-sdk-go v0.0.0-20181225034951-56ab3d10ba31 // indirect
github.com/aws/aws-sdk-go v1.16.11 // indirect
github.com/cloudflare/cloudflare-go v0.8.5 // indirect
github.com/cpu/goacmedns v0.0.1 // indirect
github.com/decker502/dnspod-go v0.0.0-20180416134550-83a3ba562b04 // indirect
github.com/dgrijalva/jwt-go v3.2.0+incompatible // indirect
github.com/dimchansky/utfbom v1.1.0 // indirect
github.com/dnaeon/go-vcr v1.0.1 // indirect
github.com/dnsimple/dnsimple-go v0.22.0 // indirect
github.com/exoscale/egoscale v0.13.1 // indirect
github.com/fatih/structs v1.1.0 // indirect
github.com/go-ini/ini v1.40.0 // indirect
github.com/google/go-querystring v1.0.0 // indirect
github.com/google/uuid v1.1.0 // indirect
github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e // indirect
github.com/h2non/gock v1.0.12 // indirect
github.com/howeyc/gopass v0.0.0-20170109162249-bf9dde6d0d2c
github.com/miekg/dns v1.0.14 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/stretchr/testify v1.2.2 // indirect
github.com/tisba/fritz-tls v0.2.0
github.com/xenolf/lego v1.1.0
golang.org/x/crypto v0.0.0-20181025213731-e84da0312774 // indirect
golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519 // indirect
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4 // indirect
golang.org/x/sys v0.0.0-20181026144532-2772b66316d2 // indirect
golang.org/x/text v0.0.0-20181010134911-4d1c5fb19474
gopkg.in/square/go-jose.v2 v2.1.9 // indirect
github.com/iij/doapi v0.0.0-20180911005243-8803795a9b7b // indirect
github.com/json-iterator/go v1.1.5 // indirect
github.com/jtolds/gls v4.2.1+incompatible // indirect
github.com/juju/ratelimit v1.0.1 // indirect
github.com/kolo/xmlrpc v0.0.0-20181023172212-16bdd962781d // indirect
github.com/ldez/go-auroradns v0.0.0-20181107021640-532168a1e313 // indirect
github.com/linode/linodego v0.7.0 // indirect
github.com/miekg/dns v1.1.1 // indirect
github.com/mitchellh/go-homedir v1.0.0 // indirect
github.com/mitchellh/mapstructure v1.1.2 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.1 // indirect
github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04 // indirect
github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32 // indirect
github.com/ovh/go-ovh v0.0.0-20181109152953-ba5adb4cf014 // indirect
github.com/pkg/errors v0.8.0 // indirect
github.com/sacloud/libsacloud v1.5.0 // indirect
github.com/sirupsen/logrus v1.2.0 // indirect
github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d // indirect
github.com/smartystreets/goconvey v0.0.0-20181108003508-044398e4856c // indirect
github.com/smueller18/goinwx v0.4.0 // indirect
github.com/timewasted/linode v0.0.0-20160829202747-37e84520dcf7 // indirect
github.com/transip/gotransip v5.8.1+incompatible // indirect
github.com/xenolf/lego v1.2.2-0.20181221235305-820c2b7531bc
golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9 // indirect
golang.org/x/net v0.0.0-20181220203305-927f97764cc3 // indirect
golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890 // indirect
golang.org/x/text v0.3.0
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c // indirect
google.golang.org/api v0.0.0-20181221000618-65a46cafb132 // indirect
gopkg.in/ini.v1 v1.40.0 // indirect
gopkg.in/ns1/ns1-go.v2 v2.0.0-20181211201113-a57b2a18aab6 // indirect
gopkg.in/resty.v1 v1.10.3 // indirect
gopkg.in/square/go-jose.v2 v2.2.1 // indirect
)
Loading

0 comments on commit 299d801

Please sign in to comment.