Merge pull request #1 from Energy1190/error_correction

Correction of defects
Energy1190 · Apr 14, 2017 · 9a50810 · 9a50810
2 parents 00f0a76 + 4914c16
commit 9a50810
Show file tree

Hide file tree

Showing 3 changed files with 209 additions and 127 deletions.
diff --git a/lib/resty/auto-ssl/ssl_certificate.lua b/lib/resty/auto-ssl/ssl_certificate.lua
@@ -50,6 +50,7 @@ end
 
 local function issue_cert(auto_ssl_instance, storage, domain)
   local fullchain_pem, privkey_pem, err
+  local multiname = auto_ssl_instance:get("multiname_cert")
 
   -- Before issuing a cert, create a local lock to ensure multiple workers
   -- don't simultaneously try to register the same cert.
@@ -76,17 +77,16 @@ local function issue_cert(auto_ssl_instance, storage, domain)
 
   -- After obtaining the local and distributed lock, see if the certificate
   -- has already been registered.
-  fullchain_pem, privkey_pem = storage:get_cert(domain)
-  if fullchain_pem and privkey_pem then
-    issue_cert_unlock(domain, storage, local_lock, distributed_lock_value)
-    return fullchain_pem, privkey_pem
+  if not multiname then
+    fullchain_pem, privkey_pem = storage:get_cert(domain)
+    if fullchain_pem and privkey_pem then
+      issue_cert_unlock(domain, storage, local_lock, distributed_lock_value)
+      return fullchain_pem, privkey_pem
+    end
   end
 
   ngx.log(ngx.NOTICE, "auto-ssl: issuing new certificate for ", domain)
-  local storage = auto_ssl_instance:get("storage")
-  local d, s = storage:get_domains(domain)
-  storage:set_subdomains(d, s)
-  fullchain_pem, privkey_pem, err = ssl_provider.issue_cert(auto_ssl_instance, domain)  
+  fullchain_pem, privkey_pem, err = ssl_provider.issue_cert(auto_ssl_instance, domain)
   if err then
     ngx.log(ngx.ERR, "auto-ssl: issuing new certificate failed: ", err)
   end
@@ -210,9 +210,7 @@ local function set_cert(auto_ssl_instance, domain, fullchain_der, privkey_der, n
   end
 
   -- Set OCSP stapling.
-  local storage = auto_ssl_instance:get("storage")
-  local d, s = storage:get_domains(domain)
-  ok, err = set_ocsp_stapling(d, fullchain_der, newly_issued)
+  ok, err = set_ocsp_stapling(domain, fullchain_der, newly_issued)
   if not ok then
     ngx.log(auto_ssl_instance:get("ocsp_stapling_error_level"), "auto-ssl: failed to set ocsp stapling for ", domain, " - continuing anyway - ", err)
   end
@@ -246,6 +244,28 @@ local function do_ssl(auto_ssl_instance, ssl_options)
     return
   end
 
+  local multiname = auto_ssl_instance:get("multiname_cert")
+  if multiname then
+    local storage = auto_ssl_instance:get("storage")
+    domain, sub_domain = storage:get_domains(domain, multiname)
+    local check_subdomain, size = storage:check_subdomain(domain, sub_domain)
+    if size then
+      if size>99 then
+        storage:set_subdomain(domain, sub_domain, sub_domain)
+        storage:set_subdomain(sub_domain, sub_domain)
+      elseif not check_subdomain then
+        storage:set_subdomain(domain, sub_domain, nil)
+        issue_cert(auto_ssl_instance, storage, domain)
+      end
+    elseif not check_subdomain then
+      storage:set_subdomain(domain, sub_domain, nil)
+      issue_cert(auto_ssl_instance, storage, domain)
+    end
+
+    local check_subdomain, size = storage:check_subdomain(domain, sub_domain)
+    domain = check_subdomain
+  end
+
   -- Get or issue the certificate for this domain.
   local fullchain_der, privkey_der, newly_issued, get_cert_err = get_cert(auto_ssl_instance, domain)
   if get_cert_err then
@@ -269,4 +289,4 @@ return function(auto_ssl_instance, ssl_options)
   if not ok then
     ngx.log(ngx.ERR, "auto-ssl: failed to run do_ssl: ", err)
   end
-end
+end
diff --git a/lib/resty/auto-ssl/ssl_providers/lets_encrypt.lua b/lib/resty/auto-ssl/ssl_providers/lets_encrypt.lua
@@ -6,6 +6,8 @@ function _M.issue_cert(auto_ssl_instance, domain)
   local package_root = auto_ssl_instance.package_root
   local base_dir = auto_ssl_instance:get("dir")
   local hook_port = auto_ssl_instance:get("hook_server_port")
+  local multiname = auto_ssl_instance:get("multiname_cert")
+  domains = "--domain " .. domain .. " "
 
   assert(type(hook_port) == "number", "hook_port must be a number")
   assert(hook_port <= 65535, "hook_port must be below 65536")
@@ -14,35 +16,29 @@ function _M.issue_cert(auto_ssl_instance, domain)
     "env HOOK_SECRET=" .. ngx.shared.auto_ssl:get("hook_server:secret") .. " " ..
     "HOOK_SERVER_PORT=" .. hook_port
 
-  -- The result of running that command should result in the certs being
-  -- populated in our storage (due to the deploy_cert hook triggering).
-  local storage = auto_ssl_instance:get("storage")
-  local fullchain_pem, privkey_pem = storage:get_cert(domain)
+  if multiname then
+    local storage = auto_ssl_instance:get("storage")
+    domain_list, size = storage:get_subdomain(domain)
+    domains = " "
+    if domain_list then
+      for _, i in pairs(domain_list) do
+        domains = domains .. "--domain " .. i .. " "
+      end
+    else
+      domains = "--domain " .. domain .. " "
+    end
+  end
 
   -- Run dehydrated for this domain, using our custom hooks to handle the
   -- domain validation and the issued certificates.
   --
   -- Disable dehydrated's locking, since we perform our own domain-specific
   -- locking using the storage adapter.
-  local dom, z = storage:get_domains(domain)
-  local d, zz = storage:get_subdomains(dom)
-  function get_domain_list(domain)
-    local str = ''
-    for _, i in pairs(domain) do
-      str = str .. "--domain " .. i .. " "
-    end
-    return str
-  end
-  if d then
-    domainus = get_domain_list(d)
-  else
-    domainus = "--domain " .. z .. " "
-  end
   local command = env_vars .. " " ..
     package_root .. "/auto-ssl/vendor/dehydrated " ..
     "--cron " ..
     "--no-lock " ..
-    domainus ..
+    domains ..
     "--challenge http-01 " ..
     "--config " .. base_dir .. "/letsencrypt/config " ..
     "--hook " .. package_root .. "/auto-ssl/shell/letsencrypt_hooks"
@@ -54,6 +50,10 @@ function _M.issue_cert(auto_ssl_instance, domain)
 
   ngx.log(ngx.DEBUG, "auto-ssl: dehydrated output: " .. out)
 
+  -- The result of running that command should result in the certs being
+  -- populated in our storage (due to the deploy_cert hook triggering).
+  local storage = auto_ssl_instance:get("storage")
+  local fullchain_pem, privkey_pem = storage:get_cert(domain)
 
   -- If dehydrated said it succeeded, but we still don't have any certs in
   -- storage, the issue is likely that the certs have been deleted out of our
@@ -62,39 +62,21 @@ function _M.issue_cert(auto_ssl_instance, domain)
   -- storage with dehydrated's local copies.
   if not fullchain_pem or not privkey_pem then
     ngx.log(ngx.WARN, "auto-ssl: dehydrated succeeded, but certs still missing from storage - trying to manually copy - domain: " .. domain)
-    if d then
-      for _, i in pairs(d) do
-        command = env_vars .. " " ..
-          package_root .. "/auto-ssl/shell/letsencrypt_hooks " ..
-          "deploy_cert " ..
-          i .. " " ..
-          base_dir .. "/letsencrypt/certs/" .. i .. "/privkey.pem " ..
-          base_dir .. "/letsencrypt/certs/" .. i .. "/cert.pem " ..
-          base_dir .. "/letsencrypt/certs/" .. i .. "/fullchain.pem " ..
-          base_dir .. "/letsencrypt/certs/" .. i .. "/chain.pem " ..
-          math.floor(ngx.now())
-        status, out, err = shell_execute(command)
-        if status ~= 0 then
-          ngx.log(ngx.ERR, "auto-ssl: dehydrated manual hook.sh failed: ", command, " status: ", status, " out: ", out, " err: ", err)
-          return nil, nil, "dehydrated failure"
-        end
-      end
-    else
-      command = env_vars .. " " ..
-        package_root .. "/auto-ssl/shell/letsencrypt_hooks " ..
-        "deploy_cert " ..
-        z .. " " ..
-        base_dir .. "/letsencrypt/certs/" .. z .. "/privkey.pem " ..
-        base_dir .. "/letsencrypt/certs/" .. z .. "/cert.pem " ..
-        base_dir .. "/letsencrypt/certs/" .. z .. "/fullchain.pem " ..
-        base_dir .. "/letsencrypt/certs/" .. z .. "/chain.pem " ..
-        math.floor(ngx.now())
-      status, out, err = shell_execute(command)
-      if status ~= 0 then
-        ngx.log(ngx.ERR, "auto-ssl: dehydrated manual hook.sh failed: ", command, " status: ", status, " out: ", out, " err: ", err)
-        return nil, nil, "dehydrated failure"
-      end
+    command = env_vars .. " " ..
+      package_root .. "/auto-ssl/shell/letsencrypt_hooks " ..
+      "deploy_cert " ..
+      domain .. " " ..
+      base_dir .. "/letsencrypt/certs/" .. domain .. "/privkey.pem " ..
+      base_dir .. "/letsencrypt/certs/" .. domain .. "/cert.pem " ..
+      base_dir .. "/letsencrypt/certs/" .. domain .. "/fullchain.pem " ..
+      base_dir .. "/letsencrypt/certs/" .. domain .. "/chain.pem " ..
+      math.floor(ngx.now())
+    status, out, err = shell_execute(command)
+    if status ~= 0 then
+      ngx.log(ngx.ERR, "auto-ssl: dehydrated manual hook.sh failed: ", command, " status: ", status, " out: ", out, " err: ", err)
+      return nil, nil, "dehydrated failure"
     end
+
     -- Try fetching again.
     fullchain_pem, privkey_pem = storage:get_cert(domain)
   end
@@ -107,4 +89,4 @@ function _M.issue_cert(auto_ssl_instance, domain)
   return fullchain_pem, privkey_pem
 end
 
-return _M
+return _M