pages-server/certificates.go
2021-08-22 17:59:30 +02:00

401 lines
11 KiB
Go

package main
import (
"bytes"
"crypto"
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"crypto/rsa"
"crypto/tls"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"errors"
"github.com/OrlovEvgeny/go-mcache"
"github.com/akrylysov/pogreb/fs"
"github.com/go-acme/lego/v4/certificate"
"github.com/go-acme/lego/v4/challenge"
"github.com/go-acme/lego/v4/challenge/tlsalpn01"
"github.com/go-acme/lego/v4/providers/dns"
"log"
"math/big"
"os"
"strings"
"time"
"github.com/akrylysov/pogreb"
"github.com/reugn/equalizer"
"github.com/go-acme/lego/v4/certcrypto"
"github.com/go-acme/lego/v4/lego"
"github.com/go-acme/lego/v4/registration"
)
// tlsConfig contains the configuration for generating, serving and cleaning up Let's Encrypt certificates.
var tlsConfig = &tls.Config{
// check DNS name & get certificate from Let's Encrypt
GetCertificate: func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
if os.Getenv("ACME_ACCEPT_TERMS") != "true" {
return FallbackCertificate(), nil
}
sni := strings.ToLower(strings.TrimSpace(info.ServerName))
sniBytes := []byte(sni)
if len(sni) < 1 {
return nil, errors.New("missing sni")
}
if info.SupportedProtos != nil {
for _, proto := range info.SupportedProtos {
if proto == tlsalpn01.ACMETLS1Protocol {
challenge, ok := challengeCache.Get(sni)
if !ok {
return nil, errors.New("no challenge for this domain")
}
cert, err := tlsalpn01.ChallengeCert(sni, challenge.(string))
if err != nil {
return nil, err
}
return cert, nil
}
}
}
targetOwner := ""
if bytes.HasSuffix(sniBytes, MainDomainSuffix) {
// deliver default certificate for the main domain (*.codeberg.page)
sniBytes = MainDomainSuffix
sni = string(sniBytes)
} else {
var targetRepo, targetBranch string
targetOwner, targetRepo, targetBranch = getTargetFromDNS(sni)
if targetOwner == "" {
// DNS not set up, return a self-signed certificate to redirect to the docs
return FallbackCertificate(), nil
}
// TODO: use .domains file to list all domains, to keep users from getting rate-limited
_, _ = targetRepo, targetBranch
/*canonicalDomain := checkCanonicalDomain(targetOwner, targetRepo, targetBranch)
if sni != canonicalDomain {
return FallbackCertificate(), nil
}*/
}
// limit users to 1 certificate per week
var cert, key []byte
if tlsCertificate, ok := keyCache.Get(sni); ok {
// we can use an existing certificate object
return tlsCertificate.(*tls.Certificate), nil
} else if ok, err := keyDatabase.Has(sniBytes); err != nil {
// key database is not working
panic(err)
} else if ok {
// parse certificate from database
cert, err = keyDatabase.Get(sniBytes)
if err != nil {
// key database is not working
panic(err)
}
key, err = keyDatabase.Get(append(sniBytes, '/', 'k', 'e', 'y'))
if err != nil {
// key database is not working or key doesn't exist
panic(err)
}
} else {
// request a new certificate
if bytes.Equal(sniBytes, MainDomainSuffix) {
return nil, errors.New("won't request certificate for main domain, something really bad has happened")
}
log.Printf("Requesting new certificate for %s", sni)
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
return nil, err
}
key = x509.MarshalPKCS1PrivateKey(privateKey)
acmeClient, err := acmeClientFromPool(targetOwner)
if err != nil {
// TODO
}
res, err := acmeClient.Certificate.Obtain(certificate.ObtainRequest{
Domains: []string{sni},
PrivateKey: key,
Bundle: true,
MustStaple: true,
})
if err != nil {
return nil, err
}
log.Printf("Obtained certificate for %s", sni)
err = keyDatabase.Put(append(sniBytes, '/', 'k', 'e', 'y'), key)
if err != nil {
return nil, err
}
err = keyDatabase.Put(sniBytes, res.Certificate)
if err != nil {
_ = keyDatabase.Delete(append(sniBytes, '/', 'k', 'e', 'y'))
return nil, err
}
cert = res.Certificate
}
tlsCertificate, err := tls.X509KeyPair(pem.EncodeToMemory(&pem.Block{
Bytes: cert,
Type: "CERTIFICATE",
}), pem.EncodeToMemory(&pem.Block{
Bytes: key,
Type: "RSA PRIVATE KEY",
}))
if err != nil {
panic(err)
}
err = keyCache.Set(sni, &tlsCertificate, 15 * time.Minute)
if err != nil {
panic(err)
}
return &tlsCertificate, nil
},
PreferServerCipherSuites: true,
NextProtos: []string{
tlsalpn01.ACMETLS1Protocol,
},
// generated 2021-07-13, Mozilla Guideline v5.6, Go 1.14.4, intermediate configuration
// https://ssl-config.mozilla.org/#server=go&version=1.14.4&config=intermediate&guideline=5.6
MinVersion: tls.VersionTLS12,
CipherSuites: []uint16{
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
},
}
// GetHSTSHeader returns a HSTS header with includeSubdomains & preload for MainDomainSuffix and RawDomain, or an empty
// string for custom domains.
func GetHSTSHeader(host []byte) string {
if bytes.HasSuffix(host, MainDomainSuffix) || bytes.Equal(host, RawDomain) {
return "max-age=63072000; includeSubdomains; preload"
} else {
return ""
}
}
var challengeCache = mcache.New()
var keyCache = mcache.New()
var keyDatabase *pogreb.DB
var fallbackCertificate *tls.Certificate
// FallbackCertificate generates a new self-signed TLS certificate on demand.
func FallbackCertificate() *tls.Certificate {
if fallbackCertificate != nil {
return fallbackCertificate
}
fallbackSerial, err := rand.Int(rand.Reader, (&big.Int{}).Lsh(big.NewInt(1), 159))
if err != nil {
panic(err)
}
fallbackCertKey, err := rsa.GenerateKey(rand.Reader, 1024)
if err != nil {
panic(err)
}
fallbackCertSpecification := &x509.Certificate{
Subject: pkix.Name{
CommonName: strings.TrimPrefix(string(MainDomainSuffix), "."),
},
SerialNumber: fallbackSerial,
NotBefore: time.Now(),
NotAfter: time.Now().AddDate(100, 0, 0),
}
fallbackCertBytes, err := x509.CreateCertificate(
rand.Reader,
fallbackCertSpecification,
fallbackCertSpecification,
fallbackCertKey.Public(),
fallbackCertKey,
)
if err != nil {
panic(err)
}
fallbackCert, err := tls.X509KeyPair(pem.EncodeToMemory(&pem.Block{
Bytes: fallbackCertBytes,
Type: "CERTIFICATE",
}), pem.EncodeToMemory(&pem.Block{
Bytes: x509.MarshalPKCS1PrivateKey(fallbackCertKey),
Type: "RSA PRIVATE KEY",
}))
if err != nil {
panic(err)
}
fallbackCertificate = &fallbackCert
return fallbackCertificate
}
type AcmeAccount struct {
Email string
Registration *registration.Resource
key crypto.PrivateKey
}
func (u *AcmeAccount) GetEmail() string {
return u.Email
}
func (u AcmeAccount) GetRegistration() *registration.Resource {
return u.Registration
}
func (u *AcmeAccount) GetPrivateKey() crypto.PrivateKey {
return u.key
}
// rate-limit certificates per owner, based on LE Rate Limits:
// - 300 new orders per account per 3 hours
// - 20 requests per second
// - 10 Accounts per IP per 3 hours
var acmeClientPool []*lego.Client
var lastAcmeClient = 0
var acmeClientRequestLimit = equalizer.NewTokenBucket(10, time.Second) // LE allows 20 requests per second, but we want to give other applications a chancem so we want 10 here at most.
var acmeClientRegistrationLimit = equalizer.NewTokenBucket(5, time.Hour * 3) // LE allows 10 registrations in 3 hours per IP, we want at most 5 of them.
var acmeClientCertificateLimitPerRegistration = []*equalizer.TokenBucket{}
var acmeClientCertificateLimitPerUser = map[string]*equalizer.TokenBucket{}
type AcmeTLSChallengeProvider struct{}
var _ challenge.Provider = AcmeTLSChallengeProvider{}
func (a AcmeTLSChallengeProvider) Present(domain, _, keyAuth string) error {
return challengeCache.Set(domain, keyAuth, 1*time.Hour)
}
func (a AcmeTLSChallengeProvider) CleanUp(domain, _, _ string) error {
challengeCache.Remove(domain)
return nil
}
func acmeClientFromPool(user string) (*lego.Client, error) {
userLimit, ok := acmeClientCertificateLimitPerUser[user]
if !ok {
// Each Codeberg user can only add 10 new domains per day.
userLimit = equalizer.NewTokenBucket(10, time.Hour * 24)
acmeClientCertificateLimitPerUser[user] = userLimit
}
if !userLimit.Ask() {
return nil, errors.New("rate limit exceeded: 10 certificates per user per 24 hours")
}
if len(acmeClientPool) < 1 {
acmeClientPool = append(acmeClientPool, newAcmeClient())
acmeClientCertificateLimitPerRegistration = append(acmeClientCertificateLimitPerRegistration, equalizer.NewTokenBucket(290, time.Hour * 3))
}
if !acmeClientCertificateLimitPerRegistration[(lastAcmeClient + 1) % len(acmeClientPool)].Ask() {
}
equalizer.NewTokenBucket(290, time.Hour * 3) // LE allows 300 certificates per account, to be sure to catch it earlier, we limit that to 290.
// TODO: limit domains by file in repo
}
func newAcmeClient() *lego.Client {
privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil {
panic(err)
}
myUser := AcmeAccount{
Email: "",
key: privateKey,
}
config := lego.NewConfig(&myUser)
config.CADirURL = envOr("ACME_API", "https://acme-v02.api.letsencrypt.org/directory")
config.Certificate.KeyType = certcrypto.RSA2048
acmeClient, err := lego.NewClient(config)
if err != nil {
panic(err)
}
err = acmeClient.Challenge.SetTLSALPN01Provider(AcmeTLSChallengeProvider{})
if err != nil {
panic(err)
}
// accept terms
if os.Getenv("ACME_ACCEPT_TERMS") == "true" {
reg, err := acmeClient.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: os.Getenv("ACME_ACCEPT_TERMS") == "true"})
if err != nil {
panic(err)
}
myUser.Registration = reg
} else {
log.Printf("Warning: not using ACME certificates as ACME_ACCEPT_TERMS is false!")
}
return acmeClient
}
func init() {
FallbackCertificate()
var err error
keyDatabase, err = pogreb.Open("key-database.pogreb", &pogreb.Options{
BackgroundSyncInterval: 30 * time.Second,
BackgroundCompactionInterval: 6 * time.Hour,
FileSystem: fs.OSMMap,
})
if err != nil {
panic(err)
}
// generate certificate for main domain
if os.Getenv("ACME_ACCEPT_TERMS") != "true" || os.Getenv("DNS_PROVIDER") == "" {
err = keyCache.Set(string(MainDomainSuffix), FallbackCertificate(), mcache.TTL_FOREVER)
if err != nil {
panic(err)
}
} else {
log.Printf("Requesting new certificate for *%s", MainDomainSuffix)
dnsAcmeClient, err := lego.NewClient(config)
if err != nil {
panic(err)
}
provider, err := dns.NewDNSChallengeProviderByName(os.Getenv("DNS_PROVIDER"))
if err != nil {
panic(err)
}
err = dnsAcmeClient.Challenge.SetDNS01Provider(provider)
if err != nil {
panic(err)
}
mainPrivateKey, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
panic(err)
}
mainKey := x509.MarshalPKCS1PrivateKey(mainPrivateKey)
res, err := dnsAcmeClient.Certificate.Obtain(certificate.ObtainRequest{
Domains: []string{"*" + string(MainDomainSuffix), string(MainDomainSuffix[1:])},
PrivateKey: mainKey,
Bundle: true,
MustStaple: true,
})
if err != nil {
panic(err)
}
err = keyDatabase.Put(append(MainDomainSuffix, '/', 'k', 'e', 'y'), mainKey)
if err != nil {
panic(err)
}
err = keyDatabase.Put(MainDomainSuffix, res.Certificate)
if err != nil {
_ = keyDatabase.Delete(append(MainDomainSuffix, '/', 'k', 'e', 'y'))
panic(err)
}
}
}
// TODO: renew & revoke