github.com/verrazzano/verrazzano@v1.7.0/pkg/certs/letsencrypt.go (about)

     1  // Copyright (c) 2021, 2023, Oracle and/or its affiliates.
     2  // Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
     3  
     4  package certs
     5  
     6  import (
     7  	"fmt"
     8  	"github.com/verrazzano/verrazzano/platform-operator/controllers/verrazzano/component/common"
     9  	"io"
    10  	"net/http"
    11  )
    12  
    13  const (
    14  	intR3PEM  = "https://letsencrypt.org/certs/staging/letsencrypt-stg-int-r3.pem"
    15  	intE1PEM  = "https://letsencrypt.org/certs/staging/letsencrypt-stg-int-e1.pem"
    16  	rootX1PEM = "https://letsencrypt.org/certs/staging/letsencrypt-stg-root-x1.pem"
    17  )
    18  
    19  type certBuilder struct {
    20  	cert []byte
    21  	hc   *http.Client
    22  }
    23  
    24  func (c *certBuilder) appendCertWithHTTP(uri string) error {
    25  	req, err := http.NewRequest("GET", uri, nil)
    26  	if err != nil {
    27  		return err
    28  	}
    29  
    30  	resp, err := common.HTTPDo(c.hc, req)
    31  	if err != nil {
    32  		return err
    33  	}
    34  	defer resp.Body.Close()
    35  	if resp.StatusCode != http.StatusOK {
    36  		return fmt.Errorf("Failed downloading cert from %s: %s", uri, resp.Status)
    37  	}
    38  	bytes, err := io.ReadAll(resp.Body)
    39  	if err != nil {
    40  		return err
    41  	}
    42  	c.cert = append(c.cert, bytes...)
    43  	return nil
    44  }
    45  
    46  // buildLetsEncryptStagingChain builds the LetsEncrypt Staging certificate chain
    47  // LetsEncrypt staging provides a certificate chain for staging environments, mimicking production.
    48  // Verrazzano uses the LetsEncrypt staging certificate chain for Rancher ingress on ACME staging environments.
    49  // See https://letsencrypt.org/docs/staging-environment/ for more information.
    50  func (c *certBuilder) buildLetsEncryptStagingChain() error {
    51  	if err := c.appendCertWithHTTP(intR3PEM); err != nil {
    52  		return err
    53  	}
    54  	if err := c.appendCertWithHTTP(intE1PEM); err != nil {
    55  		return err
    56  	}
    57  	if err := c.appendCertWithHTTP(rootX1PEM); err != nil {
    58  		return err
    59  	}
    60  	return nil
    61  }
    62  
    63  // CreateLetsEncryptStagingBundle Builds the Let's Encrypt Staging environment CA cert chain
    64  func CreateLetsEncryptStagingBundle() ([]byte, error) {
    65  	builder := &certBuilder{
    66  		hc: &http.Client{},
    67  	}
    68  	if err := builder.buildLetsEncryptStagingChain(); err != nil {
    69  		return []byte{}, err
    70  	}
    71  	return builder.cert, nil
    72  }