From 61e6df6209b3c55e4c07c6baf2fabfba23a474f1 Mon Sep 17 00:00:00 2001
From: Alex Auvolat <alex@adnab.me>
Date: Mon, 6 Dec 2021 23:40:41 +0100
Subject: not much

---
 Cargo.lock    | 332 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 Cargo.toml    |   6 +-
 src/acme.rs   |  41 ++++++++
 src/consul.rs |  30 +++++-
 src/main.rs   |   5 +-
 5 files changed, 411 insertions(+), 3 deletions(-)
 create mode 100644 src/acme.rs

diff --git a/Cargo.lock b/Cargo.lock
index 39e2a2d..2e8c89a 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2,6 +2,23 @@
 # It is not intended for manual editing.
 version = 3
 
+[[package]]
+name = "acme-micro"
+version = "0.12.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a18fb402a32ddc56ef7015df8d575c326ea911887ba9b7661ce18786282e89a3"
+dependencies = [
+ "anyhow",
+ "base64",
+ "lazy_static",
+ "log",
+ "openssl",
+ "serde",
+ "serde_json",
+ "time 0.1.43",
+ "ureq",
+]
+
 [[package]]
 name = "aho-corasick"
 version = "0.7.18"
@@ -34,6 +51,12 @@ version = "1.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a"
 
+[[package]]
+name = "base-x"
+version = "0.2.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a4521f3e3d031370679b3b140beb36dfe4801b09ac77e30c61941f97df3ef28b"
+
 [[package]]
 name = "base64"
 version = "0.13.0"
@@ -70,6 +93,45 @@ version = "1.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
 
+[[package]]
+name = "chunked_transfer"
+version = "1.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fff857943da45f546682664a79488be82e69e43c1a7a2307679ab9afb3a66d2e"
+
+[[package]]
+name = "const_fn"
+version = "0.4.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f92cfa0fd5690b3cf8c1ef2cabbd9b7ef22fa53cf5e1f92b05103f6d5d1cf6e7"
+
+[[package]]
+name = "cookie"
+version = "0.14.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "03a5d7b21829bc7b4bf4754a978a241ae54ea55a40f92bb20216e54096f4b951"
+dependencies = [
+ "percent-encoding",
+ "time 0.2.27",
+ "version_check",
+]
+
+[[package]]
+name = "cookie_store"
+version = "0.12.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3818dfca4b0cb5211a659bbcbb94225b7127407b2b135e650d717bfb78ab10d3"
+dependencies = [
+ "cookie",
+ "idna",
+ "log",
+ "publicsuffix",
+ "serde",
+ "serde_json",
+ "time 0.2.27",
+ "url",
+]
+
 [[package]]
 name = "core-foundation"
 version = "0.9.2"
@@ -86,6 +148,12 @@ version = "0.8.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5827cebf4670468b8772dd191856768aedcb1b0278a04f989f7766351917b9dc"
 
+[[package]]
+name = "discard"
+version = "1.0.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "212d0f5754cb6769937f4501cc0e67f4f4483c8d2c3e1e922ee9edbe4ab4c7c0"
+
 [[package]]
 name = "encoding_rs"
 version = "0.8.29"
@@ -581,6 +649,12 @@ dependencies = [
  "log",
 ]
 
+[[package]]
+name = "proc-macro-hack"
+version = "0.5.19"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dbf0c48bc1d91375ae5c3cd81e3722dff1abcf81a30960240640d223f59fe0e5"
+
 [[package]]
 name = "proc-macro2"
 version = "1.0.33"
@@ -590,6 +664,25 @@ dependencies = [
  "unicode-xid",
 ]
 
+[[package]]
+name = "publicsuffix"
+version = "1.5.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "95b4ce31ff0a27d93c8de1849cf58162283752f065a90d508f1105fa6c9a213f"
+dependencies = [
+ "idna",
+ "url",
+]
+
+[[package]]
+name = "qstring"
+version = "0.7.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d464fae65fff2680baf48019211ce37aaec0c78e9264c84a3e484717f965104e"
+dependencies = [
+ "percent-encoding",
+]
+
 [[package]]
 name = "quick-error"
 version = "1.2.3"
@@ -715,6 +808,43 @@ dependencies = [
  "winreg",
 ]
 
+[[package]]
+name = "ring"
+version = "0.16.20"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc"
+dependencies = [
+ "cc",
+ "libc",
+ "once_cell",
+ "spin",
+ "untrusted",
+ "web-sys",
+ "winapi",
+]
+
+[[package]]
+name = "rustc_version"
+version = "0.2.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "138e3e0acb6c9fb258b19b67cb8abd63c00679d2851805ea151465464fe9030a"
+dependencies = [
+ "semver",
+]
+
+[[package]]
+name = "rustls"
+version = "0.19.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "35edb675feee39aec9c99fa5ff985081995a06d594114ae14cbe797ad7b7a6d7"
+dependencies = [
+ "base64",
+ "log",
+ "ring",
+ "sct",
+ "webpki",
+]
+
 [[package]]
 name = "ryu"
 version = "1.0.6"
@@ -731,6 +861,16 @@ dependencies = [
  "winapi",
 ]
 
+[[package]]
+name = "sct"
+version = "0.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b362b83898e0e69f38515b82ee15aa80636befe47c3b6d3d89a911e78fc228ce"
+dependencies = [
+ "ring",
+ "untrusted",
+]
+
 [[package]]
 name = "security-framework"
 version = "2.4.2"
@@ -754,6 +894,21 @@ dependencies = [
  "libc",
 ]
 
+[[package]]
+name = "semver"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1d7eb9ef2c18661902cc47e535f9bc51b78acd254da71d375c2f6720d9a40403"
+dependencies = [
+ "semver-parser",
+]
+
+[[package]]
+name = "semver-parser"
+version = "0.7.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "388a1df253eca08550bef6c72392cfe7c30914bf41df5269b68cbd6ff8f570a3"
+
 [[package]]
 name = "serde"
 version = "1.0.130"
@@ -797,6 +952,12 @@ dependencies = [
  "serde",
 ]
 
+[[package]]
+name = "sha1"
+version = "0.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2579985fda508104f7587689507983eadd6a6e84dd35d6d115361f530916fa0d"
+
 [[package]]
 name = "signal-hook-registry"
 version = "1.4.0"
@@ -822,6 +983,70 @@ dependencies = [
  "winapi",
 ]
 
+[[package]]
+name = "spin"
+version = "0.5.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"
+
+[[package]]
+name = "standback"
+version = "0.2.17"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e113fb6f3de07a243d434a56ec6f186dfd51cb08448239fe7bcae73f87ff28ff"
+dependencies = [
+ "version_check",
+]
+
+[[package]]
+name = "stdweb"
+version = "0.4.20"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d022496b16281348b52d0e30ae99e01a73d737b2f45d38fed4edf79f9325a1d5"
+dependencies = [
+ "discard",
+ "rustc_version",
+ "stdweb-derive",
+ "stdweb-internal-macros",
+ "stdweb-internal-runtime",
+ "wasm-bindgen",
+]
+
+[[package]]
+name = "stdweb-derive"
+version = "0.5.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c87a60a40fccc84bef0652345bbbbbe20a605bf5d0ce81719fc476f5c03b50ef"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "serde",
+ "serde_derive",
+ "syn",
+]
+
+[[package]]
+name = "stdweb-internal-macros"
+version = "0.2.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "58fa5ff6ad0d98d1ffa8cb115892b6e69d67799f6763e162a1c9db421dc22e11"
+dependencies = [
+ "base-x",
+ "proc-macro2",
+ "quote",
+ "serde",
+ "serde_derive",
+ "serde_json",
+ "sha1",
+ "syn",
+]
+
+[[package]]
+name = "stdweb-internal-runtime"
+version = "0.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "213701ba3370744dcd1a12960caa4843b3d68b4d1c0a5d575e0d65b2ee9d16c0"
+
 [[package]]
 name = "syn"
 version = "1.0.82"
@@ -856,6 +1081,54 @@ dependencies = [
  "winapi-util",
 ]
 
+[[package]]
+name = "time"
+version = "0.1.43"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ca8a50ef2360fbd1eeb0ecd46795a87a19024eb4b53c5dc916ca1fd95fe62438"
+dependencies = [
+ "libc",
+ "winapi",
+]
+
+[[package]]
+name = "time"
+version = "0.2.27"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4752a97f8eebd6854ff91f1c1824cd6160626ac4bd44287f7f4ea2035a02a242"
+dependencies = [
+ "const_fn",
+ "libc",
+ "standback",
+ "stdweb",
+ "time-macros",
+ "version_check",
+ "winapi",
+]
+
+[[package]]
+name = "time-macros"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "957e9c6e26f12cb6d0dd7fc776bb67a706312e7299aed74c8dd5b17ebb27e2f1"
+dependencies = [
+ "proc-macro-hack",
+ "time-macros-impl",
+]
+
+[[package]]
+name = "time-macros-impl"
+version = "0.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fd3c141a1b43194f3f56a1411225df8646c55781d5f26db825b3d98507eb482f"
+dependencies = [
+ "proc-macro-hack",
+ "proc-macro2",
+ "quote",
+ "standback",
+ "syn",
+]
+
 [[package]]
 name = "tinyvec"
 version = "1.5.1"
@@ -955,7 +1228,9 @@ dependencies = [
 name = "tricot"
 version = "0.1.0"
 dependencies = [
+ "acme-micro",
  "anyhow",
+ "bytes",
  "envy",
  "futures",
  "log",
@@ -965,6 +1240,7 @@ dependencies = [
  "serde",
  "serde_json",
  "tokio",
+ "uuid",
 ]
 
 [[package]]
@@ -994,6 +1270,31 @@ version = "0.2.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8ccb82d61f80a663efe1f787a51b16b5a51e3314d6ac365b08639f52387b33f3"
 
+[[package]]
+name = "untrusted"
+version = "0.7.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a"
+
+[[package]]
+name = "ureq"
+version = "1.5.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2b8b063c2d59218ae09f22b53c42eaad0d53516457905f5235ca4bc9e99daa71"
+dependencies = [
+ "base64",
+ "chunked_transfer",
+ "cookie",
+ "cookie_store",
+ "log",
+ "once_cell",
+ "qstring",
+ "rustls",
+ "url",
+ "webpki",
+ "webpki-roots",
+]
+
 [[package]]
 name = "url"
 version = "2.2.2"
@@ -1006,12 +1307,24 @@ dependencies = [
  "percent-encoding",
 ]
 
+[[package]]
+name = "uuid"
+version = "0.8.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bc5cf98d8186244414c848017f0e2676b3fcb46807f6668a97dfe67359a3c4b7"
+
 [[package]]
 name = "vcpkg"
 version = "0.2.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
 
+[[package]]
+name = "version_check"
+version = "0.9.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5fecdca9a5291cc2b8dcf7dc02453fee791a280f3743cb0905f8822ae463b3fe"
+
 [[package]]
 name = "want"
 version = "0.3.0"
@@ -1104,6 +1417,25 @@ dependencies = [
  "wasm-bindgen",
 ]
 
+[[package]]
+name = "webpki"
+version = "0.21.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b8e38c0608262c46d4a56202ebabdeb094cef7e560ca7a226c6bf055188aa4ea"
+dependencies = [
+ "ring",
+ "untrusted",
+]
+
+[[package]]
+name = "webpki-roots"
+version = "0.21.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "aabe153544e473b775453675851ecc86863d2a81d786d741f6b76778f2a48940"
+dependencies = [
+ "webpki",
+]
+
 [[package]]
 name = "winapi"
 version = "0.3.9"
diff --git a/Cargo.toml b/Cargo.toml
index 1547899..54846d9 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -9,7 +9,7 @@ authors = ["Alex Auvolat <alex@adnab.me>"]
 [dependencies]
 anyhow = "1.0.28"
 envy = "0.4"
-futures = "0.3.5"
+futures = "0.3"
 log = "0.4"
 pretty_env_logger = "0.4"
 regex = "1"
@@ -17,3 +17,7 @@ reqwest = { version = "0.11", features = ["json"] }
 serde = { version = "1.0.107", features = ["derive"] }
 serde_json = "1.0.53"
 tokio = { version = "1.0", default-features = false, features = ["rt", "rt-multi-thread", "io-util", "net", "time", "macros", "sync", "signal", "fs"] }
+bytes = "1"
+acme-micro = "0.12"
+uuid = "0.8"
+
diff --git a/src/acme.rs b/src/acme.rs
new file mode 100644
index 0000000..c6dbc5b
--- /dev/null
+++ b/src/acme.rs
@@ -0,0 +1,41 @@
+use std::collections::HashSet;
+
+use log::*;
+use anyhow::Result;
+use tokio::{sync::watch, time::sleep};
+
+use acme_micro::{Error, Certificate, Directory, DirectoryUrl};
+use acme_micro::create_p384_key;
+
+use crate::consul::Consul;
+use crate::proxy_config::ProxyConfig;
+
+pub async fn acme_task(mut consul: Consul, mut rx_proxy_config: watch::Receiver<ProxyConfig>) {
+	while rx_proxy_config.changed().await.is_ok() {
+		let mut domains: HashSet<String> = HashSet::new();
+
+		for ent in rx_proxy_config.borrow().entries.iter() {
+			domains.insert(ent.host.clone());
+		}
+		info!("Ensuring we have certs for domains: {:#?}", domains);
+		
+		let results = futures::future::join_all(
+			domains.iter()
+			.map(|dom| renew_cert(dom, &consul))
+		).await;
+
+		for (res, dom) in results.iter().zip(domains.iter()) {
+			if let Err(e) = res {
+				error!("{}: {}", dom, e);
+			}
+		}
+	}
+}
+
+async fn renew_cert(dom: &str, consul: &Consul) -> Result<()> {
+	let dir = Directory::from_url(DirectoryUrl::LetsEncrypt)?;
+	let contact = vec!["mailto:alex@adnab.me".to_string()];
+	let acc = dir.register_account(contact.clone())?;
+	// TODO
+	unimplemented!()
+}
diff --git a/src/consul.rs b/src/consul.rs
index 81074f4..0f7d7c1 100644
--- a/src/consul.rs
+++ b/src/consul.rs
@@ -3,6 +3,8 @@ use std::collections::HashMap;
 use anyhow::Result;
 use log::*;
 use serde::{Deserialize, Serialize};
+use bytes::Bytes;
+use reqwest::StatusCode;
 
 // ---- Watch and retrieve Consul catalog ----
 
@@ -28,14 +30,16 @@ pub struct ConsulNodeCatalog {
 pub struct Consul {
 	client: reqwest::Client,
 	url: String,
+	kv_prefix: String,
 	idx: Option<u64>,
 }
 
 impl Consul {
-	pub fn new(url: &str) -> Self {
+	pub fn new(url: &str, kv_prefix: &str) -> Self {
 		return Self {
 			client: reqwest::Client::new(),
 			url: url.to_string(),
+			kv_prefix: kv_prefix.to_string(),
 			idx: None,
 		};
 	}
@@ -59,4 +63,28 @@ impl Consul {
 		let resp: ConsulNodeCatalog = http.json().await?;
 		return Ok(resp);
 	}
+
+	pub async fn kv_get(&self, key: &str) -> Result<Option<Bytes>> {
+		let url = format!("{}/v1/kv/{}{}?raw", self.url, self.kv_prefix, key);
+		let http = self.client.get(&url).send().await?;
+		match http.status() {
+			StatusCode::OK => Ok(Some(http.bytes().await?)),
+			StatusCode::NOT_FOUND => Ok(None),
+			_ => Err(anyhow!("Consul request failed: {:?}", http.error_for_status())),
+		}
+	}
+
+	pub async fn kv_put(&self, key: &str, bytes: Bytes) -> Result<()> {
+		let url = format!("{}/v1/kv/{}{}", self.url, self.kv_prefix, key);
+		let http = self.client.put(&url).body(bytes).send().await?;
+		http.error_for_status()?;
+		Ok(())
+	}
+
+	pub async fn kv_delete(&self, key: &str) -> Result<()> {
+		let url = format!("{}/v1/kv/{}{}", self.url, self.kv_prefix, key);
+		let http = self.client.delete(&url).send().await?;
+		http.error_for_status()?;
+		Ok(())
+	}
 }
diff --git a/src/main.rs b/src/main.rs
index 3bd8928..3289c46 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -3,6 +3,7 @@ extern crate anyhow;
 
 mod consul;
 mod proxy_config;
+mod acme;
 
 use log::*;
 
@@ -11,9 +12,11 @@ async fn main() {
 	pretty_env_logger::init();
 	info!("Starting Tricot");
 
-	let consul = consul::Consul::new("http://10.42.0.21:8500");
+	let consul = consul::Consul::new("http://10.42.0.21:8500", "tricot/");
 	let mut rx_proxy_config = proxy_config::spawn_proxy_config_task(consul.clone(), "carcajou");
 
+	tokio::spawn(acme::acme_task(consul.clone(), rx_proxy_config.clone()));
+
 	while rx_proxy_config.changed().await.is_ok() {
 		info!("Proxy config: {:#?}", *rx_proxy_config.borrow());
 	}
-- 
cgit v1.2.3