Packager config mods

packager/util/config.go

@@ -24,13 +24,17 @@ import (
 )
 
 type Config struct {
-	LocalOnly bool
-	Port      int
-	CertFile  string // This must be the full certificate chain.
-	KeyFile   string // Just for the first cert, obviously.
-	OCSPCache string
+	LocalOnly	bool
+	Port		int
+	CertFile	string // This must be the full certificate chain.
+	KeyFile		string // Just for the first cert, obviously.
+	NewCertFile	string // The new full certificate chain replacing the expired one.
+	NewKeyFile	string // For the first cert in NewCertFile.
+	AutoRenewCert	bool   // Should we auto-renew cert? Defaults to false.
+	OCSPCache	string
 	ForwardedRequestHeaders []string
-	URLSet    []URLSet
+	URLSet		[]URLSet
+	ACMEConfig	*ACMEConfig
 }
 
 type URLSet struct {
@@ -50,6 +54,16 @@ type URLPattern struct {
 	SamePath               *bool
 }
 
+type ACMEConfig struct {
+	Prod	*ACMEServerConfig
+	Staging	*ACMEServerConfig
+}
+
+type ACMEServerConfig struct {
+	DiscoURL	string // ACME Production Directory Resource URL
+	AccountURL	string // ACME Account URL
+}
+
 // TODO(twifkak): Extract default values into a function separate from the one
 // that does the parsing and validation. This would make signer_test and
 // validation_test less brittle.

packager/util/config_test.go

@@ -174,6 +174,81 @@ func TestInvalidQueryRE(t *testing.T) {
 	`))), "QueryRE must be a valid regexp")
 }
 
+func TestOptionalAutoRenewCertAndKey(t *testing.T) {
+	config, err := ReadConfig([]byte(`
+		CertFile = "cert.pem"
+		KeyFile = "key.pem"
+		NewCertFile = "newcert.pem"
+		NewKeyFile = "newkey.pem"
+		AutoRenewCert = false
+		OCSPCache = "/tmp/ocsp"
+		[[URLSet]]
+		  [URLSet.Sign]
+		    Domain = "example.com"
+	`))
+	require.NoError(t, err)
+	assert.Equal(t, Config{
+		Port:      8080,
+		CertFile:  "cert.pem",
+		KeyFile:   "key.pem",
+		NewCertFile: "newcert.pem",
+		AutoRenewCert: false,
+		NewKeyFile: "newkey.pem",
+		OCSPCache: "/tmp/ocsp",
+		URLSet: []URLSet{{
+			Sign: &URLPattern{
+				Domain:  "example.com",
+				PathRE:  stringPtr(".*"),
+				QueryRE: stringPtr(""),
+				MaxLength: 2000,
+			},
+		}},
+	}, *config)
+}
+
+func TestOptionalACMEConfig(t *testing.T) {
+	config, err := ReadConfig([]byte(`
+		CertFile = "cert.pem"
+		KeyFile = "key.pem"
+		OCSPCache = "/tmp/ocsp"
+		[[URLSet]]
+		  [URLSet.Sign]
+		    Domain = "example.com"
+		[ACMEConfig]
+		  [ACMEConfig.Prod]
+		    DiscoURL = "prod.disco.url"
+		    AccountURL = "prod.account.url"
+		  [ACMEConfig.Staging]
+		    DiscoURL = "staging.disco.url"
+		    AccountURL = "staging.account.url"
+	`))
+	require.NoError(t, err)
+	assert.Equal(t, Config{
+		Port:      8080,
+		CertFile:  "cert.pem",
+		KeyFile:   "key.pem",
+		OCSPCache: "/tmp/ocsp",
+		ACMEConfig: &ACMEConfig{
+			Prod: &ACMEServerConfig{
+				DiscoURL: "prod.disco.url",
+				AccountURL: "prod.account.url",
+			},
+			Staging: &ACMEServerConfig{
+				DiscoURL: "staging.disco.url",
+				AccountURL: "staging.account.url",
+			},
+		},
+		URLSet: []URLSet{{
+			Sign: &URLPattern{
+				Domain:  "example.com",
+				PathRE:  stringPtr(".*"),
+				QueryRE: stringPtr(""),
+				MaxLength: 2000,
+			},
+		}},
+	}, *config)
+}
+
 func TestSignMissing(t *testing.T) {
 	msg := errorFrom(ReadConfig([]byte(`
 		CertFile = "cert.pem"