regru: client certificate support (#2050)

boiler · ldez · web-flow · commit cab8e1f55667 · 2023-11-10T02:15:33.000+01:00
Co-authored-by: Fernandez Ludovic &lt;ldez@users.noreply.github.com&gt;
diff --git a/cmd/zz_gen_cmd_dnshelp.go b/cmd/zz_gen_cmd_dnshelp.go
@@ -2184,6 +2184,8 @@ func displayDNSHelp(w io.Writer, name string) error {
 		ew.writeln(`	- "REGRU_HTTP_TIMEOUT":	API request timeout`)
 		ew.writeln(`	- "REGRU_POLLING_INTERVAL":	Time between DNS propagation check`)
 		ew.writeln(`	- "REGRU_PROPAGATION_TIMEOUT":	Maximum waiting time for DNS propagation`)
+		ew.writeln(`	- "REGRU_TLS_CERT":	authentication certificate`)
+		ew.writeln(`	- "REGRU_TLS_KEY":	authentication private key`)
 		ew.writeln(`	- "REGRU_TTL":	The TTL of the TXT record used for the DNS challenge`)
 
 		ew.writeln()
diff --git a/docs/content/dns/zz_gen_regru.md b/docs/content/dns/zz_gen_regru.md
@@ -52,6 +52,8 @@ More information [here]({{< ref "dns#configuration-and-credentials" >}}).
 | `REGRU_HTTP_TIMEOUT` | API request timeout |
 | `REGRU_POLLING_INTERVAL` | Time between DNS propagation check |
 | `REGRU_PROPAGATION_TIMEOUT` | Maximum waiting time for DNS propagation |
+| `REGRU_TLS_CERT` | authentication certificate |
+| `REGRU_TLS_KEY` | authentication private key |
 | `REGRU_TTL` | The TTL of the TXT record used for the DNS challenge |
 
 The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
diff --git a/providers/dns/regru/regru.go b/providers/dns/regru/regru.go
@@ -3,6 +3,7 @@ package regru
 
 import (
 	"context"
+	"crypto/tls"
 	"errors"
 	"fmt"
 	"net/http"
@@ -19,6 +20,8 @@ const (
 
 	EnvUsername = envNamespace + "USERNAME"
 	EnvPassword = envNamespace + "PASSWORD"
+	EnvTLSCert  = envNamespace + "TLS_CERT"
+	EnvTLSKey   = envNamespace + "TLS_KEY"
 
 	EnvTTL                = envNamespace + "TTL"
 	EnvPropagationTimeout = envNamespace + "PROPAGATION_TIMEOUT"
@@ -30,6 +33,8 @@ const (
 type Config struct {
 	Username string
 	Password string
+	TLSCert  string
+	TLSKey   string
 
 	PropagationTimeout time.Duration
 	PollingInterval    time.Duration
@@ -67,6 +72,8 @@ func NewDNSProvider() (*DNSProvider, error) {
 	config := NewDefaultConfig()
 	config.Username = values[EnvUsername]
 	config.Password = values[EnvPassword]
+	config.TLSCert = env.GetOrDefaultString(EnvTLSCert, "")
+	config.TLSKey = env.GetOrDefaultString(EnvTLSKey, "")
 
 	return NewDNSProviderConfig(config)
 }
@@ -87,6 +94,27 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
 		client.HTTPClient = config.HTTPClient
 	}
 
+	if config.TLSCert != "" || config.TLSKey != "" {
+		if config.TLSCert == "" {
+			return nil, errors.New("regru: TLS certificate is missing")
+		}
+
+		if config.TLSKey == "" {
+			return nil, errors.New("regru: TLS key is missing")
+		}
+
+		tlsCert, err := tls.X509KeyPair([]byte(config.TLSCert), []byte(config.TLSKey))
+		if err != nil {
+			return nil, fmt.Errorf("regru: %w", err)
+		}
+
+		client.HTTPClient.Transport = &http.Transport{
+			TLSClientConfig: &tls.Config{
+				Certificates: []tls.Certificate{tlsCert},
+			},
+		}
+	}
+
 	return &DNSProvider{config: config, client: client}, nil
 }
 
diff --git a/providers/dns/regru/regru.toml b/providers/dns/regru/regru.toml
@@ -15,6 +15,8 @@ lego --email you@example.com --dns regru --domains my.example.org run
     REGRU_USERNAME = "API username"
     REGRU_PASSWORD = "API password"
   [Configuration.Additional]
+    REGRU_TLS_CERT = "authentication certificate"
+    REGRU_TLS_KEY = "authentication private key"
     REGRU_POLLING_INTERVAL = "Time between DNS propagation check"
     REGRU_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation"
     REGRU_TTL = "The TTL of the TXT record used for the DNS challenge"
