diff options
author | Andrew Cady <d@jerkface.net> | 2016-01-25 17:42:29 -0500 |
---|---|---|
committer | Andrew Cady <d@jerkface.net> | 2016-01-25 17:42:29 -0500 |
commit | 3fc632688205e46295803460b5e652751c803d59 (patch) | |
tree | 2ebe6903854018cb1d0c640b84807529fb6b6fa8 | |
parent | cf440860e186e7fd775ae27da08220d9fe5e233e (diff) |
move genReq into the library
-rw-r--r-- | acme-certify.hs | 20 | ||||
-rw-r--r-- | src/Network/ACME.hs | 20 |
2 files changed, 21 insertions, 19 deletions
diff --git a/acme-certify.hs b/acme-certify.hs index cda3d09..360579b 100644 --- a/acme-certify.hs +++ b/acme-certify.hs | |||
@@ -13,14 +13,12 @@ module Main where | |||
13 | 13 | ||
14 | import BasePrelude | 14 | import BasePrelude |
15 | import qualified Data.ByteString.Lazy.Char8 as LC | 15 | import qualified Data.ByteString.Lazy.Char8 as LC |
16 | import Network.ACME (CSR (..), canProvision, certify, fileProvisioner, ensureWritableDir, (</>), domainToString) | 16 | import Network.ACME (canProvision, certify, fileProvisioner, ensureWritableDir, (</>), genReq) |
17 | import Network.ACME.Encoding (Keys (..), readKeys, toStrict) | 17 | import Network.ACME.Encoding (Keys (..), readKeys) |
18 | import Network.URI | 18 | import Network.URI |
19 | import OpenSSL | 19 | import OpenSSL |
20 | import OpenSSL.EVP.Digest | ||
21 | import OpenSSL.PEM | 20 | import OpenSSL.PEM |
22 | import OpenSSL.RSA | 21 | import OpenSSL.RSA |
23 | import OpenSSL.X509.Request | ||
24 | import Options.Applicative hiding (header) | 22 | import Options.Applicative hiding (header) |
25 | import qualified Options.Applicative as Opt | 23 | import qualified Options.Applicative as Opt |
26 | import System.Directory | 24 | import System.Directory |
@@ -95,20 +93,6 @@ genKey privKeyFile = withOpenSSL $ do | |||
95 | writeFile privKeyFile pem | 93 | writeFile privKeyFile pem |
96 | return pem | 94 | return pem |
97 | 95 | ||
98 | genReq :: Keys -> [DomainName] -> IO CSR | ||
99 | genReq _ [] = error "genReq called with zero domains" | ||
100 | genReq (Keys priv pub) domains@(domain:_) = withOpenSSL $ do | ||
101 | Just dig <- getDigestByName "SHA256" | ||
102 | req <- newX509Req | ||
103 | setSubjectName req [("CN", domainToString domain)] | ||
104 | setVersion req 0 | ||
105 | setPublicKey req pub | ||
106 | void $ addExtensions req [(nidSubjectAltName, intercalate ", " (map (("DNS:" ++) . domainToString) domains))] | ||
107 | signX509Req req priv (Just dig) | ||
108 | CSR domains . toStrict <$> writeX509ReqDER req | ||
109 | where | ||
110 | nidSubjectAltName = 85 | ||
111 | |||
112 | getOrCreateKeys :: FilePath -> IO (Maybe Keys) | 96 | getOrCreateKeys :: FilePath -> IO (Maybe Keys) |
113 | getOrCreateKeys file = do | 97 | getOrCreateKeys file = do |
114 | exists <- doesFileExist file | 98 | exists <- doesFileExist file |
diff --git a/src/Network/ACME.hs b/src/Network/ACME.hs index 5a66028..f6bffe2 100644 --- a/src/Network/ACME.hs +++ b/src/Network/ACME.hs | |||
@@ -31,14 +31,32 @@ import Network.Wreq (Response, checkStatus, defaults, | |||
31 | statusMessage) | 31 | statusMessage) |
32 | import qualified Network.Wreq as W | 32 | import qualified Network.Wreq as W |
33 | import qualified Network.Wreq.Session as WS | 33 | import qualified Network.Wreq.Session as WS |
34 | import OpenSSL.RSA | ||
35 | import System.Directory | 34 | import System.Directory |
36 | import Text.Email.Validate | 35 | import Text.Email.Validate |
37 | import Text.Domain.Validate hiding (validate) | 36 | import Text.Domain.Validate hiding (validate) |
38 | import Network.URI | 37 | import Network.URI |
38 | import OpenSSL | ||
39 | import OpenSSL.EVP.Digest | ||
40 | import OpenSSL.RSA | ||
41 | import OpenSSL.X509.Request | ||
42 | import Data.List | ||
39 | 43 | ||
40 | type HttpProvisioner = URI -> ByteString -> IO () | 44 | type HttpProvisioner = URI -> ByteString -> IO () |
41 | 45 | ||
46 | genReq :: Keys -> [DomainName] -> IO CSR | ||
47 | genReq _ [] = error "genReq called with zero domains" | ||
48 | genReq (Keys priv pub) domains@(domain:_) = withOpenSSL $ do | ||
49 | Just dig <- getDigestByName "SHA256" | ||
50 | req <- newX509Req | ||
51 | setSubjectName req [("CN", domainToString domain)] | ||
52 | setVersion req 0 | ||
53 | setPublicKey req pub | ||
54 | void $ addExtensions req [(nidSubjectAltName, intercalate ", " (map (("DNS:" ++) . domainToString) domains))] | ||
55 | signX509Req req priv (Just dig) | ||
56 | CSR domains . toStrict <$> writeX509ReqDER req | ||
57 | where | ||
58 | nidSubjectAltName = 85 | ||
59 | |||
42 | fileProvisioner :: WritableDir -> HttpProvisioner | 60 | fileProvisioner :: WritableDir -> HttpProvisioner |
43 | fileProvisioner challengeDir = BC.writeFile . uToF | 61 | fileProvisioner challengeDir = BC.writeFile . uToF |
44 | where | 62 | where |