Remove unused functions

(Related to calling external openssl process.)
author: Andrew Cady <d@jerkface.net> 2016-01-20 11:32:17 -0500
committer: Andrew Cady <d@jerkface.net> 2016-01-20 11:32:17 -0500
commit: 507e230d6ce9304b359d6a2811d7b32760e3bc07 (patch)
tree: 24c2da7d0a48d7beed7772efe02e5433db924679
parent: ba128c5b8fedeb77e8d014b968884b570a698468 (diff)
1 files changed, 14 insertions, 38 deletions
diff --git a/acme.hs b/acme.hs
index 82d728f..54bf324 100644
--- a/acme.hs
+++ b/acme.hs
@@ -24,16 +24,16 @@ import           Data.Maybe
 import qualified Data.Text                  as T
 import           Data.Text.Encoding         (decodeUtf8)
 import           Network.Wreq               hiding (header)
+import           OpenSSL
+import           OpenSSL.EVP.Digest
 import           OpenSSL.EVP.PKey
+import           OpenSSL.EVP.Sign
 import           OpenSSL.PEM
 import           OpenSSL.RSA
 import           Options.Applicative        hiding (header)
 import qualified Options.Applicative        as Opt
 import           System.Directory
 import           System.Process             (readProcess)
-import OpenSSL.EVP.Sign
-import OpenSSL.EVP.Digest
-import OpenSSL
 directoryUrl :: String
 directoryUrl =  "https://acme-v01.api.letsencrypt.org/directory"
@@ -78,10 +78,10 @@ go (CmdOpts privKeyFile domain email termOverride) = do
      let protected = b64 (header userKey nonce_)
      -- Create user account
-      forM_ email $ \m -> signPayload "registration" priv privKeyFile userKey protected (registration m terms)
+      forM_ email $ \m -> signPayload "registration" priv userKey protected (registration m terms)
      -- Obtain a challenge
-      signPayload "challenge-request" priv privKeyFile userKey protected (authz domain)
+      signPayload "challenge-request" priv userKey protected (authz domain)
      -- Answser the challenge
      let thumb = thumbprint (JWK (rsaE userKey) "RSA" (rsaN userKey))
@@ -94,13 +94,13 @@ go (CmdOpts privKeyFile domain email termOverride) = do
      putStrLn ("With content:\n" ++ BC.unpack thumbtoken)
      -- Notify Let's Encrypt we answsered the challenge
-      signPayload "challenge-response" priv privKeyFile userKey protected (challenge thumbtoken)
+      signPayload "challenge-response" priv userKey protected (challenge thumbtoken)
      -- Wait for challenge validation
      -- Send a CSR and get a certificate
      csr_ <- B.readFile (domain ++ ".csr.der")
-      signPayload "csr-request" priv privKeyFile userKey protected (csr csr_)
+      signPayload "csr-request" priv userKey protected (csr csr_)
 data Directory = Directory {
  _newCert    :: String,
@@ -122,43 +122,19 @@ getNonce = fmap _nonce <$> getDirectory directoryUrl
 --------------------------------------------------------------------------------
 -- | Sign and write a payload to a file with a nonce-protected header.
-signPayload :: (RSAKey k, KeyPair kp) => String -> kp -> String -> k -> ByteString -> ByteString -> IO ()
+signPayload :: (RSAKey k, KeyPair kp) => String -> kp -> k -> ByteString -> ByteString -> IO ()
-signPayload name priv privKeyFile key protected payload = withOpenSSL $ do
+signPayload name priv key protected payload = withOpenSSL $ do
-  writePayload name protected payload
-  sig <- Main.sign privKeyFile name
  Just dig <- getDigestByName "SHA256"
-  sig' <- signBS dig priv (B.concat [protected, ".", payload])
+  sig <- signBS dig priv (B.concat [protected, ".", payload])
  writeBody name key protected payload sig
-  writeBody (name ++ ".internal") key protected payload (b64 sig')
-- | Write a payload to file with a nonce-protected header.
-writePayload :: String -> ByteString -> ByteString -> IO ()
-writePayload name protected payload =
-  LB.writeFile (name ++ ".txt") (LB.fromChunks [protected, ".", payload])
-- | Sign a payload file using the user key.
-sign :: String -> String -> IO ByteString
-sign privKeyFile name = do
-  sign_ privKeyFile (name ++ ".txt") (name ++ ".sig")
-  sig_ <- B.readFile (name ++ ".sig")
-  return (b64 sig_)
-sign_ :: String -> String -> String -> IO ()
-sign_ privKeyFile inp out = do
-  _ <- readProcess "openssl"
-    [ "dgst", "-sha256"
-    , "-sign", privKeyFile
-    , "-out", out
-    , inp
-    ]
-    ""
-  return ()
 -- | Write a signed payload to a file. It can be used as the body of a POST
 -- request.
 writeBody :: RSAKey k => String -> k -> ByteString -> ByteString -> ByteString -> IO ()
-writeBody name key protected payload sig = LB.writeFile (name ++ ".body")
+writeBody name key protected payload sig = LB.writeFile (name ++ ".body") $ buildBody key protected payload sig
-  (encode (Request (header' key) protected payload sig))
+buildBody :: RSAKey k => k -> ByteString -> ByteString -> ByteString -> LC.ByteString
+buildBody key protected payload sig = encode (Request (header' key) protected payload sig)
 --------------------------------------------------------------------------------
 -- | Base64URL encoding of Integer with padding '=' removed.
author	Andrew Cady <d@jerkface.net>	2016-01-20 11:32:17 -0500
committer	Andrew Cady <d@jerkface.net>	2016-01-20 11:32:17 -0500
commit	507e230d6ce9304b359d6a2811d7b32760e3bc07 (patch)
tree	24c2da7d0a48d7beed7772efe02e5433db924679
parent	ba128c5b8fedeb77e8d014b968884b570a698468 (diff)

diff --git a/acme.hs b/acme.hs index 82d728f..54bf324 100644 --- a/acme.hs +++ b/acme.hs
@@ -24,16 +24,16 @@ import Data.Maybe
24	import qualified Data.Text as T	24	import qualified Data.Text as T
25	import Data.Text.Encoding (decodeUtf8)	25	import Data.Text.Encoding (decodeUtf8)
26	import Network.Wreq hiding (header)	26	import Network.Wreq hiding (header)
		27	import OpenSSL
		28	import OpenSSL.EVP.Digest
27	import OpenSSL.EVP.PKey	29	import OpenSSL.EVP.PKey
		30	import OpenSSL.EVP.Sign
28	import OpenSSL.PEM	31	import OpenSSL.PEM
29	import OpenSSL.RSA	32	import OpenSSL.RSA
30	import Options.Applicative hiding (header)	33	import Options.Applicative hiding (header)
31	import qualified Options.Applicative as Opt	34	import qualified Options.Applicative as Opt
32	import System.Directory	35	import System.Directory
33	import System.Process (readProcess)	36	import System.Process (readProcess)
34	import OpenSSL.EVP.Sign
35	import OpenSSL.EVP.Digest
36	import OpenSSL
37		37
38	directoryUrl :: String	38	directoryUrl :: String
39	directoryUrl = "https://acme-v01.api.letsencrypt.org/directory"	39	directoryUrl = "https://acme-v01.api.letsencrypt.org/directory"
@@ -78,10 +78,10 @@ go (CmdOpts privKeyFile domain email termOverride) = do
78	let protected = b64 (header userKey nonce_)	78	let protected = b64 (header userKey nonce_)
79		79
80	-- Create user account	80	-- Create user account
81	forM_ email $ \m -> signPayload "registration" priv privKeyFile userKey protected (registration m terms)	81	forM_ email $ \m -> signPayload "registration" priv userKey protected (registration m terms)
82		82
83	-- Obtain a challenge	83	-- Obtain a challenge
84	signPayload "challenge-request" priv privKeyFile userKey protected (authz domain)	84	signPayload "challenge-request" priv userKey protected (authz domain)
85		85
86	-- Answser the challenge	86	-- Answser the challenge
87	let thumb = thumbprint (JWK (rsaE userKey) "RSA" (rsaN userKey))	87	let thumb = thumbprint (JWK (rsaE userKey) "RSA" (rsaN userKey))
@@ -94,13 +94,13 @@ go (CmdOpts privKeyFile domain email termOverride) = do
94	putStrLn ("With content:\n" ++ BC.unpack thumbtoken)	94	putStrLn ("With content:\n" ++ BC.unpack thumbtoken)
95		95
96	-- Notify Let's Encrypt we answsered the challenge	96	-- Notify Let's Encrypt we answsered the challenge
97	signPayload "challenge-response" priv privKeyFile userKey protected (challenge thumbtoken)	97	signPayload "challenge-response" priv userKey protected (challenge thumbtoken)
98		98
99	-- Wait for challenge validation	99	-- Wait for challenge validation
100		100
101	-- Send a CSR and get a certificate	101	-- Send a CSR and get a certificate
102	csr_ <- B.readFile (domain ++ ".csr.der")	102	csr_ <- B.readFile (domain ++ ".csr.der")
103	signPayload "csr-request" priv privKeyFile userKey protected (csr csr_)	103	signPayload "csr-request" priv userKey protected (csr csr_)
104		104
105	data Directory = Directory {	105	data Directory = Directory {
106	_newCert :: String,	106	_newCert :: String,
@@ -122,43 +122,19 @@ getNonce = fmap _nonce <$> getDirectory directoryUrl
122		122
123	--------------------------------------------------------------------------------	123	--------------------------------------------------------------------------------
124	-- \| Sign and write a payload to a file with a nonce-protected header.	124	-- \| Sign and write a payload to a file with a nonce-protected header.
125	signPayload :: (RSAKey k, KeyPair kp) => String -> kp -> String -> k -> ByteString -> ByteString -> IO ()	125	signPayload :: (RSAKey k, KeyPair kp) => String -> kp -> k -> ByteString -> ByteString -> IO ()
126	signPayload name priv privKeyFile key protected payload = withOpenSSL $ do	126	signPayload name priv key protected payload = withOpenSSL $ do
127	writePayload name protected payload
128	sig <- Main.sign privKeyFile name
129	Just dig <- getDigestByName "SHA256"	127	Just dig <- getDigestByName "SHA256"
130	sig' <- signBS dig priv (B.concat [protected, ".", payload])	128	sig <- signBS dig priv (B.concat [protected, ".", payload])
131	writeBody name key protected payload sig	129	writeBody name key protected payload sig
132	writeBody (name ++ ".internal") key protected payload (b64 sig')
133
134	-- \| Write a payload to file with a nonce-protected header.
135	writePayload :: String -> ByteString -> ByteString -> IO ()
136	writePayload name protected payload =
137	LB.writeFile (name ++ ".txt") (LB.fromChunks [protected, ".", payload])
138
139	-- \| Sign a payload file using the user key.
140	sign :: String -> String -> IO ByteString
141	sign privKeyFile name = do
142	sign_ privKeyFile (name ++ ".txt") (name ++ ".sig")
143	sig_ <- B.readFile (name ++ ".sig")
144	return (b64 sig_)
145
146	sign_ :: String -> String -> String -> IO ()
147	sign_ privKeyFile inp out = do
148	_ <- readProcess "openssl"
149	[ "dgst", "-sha256"
150	, "-sign", privKeyFile
151	, "-out", out
152	, inp
153	]
154	""
155	return ()
156		130
157	-- \| Write a signed payload to a file. It can be used as the body of a POST	131	-- \| Write a signed payload to a file. It can be used as the body of a POST
158	-- request.	132	-- request.
159	writeBody :: RSAKey k => String -> k -> ByteString -> ByteString -> ByteString -> IO ()	133	writeBody :: RSAKey k => String -> k -> ByteString -> ByteString -> ByteString -> IO ()
160	writeBody name key protected payload sig = LB.writeFile (name ++ ".body")	134	writeBody name key protected payload sig = LB.writeFile (name ++ ".body") $ buildBody key protected payload sig
161	(encode (Request (header' key) protected payload sig))	135
		136	buildBody :: RSAKey k => k -> ByteString -> ByteString -> ByteString -> LC.ByteString
		137	buildBody key protected payload sig = encode (Request (header' key) protected payload sig)
162		138
163	--------------------------------------------------------------------------------	139	--------------------------------------------------------------------------------
164	-- \| Base64URL encoding of Integer with padding '=' removed.	140	-- \| Base64URL encoding of Integer with padding '=' removed.