diff options
author | Andrew Cady <d@jerkface.net> | 2016-01-20 11:32:17 -0500 |
---|---|---|
committer | Andrew Cady <d@jerkface.net> | 2016-01-20 11:32:17 -0500 |
commit | 507e230d6ce9304b359d6a2811d7b32760e3bc07 (patch) | |
tree | 24c2da7d0a48d7beed7772efe02e5433db924679 | |
parent | ba128c5b8fedeb77e8d014b968884b570a698468 (diff) |
Remove unused functions
(Related to calling external openssl process.)
-rw-r--r-- | acme.hs | 52 |
1 files changed, 14 insertions, 38 deletions
@@ -24,16 +24,16 @@ import Data.Maybe | |||
24 | import qualified Data.Text as T | 24 | import qualified Data.Text as T |
25 | import Data.Text.Encoding (decodeUtf8) | 25 | import Data.Text.Encoding (decodeUtf8) |
26 | import Network.Wreq hiding (header) | 26 | import Network.Wreq hiding (header) |
27 | import OpenSSL | ||
28 | import OpenSSL.EVP.Digest | ||
27 | import OpenSSL.EVP.PKey | 29 | import OpenSSL.EVP.PKey |
30 | import OpenSSL.EVP.Sign | ||
28 | import OpenSSL.PEM | 31 | import OpenSSL.PEM |
29 | import OpenSSL.RSA | 32 | import OpenSSL.RSA |
30 | import Options.Applicative hiding (header) | 33 | import Options.Applicative hiding (header) |
31 | import qualified Options.Applicative as Opt | 34 | import qualified Options.Applicative as Opt |
32 | import System.Directory | 35 | import System.Directory |
33 | import System.Process (readProcess) | 36 | import System.Process (readProcess) |
34 | import OpenSSL.EVP.Sign | ||
35 | import OpenSSL.EVP.Digest | ||
36 | import OpenSSL | ||
37 | 37 | ||
38 | directoryUrl :: String | 38 | directoryUrl :: String |
39 | directoryUrl = "https://acme-v01.api.letsencrypt.org/directory" | 39 | directoryUrl = "https://acme-v01.api.letsencrypt.org/directory" |
@@ -78,10 +78,10 @@ go (CmdOpts privKeyFile domain email termOverride) = do | |||
78 | let protected = b64 (header userKey nonce_) | 78 | let protected = b64 (header userKey nonce_) |
79 | 79 | ||
80 | -- Create user account | 80 | -- Create user account |
81 | forM_ email $ \m -> signPayload "registration" priv privKeyFile userKey protected (registration m terms) | 81 | forM_ email $ \m -> signPayload "registration" priv userKey protected (registration m terms) |
82 | 82 | ||
83 | -- Obtain a challenge | 83 | -- Obtain a challenge |
84 | signPayload "challenge-request" priv privKeyFile userKey protected (authz domain) | 84 | signPayload "challenge-request" priv userKey protected (authz domain) |
85 | 85 | ||
86 | -- Answser the challenge | 86 | -- Answser the challenge |
87 | let thumb = thumbprint (JWK (rsaE userKey) "RSA" (rsaN userKey)) | 87 | let thumb = thumbprint (JWK (rsaE userKey) "RSA" (rsaN userKey)) |
@@ -94,13 +94,13 @@ go (CmdOpts privKeyFile domain email termOverride) = do | |||
94 | putStrLn ("With content:\n" ++ BC.unpack thumbtoken) | 94 | putStrLn ("With content:\n" ++ BC.unpack thumbtoken) |
95 | 95 | ||
96 | -- Notify Let's Encrypt we answsered the challenge | 96 | -- Notify Let's Encrypt we answsered the challenge |
97 | signPayload "challenge-response" priv privKeyFile userKey protected (challenge thumbtoken) | 97 | signPayload "challenge-response" priv userKey protected (challenge thumbtoken) |
98 | 98 | ||
99 | -- Wait for challenge validation | 99 | -- Wait for challenge validation |
100 | 100 | ||
101 | -- Send a CSR and get a certificate | 101 | -- Send a CSR and get a certificate |
102 | csr_ <- B.readFile (domain ++ ".csr.der") | 102 | csr_ <- B.readFile (domain ++ ".csr.der") |
103 | signPayload "csr-request" priv privKeyFile userKey protected (csr csr_) | 103 | signPayload "csr-request" priv userKey protected (csr csr_) |
104 | 104 | ||
105 | data Directory = Directory { | 105 | data Directory = Directory { |
106 | _newCert :: String, | 106 | _newCert :: String, |
@@ -122,43 +122,19 @@ getNonce = fmap _nonce <$> getDirectory directoryUrl | |||
122 | 122 | ||
123 | -------------------------------------------------------------------------------- | 123 | -------------------------------------------------------------------------------- |
124 | -- | Sign and write a payload to a file with a nonce-protected header. | 124 | -- | Sign and write a payload to a file with a nonce-protected header. |
125 | signPayload :: (RSAKey k, KeyPair kp) => String -> kp -> String -> k -> ByteString -> ByteString -> IO () | 125 | signPayload :: (RSAKey k, KeyPair kp) => String -> kp -> k -> ByteString -> ByteString -> IO () |
126 | signPayload name priv privKeyFile key protected payload = withOpenSSL $ do | 126 | signPayload name priv key protected payload = withOpenSSL $ do |
127 | writePayload name protected payload | ||
128 | sig <- Main.sign privKeyFile name | ||
129 | Just dig <- getDigestByName "SHA256" | 127 | Just dig <- getDigestByName "SHA256" |
130 | sig' <- signBS dig priv (B.concat [protected, ".", payload]) | 128 | sig <- signBS dig priv (B.concat [protected, ".", payload]) |
131 | writeBody name key protected payload sig | 129 | writeBody name key protected payload sig |
132 | writeBody (name ++ ".internal") key protected payload (b64 sig') | ||
133 | |||
134 | -- | Write a payload to file with a nonce-protected header. | ||
135 | writePayload :: String -> ByteString -> ByteString -> IO () | ||
136 | writePayload name protected payload = | ||
137 | LB.writeFile (name ++ ".txt") (LB.fromChunks [protected, ".", payload]) | ||
138 | |||
139 | -- | Sign a payload file using the user key. | ||
140 | sign :: String -> String -> IO ByteString | ||
141 | sign privKeyFile name = do | ||
142 | sign_ privKeyFile (name ++ ".txt") (name ++ ".sig") | ||
143 | sig_ <- B.readFile (name ++ ".sig") | ||
144 | return (b64 sig_) | ||
145 | |||
146 | sign_ :: String -> String -> String -> IO () | ||
147 | sign_ privKeyFile inp out = do | ||
148 | _ <- readProcess "openssl" | ||
149 | [ "dgst", "-sha256" | ||
150 | , "-sign", privKeyFile | ||
151 | , "-out", out | ||
152 | , inp | ||
153 | ] | ||
154 | "" | ||
155 | return () | ||
156 | 130 | ||
157 | -- | Write a signed payload to a file. It can be used as the body of a POST | 131 | -- | Write a signed payload to a file. It can be used as the body of a POST |
158 | -- request. | 132 | -- request. |
159 | writeBody :: RSAKey k => String -> k -> ByteString -> ByteString -> ByteString -> IO () | 133 | writeBody :: RSAKey k => String -> k -> ByteString -> ByteString -> ByteString -> IO () |
160 | writeBody name key protected payload sig = LB.writeFile (name ++ ".body") | 134 | writeBody name key protected payload sig = LB.writeFile (name ++ ".body") $ buildBody key protected payload sig |
161 | (encode (Request (header' key) protected payload sig)) | 135 | |
136 | buildBody :: RSAKey k => k -> ByteString -> ByteString -> ByteString -> LC.ByteString | ||
137 | buildBody key protected payload sig = encode (Request (header' key) protected payload sig) | ||
162 | 138 | ||
163 | -------------------------------------------------------------------------------- | 139 | -------------------------------------------------------------------------------- |
164 | -- | Base64URL encoding of Integer with padding '=' removed. | 140 | -- | Base64URL encoding of Integer with padding '=' removed. |