diff options
author | Andrew Cady <d@jerkface.net> | 2016-04-09 00:01:51 -0400 |
---|---|---|
committer | Andrew Cady <d@jerkface.net> | 2016-04-09 00:01:51 -0400 |
commit | 88965364b417b2dd0f4c7b3e312f39aec94d4a1f (patch) | |
tree | 1a3c323291c4e9aa4be552f9c778b4e281e5501a | |
parent | b8493e549fe472021a545b665e49fff779fb4241 (diff) |
Move generation of CSR into `certify` function
-rw-r--r-- | acme-certify.hs | 4 | ||||
-rw-r--r-- | src/Network/ACME.hs | 14 |
2 files changed, 10 insertions, 8 deletions
diff --git a/acme-certify.hs b/acme-certify.hs index c0116ea..0ac7a7b 100644 --- a/acme-certify.hs +++ b/acme-certify.hs | |||
@@ -140,13 +140,11 @@ go CmdOpts { .. } = do | |||
140 | go' :: URI -> URI -> Maybe EmailAddress -> X509 -> AcmeCertRequest -> IO (Either String ()) | 140 | go' :: URI -> URI -> Maybe EmailAddress -> X509 -> AcmeCertRequest -> IO (Either String ()) |
141 | go' directoryUrl terms email issuerCert acr@AcmeCertRequest{..} = do | 141 | go' directoryUrl terms email issuerCert acr@AcmeCertRequest{..} = do |
142 | let domainKeyFile = acrCertificateDir </> "rsa.key" | 142 | let domainKeyFile = acrCertificateDir </> "rsa.key" |
143 | let provision = dispatchProvisioner acrDomains | ||
144 | 143 | ||
145 | Just domainKeys <- getOrCreateKeys domainKeyFile | 144 | Just domainKeys <- getOrCreateKeys domainKeyFile |
146 | dh <- saveDhParams acr | 145 | dh <- saveDhParams acr |
147 | 146 | ||
148 | certReq <- genReq domainKeys $ map fst acrDomains | 147 | certificate <- certify directoryUrl acrUserKeys ((,) terms <$> email) domainKeys acrDomains |
149 | certificate <- certify directoryUrl acrUserKeys ((,) terms <$> email) provision certReq | ||
150 | forM certificate $ saveCertificate issuerCert dh domainKeys acr | 148 | forM certificate $ saveCertificate issuerCert dh domainKeys acr |
151 | 149 | ||
152 | saveDhParams :: AcmeCertRequest -> IO (Maybe DHP) | 150 | saveDhParams :: AcmeCertRequest -> IO (Maybe DHP) |
diff --git a/src/Network/ACME.hs b/src/Network/ACME.hs index 120248c..97e6e10 100644 --- a/src/Network/ACME.hs +++ b/src/Network/ACME.hs | |||
@@ -52,8 +52,12 @@ import Text.Email.Validate | |||
52 | 52 | ||
53 | -- The `certify` function | 53 | -- The `certify` function |
54 | 54 | ||
55 | certify :: URI -> Keys -> Maybe (URI, EmailAddress) -> DispatchHttpProvisioner -> CSR -> IO (Either String X509) | 55 | certify :: URI -> Keys -> Maybe (URI, EmailAddress) -> Keys -> [(DomainName, HttpProvisioner)] -> IO (Either String X509) |
56 | certify directoryUrl keys reg provision certReq = | 56 | certify directoryUrl keys reg domainKeys domains = do |
57 | |||
58 | certReq <- genReq domainKeys $ map fst domains | ||
59 | let provision = dispatchProvisioner domains | ||
60 | |||
57 | (mapM readDerX509 =<<) $ runACME directoryUrl keys $ do | 61 | (mapM readDerX509 =<<) $ runACME directoryUrl keys $ do |
58 | forM_ reg $ uncurry register >=> statusReport | 62 | forM_ reg $ uncurry register >=> statusReport |
59 | 63 | ||
@@ -64,7 +68,7 @@ certify directoryUrl keys reg provision certReq = | |||
64 | cr dom = challengeRequest dom >>= statusReport >>= extractCR >>= performChallenge dom | 68 | cr dom = challengeRequest dom >>= statusReport >>= extractCR >>= performChallenge dom |
65 | 69 | ||
66 | runResourceT $ do | 70 | runResourceT $ do |
67 | challengeResultLinks <- forM (csrDomains certReq) cr | 71 | challengeResultLinks <- forM (map fst domains) cr |
68 | lift . runExceptT $ do | 72 | lift . runExceptT $ do |
69 | ExceptT $ pollResults challengeResultLinks <&> left ("certificate receipt was not attempted because a challenge failed: " ++) | 73 | ExceptT $ pollResults challengeResultLinks <&> left ("certificate receipt was not attempted because a challenge failed: " ++) |
70 | ExceptT $ retrieveCert certReq >>= statusReport <&> checkCertResponse | 74 | ExceptT $ retrieveCert certReq >>= statusReport <&> checkCertResponse |
@@ -242,7 +246,7 @@ statusReport r = do | |||
242 | 246 | ||
243 | -- OpenSSL operations | 247 | -- OpenSSL operations |
244 | 248 | ||
245 | data CSR = CSR { csrDomains :: [DomainName], csrData :: ByteString } | 249 | data CSR = CSR { csrData :: ByteString } |
246 | genReq :: Keys -> [DomainName] -> IO CSR | 250 | genReq :: Keys -> [DomainName] -> IO CSR |
247 | genReq _ [] = error "genReq called with zero domains" | 251 | genReq _ [] = error "genReq called with zero domains" |
248 | genReq (Keys priv pub) domains@(domain:_) = withOpenSSL $ do | 252 | genReq (Keys priv pub) domains@(domain:_) = withOpenSSL $ do |
@@ -253,7 +257,7 @@ genReq (Keys priv pub) domains@(domain:_) = withOpenSSL $ do | |||
253 | setPublicKey req pub | 257 | setPublicKey req pub |
254 | void $ addExtensions req [(nidSubjectAltName, intercalate ", " (map (("DNS:" ++) . domainToString) domains))] | 258 | void $ addExtensions req [(nidSubjectAltName, intercalate ", " (map (("DNS:" ++) . domainToString) domains))] |
255 | signX509Req req priv (Just dig) | 259 | signX509Req req priv (Just dig) |
256 | CSR domains . toStrict <$> writeX509ReqDER req | 260 | CSR . toStrict <$> writeX509ReqDER req |
257 | where | 261 | where |
258 | nidSubjectAltName = 85 | 262 | nidSubjectAltName = 85 |
259 | 263 | ||