Perform all provision checks before any ACME requests

Also removed various test output
author: Andrew Cady <d@jerkface.net> 2016-04-10 00:43:41 -0400
committer: Andrew Cady <d@jerkface.net> 2016-04-10 00:43:41 -0400
commit: ccb1065fe4281a778dff5ace295708fe534f5e8c (patch)
tree: d3cda970ee6528dcb349ab949736ca83171014f9
parent: bb5b94f8acc9db5acd78fdc88d32c69f49cf75c0 (diff)
1 files changed, 15 insertions, 19 deletions
diff --git a/acme-certify.hs b/acme-certify.hs
index 049ba5a..739d450 100644
--- a/acme-certify.hs
+++ b/acme-certify.hs
@@ -163,6 +163,8 @@ extractObject (Config _ o) = o
 runUpdate :: UpdateOpts -> IO ()
 runUpdate UpdateOpts { .. } = do
+  issuerCert <- readX509 letsEncryptX1CrossSigned
  config <- Config.load "config.yaml"
  hostsConfig <- Config.subconfig "hosts" config
  certReqDomains <- fmap concat $ forM (Config.keys hostsConfig) $ \host -> do
@@ -170,43 +172,37 @@ runUpdate UpdateOpts { .. } = do
                        return $ flip map (HashMap.keys hostParts) $ \domain ->
                          (unpack host, domainName' $ unpack domain, combineSubdomains domain hostParts)
-  when False $ forM_ certReqDomains print
  globalCertificateDir <- getHomeDirectory <&> (</> ".acme/test")
  createDirectoryIfMissing True globalCertificateDir
  Just keys <- getOrCreateKeys $ globalCertificateDir </> "rsa.key"
-  let certSpecs = flip map certReqDomains $ \(host, domain, domains) -> fmap ((,) host) $
+  let mbCertSpecs :: [(String, DomainName, Maybe CertSpec)]
+      mbCertSpecs = flip map certReqDomains $ \(host, domain, domains) -> (,,) host domain $
                    dereference (map (chooseProvisioner host) domains) <&> certSpec globalCertificateDir keys host domain
-  when False $ do
+  validCertSpecs <- forM mbCertSpecs $ \(host, domain, mbSpec) ->
-    mapM_ print certSpecs
+                      maybe (error $ "Invalid configuration.  Host = " ++ host ++ ", domain = " ++ show domain)
+                            (return . (,,) host domain)
+                            mbSpec
-    h <- remoteTemp "localhost" "/tmp/whatevs 'bro'" "this content\ncontains stuff'"
+  let wantedCertSpecs = filter (wantUpdate . view _1) validCertSpecs & map (view _3)
-    threadDelay $ 1000 * 1000 * 10
-    removeTemp h
-  issuerCert <- readX509 letsEncryptX1CrossSigned
-  let wantUpdate h = null updateHosts || isJust (find (== h) updateHosts)
+  when True $
+    forM_ wantedCertSpecs $ \spec ->
-  forM_ certReqDomains $ \(host, domain, domains) -> when (wantUpdate host) $ do
-    putStrLn host
-    let Just spec = dereference (map (chooseProvisioner host) domains) <&> certSpec globalCertificateDir keys host domain
-    print spec
-    when True $
      forM_ (csDomains spec) $ uncurry canProvision >=>
        (`unless` error "Error: cannot provision files to web server")
+  forM_ wantedCertSpecs $ \spec -> do
    let terms              = defaultTerms
        directoryUrl       = stagingDirectoryUrl
        email              = emailAddress $ encodeUtf8 . pack $ "root@" ++ (domainToString . fst . head) (csDomains spec)
    print =<< fetchCertificate directoryUrl terms email issuerCert spec
-  error "Error: unimplemented"
  where
+    wantUpdate h = null updateHosts || isJust (find (== h) updateHosts)
    dereference :: [(DomainName, Either DomainName HttpProvisioner)] -> Maybe [(DomainName, HttpProvisioner)]
    dereference xs = plumb $ xs <&> fmap (either deref Just)
author	Andrew Cady <d@jerkface.net>	2016-04-10 00:43:41 -0400
committer	Andrew Cady <d@jerkface.net>	2016-04-10 00:43:41 -0400
commit	ccb1065fe4281a778dff5ace295708fe534f5e8c (patch)
tree	d3cda970ee6528dcb349ab949736ca83171014f9
parent	bb5b94f8acc9db5acd78fdc88d32c69f49cf75c0 (diff)

diff --git a/acme-certify.hs b/acme-certify.hs index 049ba5a..739d450 100644 --- a/acme-certify.hs +++ b/acme-certify.hs
@@ -163,6 +163,8 @@ extractObject (Config _ o) = o
163		163
164	runUpdate :: UpdateOpts -> IO ()	164	runUpdate :: UpdateOpts -> IO ()
165	runUpdate UpdateOpts { .. } = do	165	runUpdate UpdateOpts { .. } = do
		166	issuerCert <- readX509 letsEncryptX1CrossSigned
		167
166	config <- Config.load "config.yaml"	168	config <- Config.load "config.yaml"
167	hostsConfig <- Config.subconfig "hosts" config	169	hostsConfig <- Config.subconfig "hosts" config
168	certReqDomains <- fmap concat $ forM (Config.keys hostsConfig) $ \host -> do	170	certReqDomains <- fmap concat $ forM (Config.keys hostsConfig) $ \host -> do
@@ -170,43 +172,37 @@ runUpdate UpdateOpts { .. } = do
170	return $ flip map (HashMap.keys hostParts) $ \domain ->	172	return $ flip map (HashMap.keys hostParts) $ \domain ->
171	(unpack host, domainName' $ unpack domain, combineSubdomains domain hostParts)	173	(unpack host, domainName' $ unpack domain, combineSubdomains domain hostParts)
172		174
173	when False $ forM_ certReqDomains print
174
175	globalCertificateDir <- getHomeDirectory <&> (</> ".acme/test")	175	globalCertificateDir <- getHomeDirectory <&> (</> ".acme/test")
176	createDirectoryIfMissing True globalCertificateDir	176	createDirectoryIfMissing True globalCertificateDir
177		177
178	Just keys <- getOrCreateKeys $ globalCertificateDir </> "rsa.key"	178	Just keys <- getOrCreateKeys $ globalCertificateDir </> "rsa.key"
179		179
180	let certSpecs = flip map certReqDomains $ \(host, domain, domains) -> fmap ((,) host) $	180	let mbCertSpecs :: [(String, DomainName, Maybe CertSpec)]
		181	mbCertSpecs = flip map certReqDomains $ \(host, domain, domains) -> (,,) host domain $
181	dereference (map (chooseProvisioner host) domains) <&> certSpec globalCertificateDir keys host domain	182	dereference (map (chooseProvisioner host) domains) <&> certSpec globalCertificateDir keys host domain
182		183
183	when False $ do	184	validCertSpecs <- forM mbCertSpecs $ \(host, domain, mbSpec) ->
184	mapM_ print certSpecs	185	maybe (error $ "Invalid configuration. Host = " ++ host ++ ", domain = " ++ show domain)
		186	(return . (,,) host domain)
		187	mbSpec
185		188
186	h <- remoteTemp "localhost" "/tmp/whatevs 'bro'" "this content\ncontains stuff'"	189	let wantedCertSpecs = filter (wantUpdate . view _1) validCertSpecs & map (view _3)
187	threadDelay $ 1000 * 1000 * 10
188	removeTemp h
189
190	issuerCert <- readX509 letsEncryptX1CrossSigned
191		190
192	let wantUpdate h = null updateHosts \|\| isJust (find (== h) updateHosts)	191	when True $
193		192	forM_ wantedCertSpecs $ \spec ->
194	forM_ certReqDomains $ \(host, domain, domains) -> when (wantUpdate host) $ do
195	putStrLn host
196	let Just spec = dereference (map (chooseProvisioner host) domains) <&> certSpec globalCertificateDir keys host domain
197	print spec
198
199	when True $
200	forM_ (csDomains spec) $ uncurry canProvision >=>	193	forM_ (csDomains spec) $ uncurry canProvision >=>
201	(`unless` error "Error: cannot provision files to web server")	194	(`unless` error "Error: cannot provision files to web server")
202		195
		196	forM_ wantedCertSpecs $ \spec -> do
		197
203	let terms = defaultTerms	198	let terms = defaultTerms
204	directoryUrl = stagingDirectoryUrl	199	directoryUrl = stagingDirectoryUrl
205	email = emailAddress $ encodeUtf8 . pack $ "root@" ++ (domainToString . fst . head) (csDomains spec)	200	email = emailAddress $ encodeUtf8 . pack $ "root@" ++ (domainToString . fst . head) (csDomains spec)
206	print =<< fetchCertificate directoryUrl terms email issuerCert spec	201	print =<< fetchCertificate directoryUrl terms email issuerCert spec
207		202
208	error "Error: unimplemented"	203
209	where	204	where
		205	wantUpdate h = null updateHosts \|\| isJust (find (== h) updateHosts)
210		206
211	dereference :: [(DomainName, Either DomainName HttpProvisioner)] -> Maybe [(DomainName, HttpProvisioner)]	207	dereference :: [(DomainName, Either DomainName HttpProvisioner)] -> Maybe [(DomainName, HttpProvisioner)]
212	dereference xs = plumb $ xs <&> fmap (either deref Just)	208	dereference xs = plumb $ xs <&> fmap (either deref Just)