diff options
author | Andrew Cady <d@jerkface.net> | 2016-04-10 00:43:41 -0400 |
---|---|---|
committer | Andrew Cady <d@jerkface.net> | 2016-04-10 00:43:41 -0400 |
commit | ccb1065fe4281a778dff5ace295708fe534f5e8c (patch) | |
tree | d3cda970ee6528dcb349ab949736ca83171014f9 | |
parent | bb5b94f8acc9db5acd78fdc88d32c69f49cf75c0 (diff) |
Perform all provision checks before any ACME requests
Also removed various test output
-rw-r--r-- | acme-certify.hs | 34 |
1 files changed, 15 insertions, 19 deletions
diff --git a/acme-certify.hs b/acme-certify.hs index 049ba5a..739d450 100644 --- a/acme-certify.hs +++ b/acme-certify.hs | |||
@@ -163,6 +163,8 @@ extractObject (Config _ o) = o | |||
163 | 163 | ||
164 | runUpdate :: UpdateOpts -> IO () | 164 | runUpdate :: UpdateOpts -> IO () |
165 | runUpdate UpdateOpts { .. } = do | 165 | runUpdate UpdateOpts { .. } = do |
166 | issuerCert <- readX509 letsEncryptX1CrossSigned | ||
167 | |||
166 | config <- Config.load "config.yaml" | 168 | config <- Config.load "config.yaml" |
167 | hostsConfig <- Config.subconfig "hosts" config | 169 | hostsConfig <- Config.subconfig "hosts" config |
168 | certReqDomains <- fmap concat $ forM (Config.keys hostsConfig) $ \host -> do | 170 | certReqDomains <- fmap concat $ forM (Config.keys hostsConfig) $ \host -> do |
@@ -170,43 +172,37 @@ runUpdate UpdateOpts { .. } = do | |||
170 | return $ flip map (HashMap.keys hostParts) $ \domain -> | 172 | return $ flip map (HashMap.keys hostParts) $ \domain -> |
171 | (unpack host, domainName' $ unpack domain, combineSubdomains domain hostParts) | 173 | (unpack host, domainName' $ unpack domain, combineSubdomains domain hostParts) |
172 | 174 | ||
173 | when False $ forM_ certReqDomains print | ||
174 | |||
175 | globalCertificateDir <- getHomeDirectory <&> (</> ".acme/test") | 175 | globalCertificateDir <- getHomeDirectory <&> (</> ".acme/test") |
176 | createDirectoryIfMissing True globalCertificateDir | 176 | createDirectoryIfMissing True globalCertificateDir |
177 | 177 | ||
178 | Just keys <- getOrCreateKeys $ globalCertificateDir </> "rsa.key" | 178 | Just keys <- getOrCreateKeys $ globalCertificateDir </> "rsa.key" |
179 | 179 | ||
180 | let certSpecs = flip map certReqDomains $ \(host, domain, domains) -> fmap ((,) host) $ | 180 | let mbCertSpecs :: [(String, DomainName, Maybe CertSpec)] |
181 | mbCertSpecs = flip map certReqDomains $ \(host, domain, domains) -> (,,) host domain $ | ||
181 | dereference (map (chooseProvisioner host) domains) <&> certSpec globalCertificateDir keys host domain | 182 | dereference (map (chooseProvisioner host) domains) <&> certSpec globalCertificateDir keys host domain |
182 | 183 | ||
183 | when False $ do | 184 | validCertSpecs <- forM mbCertSpecs $ \(host, domain, mbSpec) -> |
184 | mapM_ print certSpecs | 185 | maybe (error $ "Invalid configuration. Host = " ++ host ++ ", domain = " ++ show domain) |
186 | (return . (,,) host domain) | ||
187 | mbSpec | ||
185 | 188 | ||
186 | h <- remoteTemp "localhost" "/tmp/whatevs 'bro'" "this content\ncontains stuff'" | 189 | let wantedCertSpecs = filter (wantUpdate . view _1) validCertSpecs & map (view _3) |
187 | threadDelay $ 1000 * 1000 * 10 | ||
188 | removeTemp h | ||
189 | |||
190 | issuerCert <- readX509 letsEncryptX1CrossSigned | ||
191 | 190 | ||
192 | let wantUpdate h = null updateHosts || isJust (find (== h) updateHosts) | 191 | when True $ |
193 | 192 | forM_ wantedCertSpecs $ \spec -> | |
194 | forM_ certReqDomains $ \(host, domain, domains) -> when (wantUpdate host) $ do | ||
195 | putStrLn host | ||
196 | let Just spec = dereference (map (chooseProvisioner host) domains) <&> certSpec globalCertificateDir keys host domain | ||
197 | print spec | ||
198 | |||
199 | when True $ | ||
200 | forM_ (csDomains spec) $ uncurry canProvision >=> | 193 | forM_ (csDomains spec) $ uncurry canProvision >=> |
201 | (`unless` error "Error: cannot provision files to web server") | 194 | (`unless` error "Error: cannot provision files to web server") |
202 | 195 | ||
196 | forM_ wantedCertSpecs $ \spec -> do | ||
197 | |||
203 | let terms = defaultTerms | 198 | let terms = defaultTerms |
204 | directoryUrl = stagingDirectoryUrl | 199 | directoryUrl = stagingDirectoryUrl |
205 | email = emailAddress $ encodeUtf8 . pack $ "root@" ++ (domainToString . fst . head) (csDomains spec) | 200 | email = emailAddress $ encodeUtf8 . pack $ "root@" ++ (domainToString . fst . head) (csDomains spec) |
206 | print =<< fetchCertificate directoryUrl terms email issuerCert spec | 201 | print =<< fetchCertificate directoryUrl terms email issuerCert spec |
207 | 202 | ||
208 | error "Error: unimplemented" | 203 | |
209 | where | 204 | where |
205 | wantUpdate h = null updateHosts || isJust (find (== h) updateHosts) | ||
210 | 206 | ||
211 | dereference :: [(DomainName, Either DomainName HttpProvisioner)] -> Maybe [(DomainName, HttpProvisioner)] | 207 | dereference :: [(DomainName, Either DomainName HttpProvisioner)] -> Maybe [(DomainName, HttpProvisioner)] |
212 | dereference xs = plumb $ xs <&> fmap (either deref Just) | 208 | dereference xs = plumb $ xs <&> fmap (either deref Just) |