Change certificate output directory

It's now saved under <host>/<domain> even if only a subdomain of <domain> is being certified.
author: Andrew Cady <d@jerkface.net> 2016-04-09 23:37:51 -0400
committer: Andrew Cady <d@jerkface.net> 2016-04-09 23:37:51 -0400
commit: f74375e4b6e8eaf8cfe508bcf31fb7315a0be728 (patch)
tree: 89f9f665a5736ec479c17796a1818afc07e6efb7
parent: 2aceca9e7c7e0d39efc66a65168ceb3d9c587be5 (diff)
1 files changed, 23 insertions, 24 deletions
diff --git a/acme-certify.hs b/acme-certify.hs
index 15b729f..8bad7ac 100644
--- a/acme-certify.hs
+++ b/acme-certify.hs
@@ -163,12 +163,10 @@ runUpdate :: UpdateOpts -> IO ()
 runUpdate UpdateOpts { .. } = do
  config <- Config.load "config.yaml"
  hostsConfig <- Config.subconfig "hosts" config
-  certReqDomains <- fmap concat <$> forM (Config.keys hostsConfig) $ \host ->
+  certReqDomains <- fmap concat $ forM (Config.keys hostsConfig) $ \host -> do
-                      do
+                        hostParts <- (Config.subconfig host hostsConfig >>= Config.subconfig "domains") <&> extractObject
-                        hostParts <- (Config.subconfig host hostsConfig >>= Config.subconfig
+                        return $ flip map (HashMap.keys hostParts) $ \domain ->
-                                                                              "domains") <&> extractObject
+                          (unpack host, domainName' $ unpack domain, combineSubdomains domain hostParts)
-                        forM (HashMap.keys hostParts) $ \domain ->
-                          return (unpack host, combineSubdomains domain hostParts)
  when False $ forM_ certReqDomains print
@@ -177,8 +175,8 @@ runUpdate UpdateOpts { .. } = do
  Just keys <- getOrCreateKeys $ globalCertificateDir </> "rsa.key"
-  let certSpecs = flip map certReqDomains $ \(host, domains) -> fmap ((,) host) $
+  let certSpecs = flip map certReqDomains $ \(host, domain, domains) -> fmap ((,) host) $
-                    dereference (map (chooseProvisioner host) domains) <&> certSpec globalCertificateDir keys host
+                    dereference (map (chooseProvisioner host) domains) <&> certSpec globalCertificateDir keys host domain
  when False $ do
    mapM_ print certSpecs
@@ -189,19 +187,19 @@ runUpdate UpdateOpts { .. } = do
  issuerCert <- readX509 letsEncryptX1CrossSigned
-  forM_ certReqDomains $ \(host, domains) -> do
+  forM_ certReqDomains $ \(host, domain, domains) -> when (host == "fifty") $ do
-    when (host == "fifty") $ do
+    putStrLn host
-      putStrLn host
+    let Just spec = dereference (map (chooseProvisioner host) domains) <&> certSpec globalCertificateDir keys host domain
-      let Just spec = dereference (map (chooseProvisioner host) domains) <&> certSpec globalCertificateDir keys host
+    print spec
-      print spec
-      when True $
+    when True $
-        forM_ (csDomains spec) $ uncurry canProvision >=>
+      forM_ (csDomains spec) $ uncurry canProvision >=>
-          (`unless` error "Error: cannot provision files to web server")
+        (`unless` error "Error: cannot provision files to web server")
-      let terms              = defaultTerms
-          directoryUrl       = stagingDirectoryUrl
+    let terms              = defaultTerms
-          email              = emailAddress $ encodeUtf8 . pack $ "root@" ++ (domainToString . fst . head) (csDomains spec)
+        directoryUrl       = stagingDirectoryUrl
-      print =<< fetchCertificate directoryUrl terms email issuerCert spec
+        email              = emailAddress $ encodeUtf8 . pack $ "root@" ++ (domainToString . fst . head) (csDomains spec)
+    print =<< fetchCertificate directoryUrl terms email issuerCert spec
  error "Error: unimplemented"
  where
@@ -217,18 +215,18 @@ runUpdate UpdateOpts { .. } = do
    chooseProvisioner host (VHostSpec domain pathInfo) =
      (domain, provisionViaRemoteFile host <$> pathInfo)
-    certSpec :: FilePath -> Keys -> String -> [(DomainName, HttpProvisioner)] -> CertSpec
+    certSpec :: FilePath -> Keys -> String -> DomainName -> [(DomainName, HttpProvisioner)] -> CertSpec
-    certSpec baseDir keys host requestDomains = CertSpec { .. }
+    certSpec baseDir keys host domain requestDomains = CertSpec { .. }
      where
        csDomains = requestDomains
        csSkipDH = True -- TODO: implement
        csUserKeys = keys
-        csCertificateDir = baseDir </> host </> (domainToString . fst) (head requestDomains)
+        csCertificateDir = baseDir </> host </> domainToString domain
    combineSubdomains :: AsPrimitive v => Text -> HashMap.HashMap Text v -> [VHostSpec]
    combineSubdomains domain subs =
      map (makeVHostSpec (domainName' $ unpack domain)) $
-        sort -- relying on the fact that '.' sorts first
+        sort -- '.' sorts first
         $ concat $ HashMap.lookup domain subs & toListOf (_Just . _String . to (words . unpack))
 domainToString :: DomainName -> String
@@ -266,6 +264,7 @@ remoteTemp host fileName content = do
  where
    ssh cmd = runInteractiveProcess "ssh" (host : words "-- sh -c" ++ [escape cmd]) Nothing Nothing
+dirname :: String -> String
 dirname = dropWhileEnd (/= '/')
 provisionViaRemoteFile :: String -> FilePath -> HttpProvisioner
author	Andrew Cady <d@jerkface.net>	2016-04-09 23:37:51 -0400
committer	Andrew Cady <d@jerkface.net>	2016-04-09 23:37:51 -0400
commit	f74375e4b6e8eaf8cfe508bcf31fb7315a0be728 (patch)
tree	89f9f665a5736ec479c17796a1818afc07e6efb7
parent	2aceca9e7c7e0d39efc66a65168ceb3d9c587be5 (diff)

diff --git a/acme-certify.hs b/acme-certify.hs index 15b729f..8bad7ac 100644 --- a/acme-certify.hs +++ b/acme-certify.hs
@@ -163,12 +163,10 @@ runUpdate :: UpdateOpts -> IO ()
163	runUpdate UpdateOpts { .. } = do	163	runUpdate UpdateOpts { .. } = do
164	config <- Config.load "config.yaml"	164	config <- Config.load "config.yaml"
165	hostsConfig <- Config.subconfig "hosts" config	165	hostsConfig <- Config.subconfig "hosts" config
166	certReqDomains <- fmap concat <$> forM (Config.keys hostsConfig) $ \host ->	166	certReqDomains <- fmap concat $ forM (Config.keys hostsConfig) $ \host -> do
167	do	167	hostParts <- (Config.subconfig host hostsConfig >>= Config.subconfig "domains") <&> extractObject
168	hostParts <- (Config.subconfig host hostsConfig >>= Config.subconfig	168	return $ flip map (HashMap.keys hostParts) $ \domain ->
169	"domains") <&> extractObject	169	(unpack host, domainName' $ unpack domain, combineSubdomains domain hostParts)
170	forM (HashMap.keys hostParts) $ \domain ->
171	return (unpack host, combineSubdomains domain hostParts)
172		170
173	when False $ forM_ certReqDomains print	171	when False $ forM_ certReqDomains print
174		172
@@ -177,8 +175,8 @@ runUpdate UpdateOpts { .. } = do
177		175
178	Just keys <- getOrCreateKeys $ globalCertificateDir </> "rsa.key"	176	Just keys <- getOrCreateKeys $ globalCertificateDir </> "rsa.key"
179		177
180	let certSpecs = flip map certReqDomains $ \(host, domains) -> fmap ((,) host) $	178	let certSpecs = flip map certReqDomains $ \(host, domain, domains) -> fmap ((,) host) $
181	dereference (map (chooseProvisioner host) domains) <&> certSpec globalCertificateDir keys host	179	dereference (map (chooseProvisioner host) domains) <&> certSpec globalCertificateDir keys host domain
182		180
183	when False $ do	181	when False $ do
184	mapM_ print certSpecs	182	mapM_ print certSpecs
@@ -189,19 +187,19 @@ runUpdate UpdateOpts { .. } = do
189		187
190	issuerCert <- readX509 letsEncryptX1CrossSigned	188	issuerCert <- readX509 letsEncryptX1CrossSigned
191		189
192	forM_ certReqDomains $ \(host, domains) -> do	190	forM_ certReqDomains $ \(host, domain, domains) -> when (host == "fifty") $ do
193	when (host == "fifty") $ do	191	putStrLn host
194	putStrLn host	192	let Just spec = dereference (map (chooseProvisioner host) domains) <&> certSpec globalCertificateDir keys host domain
195	let Just spec = dereference (map (chooseProvisioner host) domains) <&> certSpec globalCertificateDir keys host	193	print spec
196	print spec
197		194
198	when True $	195	when True $
199	forM_ (csDomains spec) $ uncurry canProvision >=>	196	forM_ (csDomains spec) $ uncurry canProvision >=>
200	(`unless` error "Error: cannot provision files to web server")	197	(`unless` error "Error: cannot provision files to web server")
201	let terms = defaultTerms	198
202	directoryUrl = stagingDirectoryUrl	199	let terms = defaultTerms
203	email = emailAddress $ encodeUtf8 . pack $ "root@" ++ (domainToString . fst . head) (csDomains spec)	200	directoryUrl = stagingDirectoryUrl
204	print =<< fetchCertificate directoryUrl terms email issuerCert spec	201	email = emailAddress $ encodeUtf8 . pack $ "root@" ++ (domainToString . fst . head) (csDomains spec)
		202	print =<< fetchCertificate directoryUrl terms email issuerCert spec
205		203
206	error "Error: unimplemented"	204	error "Error: unimplemented"
207	where	205	where
@@ -217,18 +215,18 @@ runUpdate UpdateOpts { .. } = do
217	chooseProvisioner host (VHostSpec domain pathInfo) =	215	chooseProvisioner host (VHostSpec domain pathInfo) =
218	(domain, provisionViaRemoteFile host <$> pathInfo)	216	(domain, provisionViaRemoteFile host <$> pathInfo)
219		217
220	certSpec :: FilePath -> Keys -> String -> [(DomainName, HttpProvisioner)] -> CertSpec	218	certSpec :: FilePath -> Keys -> String -> DomainName -> [(DomainName, HttpProvisioner)] -> CertSpec
221	certSpec baseDir keys host requestDomains = CertSpec { .. }	219	certSpec baseDir keys host domain requestDomains = CertSpec { .. }
222	where	220	where
223	csDomains = requestDomains	221	csDomains = requestDomains
224	csSkipDH = True -- TODO: implement	222	csSkipDH = True -- TODO: implement
225	csUserKeys = keys	223	csUserKeys = keys
226	csCertificateDir = baseDir </> host </> (domainToString . fst) (head requestDomains)	224	csCertificateDir = baseDir </> host </> domainToString domain
227		225
228	combineSubdomains :: AsPrimitive v => Text -> HashMap.HashMap Text v -> [VHostSpec]	226	combineSubdomains :: AsPrimitive v => Text -> HashMap.HashMap Text v -> [VHostSpec]
229	combineSubdomains domain subs =	227	combineSubdomains domain subs =
230	map (makeVHostSpec (domainName' $ unpack domain)) $	228	map (makeVHostSpec (domainName' $ unpack domain)) $
231	sort -- relying on the fact that '.' sorts first	229	sort -- '.' sorts first
232	$ concat $ HashMap.lookup domain subs & toListOf (_Just . _String . to (words . unpack))	230	$ concat $ HashMap.lookup domain subs & toListOf (_Just . _String . to (words . unpack))
233		231
234	domainToString :: DomainName -> String	232	domainToString :: DomainName -> String
@@ -266,6 +264,7 @@ remoteTemp host fileName content = do
266	where	264	where
267	ssh cmd = runInteractiveProcess "ssh" (host : words "-- sh -c" ++ [escape cmd]) Nothing Nothing	265	ssh cmd = runInteractiveProcess "ssh" (host : words "-- sh -c" ++ [escape cmd]) Nothing Nothing
268		266
		267	dirname :: String -> String
269	dirname = dropWhileEnd (/= '/')	268	dirname = dropWhileEnd (/= '/')
270		269
271	provisionViaRemoteFile :: String -> FilePath -> HttpProvisioner	270	provisionViaRemoteFile :: String -> FilePath -> HttpProvisioner