diff options
author | Andrew Cady <d@jerkface.net> | 2016-01-25 17:42:29 -0500 |
---|---|---|
committer | Andrew Cady <d@jerkface.net> | 2016-01-25 17:42:29 -0500 |
commit | 3fc632688205e46295803460b5e652751c803d59 (patch) | |
tree | 2ebe6903854018cb1d0c640b84807529fb6b6fa8 /acme-certify.hs | |
parent | cf440860e186e7fd775ae27da08220d9fe5e233e (diff) |
move genReq into the library
Diffstat (limited to 'acme-certify.hs')
-rw-r--r-- | acme-certify.hs | 20 |
1 files changed, 2 insertions, 18 deletions
diff --git a/acme-certify.hs b/acme-certify.hs index cda3d09..360579b 100644 --- a/acme-certify.hs +++ b/acme-certify.hs | |||
@@ -13,14 +13,12 @@ module Main where | |||
13 | 13 | ||
14 | import BasePrelude | 14 | import BasePrelude |
15 | import qualified Data.ByteString.Lazy.Char8 as LC | 15 | import qualified Data.ByteString.Lazy.Char8 as LC |
16 | import Network.ACME (CSR (..), canProvision, certify, fileProvisioner, ensureWritableDir, (</>), domainToString) | 16 | import Network.ACME (canProvision, certify, fileProvisioner, ensureWritableDir, (</>), genReq) |
17 | import Network.ACME.Encoding (Keys (..), readKeys, toStrict) | 17 | import Network.ACME.Encoding (Keys (..), readKeys) |
18 | import Network.URI | 18 | import Network.URI |
19 | import OpenSSL | 19 | import OpenSSL |
20 | import OpenSSL.EVP.Digest | ||
21 | import OpenSSL.PEM | 20 | import OpenSSL.PEM |
22 | import OpenSSL.RSA | 21 | import OpenSSL.RSA |
23 | import OpenSSL.X509.Request | ||
24 | import Options.Applicative hiding (header) | 22 | import Options.Applicative hiding (header) |
25 | import qualified Options.Applicative as Opt | 23 | import qualified Options.Applicative as Opt |
26 | import System.Directory | 24 | import System.Directory |
@@ -95,20 +93,6 @@ genKey privKeyFile = withOpenSSL $ do | |||
95 | writeFile privKeyFile pem | 93 | writeFile privKeyFile pem |
96 | return pem | 94 | return pem |
97 | 95 | ||
98 | genReq :: Keys -> [DomainName] -> IO CSR | ||
99 | genReq _ [] = error "genReq called with zero domains" | ||
100 | genReq (Keys priv pub) domains@(domain:_) = withOpenSSL $ do | ||
101 | Just dig <- getDigestByName "SHA256" | ||
102 | req <- newX509Req | ||
103 | setSubjectName req [("CN", domainToString domain)] | ||
104 | setVersion req 0 | ||
105 | setPublicKey req pub | ||
106 | void $ addExtensions req [(nidSubjectAltName, intercalate ", " (map (("DNS:" ++) . domainToString) domains))] | ||
107 | signX509Req req priv (Just dig) | ||
108 | CSR domains . toStrict <$> writeX509ReqDER req | ||
109 | where | ||
110 | nidSubjectAltName = 85 | ||
111 | |||
112 | getOrCreateKeys :: FilePath -> IO (Maybe Keys) | 96 | getOrCreateKeys :: FilePath -> IO (Maybe Keys) |
113 | getOrCreateKeys file = do | 97 | getOrCreateKeys file = do |
114 | exists <- doesFileExist file | 98 | exists <- doesFileExist file |