diff options
author | Andrew Cady <d@jerkface.net> | 2016-01-25 17:31:37 -0500 |
---|---|---|
committer | Andrew Cady <d@jerkface.net> | 2016-01-25 17:31:37 -0500 |
commit | cf440860e186e7fd775ae27da08220d9fe5e233e (patch) | |
tree | 655fcfc417730de6616621928a817f361b40fa0d /acme-certify.hs | |
parent | be7a90d29c8a6da269d54f355cee11ce6e5eabc2 (diff) |
Change API of "certify"
It now expects a callback to provision the challenge responses.
This needs to be improved so that it will also do cleanup.
Diffstat (limited to 'acme-certify.hs')
-rw-r--r-- | acme-certify.hs | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/acme-certify.hs b/acme-certify.hs index d20c3e4..cda3d09 100644 --- a/acme-certify.hs +++ b/acme-certify.hs | |||
@@ -13,8 +13,7 @@ module Main where | |||
13 | 13 | ||
14 | import BasePrelude | 14 | import BasePrelude |
15 | import qualified Data.ByteString.Lazy.Char8 as LC | 15 | import qualified Data.ByteString.Lazy.Char8 as LC |
16 | import Network.ACME (CSR (..), canProvision, certify, | 16 | import Network.ACME (CSR (..), canProvision, certify, fileProvisioner, ensureWritableDir, (</>), domainToString) |
17 | ensureWritableDir, (</>), domainToString) | ||
18 | import Network.ACME.Encoding (Keys (..), readKeys, toStrict) | 17 | import Network.ACME.Encoding (Keys (..), readKeys, toStrict) |
19 | import Network.URI | 18 | import Network.URI |
20 | import OpenSSL | 19 | import OpenSSL |
@@ -106,7 +105,7 @@ genReq (Keys priv pub) domains@(domain:_) = withOpenSSL $ do | |||
106 | setPublicKey req pub | 105 | setPublicKey req pub |
107 | void $ addExtensions req [(nidSubjectAltName, intercalate ", " (map (("DNS:" ++) . domainToString) domains))] | 106 | void $ addExtensions req [(nidSubjectAltName, intercalate ", " (map (("DNS:" ++) . domainToString) domains))] |
108 | signX509Req req priv (Just dig) | 107 | signX509Req req priv (Just dig) |
109 | CSR . toStrict <$> writeX509ReqDER req | 108 | CSR domains . toStrict <$> writeX509ReqDER req |
110 | where | 109 | where |
111 | nidSubjectAltName = 85 | 110 | nidSubjectAltName = 85 |
112 | 111 | ||
@@ -133,14 +132,16 @@ go CmdOpts { .. } = do | |||
133 | challengeDir <- ensureWritableDir optChallengeDir "challenge directory" | 132 | challengeDir <- ensureWritableDir optChallengeDir "challenge directory" |
134 | void $ ensureWritableDir domainDir "domain directory" | 133 | void $ ensureWritableDir domainDir "domain directory" |
135 | 134 | ||
136 | forM_ requestDomains $ canProvision challengeDir >=> | 135 | let skipProvisionCheck = True |
137 | (`unless` error "Error: cannot provision files to web server via challenge directory") | 136 | unless skipProvisionCheck $ |
137 | forM_ requestDomains $ canProvision challengeDir >=> | ||
138 | (`unless` error "Error: cannot provision files to web server via challenge directory") | ||
138 | 139 | ||
139 | csrData <- genReq domainKeys requestDomains | 140 | certReq <- genReq domainKeys requestDomains |
140 | 141 | ||
141 | let email = either (error . ("Error: invalid email address: " ++)) id . validate . fromString <$> optEmail | 142 | let email = either (error . ("Error: invalid email address: " ++)) id . validate . fromString <$> optEmail |
142 | 143 | ||
143 | certificate <- certify directoryUrl keys email terms requestDomains challengeDir csrData | 144 | certificate <- certify directoryUrl keys ((,) terms <$> email) (fileProvisioner challengeDir) certReq |
144 | 145 | ||
145 | either (error . ("Error: " ++)) (LC.writeFile domainCertFile) certificate | 146 | either (error . ("Error: " ++)) (LC.writeFile domainCertFile) certificate |
146 | 147 | ||