diff options
| author | Andrew Cady <d@jerkface.net> | 2016-01-25 17:31:37 -0500 |
|---|---|---|
| committer | Andrew Cady <d@jerkface.net> | 2016-01-25 17:31:37 -0500 |
| commit | cf440860e186e7fd775ae27da08220d9fe5e233e (patch) | |
| tree | 655fcfc417730de6616621928a817f361b40fa0d /acme-certify.hs | |
| parent | be7a90d29c8a6da269d54f355cee11ce6e5eabc2 (diff) | |
Change API of "certify"
It now expects a callback to provision the challenge responses.
This needs to be improved so that it will also do cleanup.
Diffstat (limited to 'acme-certify.hs')
| -rw-r--r-- | acme-certify.hs | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/acme-certify.hs b/acme-certify.hs index d20c3e4..cda3d09 100644 --- a/acme-certify.hs +++ b/acme-certify.hs | |||
| @@ -13,8 +13,7 @@ module Main where | |||
| 13 | 13 | ||
| 14 | import BasePrelude | 14 | import BasePrelude |
| 15 | import qualified Data.ByteString.Lazy.Char8 as LC | 15 | import qualified Data.ByteString.Lazy.Char8 as LC |
| 16 | import Network.ACME (CSR (..), canProvision, certify, | 16 | import Network.ACME (CSR (..), canProvision, certify, fileProvisioner, ensureWritableDir, (</>), domainToString) |
| 17 | ensureWritableDir, (</>), domainToString) | ||
| 18 | import Network.ACME.Encoding (Keys (..), readKeys, toStrict) | 17 | import Network.ACME.Encoding (Keys (..), readKeys, toStrict) |
| 19 | import Network.URI | 18 | import Network.URI |
| 20 | import OpenSSL | 19 | import OpenSSL |
| @@ -106,7 +105,7 @@ genReq (Keys priv pub) domains@(domain:_) = withOpenSSL $ do | |||
| 106 | setPublicKey req pub | 105 | setPublicKey req pub |
| 107 | void $ addExtensions req [(nidSubjectAltName, intercalate ", " (map (("DNS:" ++) . domainToString) domains))] | 106 | void $ addExtensions req [(nidSubjectAltName, intercalate ", " (map (("DNS:" ++) . domainToString) domains))] |
| 108 | signX509Req req priv (Just dig) | 107 | signX509Req req priv (Just dig) |
| 109 | CSR . toStrict <$> writeX509ReqDER req | 108 | CSR domains . toStrict <$> writeX509ReqDER req |
| 110 | where | 109 | where |
| 111 | nidSubjectAltName = 85 | 110 | nidSubjectAltName = 85 |
| 112 | 111 | ||
| @@ -133,14 +132,16 @@ go CmdOpts { .. } = do | |||
| 133 | challengeDir <- ensureWritableDir optChallengeDir "challenge directory" | 132 | challengeDir <- ensureWritableDir optChallengeDir "challenge directory" |
| 134 | void $ ensureWritableDir domainDir "domain directory" | 133 | void $ ensureWritableDir domainDir "domain directory" |
| 135 | 134 | ||
| 136 | forM_ requestDomains $ canProvision challengeDir >=> | 135 | let skipProvisionCheck = True |
| 137 | (`unless` error "Error: cannot provision files to web server via challenge directory") | 136 | unless skipProvisionCheck $ |
| 137 | forM_ requestDomains $ canProvision challengeDir >=> | ||
| 138 | (`unless` error "Error: cannot provision files to web server via challenge directory") | ||
| 138 | 139 | ||
| 139 | csrData <- genReq domainKeys requestDomains | 140 | certReq <- genReq domainKeys requestDomains |
| 140 | 141 | ||
| 141 | let email = either (error . ("Error: invalid email address: " ++)) id . validate . fromString <$> optEmail | 142 | let email = either (error . ("Error: invalid email address: " ++)) id . validate . fromString <$> optEmail |
| 142 | 143 | ||
| 143 | certificate <- certify directoryUrl keys email terms requestDomains challengeDir csrData | 144 | certificate <- certify directoryUrl keys ((,) terms <$> email) (fileProvisioner challengeDir) certReq |
| 144 | 145 | ||
| 145 | either (error . ("Error: " ++)) (LC.writeFile domainCertFile) certificate | 146 | either (error . ("Error: " ++)) (LC.writeFile domainCertFile) certificate |
| 146 | 147 | ||