diff options
| author | Andrew Cady <d@jerkface.net> | 2016-01-25 22:40:54 -0500 |
|---|---|---|
| committer | Andrew Cady <d@jerkface.net> | 2016-01-25 22:42:23 -0500 |
| commit | d54ff778995b369ead6b708d9b6ee8bff31d366d (patch) | |
| tree | d8457b095a026c41390d76710c0a3be8c9f4cc4b /acme-certify.hs | |
| parent | 3fc632688205e46295803460b5e652751c803d59 (diff) | |
generate DH params; use PEM for final output
this needs to be made optional and the DH params should be cached,
because generating them is very slow.
Diffstat (limited to 'acme-certify.hs')
| -rw-r--r-- | acme-certify.hs | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/acme-certify.hs b/acme-certify.hs index 360579b..b84a728 100644 --- a/acme-certify.hs +++ b/acme-certify.hs | |||
| @@ -17,6 +17,8 @@ import Network.ACME (canProvision, certify, fileProvisio | |||
| 17 | import Network.ACME.Encoding (Keys (..), readKeys) | 17 | import Network.ACME.Encoding (Keys (..), readKeys) |
| 18 | import Network.URI | 18 | import Network.URI |
| 19 | import OpenSSL | 19 | import OpenSSL |
| 20 | import OpenSSL.X509 (X509) | ||
| 21 | import OpenSSL.DH | ||
| 20 | import OpenSSL.PEM | 22 | import OpenSSL.PEM |
| 21 | import OpenSSL.RSA | 23 | import OpenSSL.RSA |
| 22 | import Options.Applicative hiding (header) | 24 | import Options.Applicative hiding (header) |
| @@ -24,6 +26,7 @@ import qualified Options.Applicative as Opt | |||
| 24 | import System.Directory | 26 | import System.Directory |
| 25 | import Text.Domain.Validate hiding (validate) | 27 | import Text.Domain.Validate hiding (validate) |
| 26 | import Text.Email.Validate | 28 | import Text.Email.Validate |
| 29 | import System.IO | ||
| 27 | 30 | ||
| 28 | stagingDirectoryUrl, liveDirectoryUrl :: URI | 31 | stagingDirectoryUrl, liveDirectoryUrl :: URI |
| 29 | Just liveDirectoryUrl = parseAbsoluteURI "https://acme-v01.api.letsencrypt.org/directory" | 32 | Just liveDirectoryUrl = parseAbsoluteURI "https://acme-v01.api.letsencrypt.org/directory" |
| @@ -125,10 +128,29 @@ go CmdOpts { .. } = do | |||
| 125 | 128 | ||
| 126 | let email = either (error . ("Error: invalid email address: " ++)) id . validate . fromString <$> optEmail | 129 | let email = either (error . ("Error: invalid email address: " ++)) id . validate . fromString <$> optEmail |
| 127 | 130 | ||
| 131 | let issuerCertFile = "lets-encrypt-x1-cross-signed.pem" | ||
| 132 | issuerCert <- readFile issuerCertFile >>= readX509 | ||
| 133 | |||
| 134 | hSetBuffering stdout NoBuffering | ||
| 135 | putStr "Generating DH Params..." | ||
| 136 | dh <- genDHParams DHGen2 2048 | ||
| 137 | putStrLn " Done." | ||
| 138 | |||
| 128 | certificate <- certify directoryUrl keys ((,) terms <$> email) (fileProvisioner challengeDir) certReq | 139 | certificate <- certify directoryUrl keys ((,) terms <$> email) (fileProvisioner challengeDir) certReq |
| 129 | 140 | ||
| 130 | either (error . ("Error: " ++)) (LC.writeFile domainCertFile) certificate | 141 | either (error . ("Error: " ++)) |
| 142 | (combinedCert issuerCert (Just dh) domainKeys >=> writeFile domainCertFile) | ||
| 143 | certificate | ||
| 144 | |||
| 145 | combinedCert :: X509 -> Maybe DHP -> Keys -> X509 -> IO String | ||
| 146 | combinedCert issuerCert dh (Keys privKey _) cert = do | ||
| 147 | dhStr <- mapM writeDHParams dh | ||
| 148 | certStr <- writeX509 cert | ||
| 149 | privKeyStr <- writePKCS8PrivateKey privKey Nothing | ||
| 150 | issuerCertStr <- writeX509 issuerCert | ||
| 151 | return $ concat [certStr, issuerCertStr, privKeyStr, fromMaybe "" dhStr] | ||
| 131 | 152 | ||
| 132 | otherwiseM :: Monad m => m Bool -> m () -> m () | 153 | otherwiseM :: Monad m => m Bool -> m () -> m () |
| 133 | a `otherwiseM` b = a >>= flip unless b | 154 | a `otherwiseM` b = a >>= flip unless b |
| 134 | infixl 0 `otherwiseM` | 155 | infixl 0 `otherwiseM` |
| 156 | |||