diff options
| author | Andrew Cady <d@jerkface.net> | 2016-04-09 00:21:40 -0400 |
|---|---|---|
| committer | Andrew Cady <d@jerkface.net> | 2016-04-09 00:21:40 -0400 |
| commit | ddf8b7b2a5759fe80a667f5bb8f2a9bc9306a6f7 (patch) | |
| tree | db55218d437d3f3118da0b206aef0b44a1f40259 /acme-certify.hs | |
| parent | 88965364b417b2dd0f4c7b3e312f39aec94d4a1f (diff) | |
Trivial, formatting
Diffstat (limited to 'acme-certify.hs')
| -rw-r--r-- | acme-certify.hs | 30 |
1 files changed, 14 insertions, 16 deletions
diff --git a/acme-certify.hs b/acme-certify.hs index 0ac7a7b..9d8d770 100644 --- a/acme-certify.hs +++ b/acme-certify.hs | |||
| @@ -14,10 +14,9 @@ module Main where | |||
| 14 | 14 | ||
| 15 | import BasePrelude | 15 | import BasePrelude |
| 16 | import Network.ACME (HttpProvisioner, Keys (..), | 16 | import Network.ACME (HttpProvisioner, Keys (..), |
| 17 | canProvisionDir, certify, | 17 | canProvision, certify, |
| 18 | dispatchProvisioner, ensureWritableDir, | 18 | ensureWritableDir, provisionViaFile, |
| 19 | genReq, provisionViaFile, readKeys, | 19 | readKeys, (</>)) |
| 20 | (</>)) | ||
| 21 | import Network.ACME.Issuer (letsEncryptX1CrossSigned) | 20 | import Network.ACME.Issuer (letsEncryptX1CrossSigned) |
| 22 | import Network.URI | 21 | import Network.URI |
| 23 | import OpenSSL | 22 | import OpenSSL |
| @@ -105,7 +104,7 @@ cmdopts = CmdOpts <$> strOption (long "key" <> metavar "FILE" <> | |||
| 105 | (long "skip-provision-check" <> help | 104 | (long "skip-provision-check" <> help |
| 106 | (unwords | 105 | (unwords |
| 107 | [ "Don't test whether HTTP provisioning works before" | 106 | [ "Don't test whether HTTP provisioning works before" |
| 108 | , "making ACME requests; only useful for testing." | 107 | , "making ACME requests" |
| 109 | ])) | 108 | ])) |
| 110 | 109 | ||
| 111 | go :: CmdOpts -> IO (Either String ()) | 110 | go :: CmdOpts -> IO (Either String ()) |
| @@ -126,26 +125,25 @@ go CmdOpts { .. } = do | |||
| 126 | 125 | ||
| 127 | Just keys <- getOrCreateKeys privKeyFile | 126 | Just keys <- getOrCreateKeys privKeyFile |
| 128 | 127 | ||
| 129 | unless optSkipProvisionCheck $ | ||
| 130 | forM_ requestDomains $ canProvisionDir challengeDir >=> | ||
| 131 | (`unless` error "Error: cannot provision files to web server via challenge directory") | ||
| 132 | |||
| 133 | let req = AcmeCertRequest {..} | 128 | let req = AcmeCertRequest {..} |
| 134 | acrDomains = map (flip (,) (provisionViaFile challengeDir)) requestDomains | 129 | acrDomains = map (flip (,) (provisionViaFile challengeDir)) requestDomains |
| 135 | acrSkipDH = optSkipDH | 130 | acrSkipDH = optSkipDH |
| 136 | acrUserKeys = keys | 131 | acrUserKeys = keys |
| 137 | acrCertificateDir = domainDir | 132 | acrCertificateDir = domainDir |
| 133 | |||
| 134 | unless optSkipProvisionCheck $ | ||
| 135 | forM_ acrDomains $ uncurry canProvision >=> | ||
| 136 | (`unless` error "Error: cannot provision files to web server") | ||
| 137 | |||
| 138 | go' directoryUrl terms email issuerCert req | 138 | go' directoryUrl terms email issuerCert req |
| 139 | 139 | ||
| 140 | go' :: URI -> URI -> Maybe EmailAddress -> X509 -> AcmeCertRequest -> IO (Either String ()) | 140 | go' :: URI -> URI -> Maybe EmailAddress -> X509 -> AcmeCertRequest -> IO (Either String ()) |
| 141 | go' directoryUrl terms email issuerCert acr@AcmeCertRequest{..} = do | 141 | go' directoryUrl terms email issuerCert acr@AcmeCertRequest{..} = do |
| 142 | let domainKeyFile = acrCertificateDir </> "rsa.key" | 142 | Just domainKeys <- getOrCreateKeys $ acrCertificateDir </> "rsa.key" |
| 143 | |||
| 144 | Just domainKeys <- getOrCreateKeys domainKeyFile | ||
| 145 | dh <- saveDhParams acr | 143 | dh <- saveDhParams acr |
| 146 | 144 | ||
| 147 | certificate <- certify directoryUrl acrUserKeys ((,) terms <$> email) domainKeys acrDomains | 145 | certificate <- certify directoryUrl acrUserKeys ((,) terms <$> email) domainKeys acrDomains |
| 148 | forM certificate $ saveCertificate issuerCert dh domainKeys acr | 146 | for certificate $ saveCertificate issuerCert dh domainKeys acr |
| 149 | 147 | ||
| 150 | saveDhParams :: AcmeCertRequest -> IO (Maybe DHP) | 148 | saveDhParams :: AcmeCertRequest -> IO (Maybe DHP) |
| 151 | saveDhParams AcmeCertRequest{acrSkipDH, acrCertificateDir} = do | 149 | saveDhParams AcmeCertRequest{acrSkipDH, acrCertificateDir} = do |
| @@ -155,9 +153,9 @@ saveDhParams AcmeCertRequest{acrSkipDH, acrCertificateDir} = do | |||
| 155 | saveCertificate :: X509 -> Maybe DHP -> Keys -> AcmeCertRequest -> X509 -> IO () | 153 | saveCertificate :: X509 -> Maybe DHP -> Keys -> AcmeCertRequest -> X509 -> IO () |
| 156 | saveCertificate issuerCert dh domainKeys AcmeCertRequest{acrCertificateDir} = saveBoth | 154 | saveCertificate issuerCert dh domainKeys AcmeCertRequest{acrCertificateDir} = saveBoth |
| 157 | where | 155 | where |
| 158 | saveCombined = combinedCert issuerCert dh domainKeys >=> writeFile domainCombinedFile | 156 | saveBoth x509 = savePEM x509 >> saveCombined x509 |
| 159 | savePEM = writeX509 >=> writeFile domainCertFile | 157 | saveCombined = combinedCert issuerCert dh domainKeys >=> writeFile domainCombinedFile |
| 160 | saveBoth x509 = savePEM x509 >> saveCombined x509 | 158 | savePEM = writeX509 >=> writeFile domainCertFile |
| 161 | domainCombinedFile = acrCertificateDir </> "cert.combined.pem" | 159 | domainCombinedFile = acrCertificateDir </> "cert.combined.pem" |
| 162 | domainCertFile = acrCertificateDir </> "cert.pem" | 160 | domainCertFile = acrCertificateDir </> "cert.pem" |
| 163 | 161 | ||