diff options
author | Andrew Cady <d@jerkface.net> | 2016-04-09 00:21:40 -0400 |
---|---|---|
committer | Andrew Cady <d@jerkface.net> | 2016-04-09 00:21:40 -0400 |
commit | ddf8b7b2a5759fe80a667f5bb8f2a9bc9306a6f7 (patch) | |
tree | db55218d437d3f3118da0b206aef0b44a1f40259 /acme-certify.hs | |
parent | 88965364b417b2dd0f4c7b3e312f39aec94d4a1f (diff) |
Trivial, formatting
Diffstat (limited to 'acme-certify.hs')
-rw-r--r-- | acme-certify.hs | 30 |
1 files changed, 14 insertions, 16 deletions
diff --git a/acme-certify.hs b/acme-certify.hs index 0ac7a7b..9d8d770 100644 --- a/acme-certify.hs +++ b/acme-certify.hs | |||
@@ -14,10 +14,9 @@ module Main where | |||
14 | 14 | ||
15 | import BasePrelude | 15 | import BasePrelude |
16 | import Network.ACME (HttpProvisioner, Keys (..), | 16 | import Network.ACME (HttpProvisioner, Keys (..), |
17 | canProvisionDir, certify, | 17 | canProvision, certify, |
18 | dispatchProvisioner, ensureWritableDir, | 18 | ensureWritableDir, provisionViaFile, |
19 | genReq, provisionViaFile, readKeys, | 19 | readKeys, (</>)) |
20 | (</>)) | ||
21 | import Network.ACME.Issuer (letsEncryptX1CrossSigned) | 20 | import Network.ACME.Issuer (letsEncryptX1CrossSigned) |
22 | import Network.URI | 21 | import Network.URI |
23 | import OpenSSL | 22 | import OpenSSL |
@@ -105,7 +104,7 @@ cmdopts = CmdOpts <$> strOption (long "key" <> metavar "FILE" <> | |||
105 | (long "skip-provision-check" <> help | 104 | (long "skip-provision-check" <> help |
106 | (unwords | 105 | (unwords |
107 | [ "Don't test whether HTTP provisioning works before" | 106 | [ "Don't test whether HTTP provisioning works before" |
108 | , "making ACME requests; only useful for testing." | 107 | , "making ACME requests" |
109 | ])) | 108 | ])) |
110 | 109 | ||
111 | go :: CmdOpts -> IO (Either String ()) | 110 | go :: CmdOpts -> IO (Either String ()) |
@@ -126,26 +125,25 @@ go CmdOpts { .. } = do | |||
126 | 125 | ||
127 | Just keys <- getOrCreateKeys privKeyFile | 126 | Just keys <- getOrCreateKeys privKeyFile |
128 | 127 | ||
129 | unless optSkipProvisionCheck $ | ||
130 | forM_ requestDomains $ canProvisionDir challengeDir >=> | ||
131 | (`unless` error "Error: cannot provision files to web server via challenge directory") | ||
132 | |||
133 | let req = AcmeCertRequest {..} | 128 | let req = AcmeCertRequest {..} |
134 | acrDomains = map (flip (,) (provisionViaFile challengeDir)) requestDomains | 129 | acrDomains = map (flip (,) (provisionViaFile challengeDir)) requestDomains |
135 | acrSkipDH = optSkipDH | 130 | acrSkipDH = optSkipDH |
136 | acrUserKeys = keys | 131 | acrUserKeys = keys |
137 | acrCertificateDir = domainDir | 132 | acrCertificateDir = domainDir |
133 | |||
134 | unless optSkipProvisionCheck $ | ||
135 | forM_ acrDomains $ uncurry canProvision >=> | ||
136 | (`unless` error "Error: cannot provision files to web server") | ||
137 | |||
138 | go' directoryUrl terms email issuerCert req | 138 | go' directoryUrl terms email issuerCert req |
139 | 139 | ||
140 | go' :: URI -> URI -> Maybe EmailAddress -> X509 -> AcmeCertRequest -> IO (Either String ()) | 140 | go' :: URI -> URI -> Maybe EmailAddress -> X509 -> AcmeCertRequest -> IO (Either String ()) |
141 | go' directoryUrl terms email issuerCert acr@AcmeCertRequest{..} = do | 141 | go' directoryUrl terms email issuerCert acr@AcmeCertRequest{..} = do |
142 | let domainKeyFile = acrCertificateDir </> "rsa.key" | 142 | Just domainKeys <- getOrCreateKeys $ acrCertificateDir </> "rsa.key" |
143 | |||
144 | Just domainKeys <- getOrCreateKeys domainKeyFile | ||
145 | dh <- saveDhParams acr | 143 | dh <- saveDhParams acr |
146 | 144 | ||
147 | certificate <- certify directoryUrl acrUserKeys ((,) terms <$> email) domainKeys acrDomains | 145 | certificate <- certify directoryUrl acrUserKeys ((,) terms <$> email) domainKeys acrDomains |
148 | forM certificate $ saveCertificate issuerCert dh domainKeys acr | 146 | for certificate $ saveCertificate issuerCert dh domainKeys acr |
149 | 147 | ||
150 | saveDhParams :: AcmeCertRequest -> IO (Maybe DHP) | 148 | saveDhParams :: AcmeCertRequest -> IO (Maybe DHP) |
151 | saveDhParams AcmeCertRequest{acrSkipDH, acrCertificateDir} = do | 149 | saveDhParams AcmeCertRequest{acrSkipDH, acrCertificateDir} = do |
@@ -155,9 +153,9 @@ saveDhParams AcmeCertRequest{acrSkipDH, acrCertificateDir} = do | |||
155 | saveCertificate :: X509 -> Maybe DHP -> Keys -> AcmeCertRequest -> X509 -> IO () | 153 | saveCertificate :: X509 -> Maybe DHP -> Keys -> AcmeCertRequest -> X509 -> IO () |
156 | saveCertificate issuerCert dh domainKeys AcmeCertRequest{acrCertificateDir} = saveBoth | 154 | saveCertificate issuerCert dh domainKeys AcmeCertRequest{acrCertificateDir} = saveBoth |
157 | where | 155 | where |
158 | saveCombined = combinedCert issuerCert dh domainKeys >=> writeFile domainCombinedFile | 156 | saveBoth x509 = savePEM x509 >> saveCombined x509 |
159 | savePEM = writeX509 >=> writeFile domainCertFile | 157 | saveCombined = combinedCert issuerCert dh domainKeys >=> writeFile domainCombinedFile |
160 | saveBoth x509 = savePEM x509 >> saveCombined x509 | 158 | savePEM = writeX509 >=> writeFile domainCertFile |
161 | domainCombinedFile = acrCertificateDir </> "cert.combined.pem" | 159 | domainCombinedFile = acrCertificateDir </> "cert.combined.pem" |
162 | domainCertFile = acrCertificateDir </> "cert.pem" | 160 | domainCertFile = acrCertificateDir </> "cert.pem" |
163 | 161 | ||