diff options
author | Andrew Cady <d@jerkface.net> | 2016-01-25 17:42:29 -0500 |
---|---|---|
committer | Andrew Cady <d@jerkface.net> | 2016-01-25 17:42:29 -0500 |
commit | 3fc632688205e46295803460b5e652751c803d59 (patch) | |
tree | 2ebe6903854018cb1d0c640b84807529fb6b6fa8 /src/Network/ACME.hs | |
parent | cf440860e186e7fd775ae27da08220d9fe5e233e (diff) |
move genReq into the library
Diffstat (limited to 'src/Network/ACME.hs')
-rw-r--r-- | src/Network/ACME.hs | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/src/Network/ACME.hs b/src/Network/ACME.hs index 5a66028..f6bffe2 100644 --- a/src/Network/ACME.hs +++ b/src/Network/ACME.hs | |||
@@ -31,14 +31,32 @@ import Network.Wreq (Response, checkStatus, defaults, | |||
31 | statusMessage) | 31 | statusMessage) |
32 | import qualified Network.Wreq as W | 32 | import qualified Network.Wreq as W |
33 | import qualified Network.Wreq.Session as WS | 33 | import qualified Network.Wreq.Session as WS |
34 | import OpenSSL.RSA | ||
35 | import System.Directory | 34 | import System.Directory |
36 | import Text.Email.Validate | 35 | import Text.Email.Validate |
37 | import Text.Domain.Validate hiding (validate) | 36 | import Text.Domain.Validate hiding (validate) |
38 | import Network.URI | 37 | import Network.URI |
38 | import OpenSSL | ||
39 | import OpenSSL.EVP.Digest | ||
40 | import OpenSSL.RSA | ||
41 | import OpenSSL.X509.Request | ||
42 | import Data.List | ||
39 | 43 | ||
40 | type HttpProvisioner = URI -> ByteString -> IO () | 44 | type HttpProvisioner = URI -> ByteString -> IO () |
41 | 45 | ||
46 | genReq :: Keys -> [DomainName] -> IO CSR | ||
47 | genReq _ [] = error "genReq called with zero domains" | ||
48 | genReq (Keys priv pub) domains@(domain:_) = withOpenSSL $ do | ||
49 | Just dig <- getDigestByName "SHA256" | ||
50 | req <- newX509Req | ||
51 | setSubjectName req [("CN", domainToString domain)] | ||
52 | setVersion req 0 | ||
53 | setPublicKey req pub | ||
54 | void $ addExtensions req [(nidSubjectAltName, intercalate ", " (map (("DNS:" ++) . domainToString) domains))] | ||
55 | signX509Req req priv (Just dig) | ||
56 | CSR domains . toStrict <$> writeX509ReqDER req | ||
57 | where | ||
58 | nidSubjectAltName = 85 | ||
59 | |||
42 | fileProvisioner :: WritableDir -> HttpProvisioner | 60 | fileProvisioner :: WritableDir -> HttpProvisioner |
43 | fileProvisioner challengeDir = BC.writeFile . uToF | 61 | fileProvisioner challengeDir = BC.writeFile . uToF |
44 | where | 62 | where |