diff options
author | Andrew Cady <d@jerkface.net> | 2016-01-25 22:40:54 -0500 |
---|---|---|
committer | Andrew Cady <d@jerkface.net> | 2016-01-25 22:42:23 -0500 |
commit | d54ff778995b369ead6b708d9b6ee8bff31d366d (patch) | |
tree | d8457b095a026c41390d76710c0a3be8c9f4cc4b /src | |
parent | 3fc632688205e46295803460b5e652751c803d59 (diff) |
generate DH params; use PEM for final output
this needs to be made optional and the DH params should be cached,
because generating them is very slow.
Diffstat (limited to 'src')
-rw-r--r-- | src/Network/ACME.hs | 29 |
1 files changed, 16 insertions, 13 deletions
diff --git a/src/Network/ACME.hs b/src/Network/ACME.hs index f6bffe2..b05b823 100644 --- a/src/Network/ACME.hs +++ b/src/Network/ACME.hs | |||
@@ -39,6 +39,7 @@ import OpenSSL | |||
39 | import OpenSSL.EVP.Digest | 39 | import OpenSSL.EVP.Digest |
40 | import OpenSSL.RSA | 40 | import OpenSSL.RSA |
41 | import OpenSSL.X509.Request | 41 | import OpenSSL.X509.Request |
42 | import OpenSSL.X509 (readDerX509, X509) | ||
42 | import Data.List | 43 | import Data.List |
43 | 44 | ||
44 | type HttpProvisioner = URI -> ByteString -> IO () | 45 | type HttpProvisioner = URI -> ByteString -> IO () |
@@ -71,29 +72,31 @@ acmeChallengeURI dom tok = URI | |||
71 | "" | 72 | "" |
72 | "" | 73 | "" |
73 | 74 | ||
74 | certify :: URI -> Keys -> Maybe (URI, EmailAddress) -> HttpProvisioner -> CSR -> IO (Either String LC.ByteString) | 75 | certify :: URI -> Keys -> Maybe (URI, EmailAddress) -> HttpProvisioner -> CSR -> IO (Either String X509) |
75 | certify directoryUrl keys reg provision certReq = | 76 | certify directoryUrl keys reg provision certReq = run >>= traverse readDerX509 |
76 | 77 | ||
77 | runACME directoryUrl keys $ do | 78 | where |
78 | forM_ reg $ uncurry register >=> statusReport | 79 | run = |
80 | runACME directoryUrl keys $ do | ||
81 | forM_ reg $ uncurry register >=> statusReport | ||
79 | 82 | ||
80 | let performChallenge domain (ChallengeRequest nextUri token thumbtoken) = do | 83 | let performChallenge domain (ChallengeRequest nextUri token thumbtoken) = do |
81 | liftIO $ provision (acmeChallengeURI domain token) thumbtoken | 84 | liftIO $ provision (acmeChallengeURI domain token) thumbtoken |
82 | notifyChallenge nextUri thumbtoken >>= statusReport >>= ncErrorReport | 85 | notifyChallenge nextUri thumbtoken >>= statusReport >>= ncErrorReport |
83 | 86 | ||
84 | challengeResultLinks <- forM (csrDomains certReq) $ \dom -> | 87 | challengeResultLinks <- forM (csrDomains certReq) $ \dom -> |
85 | challengeRequest dom >>= statusReport >>= extractCR >>= performChallenge dom | 88 | challengeRequest dom >>= statusReport >>= extractCR >>= performChallenge dom |
86 | 89 | ||
87 | pollResults challengeResultLinks >>= | 90 | pollResults challengeResultLinks >>= |
88 | either (return . Left . ("certificate receipt was not attempted because a challenge failed: " ++)) | 91 | either (return . Left . ("certificate receipt was not attempted because a challenge failed: " ++)) |
89 | (const (retrieveCert certReq >>= statusReport <&> checkCertResponse)) | 92 | (const (retrieveCert certReq >>= statusReport <&> checkCertResponse)) |
90 | 93 | ||
91 | pollResults :: [Response LC.ByteString] -> ACME (Either String ()) | 94 | pollResults :: [Response LC.ByteString] -> ACME (Either String ()) |
92 | pollResults [] = return $ Right () | 95 | pollResults [] = return $ Right () |
93 | pollResults (link:links) = do | 96 | pollResults (link:links) = do |
94 | -- TODO: use "Retry-After" header if present | 97 | -- TODO: use "Retry-After" header if present |
95 | let Just uri = link ^? responseBody . JSON.key "uri" . _String | 98 | let Just uri = link ^? responseBody . JSON.key "uri" . _String |
96 | r <- liftIO $ W.get (T.unpack uri) | 99 | r <- liftIO $ W.get (T.unpack uri) >>= statusReport |
97 | let status = r ^. responseBody . JSON.key "status" . _String | 100 | let status = r ^. responseBody . JSON.key "status" . _String |
98 | case status of | 101 | case status of |
99 | "pending" -> pollResults $ links ++ [r] | 102 | "pending" -> pollResults $ links ++ [r] |