generate DH params; use PEM for final output

this needs to be made optional and the DH params should be cached, because generating them is very slow.
author: Andrew Cady <d@jerkface.net> 2016-01-25 22:40:54 -0500
committer: Andrew Cady <d@jerkface.net> 2016-01-25 22:42:23 -0500
commit: d54ff778995b369ead6b708d9b6ee8bff31d366d (patch)
tree: d8457b095a026c41390d76710c0a3be8c9f4cc4b /src
parent: 3fc632688205e46295803460b5e652751c803d59 (diff)
1 files changed, 16 insertions, 13 deletions
diff --git a/src/Network/ACME.hs b/src/Network/ACME.hs
index f6bffe2..b05b823 100644
--- a/src/Network/ACME.hs
+++ b/src/Network/ACME.hs
@@ -39,6 +39,7 @@ import           OpenSSL
 import           OpenSSL.EVP.Digest
 import           OpenSSL.RSA
 import           OpenSSL.X509.Request
+import           OpenSSL.X509 (readDerX509, X509)
 import Data.List
 type HttpProvisioner = URI -> ByteString -> IO ()
@@ -71,29 +72,31 @@ acmeChallengeURI dom tok = URI
                             ""
                             ""
-certify :: URI -> Keys -> Maybe (URI, EmailAddress) -> HttpProvisioner -> CSR -> IO (Either String LC.ByteString)
+certify :: URI -> Keys -> Maybe (URI, EmailAddress) -> HttpProvisioner -> CSR -> IO (Either String X509)
-certify directoryUrl keys reg provision certReq =
+certify directoryUrl keys reg provision certReq = run >>= traverse readDerX509
-  runACME directoryUrl keys $ do
+  where
-    forM_ reg $ uncurry register >=> statusReport
+    run =
+      runACME directoryUrl keys $ do
+        forM_ reg $ uncurry register >=> statusReport
-    let performChallenge domain (ChallengeRequest nextUri token thumbtoken) = do
+        let performChallenge domain (ChallengeRequest nextUri token thumbtoken) = do
-          liftIO $ provision (acmeChallengeURI domain token) thumbtoken
+              liftIO $ provision (acmeChallengeURI domain token) thumbtoken
-          notifyChallenge nextUri thumbtoken >>= statusReport >>= ncErrorReport
+              notifyChallenge nextUri thumbtoken >>= statusReport >>= ncErrorReport
-    challengeResultLinks <- forM (csrDomains certReq) $ \dom ->
+        challengeResultLinks <- forM (csrDomains certReq) $ \dom ->
-      challengeRequest dom >>= statusReport >>= extractCR >>= performChallenge dom
+          challengeRequest dom >>= statusReport >>= extractCR >>= performChallenge dom
-    pollResults challengeResultLinks >>=
+        pollResults challengeResultLinks >>=
-      either (return . Left . ("certificate receipt was not attempted because a challenge failed: " ++))
+          either (return . Left . ("certificate receipt was not attempted because a challenge failed: " ++))
-             (const (retrieveCert certReq >>= statusReport <&> checkCertResponse))
+                 (const (retrieveCert certReq >>= statusReport <&> checkCertResponse))
 pollResults :: [Response LC.ByteString] -> ACME (Either String ())
 pollResults [] = return $ Right ()
 pollResults (link:links) = do
  -- TODO: use "Retry-After" header if present
  let Just uri = link ^? responseBody . JSON.key "uri" . _String
-  r <- liftIO $ W.get (T.unpack uri)
+  r <- liftIO $ W.get (T.unpack uri) >>= statusReport
  let status = r ^. responseBody . JSON.key "status" . _String
  case status of
    "pending" -> pollResults $ links ++ [r]
author	Andrew Cady <d@jerkface.net>	2016-01-25 22:40:54 -0500
committer	Andrew Cady <d@jerkface.net>	2016-01-25 22:42:23 -0500
commit	d54ff778995b369ead6b708d9b6ee8bff31d366d (patch)
tree	d8457b095a026c41390d76710c0a3be8c9f4cc4b /src
parent	3fc632688205e46295803460b5e652751c803d59 (diff)

diff --git a/src/Network/ACME.hs b/src/Network/ACME.hs index f6bffe2..b05b823 100644 --- a/src/Network/ACME.hs +++ b/src/Network/ACME.hs
@@ -39,6 +39,7 @@ import OpenSSL
39	import OpenSSL.EVP.Digest	39	import OpenSSL.EVP.Digest
40	import OpenSSL.RSA	40	import OpenSSL.RSA
41	import OpenSSL.X509.Request	41	import OpenSSL.X509.Request
		42	import OpenSSL.X509 (readDerX509, X509)
42	import Data.List	43	import Data.List
43		44
44	type HttpProvisioner = URI -> ByteString -> IO ()	45	type HttpProvisioner = URI -> ByteString -> IO ()
@@ -71,29 +72,31 @@ acmeChallengeURI dom tok = URI
71	""	72	""
72	""	73	""
73		74
74	certify :: URI -> Keys -> Maybe (URI, EmailAddress) -> HttpProvisioner -> CSR -> IO (Either String LC.ByteString)	75	certify :: URI -> Keys -> Maybe (URI, EmailAddress) -> HttpProvisioner -> CSR -> IO (Either String X509)
75	certify directoryUrl keys reg provision certReq =	76	certify directoryUrl keys reg provision certReq = run >>= traverse readDerX509
76		77
77	runACME directoryUrl keys $ do	78	where
78	forM_ reg $ uncurry register >=> statusReport	79	run =
		80	runACME directoryUrl keys $ do
		81	forM_ reg $ uncurry register >=> statusReport
79		82
80	let performChallenge domain (ChallengeRequest nextUri token thumbtoken) = do	83	let performChallenge domain (ChallengeRequest nextUri token thumbtoken) = do
81	liftIO $ provision (acmeChallengeURI domain token) thumbtoken	84	liftIO $ provision (acmeChallengeURI domain token) thumbtoken
82	notifyChallenge nextUri thumbtoken >>= statusReport >>= ncErrorReport	85	notifyChallenge nextUri thumbtoken >>= statusReport >>= ncErrorReport
83		86
84	challengeResultLinks <- forM (csrDomains certReq) $ \dom ->	87	challengeResultLinks <- forM (csrDomains certReq) $ \dom ->
85	challengeRequest dom >>= statusReport >>= extractCR >>= performChallenge dom	88	challengeRequest dom >>= statusReport >>= extractCR >>= performChallenge dom
86		89
87	pollResults challengeResultLinks >>=	90	pollResults challengeResultLinks >>=
88	either (return . Left . ("certificate receipt was not attempted because a challenge failed: " ++))	91	either (return . Left . ("certificate receipt was not attempted because a challenge failed: " ++))
89	(const (retrieveCert certReq >>= statusReport <&> checkCertResponse))	92	(const (retrieveCert certReq >>= statusReport <&> checkCertResponse))
90		93
91	pollResults :: [Response LC.ByteString] -> ACME (Either String ())	94	pollResults :: [Response LC.ByteString] -> ACME (Either String ())
92	pollResults [] = return $ Right ()	95	pollResults [] = return $ Right ()
93	pollResults (link:links) = do	96	pollResults (link:links) = do
94	-- TODO: use "Retry-After" header if present	97	-- TODO: use "Retry-After" header if present
95	let Just uri = link ^? responseBody . JSON.key "uri" . _String	98	let Just uri = link ^? responseBody . JSON.key "uri" . _String
96	r <- liftIO $ W.get (T.unpack uri)	99	r <- liftIO $ W.get (T.unpack uri) >>= statusReport
97	let status = r ^. responseBody . JSON.key "status" . _String	100	let status = r ^. responseBody . JSON.key "status" . _String
98	case status of	101	case status of
99	"pending" -> pollResults $ links ++ [r]	102	"pending" -> pollResults $ links ++ [r]