diff options
-rw-r--r-- | acme-certify.hs | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/acme-certify.hs b/acme-certify.hs index af11042..94891d0 100644 --- a/acme-certify.hs +++ b/acme-certify.hs | |||
@@ -206,14 +206,16 @@ needToFetch cs@CertSpec{..} = runExceptT $ do | |||
206 | exists <- liftIO $ doesFileExist certFile | 206 | exists <- liftIO $ doesFileExist certFile |
207 | unless exists $ throwError NoExistingCert | 207 | unless exists $ throwError NoExistingCert |
208 | 208 | ||
209 | -- TODO: parse with cryptonite | ||
209 | cert <- liftIO $ readFile certFile >>= readX509 | 210 | cert <- liftIO $ readFile certFile >>= readX509 |
210 | expiration <- liftIO $ getNotAfter cert | 211 | expiration <- liftIO $ getNotAfter cert |
211 | now <- liftIO getCurrentTime | 212 | now <- liftIO getCurrentTime |
212 | 213 | ||
213 | -- TODO: check X509v3 subjectAltName list within certificate | 214 | signedCert <- (liftIO (readSignedObject certFile) >>=) $ |
214 | objList <- liftIO $ readSignedObject certFile | 215 | maybe (throwError InvalidExistingCert) return . preview (folded . _Right) |
215 | sc <- maybe (throwError InvalidExistingCert) return $ preview (folded . _Right) objList | 216 | let wantedDomains = domainToString . fst <$> csDomains |
216 | liftIO $ print $ certAltNames sc | 217 | haveDomains = certAltNames signedCert |
218 | unless (null $ wantedDomains \\ haveDomains) $ throwError SubDomainsAdded | ||
217 | 219 | ||
218 | if | expiration < now -> throwError Expired | 220 | if | expiration < now -> throwError Expired |
219 | | expiration < addUTCTime graceTime now -> throwError NearExpiration | 221 | | expiration < addUTCTime graceTime now -> throwError NearExpiration |