diff options
Diffstat (limited to 'acme-certify.hs')
-rw-r--r-- | acme-certify.hs | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/acme-certify.hs b/acme-certify.hs index 360579b..b84a728 100644 --- a/acme-certify.hs +++ b/acme-certify.hs | |||
@@ -17,6 +17,8 @@ import Network.ACME (canProvision, certify, fileProvisio | |||
17 | import Network.ACME.Encoding (Keys (..), readKeys) | 17 | import Network.ACME.Encoding (Keys (..), readKeys) |
18 | import Network.URI | 18 | import Network.URI |
19 | import OpenSSL | 19 | import OpenSSL |
20 | import OpenSSL.X509 (X509) | ||
21 | import OpenSSL.DH | ||
20 | import OpenSSL.PEM | 22 | import OpenSSL.PEM |
21 | import OpenSSL.RSA | 23 | import OpenSSL.RSA |
22 | import Options.Applicative hiding (header) | 24 | import Options.Applicative hiding (header) |
@@ -24,6 +26,7 @@ import qualified Options.Applicative as Opt | |||
24 | import System.Directory | 26 | import System.Directory |
25 | import Text.Domain.Validate hiding (validate) | 27 | import Text.Domain.Validate hiding (validate) |
26 | import Text.Email.Validate | 28 | import Text.Email.Validate |
29 | import System.IO | ||
27 | 30 | ||
28 | stagingDirectoryUrl, liveDirectoryUrl :: URI | 31 | stagingDirectoryUrl, liveDirectoryUrl :: URI |
29 | Just liveDirectoryUrl = parseAbsoluteURI "https://acme-v01.api.letsencrypt.org/directory" | 32 | Just liveDirectoryUrl = parseAbsoluteURI "https://acme-v01.api.letsencrypt.org/directory" |
@@ -125,10 +128,29 @@ go CmdOpts { .. } = do | |||
125 | 128 | ||
126 | let email = either (error . ("Error: invalid email address: " ++)) id . validate . fromString <$> optEmail | 129 | let email = either (error . ("Error: invalid email address: " ++)) id . validate . fromString <$> optEmail |
127 | 130 | ||
131 | let issuerCertFile = "lets-encrypt-x1-cross-signed.pem" | ||
132 | issuerCert <- readFile issuerCertFile >>= readX509 | ||
133 | |||
134 | hSetBuffering stdout NoBuffering | ||
135 | putStr "Generating DH Params..." | ||
136 | dh <- genDHParams DHGen2 2048 | ||
137 | putStrLn " Done." | ||
138 | |||
128 | certificate <- certify directoryUrl keys ((,) terms <$> email) (fileProvisioner challengeDir) certReq | 139 | certificate <- certify directoryUrl keys ((,) terms <$> email) (fileProvisioner challengeDir) certReq |
129 | 140 | ||
130 | either (error . ("Error: " ++)) (LC.writeFile domainCertFile) certificate | 141 | either (error . ("Error: " ++)) |
142 | (combinedCert issuerCert (Just dh) domainKeys >=> writeFile domainCertFile) | ||
143 | certificate | ||
144 | |||
145 | combinedCert :: X509 -> Maybe DHP -> Keys -> X509 -> IO String | ||
146 | combinedCert issuerCert dh (Keys privKey _) cert = do | ||
147 | dhStr <- mapM writeDHParams dh | ||
148 | certStr <- writeX509 cert | ||
149 | privKeyStr <- writePKCS8PrivateKey privKey Nothing | ||
150 | issuerCertStr <- writeX509 issuerCert | ||
151 | return $ concat [certStr, issuerCertStr, privKeyStr, fromMaybe "" dhStr] | ||
131 | 152 | ||
132 | otherwiseM :: Monad m => m Bool -> m () -> m () | 153 | otherwiseM :: Monad m => m Bool -> m () -> m () |
133 | a `otherwiseM` b = a >>= flip unless b | 154 | a `otherwiseM` b = a >>= flip unless b |
134 | infixl 0 `otherwiseM` | 155 | infixl 0 `otherwiseM` |
156 | |||