diff options
Diffstat (limited to 'acme.hs')
-rw-r--r-- | acme.hs | 24 |
1 files changed, 23 insertions, 1 deletions
@@ -24,7 +24,11 @@ import OpenSSL.RSA | |||
24 | import System.Process (readProcess) | 24 | import System.Process (readProcess) |
25 | import Network.Wreq hiding (header) | 25 | import Network.Wreq hiding (header) |
26 | import Control.Lens hiding ((.=)) | 26 | import Control.Lens hiding ((.=)) |
27 | import Data.Aeson.Lens hiding (key) | ||
28 | import qualified Data.Aeson.Lens as JSON | ||
27 | 29 | ||
30 | directoryUrl :: String | ||
31 | directoryUrl = "https://acme-v01.api.letsencrypt.org/directory" | ||
28 | 32 | ||
29 | main :: IO () | 33 | main :: IO () |
30 | main = do | 34 | main = do |
@@ -33,7 +37,7 @@ main = do | |||
33 | Nothing -> error "Not a public RSA key." | 37 | Nothing -> error "Not a public RSA key." |
34 | Just (userKey :: RSAPubKey) -> do | 38 | Just (userKey :: RSAPubKey) -> do |
35 | 39 | ||
36 | nonce_ <- view (responseHeader "Replay-Nonce" . to (T.unpack . decodeUtf8)) <$> get "https://acme-v01.api.letsencrypt.org/directory" | 40 | Just nonce_ <- getNonce |
37 | 41 | ||
38 | let protected = b64 (header userKey nonce_) | 42 | let protected = b64 (header userKey nonce_) |
39 | 43 | ||
@@ -72,6 +76,24 @@ main = do | |||
72 | terms :: String | 76 | terms :: String |
73 | terms = "https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf" | 77 | terms = "https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf" |
74 | 78 | ||
79 | data Directory = Directory { | ||
80 | _newCert :: String, | ||
81 | _newAuthz :: String, | ||
82 | _revokeCert :: String, | ||
83 | _newReg :: String, | ||
84 | _nonce :: String | ||
85 | } | ||
86 | |||
87 | getDirectory :: String -> IO (Maybe Directory) | ||
88 | getDirectory url = do | ||
89 | r <- get url | ||
90 | let nonce = r ^? responseHeader "Replay-Nonce" . to (T.unpack . decodeUtf8) | ||
91 | k x = r ^? responseBody . JSON.key x . _String . to T.unpack | ||
92 | return $ Directory <$> k "new-cert" <*> k "new-authz" <*> k "revoke-cert" <*> k "new-reg" <*> nonce | ||
93 | |||
94 | getNonce :: IO (Maybe String) | ||
95 | getNonce = fmap _nonce <$> getDirectory directoryUrl | ||
96 | |||
75 | -------------------------------------------------------------------------------- | 97 | -------------------------------------------------------------------------------- |
76 | -- | Sign and write a payload to a file with a nonce-protected header. | 98 | -- | Sign and write a payload to a file with a nonce-protected header. |
77 | signPayload :: RSAKey k => String -> k -> ByteString -> ByteString -> IO () | 99 | signPayload :: RSAKey k => String -> k -> ByteString -> ByteString -> IO () |