diff options
Diffstat (limited to 'src/Network/ACME.hs')
-rw-r--r-- | src/Network/ACME.hs | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/src/Network/ACME.hs b/src/Network/ACME.hs index 120248c..97e6e10 100644 --- a/src/Network/ACME.hs +++ b/src/Network/ACME.hs | |||
@@ -52,8 +52,12 @@ import Text.Email.Validate | |||
52 | 52 | ||
53 | -- The `certify` function | 53 | -- The `certify` function |
54 | 54 | ||
55 | certify :: URI -> Keys -> Maybe (URI, EmailAddress) -> DispatchHttpProvisioner -> CSR -> IO (Either String X509) | 55 | certify :: URI -> Keys -> Maybe (URI, EmailAddress) -> Keys -> [(DomainName, HttpProvisioner)] -> IO (Either String X509) |
56 | certify directoryUrl keys reg provision certReq = | 56 | certify directoryUrl keys reg domainKeys domains = do |
57 | |||
58 | certReq <- genReq domainKeys $ map fst domains | ||
59 | let provision = dispatchProvisioner domains | ||
60 | |||
57 | (mapM readDerX509 =<<) $ runACME directoryUrl keys $ do | 61 | (mapM readDerX509 =<<) $ runACME directoryUrl keys $ do |
58 | forM_ reg $ uncurry register >=> statusReport | 62 | forM_ reg $ uncurry register >=> statusReport |
59 | 63 | ||
@@ -64,7 +68,7 @@ certify directoryUrl keys reg provision certReq = | |||
64 | cr dom = challengeRequest dom >>= statusReport >>= extractCR >>= performChallenge dom | 68 | cr dom = challengeRequest dom >>= statusReport >>= extractCR >>= performChallenge dom |
65 | 69 | ||
66 | runResourceT $ do | 70 | runResourceT $ do |
67 | challengeResultLinks <- forM (csrDomains certReq) cr | 71 | challengeResultLinks <- forM (map fst domains) cr |
68 | lift . runExceptT $ do | 72 | lift . runExceptT $ do |
69 | ExceptT $ pollResults challengeResultLinks <&> left ("certificate receipt was not attempted because a challenge failed: " ++) | 73 | ExceptT $ pollResults challengeResultLinks <&> left ("certificate receipt was not attempted because a challenge failed: " ++) |
70 | ExceptT $ retrieveCert certReq >>= statusReport <&> checkCertResponse | 74 | ExceptT $ retrieveCert certReq >>= statusReport <&> checkCertResponse |
@@ -242,7 +246,7 @@ statusReport r = do | |||
242 | 246 | ||
243 | -- OpenSSL operations | 247 | -- OpenSSL operations |
244 | 248 | ||
245 | data CSR = CSR { csrDomains :: [DomainName], csrData :: ByteString } | 249 | data CSR = CSR { csrData :: ByteString } |
246 | genReq :: Keys -> [DomainName] -> IO CSR | 250 | genReq :: Keys -> [DomainName] -> IO CSR |
247 | genReq _ [] = error "genReq called with zero domains" | 251 | genReq _ [] = error "genReq called with zero domains" |
248 | genReq (Keys priv pub) domains@(domain:_) = withOpenSSL $ do | 252 | genReq (Keys priv pub) domains@(domain:_) = withOpenSSL $ do |
@@ -253,7 +257,7 @@ genReq (Keys priv pub) domains@(domain:_) = withOpenSSL $ do | |||
253 | setPublicKey req pub | 257 | setPublicKey req pub |
254 | void $ addExtensions req [(nidSubjectAltName, intercalate ", " (map (("DNS:" ++) . domainToString) domains))] | 258 | void $ addExtensions req [(nidSubjectAltName, intercalate ", " (map (("DNS:" ++) . domainToString) domains))] |
255 | signX509Req req priv (Just dig) | 259 | signX509Req req priv (Just dig) |
256 | CSR domains . toStrict <$> writeX509ReqDER req | 260 | CSR . toStrict <$> writeX509ReqDER req |
257 | where | 261 | where |
258 | nidSubjectAltName = 85 | 262 | nidSubjectAltName = 85 |
259 | 263 | ||