From 3fc632688205e46295803460b5e652751c803d59 Mon Sep 17 00:00:00 2001 From: Andrew Cady Date: Mon, 25 Jan 2016 17:42:29 -0500 Subject: move genReq into the library --- src/Network/ACME.hs | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) (limited to 'src/Network/ACME.hs') diff --git a/src/Network/ACME.hs b/src/Network/ACME.hs index 5a66028..f6bffe2 100644 --- a/src/Network/ACME.hs +++ b/src/Network/ACME.hs @@ -31,14 +31,32 @@ import Network.Wreq (Response, checkStatus, defaults, statusMessage) import qualified Network.Wreq as W import qualified Network.Wreq.Session as WS -import OpenSSL.RSA import System.Directory import Text.Email.Validate import Text.Domain.Validate hiding (validate) import Network.URI +import OpenSSL +import OpenSSL.EVP.Digest +import OpenSSL.RSA +import OpenSSL.X509.Request +import Data.List type HttpProvisioner = URI -> ByteString -> IO () +genReq :: Keys -> [DomainName] -> IO CSR +genReq _ [] = error "genReq called with zero domains" +genReq (Keys priv pub) domains@(domain:_) = withOpenSSL $ do + Just dig <- getDigestByName "SHA256" + req <- newX509Req + setSubjectName req [("CN", domainToString domain)] + setVersion req 0 + setPublicKey req pub + void $ addExtensions req [(nidSubjectAltName, intercalate ", " (map (("DNS:" ++) . domainToString) domains))] + signX509Req req priv (Just dig) + CSR domains . toStrict <$> writeX509ReqDER req + where + nidSubjectAltName = 85 + fileProvisioner :: WritableDir -> HttpProvisioner fileProvisioner challengeDir = BC.writeFile . uToF where -- cgit v1.2.3