aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDimitri Sokolyuk <demon@dim13.org>2016-03-03 20:12:02 +0100
committerDimitri Sokolyuk <demon@dim13.org>2016-03-03 20:12:02 +0100
commit46778cd697a57523574bb1082b612c4db6832de9 (patch)
tree6dd3ca4952fafa5bcc366cde30ee00f4a93d1b80
parentbc7ea1625ac035fd56a1b2d543c33d62529d02c1 (diff)
Remove altnames from desire
-rw-r--r--authorize.go18
-rw-r--r--certificate.go14
-rw-r--r--cmd/acme/main.go16
-rw-r--r--desire.go20
4 files changed, 35 insertions, 33 deletions
diff --git a/authorize.go b/authorize.go
index 55e8edf..a019aed 100644
--- a/authorize.go
+++ b/authorize.go
@@ -63,18 +63,16 @@ func (p *Provider) authorize(s Signer, domain string, sol map[ChalType]Solver) (
return req.Supported(sol), nil
}
-func (p *Provider) Authorize(s Signer, d *Desire) error {
- for _, domain := range d.altnames {
- chal, err := p.authorize(s, domain, d.solver)
- if err != nil {
+func (p *Provider) Authorize(s Signer, d *Desire, domain string) error {
+ chal, err := p.authorize(s, domain, d.solver)
+ if err != nil {
+ return err
+ }
+ for _, ch := range chal {
+ sol := d.solver[ch.Type]
+ if err := p.Solve(s, ch, sol); err != nil {
return err
}
- for _, ch := range chal {
- sol := d.solver[ch.Type]
- if err := p.Solve(s, ch, sol); err != nil {
- return err
- }
- }
}
return nil
}
diff --git a/certificate.go b/certificate.go
index 439bfba..3a338ba 100644
--- a/certificate.go
+++ b/certificate.go
@@ -5,8 +5,12 @@ type CSR struct {
CSR string `json:"csr"`
}
-func (p *Provider) Bundle(s Signer, d *Desire) error {
- crt, up, err := p.RequestCert(s, d)
+func (p *Provider) Bundle(s Signer, d *Desire, altnames []string) error {
+ csr, err := d.CSR(altnames)
+ if err != nil {
+ return err
+ }
+ crt, up, err := p.RequestCert(s, d, csr)
if err != nil {
return err
}
@@ -18,11 +22,7 @@ func (p *Provider) Bundle(s Signer, d *Desire) error {
return nil
}
-func (p *Provider) RequestCert(s Signer, d *Desire) ([]byte, string, error) {
- csr, err := d.CSR()
- if err != nil {
- return nil, "", err
- }
+func (p *Provider) RequestCert(s Signer, d *Desire, csr string) ([]byte, string, error) {
req := &CSR{
Resource: ResNewCert,
CSR: csr,
diff --git a/cmd/acme/main.go b/cmd/acme/main.go
index 5cf82b3..684b8cb 100644
--- a/cmd/acme/main.go
+++ b/cmd/acme/main.go
@@ -56,8 +56,7 @@ func main() {
}
for _, v := range v.Domain {
- log.Println("Satisfice", v.Altnames)
- des, err := acme.NewDesire(v.Altnames, v.KeySize)
+ des, err := acme.NewDesire(v.KeySize)
if err != nil {
log.Fatal(err)
}
@@ -74,12 +73,19 @@ func main() {
log.Fatal("no solver")
}
- if err := prov.Authorize(acc, des); err != nil {
- log.Fatal(err)
+ for _, domain := range v.Altnames {
+ log.Println("Authorize", domain)
+ if err := prov.Authorize(acc, des, domain); err != nil {
+ log.Fatal(err)
+ }
}
- if err := prov.Bundle(acc, des); err != nil {
+
+ log.Println("Request bundle for", v.Altnames)
+ if err := prov.Bundle(acc, des, v.Altnames); err != nil {
log.Fatal(err)
}
+
+ log.Println("Save", v.CrtFile, v.KeyFile)
if err := des.SaveKeyPair(v.CrtFile, v.KeyFile); err != nil {
log.Fatal(err)
}
diff --git a/desire.go b/desire.go
index 5d85e61..25c5ebd 100644
--- a/desire.go
+++ b/desire.go
@@ -10,20 +10,18 @@ import (
)
type Desire struct {
- altnames []string
- cert tls.Certificate
- solver map[ChalType]Solver
+ cert tls.Certificate
+ solver map[ChalType]Solver
}
-func NewDesire(altnames []string, size int) (*Desire, error) {
+func NewDesire(size int) (*Desire, error) {
key, err := rsa.GenerateKey(rand.Reader, size)
if err != nil {
return nil, err
}
return &Desire{
- cert: tls.Certificate{PrivateKey: key},
- altnames: altnames,
- solver: make(map[ChalType]Solver),
+ cert: tls.Certificate{PrivateKey: key},
+ solver: make(map[ChalType]Solver),
}, nil
}
@@ -35,12 +33,12 @@ func (d *Desire) HasSolver() bool {
return len(d.solver) > 0
}
-func (d *Desire) CSR() (string, error) {
+func (d *Desire) CSR(altnames []string) (string, error) {
tmpl := x509.CertificateRequest{
- Subject: pkix.Name{CommonName: d.altnames[0]},
+ Subject: pkix.Name{CommonName: altnames[0]},
}
- if len(d.altnames) > 1 {
- tmpl.DNSNames = d.altnames
+ if len(altnames) > 1 {
+ tmpl.DNSNames = altnames
}
der, err := x509.CreateCertificateRequest(rand.Reader, &tmpl, d.cert.PrivateKey)
if err != nil {