aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDimitri Sokolyuk <demon@dim13.org>2016-03-18 19:35:41 +0100
committerDimitri Sokolyuk <demon@dim13.org>2016-03-18 19:35:41 +0100
commit767868108a78b0c62b6613dba22e81b9134739b2 (patch)
tree456804a8348e184b47dff54ebf5b18da9e4d1ad8
parent40a9ef230ee6112e6e8bf5981a4e18a17f34e307 (diff)
wip
-rw-r--r--cmd/batch/args.go3
-rw-r--r--cmd/batch/files.go12
-rw-r--r--cmd/batch/main.go26
-rw-r--r--crypto.go14
4 files changed, 45 insertions, 10 deletions
diff --git a/cmd/batch/args.go b/cmd/batch/args.go
index 0bb4d99..83475f1 100644
--- a/cmd/batch/args.go
+++ b/cmd/batch/args.go
@@ -22,7 +22,8 @@ var (
baseDir = flag.String("basedir", "/etc/ssl", "Base directory for SSL files")
graceTime = flag.Duration("gracetime", 24*7*time.Hour, "Renew grace time")
keySize = flag.Int("keysize", 2048, "Private key size")
- provider = flag.String("provider", acme.LE1, "Certificate provider")
+ provider = flag.String("provider", acme.LES, "Certificate provider (staging)")
+ force = flag.Bool("force", false, "Forece renewal")
emails = new(Emails)
domains = new(Domains)
)
diff --git a/cmd/batch/files.go b/cmd/batch/files.go
index fee7a1a..474d0ff 100644
--- a/cmd/batch/files.go
+++ b/cmd/batch/files.go
@@ -3,11 +3,12 @@ package main
import (
"crypto/tls"
"crypto/x509"
+ "fmt"
"io"
- "log"
"os"
"path"
"path/filepath"
+ "time"
"dim13.org/acme"
)
@@ -18,6 +19,14 @@ type Cert struct {
crtFile string
}
+func (c Cert) String() string {
+ return fmt.Sprint(c.Leaf.DNSNames, " valid until ", c.Leaf.NotAfter)
+}
+
+func (c Cert) IsValid(grace time.Duration) bool {
+ return time.Now().Add(grace).Before(c.Leaf.NotAfter)
+}
+
func loadFiles(crtFile, keyFile string) (Cert, error) {
crt, err := tls.LoadX509KeyPair(crtFile, keyFile)
if err != nil {
@@ -67,7 +76,6 @@ func scanFiles(dir string) ([]Cert, error) {
c := filepath.Join(dir, "certs", filepath.Base(k[:len(k)-4])+".pem")
crt, err := loadFiles(c, k)
if err != nil {
- log.Println(err)
continue
}
certs = append(certs, crt)
diff --git a/cmd/batch/main.go b/cmd/batch/main.go
index 28620e3..dbe1195 100644
--- a/cmd/batch/main.go
+++ b/cmd/batch/main.go
@@ -1,14 +1,36 @@
package main
-import "log"
+import (
+ "log"
+
+ "dim13.org/acme"
+)
func main() {
+ log.Println("Scan files")
crt, err := scanFiles(*baseDir)
if err != nil {
log.Fatal(err)
}
+
+ log.Println("Dial", *provider)
+ prov, err := acme.DialProvider(*provider)
+ if err != nil {
+ log.Fatal(err)
+ }
+ _ = prov
+
for _, c := range crt {
- log.Printf("%+v\n", c.Leaf.NotAfter)
+ if c.IsValid(*graceTime) && !*force {
+ log.Println("Skip", c)
+ continue
+ }
+ csr, err := acme.NewCSR(c.PrivateKey, c.Leaf.DNSNames, c.Leaf.EmailAddresses)
+ if err != nil {
+ log.Println(err)
+ continue
+ }
+ _ = csr
}
if len(*emails) > 0 && len(*domains) > 0 {
log.Println(*emails)
diff --git a/crypto.go b/crypto.go
index a8ecb41..d7b3b10 100644
--- a/crypto.go
+++ b/crypto.go
@@ -19,6 +19,7 @@ const (
pemRSA = `RSA PRIVATE KEY`
pemEC = `EC PRIVATE KEY`
pemCRT = `CERTIFICATE`
+ pemCSR = `CERTIFICATE REQUEST`
)
var (
@@ -26,6 +27,11 @@ var (
ErrKeySize = errors.New("insufficient key size")
)
+func DumpCSR(w io.Writer, csr []byte) error {
+ block := &pem.Block{Type: pemCSR, Bytes: csr}
+ return pem.Encode(w, block)
+}
+
func SaveKey(w io.Writer, key crypto.PrivateKey) error {
var block *pem.Block
switch k := key.(type) {
@@ -59,10 +65,7 @@ func LoadKey(r io.Reader) (crypto.PrivateKey, error) {
}
func SaveCert(w io.Writer, cert []byte) error {
- block := &pem.Block{
- Type: pemCRT,
- Bytes: cert,
- }
+ block := &pem.Block{Type: pemCRT, Bytes: cert}
return pem.Encode(w, block)
}
@@ -100,12 +103,13 @@ func NewCSR(key crypto.PrivateKey, altnames, emails []string) (string, error) {
if len(altnames) > 1 {
tmpl.DNSNames = altnames
}
- if len(emails) > 1 {
+ if len(emails) > 0 {
tmpl.EmailAddresses = emails
}
der, err := x509.CreateCertificateRequest(rand.Reader, &tmpl, key)
if err != nil {
return "", err
}
+ //DumpCSR(os.Stdout, der)
return base64.RawURLEncoding.EncodeToString(der), nil
}