aboutsummaryrefslogtreecommitdiff
path: root/cmd
diff options
context:
space:
mode:
authorDimitri Sokolyuk <demon@dim13.org>2015-12-17 19:32:18 +0100
committerDimitri Sokolyuk <demon@dim13.org>2015-12-17 19:32:18 +0100
commit48ad524abe8bb9a84d0fdb93c9733a72c9b1638b (patch)
treeb44855bbfdf08b81abbe22e30711199dc351421f /cmd
parent69b2d9e91d3861d17ded2dc96defb756aeb081f4 (diff)
Add CSR part
Diffstat (limited to 'cmd')
-rw-r--r--cmd/acme/config.go15
-rw-r--r--cmd/acme/main.go31
2 files changed, 40 insertions, 6 deletions
diff --git a/cmd/acme/config.go b/cmd/acme/config.go
index 7f5ffbe..9ed7e43 100644
--- a/cmd/acme/config.go
+++ b/cmd/acme/config.go
@@ -136,14 +136,19 @@ func LoadConfig(fname string) (*Config, error) {
}
type PrivKey interface {
- Path() string
+ KeyPath() string
Size() int
}
-func (d desire) Path() string { return d.Key }
-func (d desire) Size() int { return d.KeySize }
-func (a account) Path() string { return a.Key }
-func (a account) Size() int { return a.KeySize }
+type Cert interface {
+ CertPath() string
+}
+
+func (d desire) CertPath() string { return d.Cert }
+func (d desire) KeyPath() string { return d.Key }
+func (d desire) Size() int { return d.KeySize }
+func (a account) KeyPath() string { return a.Key }
+func (a account) Size() int { return a.KeySize }
type duration struct{ time.Duration }
diff --git a/cmd/acme/main.go b/cmd/acme/main.go
index 058eefb..3df4fa0 100644
--- a/cmd/acme/main.go
+++ b/cmd/acme/main.go
@@ -4,6 +4,7 @@ import (
"crypto/rand"
"crypto/rsa"
"crypto/x509"
+ "crypto/x509/pkix"
"encoding/pem"
"flag"
"io"
@@ -17,6 +18,18 @@ import (
var confName = flag.String("conf", "acme.toml", "configuration file")
+func newCSR(domain []string, key *rsa.PrivateKey) ([]byte, error) {
+ tmpl := x509.CertificateRequest{
+ Subject: pkix.Name{
+ CommonName: domain[0],
+ },
+ }
+ if len(domain) > 1 {
+ tmpl.DNSNames = domain
+ }
+ return x509.CreateCertificateRequest(rand.Reader, &tmpl, key)
+}
+
func newKey(w io.Writer, size int) (*rsa.PrivateKey, error) {
key, err := rsa.GenerateKey(rand.Reader, size)
if err != nil {
@@ -30,7 +43,7 @@ func newKey(w io.Writer, size int) (*rsa.PrivateKey, error) {
}
func chkKey(k PrivKey) (*rsa.PrivateKey, error) {
- key := k.Path()
+ key := k.KeyPath()
if _, err := os.Stat(key); os.IsNotExist(err) {
log.Println("allocating", key, k.Size())
if err := os.MkdirAll(path.Dir(key), 0700); err != nil {
@@ -53,6 +66,14 @@ func chkKey(k PrivKey) (*rsa.PrivateKey, error) {
}
}
+func chkCert(k Cert) error {
+ cert := k.CertPath()
+ if _, err := os.Stat(cert); os.IsNotExist(err) {
+ return err
+ }
+ return nil
+}
+
func chkKeys(c *Config) error {
var err error
for k, acc := range c.Account {
@@ -67,6 +88,14 @@ func chkKeys(c *Config) error {
if err != nil {
return err
}
+ err = chkCert(des)
+ if err != nil {
+ log.Println(k, "cert missing")
+ _, err := newCSR(des.Altnames, des.account.key)
+ if err != nil {
+ log.Fatal(err)
+ }
+ }
c.Desire[k] = des
}
return nil