aboutsummaryrefslogtreecommitdiff
path: root/cmd
diff options
context:
space:
mode:
authorDimitri Sokolyuk <demon@dim13.org>2016-03-11 01:47:10 +0100
committerDimitri Sokolyuk <demon@dim13.org>2016-03-11 01:47:10 +0100
commit6f99f7717ae24277d85ac87136ad259413cee64d (patch)
tree06cd9071f75c4f06402b2017e1894f54b7b34498 /cmd
parent8be17979faf2ba1a82570eb991e6d5149bf5654b (diff)
Refactor load
Diffstat (limited to 'cmd')
-rw-r--r--cmd/acme/config.go3
-rw-r--r--cmd/acme/docker.yml12
-rw-r--r--cmd/acme/file.go23
-rw-r--r--cmd/acme/main.go34
4 files changed, 44 insertions, 28 deletions
diff --git a/cmd/acme/config.go b/cmd/acme/config.go
index 6a0dc4b..60b9fcf 100644
--- a/cmd/acme/config.go
+++ b/cmd/acme/config.go
@@ -172,5 +172,8 @@ func checkWWW(altnames []string) []string {
}
func (d domain) renew(cert *x509.Certificate) bool {
+ if cert == nil {
+ return true
+ }
return time.Now().Add(d.Gracetime).After(cert.NotAfter)
}
diff --git a/cmd/acme/docker.yml b/cmd/acme/docker.yml
index e292bc8..e6a527c 100644
--- a/cmd/acme/docker.yml
+++ b/cmd/acme/docker.yml
@@ -18,6 +18,18 @@ provider:
- altnames: [ www.docker.moccu.com ]
keyfile: private/www_docker_moccu_com.key
crtfile: certs/www_docker_moccu_com.pem
+ - mail: webmaster3@docker.moccu.com
+ keyfile: private/webmaster3.key
+ domain:
+ - altnames: [ test2.docker.moccu.com ]
+ keyfile: private/test2_docker_moccu_com.key
+ crtfile: certs/test2_docker_moccu_com.pem
+ - mail: webmaster3@docker.moccu.com
+ keyfile: private/mailmaster.key
+ domain:
+ - altnames: [ mail.docker.moccu.com ]
+ keyfile: private/mail_docker_moccu_com.key
+ crtfile: certs/mail_docker_moccu_com.pem
hook:
nginx: sudo service nginx reload
diff --git a/cmd/acme/file.go b/cmd/acme/file.go
index 7c1c6d9..f29345c 100644
--- a/cmd/acme/file.go
+++ b/cmd/acme/file.go
@@ -4,6 +4,7 @@ import (
"crypto"
"crypto/tls"
"crypto/x509"
+ "errors"
"io"
"os"
"path"
@@ -12,15 +13,12 @@ import (
"dim13.org/acme"
)
+var ErrNotFound = errors.New("file not found")
+
func NewFile(fname string, mode os.FileMode) (io.WriteCloser, error) {
err := os.Rename(fname, fname+".bak")
if err != nil {
- switch e := err.(type) {
- case *os.LinkError:
- if e.Err != syscall.ENOENT {
- return nil, err
- }
- default:
+ if e, ok := err.(*os.LinkError); ok && e.Err != syscall.ENOENT {
return nil, err
}
}
@@ -61,14 +59,10 @@ func (d domain) Save(cert tls.Certificate) error {
func (d domain) Load() (tls.Certificate, error) {
crt, err := tls.LoadX509KeyPair(d.CrtFile, d.KeyFile)
if err != nil {
- switch e := err.(type) {
- case *os.PathError:
- if e.Err != syscall.ENOENT {
- return tls.Certificate{}, err
- }
- default:
- return tls.Certificate{}, nil
+ if e, ok := err.(*os.PathError); ok && e.Err == syscall.ENOENT {
+ err = ErrNotFound
}
+ return tls.Certificate{}, err
}
crt.Leaf, err = x509.ParseCertificate(crt.Certificate[0])
return crt, err
@@ -89,6 +83,9 @@ func (a account) Save(key crypto.PrivateKey) error {
func (a account) Load() (crypto.PrivateKey, error) {
fd, err := os.Open(a.KeyFile)
if err != nil {
+ if e, ok := err.(*os.PathError); ok && e.Err == syscall.ENOENT {
+ err = ErrNotFound
+ }
return nil, err
}
defer fd.Close()
diff --git a/cmd/acme/main.go b/cmd/acme/main.go
index 67cfe10..1ad6af2 100644
--- a/cmd/acme/main.go
+++ b/cmd/acme/main.go
@@ -32,14 +32,18 @@ func loadAccount(prov *acme.Provider, a account) error {
var mustRegister bool
key, err := a.Load()
if err != nil {
- key, err = acme.NewKey(a.KeySize)
- if err != nil {
- return err
- }
- if err := a.Save(key); err != nil {
+ if err == ErrNotFound {
+ key, err = acme.NewKey(a.KeySize)
+ if err != nil {
+ return err
+ }
+ if err := a.Save(key); err != nil {
+ return err
+ }
+ mustRegister = true
+ } else {
return err
}
- mustRegister = true
}
acc, err := acme.NewAccount(key)
@@ -75,20 +79,20 @@ func loadAccount(prov *acme.Provider, a account) error {
func requestCert(prov *acme.Provider, acc *acme.Account, d domain) error {
c, err := d.Load()
if err != nil {
- return err
+ if err == ErrNotFound {
+ c.PrivateKey, err = acme.NewKey(d.KeySize)
+ if err != nil {
+ return err
+ }
+ } else {
+ return err
+ }
}
- if c.Leaf != nil && !d.renew(c.Leaf) && !*forceRenew {
+ if !d.renew(c.Leaf) && !*forceRenew {
log.Println("skip valid until", c.Leaf.NotAfter)
return nil
}
- if c.Leaf == nil {
- c.PrivateKey, err = acme.NewKey(d.KeySize)
- if err != nil {
- return err
- }
- }
-
sols := acme.NewSolvers()
if d.Webroot != "" {
sols.Add(acme.NewWebrootSolver(d.Webroot))