aboutsummaryrefslogtreecommitdiff
path: root/cmd
diff options
context:
space:
mode:
authorDimitri Sokolyuk <demon@dim13.org>2016-03-09 23:06:31 +0100
committerDimitri Sokolyuk <demon@dim13.org>2016-03-09 23:06:31 +0100
commitb4dd257d920efbae2ab1f400c08b49982593881a (patch)
treeeed16c14ecd9be30248ab1b261813bcabfeb74f8 /cmd
parentc12834eb15a69bb8c9f676998029f8a338c6b294 (diff)
Split stages
Diffstat (limited to 'cmd')
-rw-r--r--cmd/acme/config.go20
-rw-r--r--cmd/acme/main.go206
2 files changed, 121 insertions, 105 deletions
diff --git a/cmd/acme/config.go b/cmd/acme/config.go
index ebdcb76..6a0dc4b 100644
--- a/cmd/acme/config.go
+++ b/cmd/acme/config.go
@@ -46,12 +46,13 @@ type account struct {
}
type domain struct {
- Altnames []string
- KeySize int
- KeyFile string
- CrtFile string
- Webroot string
- Hook []string
+ Gracetime time.Duration
+ Altnames []string
+ KeySize int
+ KeyFile string
+ CrtFile string
+ Webroot string
+ Hook []string
}
var (
@@ -115,6 +116,9 @@ func LoadConfig(fname string) (*Config, error) {
}
pro.Account[i] = acc
for i, dom := range acc.Domain {
+ if dom.Gracetime != 0 {
+ dom.Gracetime = c.Gracetime
+ }
if dom.KeySize == 0 {
dom.KeySize = c.KeySize
}
@@ -167,6 +171,6 @@ func checkWWW(altnames []string) []string {
return altnames
}
-func (c Config) renew(cert *x509.Certificate) bool {
- return time.Now().Add(c.Gracetime).After(cert.NotAfter)
+func (d domain) renew(cert *x509.Certificate) bool {
+ return time.Now().Add(d.Gracetime).After(cert.NotAfter)
}
diff --git a/cmd/acme/main.go b/cmd/acme/main.go
index e994189..577afbf 100644
--- a/cmd/acme/main.go
+++ b/cmd/acme/main.go
@@ -9,117 +9,129 @@ import (
)
var (
- confName = flag.String("conf", "", "configuration file")
- forceRenew = flag.Bool("force", false, "force renew")
+ confName = flag.String("conf", "", "configuration file")
+ forceRenew = flag.Bool("force", false, "force renew")
+ httpSol, tlsSol acme.Solver
)
-func main() {
- flag.Parse()
-
- conf, err := LoadConfig(*confName)
+func dialProvider(p provider) error {
+ log.Println("Dial", p.Directory)
+ prov, err := acme.DialProvider(p.Directory)
if err != nil {
- log.Fatal(err)
+ return err
+ }
+ for _, a := range p.Account {
+ if err := loadAccount(prov, a); err != nil {
+ return err
+ }
}
+ return nil
+}
- var httpSol, tlsSol acme.Solver
- if conf.Listen != "" {
- httpSol, err = acme.NewHTTPSolver(conf.Listen)
+func loadAccount(prov *acme.Provider, a account) error {
+ var mustRegister bool
+ key, err := a.Load()
+ if err != nil {
+ key, err = acme.NewKey(a.KeySize)
if err != nil {
- log.Println(err)
+ return err
}
+ if err := a.Save(key); err != nil {
+ return err
+ }
+ mustRegister = true
}
- if conf.ListenTLS != "" {
- tlsSol, err = acme.NewTLSSolver(conf.ListenTLS)
+
+ acc, err := acme.NewAccount(key)
+ if err != nil {
+ return err
+ }
+
+ if mustRegister {
+ con, err := acme.NewContacts(a.Mail, a.Phone)
if err != nil {
- log.Println(err)
+ return err
+ }
+
+ log.Println("Register", con)
+ if err := prov.Register(acc, con); err != nil {
+ return err
}
}
- for _, v := range conf.Provider {
- log.Println("Dial", v.Directory)
- prov, err := acme.DialProvider(v.Directory)
- if err != nil {
- log.Fatal(err)
+ for _, d := range a.Domain {
+ if err := requestCert(prov, acc, d); err != nil {
+ return err
}
+ }
+ return nil
+}
+
+func requestCert(prov *acme.Provider, acc *acme.Account, d domain) error {
+ c, err := d.Load()
+ if err != nil {
+ return err
+ }
+ if c.Leaf != nil && !d.renew(c.Leaf) && !*forceRenew {
+ log.Println("valid until", c.Leaf.NotAfter, "skip")
+ return nil
+ }
+
+ key, err := acme.NewKey(d.KeySize)
+ if err != nil {
+ return err
+ }
- for _, v := range v.Account {
- var mustRegister bool
-
- log.Println("Load", v.KeyFile)
- key, err := v.Load()
- if err != nil {
- key, err = acme.NewKey(v.KeySize)
- if err != nil {
- log.Fatal(err)
- }
- if err := v.Save(key); err != nil {
- log.Fatal(err)
- }
- mustRegister = true
- }
-
- acc, err := acme.NewAccount(key)
- if err != nil {
- log.Fatal(err)
- }
-
- if mustRegister {
- con, err := acme.NewContacts(v.Mail, v.Phone)
- if err != nil {
- log.Fatal(err)
- }
-
- log.Println("Register", con)
- err = prov.Register(acc, con)
- if err != nil {
- log.Fatal(err)
- }
- }
-
- for _, v := range v.Domain {
- c, err := v.Load()
- if err != nil {
- log.Println(err)
- }
- if c.Leaf != nil && !conf.renew(c.Leaf) && !*forceRenew {
- log.Println("valid until", c.Leaf.NotAfter, "sipping")
- continue
- }
-
- key, err := acme.NewKey(v.KeySize)
- if err != nil {
- log.Fatal(err)
- }
- des := acme.NewDesire(key, v.Altnames)
- if v.Webroot != "" {
- sol := acme.NewWebrootSolver(v.Webroot)
- des.RegisterSolver(sol)
- } else if httpSol != nil {
- des.RegisterSolver(httpSol)
- }
- if tlsSol != nil {
- des.RegisterSolver(tlsSol)
- }
- if !des.HasSolver() {
- log.Fatal("no solver")
- }
-
- log.Println("Authorize", v.Altnames)
- if err := prov.Authorize(acc, des); err != nil {
- log.Fatal(err)
- }
-
- log.Println("Request bundle for", v.Altnames)
- cert, err := prov.Bundle(acc, des)
- if err != nil {
- log.Fatal(err)
- }
-
- log.Println("Save", v.CrtFile, v.KeyFile)
- if err := v.Save(cert); err != nil {
- log.Fatal(err)
- }
- }
+ des := acme.NewDesire(key, d.Altnames)
+ if d.Webroot != "" {
+ des.RegisterSolver(acme.NewWebrootSolver(d.Webroot))
+ } else if httpSol != nil {
+ des.RegisterSolver(httpSol)
+ }
+
+ if tlsSol != nil {
+ des.RegisterSolver(tlsSol)
+ }
+
+ log.Println("Authorize", d.Altnames)
+ if err := prov.Authorize(acc, des); err != nil {
+ return err
+ }
+
+ log.Println("Request bundle")
+ cert, err := prov.Bundle(acc, des)
+ if err != nil {
+ return err
+ }
+
+ log.Println("Save", d.CrtFile, d.KeyFile)
+ if err := d.Save(cert); err != nil {
+ return err
+ }
+
+ return nil
+}
+
+func main() {
+ flag.Parse()
+
+ conf, err := LoadConfig(*confName)
+ if err != nil {
+ log.Fatal(err)
+ }
+
+ httpSol, err = acme.NewHTTPSolver(conf.Listen)
+ if err != nil {
+ log.Println("HTTP Solver", err)
+ }
+ tlsSol, err = acme.NewTLSSolver(conf.ListenTLS)
+ if err != nil {
+ log.Println("TLS Solver", err)
+ }
+
+ for _, p := range conf.Provider {
+ if err := dialProvider(p); err != nil {
+ log.Fatal(err)
}
}
}