aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--certificate.go17
-rw-r--r--cmd/acme/main.go11
-rw-r--r--crypto.go5
-rw-r--r--desire.go12
4 files changed, 24 insertions, 21 deletions
diff --git a/certificate.go b/certificate.go
index 318f8bb..3f985bd 100644
--- a/certificate.go
+++ b/certificate.go
@@ -1,25 +1,28 @@
package acme
+import "crypto/tls"
+
type CSR struct {
Resource Resource `json:"resource"` // new-cert
CSR string `json:"csr"`
}
-func (p *Provider) Bundle(s Signer, d *Desire) error {
- csr, err := NewCSR(d.Cert, d.altnames)
+func (p *Provider) Bundle(s Signer, d *Desire) (tls.Certificate, error) {
+ cert := tls.Certificate{PrivateKey: d.key}
+ csr, err := NewCSR(d.key, d.altnames)
if err != nil {
- return err
+ return cert, err
}
crt, up, err := p.RequestCert(s, d, csr)
if err != nil {
- return err
+ return cert, err
}
ca, err := p.GetCert(up)
if err != nil {
- return err
+ return cert, err
}
- d.Cert.Certificate = [][]byte{crt, ca}
- return nil
+ cert.Certificate = [][]byte{crt, ca}
+ return cert, nil
}
func (p *Provider) RequestCert(s Signer, d *Desire, csr string) ([]byte, string, error) {
diff --git a/cmd/acme/main.go b/cmd/acme/main.go
index 45ceb7b..7f2be60 100644
--- a/cmd/acme/main.go
+++ b/cmd/acme/main.go
@@ -69,7 +69,11 @@ func main() {
}
for _, v := range v.Domain {
- des, err := acme.NewDesire(v.Altnames, v.KeySize)
+ key, err := acme.NewKey(v.KeySize)
+ if err != nil {
+ log.Fatal(err)
+ }
+ des, err := acme.NewDesire(key, v.Altnames)
if err != nil {
log.Fatal(err)
}
@@ -92,12 +96,13 @@ func main() {
}
log.Println("Request bundle for", v.Altnames)
- if err := prov.Bundle(acc, des); err != nil {
+ cert, err := prov.Bundle(acc, des)
+ if err != nil {
log.Fatal(err)
}
log.Println("Save", v.CrtFile, v.KeyFile)
- if err := v.Save(des.Cert); err != nil {
+ if err := v.Save(cert); err != nil {
log.Fatal(err)
}
}
diff --git a/crypto.go b/crypto.go
index 220becd..97a9f26 100644
--- a/crypto.go
+++ b/crypto.go
@@ -6,7 +6,6 @@ import (
"crypto/elliptic"
"crypto/rand"
"crypto/rsa"
- "crypto/tls"
"crypto/x509"
"crypto/x509/pkix"
"encoding/base64"
@@ -82,14 +81,14 @@ func NewKey(size int) (crypto.PrivateKey, error) {
}
}
-func NewCSR(cert tls.Certificate, altnames []string) (string, error) {
+func NewCSR(key crypto.PrivateKey, altnames []string) (string, error) {
tmpl := x509.CertificateRequest{
Subject: pkix.Name{CommonName: altnames[0]},
}
if len(altnames) > 1 {
tmpl.DNSNames = altnames
}
- der, err := x509.CreateCertificateRequest(rand.Reader, &tmpl, cert.PrivateKey)
+ der, err := x509.CreateCertificateRequest(rand.Reader, &tmpl, key)
if err != nil {
return "", err
}
diff --git a/desire.go b/desire.go
index 5b05a99..191daf2 100644
--- a/desire.go
+++ b/desire.go
@@ -1,20 +1,16 @@
package acme
-import "crypto/tls"
+import "crypto"
type Desire struct {
- Cert tls.Certificate
+ key crypto.PrivateKey
altnames []string
solver map[ChalType]Solver
}
-func NewDesire(altnames []string, size int) (*Desire, error) {
- key, err := NewKey(size)
- if err != nil {
- return nil, err
- }
+func NewDesire(key crypto.PrivateKey, altnames []string) (*Desire, error) {
return &Desire{
- Cert: tls.Certificate{PrivateKey: key},
+ key: key,
altnames: altnames,
solver: make(map[ChalType]Solver),
}, nil