aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--cmd/acme/main.go40
-rw-r--r--crypto.go44
-rw-r--r--helper.go59
3 files changed, 49 insertions, 94 deletions
diff --git a/cmd/acme/main.go b/cmd/acme/main.go
index e19d6c6..d197908 100644
--- a/cmd/acme/main.go
+++ b/cmd/acme/main.go
@@ -1,14 +1,8 @@
package main
import (
- "crypto/rand"
"crypto/rsa"
- "crypto/x509"
- "crypto/x509/pkix"
- "encoding/pem"
"flag"
- "io"
- "io/ioutil"
"log"
"os"
"path"
@@ -18,30 +12,6 @@ import (
var confName = flag.String("conf", "acme.toml", "configuration file")
-func newCSR(domain []string, key *rsa.PrivateKey) ([]byte, error) {
- tmpl := x509.CertificateRequest{
- Subject: pkix.Name{
- CommonName: domain[0],
- },
- }
- if len(domain) > 1 {
- tmpl.DNSNames = domain
- }
- return x509.CreateCertificateRequest(rand.Reader, &tmpl, key)
-}
-
-func newKey(w io.Writer, size int) (*rsa.PrivateKey, error) {
- key, err := rsa.GenerateKey(rand.Reader, size)
- if err != nil {
- return nil, err
- }
- block := &pem.Block{
- Type: "RSA PRIVATE KEY",
- Bytes: x509.MarshalPKCS1PrivateKey(key),
- }
- return key, pem.Encode(w, block)
-}
-
func chkKey(k PrivKey) (*rsa.PrivateKey, error) {
key := k.KeyPath()
if _, err := os.Stat(key); os.IsNotExist(err) {
@@ -55,14 +25,14 @@ func chkKey(k PrivKey) (*rsa.PrivateKey, error) {
return nil, err
}
defer fd.Close()
- return newKey(fd, k.Size())
+ return acme.NewKey(fd, k.Size())
} else {
- der, err := ioutil.ReadFile(key)
+ fd, err := os.Open(key)
if err != nil {
return nil, err
}
- block, _ := pem.Decode(der)
- return x509.ParsePKCS1PrivateKey(block.Bytes)
+ defer fd.Close()
+ return acme.LoadKey(fd)
}
}
@@ -91,7 +61,7 @@ func chkKeys(c *Config) error {
err = chkCert(des)
if err != nil {
log.Println(k, "cert missing")
- _, err = newCSR(des.Altnames, des.account.key)
+ _, err = acme.NewCSR(des.Altnames, des.account.key)
if err != nil {
log.Fatal(err)
}
diff --git a/crypto.go b/crypto.go
new file mode 100644
index 0000000..b2173e1
--- /dev/null
+++ b/crypto.go
@@ -0,0 +1,44 @@
+package acme
+
+import (
+ "crypto/rand"
+ "crypto/rsa"
+ "crypto/x509"
+ "crypto/x509/pkix"
+ "encoding/pem"
+ "io"
+ "io/ioutil"
+)
+
+func LoadKey(r io.Reader) (*rsa.PrivateKey, error) {
+ der, err := ioutil.ReadAll(r)
+ if err != nil {
+ return nil, err
+ }
+ block, _ := pem.Decode(der)
+ return x509.ParsePKCS1PrivateKey(block.Bytes)
+}
+
+func NewKey(w io.Writer, size int) (*rsa.PrivateKey, error) {
+ key, err := rsa.GenerateKey(rand.Reader, size)
+ if err != nil {
+ return nil, err
+ }
+ block := &pem.Block{
+ Type: "RSA PRIVATE KEY",
+ Bytes: x509.MarshalPKCS1PrivateKey(key),
+ }
+ return key, pem.Encode(w, block)
+}
+
+func NewCSR(altnames []string, key *rsa.PrivateKey) ([]byte, error) {
+ tmpl := x509.CertificateRequest{
+ Subject: pkix.Name{
+ CommonName: altnames[0],
+ },
+ }
+ if len(altnames) > 1 {
+ tmpl.DNSNames = altnames
+ }
+ return x509.CreateCertificateRequest(rand.Reader, &tmpl, key)
+}
diff --git a/helper.go b/helper.go
deleted file mode 100644
index 6829fb3..0000000
--- a/helper.go
+++ /dev/null
@@ -1,59 +0,0 @@
-package acme
-
-import (
- "crypto/rsa"
- "crypto/x509"
- "encoding/json"
- "encoding/pem"
- "fmt"
- "io/ioutil"
- "os"
-)
-
-// Dump ...
-func Dump(v interface{}) error {
- body, err := json.MarshalIndent(v, "", "\t")
- if err != nil {
- return err
- }
- fmt.Println(string(body))
- return nil
-}
-
-// Print ...
-func Print(v interface{}) (int, error) {
- return fmt.Printf("%+v\n", v)
-}
-
-// Save ...
-func Save(fname string, v interface{}) error {
- body, err := json.MarshalIndent(v, "", "\t")
- if err != nil {
- return err
- }
- return ioutil.WriteFile(fname, body, 0644)
-}
-
-// SaveKey stores RSA private key into file
-func SaveKey(fname string, key *rsa.PrivateKey) error {
- file, err := os.Create(fname)
- if err != nil {
- return err
- }
- defer file.Close()
- block := &pem.Block{
- Type: "RSA PRIVATE KEY",
- Bytes: x509.MarshalPKCS1PrivateKey(key),
- }
- return pem.Encode(file, block)
-}
-
-// LoadKey loads RSA private key from file
-func LoadKey(fname string) (*rsa.PrivateKey, error) {
- file, err := ioutil.ReadFile(fname)
- if err != nil {
- return nil, err
- }
- block, _ := pem.Decode(file)
- return x509.ParsePKCS1PrivateKey(block.Bytes)
-}