aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--cmd/acme/main.go4
-rw-r--r--solve_tls.go21
2 files changed, 24 insertions, 1 deletions
diff --git a/cmd/acme/main.go b/cmd/acme/main.go
index 38dc72d..7b3054c 100644
--- a/cmd/acme/main.go
+++ b/cmd/acme/main.go
@@ -92,6 +92,10 @@ func main() {
}
httpSol := acme.NewHTTPSolver(conf.Defaults.Listen)
+ tlsSol := acme.NewTLSSolver(conf.Defaults.ListenTLS)
+
+ tlsSol.Solve("a", "B")
+ return
for k, des := range conf.Desire {
if des.Webroot != "" {
diff --git a/solve_tls.go b/solve_tls.go
index 4042433..7e39492 100644
--- a/solve_tls.go
+++ b/solve_tls.go
@@ -3,8 +3,11 @@ package acme
import (
"crypto/rand"
"crypto/rsa"
+ "crypto/sha256"
+ "crypto/tls"
"crypto/x509"
"crypto/x509/pkix"
+ "encoding/hex"
"log"
"math/big"
"net/http"
@@ -22,11 +25,20 @@ type tlsSolver struct {
func NewTLSSolver(addr string) Solver {
s := new(tlsSolver)
- s.Server = http.Server{Addr: addr}
+ s.Server = http.Server{
+ Addr: addr,
+ TLSConfig: &tls.Config{},
+ }
go s.ListenAndServe()
return s
}
+func name(keyAuth string) string {
+ hash := sha256.Sum256([]byte(keyAuth))
+ z := hex.EncodeToString(hash[:])
+ return z[:32] + "." + z[32:64] + tlsSuffix
+}
+
func (s *tlsSolver) Solve(token, keyAuth string) error {
log.Println("solve tls")
tlsKey, err := rsa.GenerateKey(rand.Reader, tlsKeySize)
@@ -48,8 +60,15 @@ func (s *tlsSolver) Solve(token, keyAuth string) error {
KeyUsage: x509.KeyUsageDigitalSignature,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
BasicConstraintsValid: true,
+ SignatureAlgorithm: x509.SHA256WithRSA,
+ DNSNames: []string{name(keyAuth)},
}
_, _ = tlsKey, tmpl
+ crt, err := x509.CreateCertificate(rand.Reader, &tmpl, &tmpl, tlsKey.Public(), tlsKey)
+ if err != nil {
+ return err
+ }
+ log.Println(crt)
return errNotImplemented
}