aboutsummaryrefslogtreecommitdiff
path: root/cmd/acme/file.go
diff options
context:
space:
mode:
Diffstat (limited to 'cmd/acme/file.go')
-rw-r--r--cmd/acme/file.go64
1 files changed, 64 insertions, 0 deletions
diff --git a/cmd/acme/file.go b/cmd/acme/file.go
new file mode 100644
index 0000000..4f8c479
--- /dev/null
+++ b/cmd/acme/file.go
@@ -0,0 +1,64 @@
+package main
+
+import (
+ "crypto"
+ "crypto/tls"
+ "io"
+ "os"
+ "syscall"
+
+ "dim13.org/acme"
+)
+
+func NewFile(fname string, mode os.FileMode) (io.WriteCloser, error) {
+ err := os.Rename(fname, fname+".bak")
+ if nerr, ok := err.(*os.LinkError); ok && nerr.Err != syscall.ENOENT {
+ return nil, err
+ }
+ flags := os.O_WRONLY | os.O_CREATE | os.O_TRUNC
+ return os.OpenFile(fname, flags, mode)
+}
+
+func (d domain) Save(cert tls.Certificate) error {
+ // save key
+ fd, err := NewFile(d.KeyFile, 0600)
+ if err != nil {
+ return err
+ }
+ defer fd.Close()
+ err = acme.SaveKey(fd, cert.PrivateKey)
+ if err != nil {
+ return err
+ }
+
+ // save certs
+ fd, err = NewFile(d.CrtFile, 0644)
+ if err != nil {
+ return err
+ }
+ defer fd.Close()
+ for _, crt := range cert.Certificate {
+ if err := acme.SaveCert(fd, crt); err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
+func (a account) Save(key crypto.PrivateKey) error {
+ fd, err := NewFile(a.KeyFile, 0600)
+ if err != nil {
+ return err
+ }
+ defer fd.Close()
+ return acme.SaveKey(fd, key)
+}
+
+func (a account) Load() (crypto.PrivateKey, error) {
+ fd, err := os.Open(a.KeyFile)
+ if err != nil {
+ return nil, err
+ }
+ defer fd.Close()
+ return acme.LoadKey(fd)
+}