diff options
Diffstat (limited to 'solve_tls.go')
-rw-r--r-- | solve_tls.go | 38 |
1 files changed, 28 insertions, 10 deletions
diff --git a/solve_tls.go b/solve_tls.go index 7e39492..4910144 100644 --- a/solve_tls.go +++ b/solve_tls.go @@ -39,17 +39,22 @@ func name(keyAuth string) string { return z[:32] + "." + z[32:64] + tlsSuffix } -func (s *tlsSolver) Solve(token, keyAuth string) error { - log.Println("solve tls") - tlsKey, err := rsa.GenerateKey(rand.Reader, tlsKeySize) +func newCert(keyAuth string) (tls.Certificate, error) { + fail := func(err error) (tls.Certificate, error) { + return tls.Certificate{}, err + } + key, err := rsa.GenerateKey(rand.Reader, tlsKeySize) if err != nil { - return err + return fail(err) } - serialMax := new(big.Int).Lsh(big.NewInt(1), 128) - serial, err := rand.Int(rand.Reader, serialMax) + serialLimit := new(big.Int).Lsh(big.NewInt(1), 128) + serial, err := rand.Int(rand.Reader, serialLimit) if err != nil { - return err + return fail(err) } + hash := sha256.Sum256([]byte(keyAuth)) + z := hex.EncodeToString(hash[:]) + name := z[:32] + "." + z[32:] + tlsSuffix tmpl := x509.Certificate{ SerialNumber: serial, Subject: pkix.Name{ @@ -61,10 +66,23 @@ func (s *tlsSolver) Solve(token, keyAuth string) error { ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, BasicConstraintsValid: true, SignatureAlgorithm: x509.SHA256WithRSA, - DNSNames: []string{name(keyAuth)}, + DNSNames: []string{name}, } - _, _ = tlsKey, tmpl - crt, err := x509.CreateCertificate(rand.Reader, &tmpl, &tmpl, tlsKey.Public(), tlsKey) + crt, err := x509.CreateCertificate(rand.Reader, &tmpl, &tmpl, key.Public(), key) + if err != nil { + return fail(err) + } + cert.Certificate = [][]byte{crt} + cert.PrivateKey = key + return tls.Certificate{ + Certificate: [][]byte{crt}, + PrivateKey: key, + }, nil +} + +func (s *tlsSolver) Solve(_, keyAuth string) error { + log.Println("solve tls") + crt, err := newCert(keyAuth) if err != nil { return err } |