aboutsummaryrefslogtreecommitdiff
path: root/solve_tls.go
diff options
context:
space:
mode:
Diffstat (limited to 'solve_tls.go')
-rw-r--r--solve_tls.go38
1 files changed, 28 insertions, 10 deletions
diff --git a/solve_tls.go b/solve_tls.go
index 7e39492..4910144 100644
--- a/solve_tls.go
+++ b/solve_tls.go
@@ -39,17 +39,22 @@ func name(keyAuth string) string {
return z[:32] + "." + z[32:64] + tlsSuffix
}
-func (s *tlsSolver) Solve(token, keyAuth string) error {
- log.Println("solve tls")
- tlsKey, err := rsa.GenerateKey(rand.Reader, tlsKeySize)
+func newCert(keyAuth string) (tls.Certificate, error) {
+ fail := func(err error) (tls.Certificate, error) {
+ return tls.Certificate{}, err
+ }
+ key, err := rsa.GenerateKey(rand.Reader, tlsKeySize)
if err != nil {
- return err
+ return fail(err)
}
- serialMax := new(big.Int).Lsh(big.NewInt(1), 128)
- serial, err := rand.Int(rand.Reader, serialMax)
+ serialLimit := new(big.Int).Lsh(big.NewInt(1), 128)
+ serial, err := rand.Int(rand.Reader, serialLimit)
if err != nil {
- return err
+ return fail(err)
}
+ hash := sha256.Sum256([]byte(keyAuth))
+ z := hex.EncodeToString(hash[:])
+ name := z[:32] + "." + z[32:] + tlsSuffix
tmpl := x509.Certificate{
SerialNumber: serial,
Subject: pkix.Name{
@@ -61,10 +66,23 @@ func (s *tlsSolver) Solve(token, keyAuth string) error {
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
BasicConstraintsValid: true,
SignatureAlgorithm: x509.SHA256WithRSA,
- DNSNames: []string{name(keyAuth)},
+ DNSNames: []string{name},
}
- _, _ = tlsKey, tmpl
- crt, err := x509.CreateCertificate(rand.Reader, &tmpl, &tmpl, tlsKey.Public(), tlsKey)
+ crt, err := x509.CreateCertificate(rand.Reader, &tmpl, &tmpl, key.Public(), key)
+ if err != nil {
+ return fail(err)
+ }
+ cert.Certificate = [][]byte{crt}
+ cert.PrivateKey = key
+ return tls.Certificate{
+ Certificate: [][]byte{crt},
+ PrivateKey: key,
+ }, nil
+}
+
+func (s *tlsSolver) Solve(_, keyAuth string) error {
+ log.Println("solve tls")
+ crt, err := newCert(keyAuth)
if err != nil {
return err
}