From 150788fb1e84740a1ef1f543d20b05816006712d Mon Sep 17 00:00:00 2001 From: Dimitri Sokolyuk Date: Mon, 29 Feb 2016 20:27:00 +0100 Subject: Use tls.Certificate for internal storage --- certificate.go | 8 +++----- crypto.go | 12 ++---------- desire.go | 13 ++++++------- provider.go | 6 +++--- 4 files changed, 14 insertions(+), 25 deletions(-) diff --git a/certificate.go b/certificate.go index 195d56f..439bfba 100644 --- a/certificate.go +++ b/certificate.go @@ -1,7 +1,5 @@ package acme -import "crypto/x509" - type CSR struct { Resource Resource `json:"resource"` // new-cert CSR string `json:"csr"` @@ -16,11 +14,11 @@ func (p *Provider) Bundle(s Signer, d *Desire) error { if err != nil { return err } - d.cert = []*x509.Certificate{crt, ca} + d.cert.Certificate = [][]byte{crt, ca} return nil } -func (p *Provider) RequestCert(s Signer, d *Desire) (*x509.Certificate, string, error) { +func (p *Provider) RequestCert(s Signer, d *Desire) ([]byte, string, error) { csr, err := d.CSR() if err != nil { return nil, "", err @@ -41,7 +39,7 @@ func (p *Provider) RequestCert(s Signer, d *Desire) (*x509.Certificate, string, return crt, ns.Link["up"], nil } -func (p *Provider) GetCert(uri string) (*x509.Certificate, error) { +func (p *Provider) GetCert(uri string) ([]byte, error) { resp, err := p.Get(uri) if err != nil { return nil, err diff --git a/crypto.go b/crypto.go index 223446e..ae8227c 100644 --- a/crypto.go +++ b/crypto.go @@ -62,10 +62,10 @@ func saveKey(w io.Writer, key crypto.PrivateKey) error { return pem.Encode(w, block) } -func saveCert(w io.Writer, crt *x509.Certificate) error { +func saveCert(w io.Writer, cert []byte) error { block := &pem.Block{ Type: pemCRT, - Bytes: crt.Raw, + Bytes: cert, } return pem.Encode(w, block) } @@ -88,14 +88,6 @@ func LoadCerts(r io.Reader) ([]*x509.Certificate, error) { return x509.ParseCertificates(block.Bytes) } -func readCert(r io.Reader) (*x509.Certificate, error) { - der, err := ioutil.ReadAll(r) - if err != nil { - return nil, err - } - return x509.ParseCertificate(der) -} - func CreatePrivFile(fname string) (io.WriteCloser, error) { return createFile(fname, 0700) } diff --git a/desire.go b/desire.go index f5dde99..4de3b64 100644 --- a/desire.go +++ b/desire.go @@ -1,9 +1,9 @@ package acme import ( - "crypto" "crypto/rand" "crypto/rsa" + "crypto/tls" "crypto/x509" "crypto/x509/pkix" "encoding/base64" @@ -13,8 +13,7 @@ import ( type Desire struct { altnames []string - key crypto.PrivateKey - cert []*x509.Certificate + cert tls.Certificate solver map[ChalType]Solver } @@ -24,7 +23,7 @@ func NewDesire(altnames []string, size int) (*Desire, error) { return nil, err } return &Desire{ - key: key, + cert: tls.Certificate{PrivateKey: key}, altnames: altnames, solver: make(map[ChalType]Solver), }, nil @@ -62,7 +61,7 @@ func (d *Desire) saveKey(fname string) error { return err } defer fd.Close() - return saveKey(fd, d.key) + return saveKey(fd, d.cert.PrivateKey) } func (d *Desire) saveCert(fname string) error { @@ -74,7 +73,7 @@ func (d *Desire) saveCert(fname string) error { return err } defer fd.Close() - for _, crt := range d.cert { + for _, crt := range d.cert.Certificate { if err := saveCert(fd, crt); err != nil { return err } @@ -89,7 +88,7 @@ func (d *Desire) CSR() (string, error) { if len(d.altnames) > 1 { tmpl.DNSNames = d.altnames } - der, err := x509.CreateCertificateRequest(rand.Reader, &tmpl, d.key) + der, err := x509.CreateCertificateRequest(rand.Reader, &tmpl, d.cert.PrivateKey) if err != nil { return "", err } diff --git a/provider.go b/provider.go index 12b486e..2971188 100644 --- a/provider.go +++ b/provider.go @@ -1,9 +1,9 @@ package acme import ( - "crypto/x509" "encoding/json" "errors" + "io/ioutil" "net/http" "regexp" "time" @@ -150,11 +150,11 @@ func parseJson(resp *http.Response, v interface{}) error { } } -func parseCert(resp *http.Response) (*x509.Certificate, error) { +func parseCert(resp *http.Response) ([]byte, error) { defer resp.Body.Close() switch resp.Header.Get("Content-Type") { case mimePkix: - return readCert(resp.Body) + return ioutil.ReadAll(resp.Body) case mimeProblem: return nil, problem(resp.Body) default: -- cgit v1.2.3