From 48ad524abe8bb9a84d0fdb93c9733a72c9b1638b Mon Sep 17 00:00:00 2001 From: Dimitri Sokolyuk Date: Thu, 17 Dec 2015 19:32:18 +0100 Subject: Add CSR part --- cmd/acme/config.go | 15 ++++++++++----- cmd/acme/main.go | 31 ++++++++++++++++++++++++++++++- 2 files changed, 40 insertions(+), 6 deletions(-) (limited to 'cmd') diff --git a/cmd/acme/config.go b/cmd/acme/config.go index 7f5ffbe..9ed7e43 100644 --- a/cmd/acme/config.go +++ b/cmd/acme/config.go @@ -136,14 +136,19 @@ func LoadConfig(fname string) (*Config, error) { } type PrivKey interface { - Path() string + KeyPath() string Size() int } -func (d desire) Path() string { return d.Key } -func (d desire) Size() int { return d.KeySize } -func (a account) Path() string { return a.Key } -func (a account) Size() int { return a.KeySize } +type Cert interface { + CertPath() string +} + +func (d desire) CertPath() string { return d.Cert } +func (d desire) KeyPath() string { return d.Key } +func (d desire) Size() int { return d.KeySize } +func (a account) KeyPath() string { return a.Key } +func (a account) Size() int { return a.KeySize } type duration struct{ time.Duration } diff --git a/cmd/acme/main.go b/cmd/acme/main.go index 058eefb..3df4fa0 100644 --- a/cmd/acme/main.go +++ b/cmd/acme/main.go @@ -4,6 +4,7 @@ import ( "crypto/rand" "crypto/rsa" "crypto/x509" + "crypto/x509/pkix" "encoding/pem" "flag" "io" @@ -17,6 +18,18 @@ import ( var confName = flag.String("conf", "acme.toml", "configuration file") +func newCSR(domain []string, key *rsa.PrivateKey) ([]byte, error) { + tmpl := x509.CertificateRequest{ + Subject: pkix.Name{ + CommonName: domain[0], + }, + } + if len(domain) > 1 { + tmpl.DNSNames = domain + } + return x509.CreateCertificateRequest(rand.Reader, &tmpl, key) +} + func newKey(w io.Writer, size int) (*rsa.PrivateKey, error) { key, err := rsa.GenerateKey(rand.Reader, size) if err != nil { @@ -30,7 +43,7 @@ func newKey(w io.Writer, size int) (*rsa.PrivateKey, error) { } func chkKey(k PrivKey) (*rsa.PrivateKey, error) { - key := k.Path() + key := k.KeyPath() if _, err := os.Stat(key); os.IsNotExist(err) { log.Println("allocating", key, k.Size()) if err := os.MkdirAll(path.Dir(key), 0700); err != nil { @@ -53,6 +66,14 @@ func chkKey(k PrivKey) (*rsa.PrivateKey, error) { } } +func chkCert(k Cert) error { + cert := k.CertPath() + if _, err := os.Stat(cert); os.IsNotExist(err) { + return err + } + return nil +} + func chkKeys(c *Config) error { var err error for k, acc := range c.Account { @@ -67,6 +88,14 @@ func chkKeys(c *Config) error { if err != nil { return err } + err = chkCert(des) + if err != nil { + log.Println(k, "cert missing") + _, err := newCSR(des.Altnames, des.account.key) + if err != nil { + log.Fatal(err) + } + } c.Desire[k] = des } return nil -- cgit v1.2.3