From b4dd257d920efbae2ab1f400c08b49982593881a Mon Sep 17 00:00:00 2001 From: Dimitri Sokolyuk Date: Wed, 9 Mar 2016 23:06:31 +0100 Subject: Split stages --- cmd/acme/config.go | 20 +++--- cmd/acme/main.go | 206 ++++++++++++++++++++++++++++------------------------- 2 files changed, 121 insertions(+), 105 deletions(-) (limited to 'cmd') diff --git a/cmd/acme/config.go b/cmd/acme/config.go index ebdcb76..6a0dc4b 100644 --- a/cmd/acme/config.go +++ b/cmd/acme/config.go @@ -46,12 +46,13 @@ type account struct { } type domain struct { - Altnames []string - KeySize int - KeyFile string - CrtFile string - Webroot string - Hook []string + Gracetime time.Duration + Altnames []string + KeySize int + KeyFile string + CrtFile string + Webroot string + Hook []string } var ( @@ -115,6 +116,9 @@ func LoadConfig(fname string) (*Config, error) { } pro.Account[i] = acc for i, dom := range acc.Domain { + if dom.Gracetime != 0 { + dom.Gracetime = c.Gracetime + } if dom.KeySize == 0 { dom.KeySize = c.KeySize } @@ -167,6 +171,6 @@ func checkWWW(altnames []string) []string { return altnames } -func (c Config) renew(cert *x509.Certificate) bool { - return time.Now().Add(c.Gracetime).After(cert.NotAfter) +func (d domain) renew(cert *x509.Certificate) bool { + return time.Now().Add(d.Gracetime).After(cert.NotAfter) } diff --git a/cmd/acme/main.go b/cmd/acme/main.go index e994189..577afbf 100644 --- a/cmd/acme/main.go +++ b/cmd/acme/main.go @@ -9,117 +9,129 @@ import ( ) var ( - confName = flag.String("conf", "", "configuration file") - forceRenew = flag.Bool("force", false, "force renew") + confName = flag.String("conf", "", "configuration file") + forceRenew = flag.Bool("force", false, "force renew") + httpSol, tlsSol acme.Solver ) -func main() { - flag.Parse() - - conf, err := LoadConfig(*confName) +func dialProvider(p provider) error { + log.Println("Dial", p.Directory) + prov, err := acme.DialProvider(p.Directory) if err != nil { - log.Fatal(err) + return err + } + for _, a := range p.Account { + if err := loadAccount(prov, a); err != nil { + return err + } } + return nil +} - var httpSol, tlsSol acme.Solver - if conf.Listen != "" { - httpSol, err = acme.NewHTTPSolver(conf.Listen) +func loadAccount(prov *acme.Provider, a account) error { + var mustRegister bool + key, err := a.Load() + if err != nil { + key, err = acme.NewKey(a.KeySize) if err != nil { - log.Println(err) + return err } + if err := a.Save(key); err != nil { + return err + } + mustRegister = true } - if conf.ListenTLS != "" { - tlsSol, err = acme.NewTLSSolver(conf.ListenTLS) + + acc, err := acme.NewAccount(key) + if err != nil { + return err + } + + if mustRegister { + con, err := acme.NewContacts(a.Mail, a.Phone) if err != nil { - log.Println(err) + return err + } + + log.Println("Register", con) + if err := prov.Register(acc, con); err != nil { + return err } } - for _, v := range conf.Provider { - log.Println("Dial", v.Directory) - prov, err := acme.DialProvider(v.Directory) - if err != nil { - log.Fatal(err) + for _, d := range a.Domain { + if err := requestCert(prov, acc, d); err != nil { + return err } + } + return nil +} + +func requestCert(prov *acme.Provider, acc *acme.Account, d domain) error { + c, err := d.Load() + if err != nil { + return err + } + if c.Leaf != nil && !d.renew(c.Leaf) && !*forceRenew { + log.Println("valid until", c.Leaf.NotAfter, "skip") + return nil + } + + key, err := acme.NewKey(d.KeySize) + if err != nil { + return err + } - for _, v := range v.Account { - var mustRegister bool - - log.Println("Load", v.KeyFile) - key, err := v.Load() - if err != nil { - key, err = acme.NewKey(v.KeySize) - if err != nil { - log.Fatal(err) - } - if err := v.Save(key); err != nil { - log.Fatal(err) - } - mustRegister = true - } - - acc, err := acme.NewAccount(key) - if err != nil { - log.Fatal(err) - } - - if mustRegister { - con, err := acme.NewContacts(v.Mail, v.Phone) - if err != nil { - log.Fatal(err) - } - - log.Println("Register", con) - err = prov.Register(acc, con) - if err != nil { - log.Fatal(err) - } - } - - for _, v := range v.Domain { - c, err := v.Load() - if err != nil { - log.Println(err) - } - if c.Leaf != nil && !conf.renew(c.Leaf) && !*forceRenew { - log.Println("valid until", c.Leaf.NotAfter, "sipping") - continue - } - - key, err := acme.NewKey(v.KeySize) - if err != nil { - log.Fatal(err) - } - des := acme.NewDesire(key, v.Altnames) - if v.Webroot != "" { - sol := acme.NewWebrootSolver(v.Webroot) - des.RegisterSolver(sol) - } else if httpSol != nil { - des.RegisterSolver(httpSol) - } - if tlsSol != nil { - des.RegisterSolver(tlsSol) - } - if !des.HasSolver() { - log.Fatal("no solver") - } - - log.Println("Authorize", v.Altnames) - if err := prov.Authorize(acc, des); err != nil { - log.Fatal(err) - } - - log.Println("Request bundle for", v.Altnames) - cert, err := prov.Bundle(acc, des) - if err != nil { - log.Fatal(err) - } - - log.Println("Save", v.CrtFile, v.KeyFile) - if err := v.Save(cert); err != nil { - log.Fatal(err) - } - } + des := acme.NewDesire(key, d.Altnames) + if d.Webroot != "" { + des.RegisterSolver(acme.NewWebrootSolver(d.Webroot)) + } else if httpSol != nil { + des.RegisterSolver(httpSol) + } + + if tlsSol != nil { + des.RegisterSolver(tlsSol) + } + + log.Println("Authorize", d.Altnames) + if err := prov.Authorize(acc, des); err != nil { + return err + } + + log.Println("Request bundle") + cert, err := prov.Bundle(acc, des) + if err != nil { + return err + } + + log.Println("Save", d.CrtFile, d.KeyFile) + if err := d.Save(cert); err != nil { + return err + } + + return nil +} + +func main() { + flag.Parse() + + conf, err := LoadConfig(*confName) + if err != nil { + log.Fatal(err) + } + + httpSol, err = acme.NewHTTPSolver(conf.Listen) + if err != nil { + log.Println("HTTP Solver", err) + } + tlsSol, err = acme.NewTLSSolver(conf.ListenTLS) + if err != nil { + log.Println("TLS Solver", err) + } + + for _, p := range conf.Provider { + if err := dialProvider(p); err != nil { + log.Fatal(err) } } } -- cgit v1.2.3