package acme import ( "crypto/rand" "crypto/rsa" "crypto/sha256" "crypto/tls" "crypto/x509" "crypto/x509/pkix" "encoding/hex" "log" "math/big" "net/http" "time" ) const ( tlsKeySize = 2048 tlsSuffix = ".acme.invalid" ) type tlsSolver struct { http.Server } func NewTLSSolver(addr string) Solver { s := new(tlsSolver) s.Server = http.Server{ Addr: addr, TLSConfig: &tls.Config{}, } go s.ListenAndServe() return s } func name(keyAuth string) string { hash := sha256.Sum256([]byte(keyAuth)) z := hex.EncodeToString(hash[:]) return z[:32] + "." + z[32:64] + tlsSuffix } func (s *tlsSolver) Solve(token, keyAuth string) error { log.Println("solve tls") tlsKey, err := rsa.GenerateKey(rand.Reader, tlsKeySize) if err != nil { return err } serialMax := new(big.Int).Lsh(big.NewInt(1), 128) serial, err := rand.Int(rand.Reader, serialMax) if err != nil { return err } tmpl := x509.Certificate{ SerialNumber: serial, Subject: pkix.Name{ Organization: []string{"Acme Co"}, }, NotBefore: time.Now(), NotAfter: time.Now().Add(time.Hour), KeyUsage: x509.KeyUsageDigitalSignature, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, BasicConstraintsValid: true, SignatureAlgorithm: x509.SHA256WithRSA, DNSNames: []string{name(keyAuth)}, } _, _ = tlsKey, tmpl crt, err := x509.CreateCertificate(rand.Reader, &tmpl, &tmpl, tlsKey.Public(), tlsKey) if err != nil { return err } log.Println(crt) return errNotImplemented } func (s *tlsSolver) Solved() error { return nil }