package acme import ( "crypto/rand" "crypto/rsa" "crypto/sha256" "crypto/tls" "crypto/x509" "crypto/x509/pkix" "encoding/hex" "log" "math/big" "net/http" "time" ) const ( tlsKeySize = 2048 tlsSuffix = ".acme.invalid" ) type tlsSolver struct { http.Server } func NewTLSSolver(addr string) Solver { s := new(tlsSolver) s.Server = http.Server{ Addr: addr, TLSConfig: &tls.Config{}, } go s.ListenAndServe() return s } func name(keyAuth string) string { hash := sha256.Sum256([]byte(keyAuth)) z := hex.EncodeToString(hash[:]) return z[:32] + "." + z[32:64] + tlsSuffix } func newCert(keyAuth string) (tls.Certificate, error) { fail := func(err error) (tls.Certificate, error) { return tls.Certificate{}, err } key, err := rsa.GenerateKey(rand.Reader, tlsKeySize) if err != nil { return fail(err) } serialLimit := new(big.Int).Lsh(big.NewInt(1), 128) serial, err := rand.Int(rand.Reader, serialLimit) if err != nil { return fail(err) } hash := sha256.Sum256([]byte(keyAuth)) z := hex.EncodeToString(hash[:]) name := z[:32] + "." + z[32:] + tlsSuffix tmpl := x509.Certificate{ SerialNumber: serial, Subject: pkix.Name{ Organization: []string{"Acme Co"}, }, NotBefore: time.Now(), NotAfter: time.Now().Add(time.Hour), KeyUsage: x509.KeyUsageDigitalSignature, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, BasicConstraintsValid: true, SignatureAlgorithm: x509.SHA256WithRSA, DNSNames: []string{name}, } crt, err := x509.CreateCertificate(rand.Reader, &tmpl, &tmpl, key.Public(), key) if err != nil { return fail(err) } cert.Certificate = [][]byte{crt} cert.PrivateKey = key return tls.Certificate{ Certificate: [][]byte{crt}, PrivateKey: key, }, nil } func (s *tlsSolver) Solve(_, keyAuth string) error { log.Println("solve tls") crt, err := newCert(keyAuth) if err != nil { return err } log.Println(crt) return errNotImplemented } func (s *tlsSolver) Solved() error { return nil }