aboutsummaryrefslogtreecommitdiff
path: root/cmd/acme/main.go
blob: db39a0b55e7e38e3cbdd8c047584de2ec9e832db (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
package main

import (
	"crypto/rsa"
	"crypto/x509"
	"flag"
	"io"
	"log"
	"os"
	"path"

	"dim13.org/acme"
)

var confName = flag.String("conf", "acme.toml", "configuration file")

func mkdirCreate(fname string, dmode, fmode os.FileMode) (io.WriteCloser, error) {
	if err := os.MkdirAll(path.Dir(fname), dmode); err != nil {
		return nil, err
	}
	flags := os.O_WRONLY | os.O_CREATE | os.O_TRUNC
	return os.OpenFile(fname, flags, fmode)
}

func chkKey(k PrivKey) (*rsa.PrivateKey, error) {
	key := k.KeyPath()
	if k.HasKey() {
		fd, err := os.Open(key)
		if err != nil {
			return nil, err
		}
		defer fd.Close()
		return acme.LoadKey(fd)
	} else {
		fd, err := mkdirCreate(key, 0700, 0600)
		if err != nil {
			return nil, err
		}
		defer fd.Close()
		return acme.NewKey(fd, k.KeySize())
	}
}

func saveCert(k Cert, crt []*x509.Certificate) error {
	cert := k.CertPath()
	fd, err := mkdirCreate(cert, 0755, 0644)
	if err != nil {
		return err
	}
	defer fd.Close()
	return acme.SaveCert(fd, crt)
}

func main() {
	flag.Parse()
	conf, err := LoadConfig(*confName)
	if err != nil {
		log.Fatal(err)
	}

	for k, acc := range conf.Account {
		acc.key, err = chkKey(acc)
		if err != nil {
			log.Fatal(err)
		}
		conf.Account[k] = acc
	}

	for k, des := range conf.Desire {
		des.key, err = chkKey(des)
		if err != nil {
			log.Fatal(err)
		}
		conf.Desire[k] = des
	}

	for k, des := range conf.Desire {
		a, _ := acme.NewAccount(des.account.key)
		c := acme.Contacts{}
		c.AddMail(des.account.Mail)
		c.AddPhone(des.account.Phone)
		log.Println(k, a)
		p, err := acme.NewProvider(des.provider.Directory)
		if err != nil {
			log.Fatal(err)
		}
		log.Println(k, p)

		err = p.Register(a, c)
		if err != nil {
			log.Fatal("register", err)
		}

		err = p.Authorize(a, des.Altnames[0])
		if err != nil {
			log.Fatal("authz", err)
		}

		crt, err := p.Cert(a, des.Altnames, des.key)
		if err != nil {
			log.Fatal("cert", err)
		}
		log.Println(crt.NotBefore, crt.NotAfter)

		err = saveCert(des, []*x509.Certificate{crt})
		if err != nil {
			log.Fatal("save cert", err)
		}
	}
}