aboutsummaryrefslogtreecommitdiff
path: root/cmd/acme/main.go
blob: bf05ce9b8e51a9dbe4562275d1ac7cc99b8ff1aa (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
package main

import (
	"crypto/rsa"
	"errors"
	"flag"
	"log"
	"os"
	"path"

	"dim13.org/acme"
)

var confName = flag.String("conf", "acme.toml", "configuration file")

func chkKey(k PrivKey) (*rsa.PrivateKey, error) {
	key := k.KeyPath()
	if k.HasKey() {
		fd, err := os.Open(key)
		if err != nil {
			return nil, err
		}
		defer fd.Close()
		return acme.LoadKey(fd)
	} else {
		if err := os.MkdirAll(path.Dir(key), 0700); err != nil {
			return nil, err
		}
		flags := os.O_WRONLY | os.O_CREATE | os.O_TRUNC
		fd, err := os.OpenFile(key, flags, 0600)
		if err != nil {
			return nil, err
		}
		defer fd.Close()
		return acme.NewKey(fd, k.KeySize())
	}
}

func chkCert(k Cert) error {
	if !k.HasCert() {
		return errors.New("cert missing")
	}
	return nil
}

func saveCert(k Cert, crt []byte) error {
	cert := k.CertPath()
	if err := os.MkdirAll(path.Dir(cert), 0755); err != nil {
		return err
	}
	fd, err := os.Create(cert)
	if err != nil {
		return err
	}
	defer fd.Close()
	return acme.SaveCert(fd, crt)
}

func chkKeys(c *Config) error {
	var err error
	for k, acc := range c.Account {
		acc.key, err = chkKey(acc)
		if err != nil {
			return err
		}
		c.Account[k] = acc
	}
	for k, des := range c.Desire {
		des.key, err = chkKey(des)
		if err != nil {
			return err
		}
		c.Desire[k] = des
	}
	return nil
}

func main() {
	flag.Parse()
	conf, err := LoadConfig(*confName)
	if err != nil {
		log.Fatal(err)
	}

	err = chkKeys(conf)
	if err != nil {
		log.Fatal(err)
	}

	for k, des := range conf.Desire {
		a, _ := acme.NewAccount(des.account.key)
		a.AddMail(des.account.Mail)
		a.AddPhone(des.account.Phone)
		log.Println(k, a)
		c, err := acme.NewClient(des.provider.Directory)
		if err != nil {
			log.Fatal(err)
		}
		log.Println(k, c)

		err = c.Register(a)
		if err != nil {
			log.Fatal("register", err)
		}

		err = c.Authorize(a, des.Altnames[0])
		if err != nil {
			log.Fatal("authz", err)
		}

		crt, err := c.Cert(a, des.Altnames, des.key)
		if err != nil {
			log.Fatal("cert", err)
		}

		err = saveCert(des, crt)
		if err != nil {
			log.Fatal("save cert", err)
		}
	}
}