alexvanin/lego
1
0
Fork 0
forked from TrueCloudLab/lego
Code Pull requests Activity

Resolved build errors, small changes

Browse source 
- Switched out some value -> pointer returns
  for functions that returned an error
- Switched out previous failures map with an
  error
This commit is contained in:
Wyatt Johnson 2018-05-26 13:16:20 -06:00
parent ef5b5bffb6
commit 8a990209a9
2 changed files with 37 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

52
acmev2/client.go
View file

@ -265,7 +265,7 @@ func (c *Client) QueryRegistration() (*RegistrationResource, error) {
// your issued certificate as a bundle. // your issued certificate as a bundle.
// This function will never return a partial certificate. If one domain in the list fails, // This function will never return a partial certificate. If one domain in the list fails,
// the whole certificate will fail. // the whole certificate will fail.
func (c *Client) ObtainCertificateForCSR(csr x509.CertificateRequest, bundle bool) (CertificateResource, error) { func (c *Client) ObtainCertificateForCSR(csr x509.CertificateRequest, bundle bool) (*CertificateResource, error) {
// figure out what domains it concerns // figure out what domains it concerns
// start with the common name // start with the common name
domains := []string{csr.Subject.CommonName} domains := []string{csr.Subject.CommonName}
@ -292,7 +292,7 @@ DNSNames:
order, err := c.createOrderForIdentifiers(domains) order, err := c.createOrderForIdentifiers(domains)
if err != nil { if err != nil {
return CertificateResource{}, err return nil, err
} }
authz, err := c.getAuthzForOrder(order) authz, err := c.getAuthzForOrder(order)
if err != nil { if err != nil {
@ -300,13 +300,13 @@ DNSNames:
/*for _, auth := range authz { /*for _, auth := range authz {
c.disableAuthz(auth) c.disableAuthz(auth)
}*/ }*/
return CertificateResource{}, err return nil, err
} }
err = c.solveChallengeForAuthz(authz) err = c.solveChallengeForAuthz(authz)
if err != nil { if err != nil {
// If any challenge fails, return. Do not generate partial SAN certificates. // If any challenge fails, return. Do not generate partial SAN certificates.
return CertificateResource{}, err return nil, err
} }
logf("[INFO][%s] acme: Validations succeeded; requesting certificates", strings.Join(domains, ", ")) logf("[INFO][%s] acme: Validations succeeded; requesting certificates", strings.Join(domains, ", "))
@ -339,9 +339,9 @@ DNSNames:
// your issued certificate as a bundle. // your issued certificate as a bundle.
// This function will never return a partial certificate. If one domain in the list fails, // This function will never return a partial certificate. If one domain in the list fails,
// the whole certificate will fail. // the whole certificate will fail.
func (c *Client) ObtainCertificate(domains []string, bundle bool, privKey crypto.PrivateKey, mustStaple bool) (CertificateResource, error) { func (c *Client) ObtainCertificate(domains []string, bundle bool, privKey crypto.PrivateKey, mustStaple bool) (*CertificateResource, error) {
if len(domains) == 0 { if len(domains) == 0 {
return CertificateResource{}, errors.New("No domains to obtain a certificate for") return nil, errors.New("No domains to obtain a certificate for")
} }
if bundle { if bundle {
@ -352,7 +352,7 @@ func (c *Client) ObtainCertificate(domains []string, bundle bool, privKey crypto
order, err := c.createOrderForIdentifiers(domains) order, err := c.createOrderForIdentifiers(domains)
if err != nil { if err != nil {
return CertificateResource{}, err return nil, err
} }
authz, err := c.getAuthzForOrder(order) authz, err := c.getAuthzForOrder(order)
if err != nil { if err != nil {
@ -360,13 +360,13 @@ func (c *Client) ObtainCertificate(domains []string, bundle bool, privKey crypto
/*for _, auth := range authz { /*for _, auth := range authz {
c.disableAuthz(auth) c.disableAuthz(auth)
}*/ }*/
return CertificateResource{}, err return nil, err
} }
err = c.solveChallengeForAuthz(authz) err = c.solveChallengeForAuthz(authz)
if err != nil { if err != nil {
// If any challenge fails, return. Do not generate partial SAN certificates. // If any challenge fails, return. Do not generate partial SAN certificates.
return CertificateResource{}, err return nil, err
} }
logf("[INFO][%s] acme: Validations succeeded; requesting certificates", strings.Join(domains, ", ")) logf("[INFO][%s] acme: Validations succeeded; requesting certificates", strings.Join(domains, ", "))
@ -413,17 +413,17 @@ func (c *Client) RevokeCertificate(certificate []byte) error {
// If bundle is true, the []byte contains both the issuer certificate and // If bundle is true, the []byte contains both the issuer certificate and
// your issued certificate as a bundle. // your issued certificate as a bundle.
// For private key reuse the PrivateKey property of the passed in CertificateResource should be non-nil. // For private key reuse the PrivateKey property of the passed in CertificateResource should be non-nil.
func (c *Client) RenewCertificate(cert CertificateResource, bundle, mustStaple bool) (CertificateResource, error) { func (c *Client) RenewCertificate(cert CertificateResource, bundle, mustStaple bool) (*CertificateResource, error) {
// Input certificate is PEM encoded. Decode it here as we may need the decoded // Input certificate is PEM encoded. Decode it here as we may need the decoded
// cert later on in the renewal process. The input may be a bundle or a single certificate. // cert later on in the renewal process. The input may be a bundle or a single certificate.
certificates, err := parsePEMBundle(cert.Certificate) certificates, err := parsePEMBundle(cert.Certificate)
if err != nil { if err != nil {
return CertificateResource{}, err return nil, err
} }
x509Cert := certificates[0] x509Cert := certificates[0]
if x509Cert.IsCA { if x509Cert.IsCA {
return CertificateResource{}, fmt.Errorf("[%s] Certificate bundle starts with a CA certificate", cert.Domain) return nil, fmt.Errorf("[%s] Certificate bundle starts with a CA certificate", cert.Domain)
} }
// This is just meant to be informal for the user. // This is just meant to be informal for the user.
@ -436,7 +436,7 @@ func (c *Client) RenewCertificate(cert CertificateResource, bundle, mustStaple b
if len(cert.CSR) > 0 { if len(cert.CSR) > 0 {
csr, err := pemDecodeTox509CSR(cert.CSR) csr, err := pemDecodeTox509CSR(cert.CSR)
if err != nil { if err != nil {
return CertificateResource{}, err return nil, err
} }
newCert, failures := c.ObtainCertificateForCSR(*csr, bundle) newCert, failures := c.ObtainCertificateForCSR(*csr, bundle)
return newCert, failures return newCert, failures
@ -446,7 +446,7 @@ func (c *Client) RenewCertificate(cert CertificateResource, bundle, mustStaple b
if cert.PrivateKey != nil { if cert.PrivateKey != nil {
privKey, err = parsePEMPrivateKey(cert.PrivateKey) privKey, err = parsePEMPrivateKey(cert.PrivateKey)
if err != nil { if err != nil {
return CertificateResource{}, err return nil, err
} }
} }
@ -596,13 +596,13 @@ func (c *Client) disableAuthz(authURL string) error {
return err return err
} }
func (c *Client) requestCertificateForOrder(order orderResource, bundle bool, privKey crypto.PrivateKey, mustStaple bool) (CertificateResource, error) { func (c *Client) requestCertificateForOrder(order orderResource, bundle bool, privKey crypto.PrivateKey, mustStaple bool) (*CertificateResource, error) {
var err error var err error
if privKey == nil { if privKey == nil {
privKey, err = generatePrivateKey(c.keyType) privKey, err = generatePrivateKey(c.keyType)
if err != nil { if err != nil {
return CertificateResource{}, err return nil, err
} }
} }
@ -616,24 +616,24 @@ func (c *Client) requestCertificateForOrder(order orderResource, bundle bool, pr
// TODO: should the CSR be customizable? // TODO: should the CSR be customizable?
csr, err := generateCsr(privKey, commonName, san, mustStaple) csr, err := generateCsr(privKey, commonName, san, mustStaple)
if err != nil { if err != nil {
return CertificateResource{}, err return nil, err
} }
return c.requestCertificateForCsr(order, bundle, csr, pemEncode(privKey)) return c.requestCertificateForCsr(order, bundle, csr, pemEncode(privKey))
} }
func (c *Client) requestCertificateForCsr(order orderResource, bundle bool, csr []byte, privateKeyPem []byte) (CertificateResource, error) { func (c *Client) requestCertificateForCsr(order orderResource, bundle bool, csr []byte, privateKeyPem []byte) (*CertificateResource, error) {
commonName := order.Domains[0] commonName := order.Domains[0]
csrString := base64.RawURLEncoding.EncodeToString(csr) csrString := base64.RawURLEncoding.EncodeToString(csr)
var retOrder orderMessage var retOrder orderMessage
_, error := postJSON(c.jws, order.Finalize, csrMessage{Csr: csrString}, &retOrder) _, error := postJSON(c.jws, order.Finalize, csrMessage{Csr: csrString}, &retOrder)
if error != nil { if error != nil {
return CertificateResource{}, error return nil, error
} }
if retOrder.Status == "invalid" { if retOrder.Status == "invalid" {
return CertificateResource{}, error return nil, error
} }
certRes := CertificateResource{ certRes := CertificateResource{
@ -646,11 +646,11 @@ func (c *Client) requestCertificateForCsr(order orderResource, bundle bool, csr
// if the certificate is available right away, short cut! // if the certificate is available right away, short cut!
ok, err := c.checkCertResponse(retOrder, &certRes, bundle) ok, err := c.checkCertResponse(retOrder, &certRes, bundle)
if err != nil { if err != nil {
return CertificateResource{}, err return nil, err
} }
if ok { if ok {
return certRes, nil return &certRes, nil
} }
} }
@ -658,21 +658,21 @@ func (c *Client) requestCertificateForCsr(order orderResource, bundle bool, csr
for i := 0; i < maxChecks; i++ { for i := 0; i < maxChecks; i++ {
_, err := getJSON(order.URL, &retOrder) _, err := getJSON(order.URL, &retOrder)
if err != nil { if err != nil {
return CertificateResource{}, err return nil, err
} }
done, err := c.checkCertResponse(retOrder, &certRes, bundle) done, err := c.checkCertResponse(retOrder, &certRes, bundle)
if err != nil { if err != nil {
return CertificateResource{}, err return nil, err
} }
if done { if done {
break break
} }
if i == maxChecks-1 { if i == maxChecks-1 {
return CertificateResource{}, fmt.Errorf("polled for certificate %d times; giving up", i) return nil, fmt.Errorf("polled for certificate %d times; giving up", i)
} }
} }
return certRes, nil return &certRes, nil
} }
// checkCertResponse checks to see if the certificate is ready and a link is contained in the // checkCertResponse checks to see if the certificate is ready and a link is contained in the

30
cli_handlers.go
View file

@ -125,7 +125,7 @@ func setup(c *cli.Context) (*Configuration, *Account, *acme.Client) {
return conf, acc, client return conf, acc, client
} }
func saveCertRes(certRes acme.CertificateResource, conf *Configuration) { func saveCertRes(certRes *acme.CertificateResource, conf *Configuration) {
// make sure no funny chars are in the cert names (like wildcards ;)) // make sure no funny chars are in the cert names (like wildcards ;))
domainName := strings.Replace(certRes.Domain, "*", "_", -1) domainName := strings.Replace(certRes.Domain, "*", "_", -1)
@ -277,28 +277,23 @@ func run(c *cli.Context) error {
logger().Fatal("Please specify --domains/-d (or --csr/-c if you already have a CSR)") logger().Fatal("Please specify --domains/-d (or --csr/-c if you already have a CSR)")
} }
var cert acme.CertificateResource var cert *acme.CertificateResource
var failures map[string]error var err error
if hasDomains { if hasDomains {
// obtain a certificate, generating a new private key // obtain a certificate, generating a new private key
cert, failures = client.ObtainCertificate(c.GlobalStringSlice("domains"), !c.Bool("no-bundle"), nil, c.Bool("must-staple")) cert, err = client.ObtainCertificate(c.GlobalStringSlice("domains"), !c.Bool("no-bundle"), nil, c.Bool("must-staple"))
} else { } else {
// read the CSR // read the CSR
csr, err := readCSRFile(c.GlobalString("csr")) csr, err := readCSRFile(c.GlobalString("csr"))
if err != nil { if err == nil {
// we couldn't read the CSR
failures = map[string]error{"csr": err}
} else {
// obtain a certificate for this CSR // obtain a certificate for this CSR
cert, failures = client.ObtainCertificateForCSR(*csr, !c.Bool("no-bundle")) cert, err = client.ObtainCertificateForCSR(*csr, !c.Bool("no-bundle"))
} }
} }
if len(failures) > 0 { if err != nil {
for k, v := range failures { logger().Printf("Could not obtain certificates\n\t%s", err.Error())
logger().Printf("[%s] Could not obtain certificates\n\t%s", k, v.Error())
}
// Make sure to return a non-zero exit code if ObtainSANCertificate // Make sure to return a non-zero exit code if ObtainSANCertificate
// returned at least one error. Due to us not returning partial // returned at least one error. Due to us not returning partial
@ -306,8 +301,7 @@ func run(c *cli.Context) error {
os.Exit(1) os.Exit(1)
} }
err := checkFolder(conf.CertPath()) if err := checkFolder(conf.CertPath()); err != nil {
if err != nil {
logger().Fatalf("Could not check/create path: %s", err.Error()) logger().Fatalf("Could not check/create path: %s", err.Error())
} }
@ -322,8 +316,7 @@ func revoke(c *cli.Context) error {
logger().Fatalf("Account %s is not registered. Use 'run' to register a new account.\n", acc.Email) logger().Fatalf("Account %s is not registered. Use 'run' to register a new account.\n", acc.Email)
} }
err := checkFolder(conf.CertPath()) if err := checkFolder(conf.CertPath()); err != nil {
if err != nil {
logger().Fatalf("Could not check/create path: %s", err.Error()) logger().Fatalf("Could not check/create path: %s", err.Error())
} }
@ -386,8 +379,7 @@ func renew(c *cli.Context) error {
} }
var certRes acme.CertificateResource var certRes acme.CertificateResource
err = json.Unmarshal(metaBytes, &certRes) if err := json.Unmarshal(metaBytes, &certRes); err != nil {
if err != nil {
logger().Fatalf("Error while marshalling the meta data for domain %s\n\t%s", domain, err.Error()) logger().Fatalf("Error while marshalling the meta data for domain %s\n\t%s", domain, err.Error())
} }