diff --git a/acmev2/client.go b/acmev2/client.go index 904f07fb..38e78da8 100644 --- a/acmev2/client.go +++ b/acmev2/client.go @@ -265,7 +265,7 @@ func (c *Client) QueryRegistration() (*RegistrationResource, error) { // your issued certificate as a bundle. // This function will never return a partial certificate. If one domain in the list fails, // the whole certificate will fail. -func (c *Client) ObtainCertificateForCSR(csr x509.CertificateRequest, bundle bool) (CertificateResource, error) { +func (c *Client) ObtainCertificateForCSR(csr x509.CertificateRequest, bundle bool) (*CertificateResource, error) { // figure out what domains it concerns // start with the common name domains := []string{csr.Subject.CommonName} @@ -292,7 +292,7 @@ DNSNames: order, err := c.createOrderForIdentifiers(domains) if err != nil { - return CertificateResource{}, err + return nil, err } authz, err := c.getAuthzForOrder(order) if err != nil { @@ -300,13 +300,13 @@ DNSNames: /*for _, auth := range authz { c.disableAuthz(auth) }*/ - return CertificateResource{}, err + return nil, err } err = c.solveChallengeForAuthz(authz) if err != nil { // If any challenge fails, return. Do not generate partial SAN certificates. - return CertificateResource{}, err + return nil, err } logf("[INFO][%s] acme: Validations succeeded; requesting certificates", strings.Join(domains, ", ")) @@ -339,9 +339,9 @@ DNSNames: // your issued certificate as a bundle. // This function will never return a partial certificate. If one domain in the list fails, // the whole certificate will fail. -func (c *Client) ObtainCertificate(domains []string, bundle bool, privKey crypto.PrivateKey, mustStaple bool) (CertificateResource, error) { +func (c *Client) ObtainCertificate(domains []string, bundle bool, privKey crypto.PrivateKey, mustStaple bool) (*CertificateResource, error) { if len(domains) == 0 { - return CertificateResource{}, errors.New("No domains to obtain a certificate for") + return nil, errors.New("No domains to obtain a certificate for") } if bundle { @@ -352,7 +352,7 @@ func (c *Client) ObtainCertificate(domains []string, bundle bool, privKey crypto order, err := c.createOrderForIdentifiers(domains) if err != nil { - return CertificateResource{}, err + return nil, err } authz, err := c.getAuthzForOrder(order) if err != nil { @@ -360,13 +360,13 @@ func (c *Client) ObtainCertificate(domains []string, bundle bool, privKey crypto /*for _, auth := range authz { c.disableAuthz(auth) }*/ - return CertificateResource{}, err + return nil, err } err = c.solveChallengeForAuthz(authz) if err != nil { // If any challenge fails, return. Do not generate partial SAN certificates. - return CertificateResource{}, err + return nil, err } logf("[INFO][%s] acme: Validations succeeded; requesting certificates", strings.Join(domains, ", ")) @@ -413,17 +413,17 @@ func (c *Client) RevokeCertificate(certificate []byte) error { // If bundle is true, the []byte contains both the issuer certificate and // your issued certificate as a bundle. // For private key reuse the PrivateKey property of the passed in CertificateResource should be non-nil. -func (c *Client) RenewCertificate(cert CertificateResource, bundle, mustStaple bool) (CertificateResource, error) { +func (c *Client) RenewCertificate(cert CertificateResource, bundle, mustStaple bool) (*CertificateResource, error) { // Input certificate is PEM encoded. Decode it here as we may need the decoded // cert later on in the renewal process. The input may be a bundle or a single certificate. certificates, err := parsePEMBundle(cert.Certificate) if err != nil { - return CertificateResource{}, err + return nil, err } x509Cert := certificates[0] if x509Cert.IsCA { - return CertificateResource{}, fmt.Errorf("[%s] Certificate bundle starts with a CA certificate", cert.Domain) + return nil, fmt.Errorf("[%s] Certificate bundle starts with a CA certificate", cert.Domain) } // This is just meant to be informal for the user. @@ -436,7 +436,7 @@ func (c *Client) RenewCertificate(cert CertificateResource, bundle, mustStaple b if len(cert.CSR) > 0 { csr, err := pemDecodeTox509CSR(cert.CSR) if err != nil { - return CertificateResource{}, err + return nil, err } newCert, failures := c.ObtainCertificateForCSR(*csr, bundle) return newCert, failures @@ -446,7 +446,7 @@ func (c *Client) RenewCertificate(cert CertificateResource, bundle, mustStaple b if cert.PrivateKey != nil { privKey, err = parsePEMPrivateKey(cert.PrivateKey) if err != nil { - return CertificateResource{}, err + return nil, err } } @@ -596,13 +596,13 @@ func (c *Client) disableAuthz(authURL string) error { return err } -func (c *Client) requestCertificateForOrder(order orderResource, bundle bool, privKey crypto.PrivateKey, mustStaple bool) (CertificateResource, error) { +func (c *Client) requestCertificateForOrder(order orderResource, bundle bool, privKey crypto.PrivateKey, mustStaple bool) (*CertificateResource, error) { var err error if privKey == nil { privKey, err = generatePrivateKey(c.keyType) if err != nil { - return CertificateResource{}, err + return nil, err } } @@ -616,24 +616,24 @@ func (c *Client) requestCertificateForOrder(order orderResource, bundle bool, pr // TODO: should the CSR be customizable? csr, err := generateCsr(privKey, commonName, san, mustStaple) if err != nil { - return CertificateResource{}, err + return nil, err } return c.requestCertificateForCsr(order, bundle, csr, pemEncode(privKey)) } -func (c *Client) requestCertificateForCsr(order orderResource, bundle bool, csr []byte, privateKeyPem []byte) (CertificateResource, error) { +func (c *Client) requestCertificateForCsr(order orderResource, bundle bool, csr []byte, privateKeyPem []byte) (*CertificateResource, error) { commonName := order.Domains[0] csrString := base64.RawURLEncoding.EncodeToString(csr) var retOrder orderMessage _, error := postJSON(c.jws, order.Finalize, csrMessage{Csr: csrString}, &retOrder) if error != nil { - return CertificateResource{}, error + return nil, error } if retOrder.Status == "invalid" { - return CertificateResource{}, error + return nil, error } certRes := CertificateResource{ @@ -646,11 +646,11 @@ func (c *Client) requestCertificateForCsr(order orderResource, bundle bool, csr // if the certificate is available right away, short cut! ok, err := c.checkCertResponse(retOrder, &certRes, bundle) if err != nil { - return CertificateResource{}, err + return nil, err } if ok { - return certRes, nil + return &certRes, nil } } @@ -658,21 +658,21 @@ func (c *Client) requestCertificateForCsr(order orderResource, bundle bool, csr for i := 0; i < maxChecks; i++ { _, err := getJSON(order.URL, &retOrder) if err != nil { - return CertificateResource{}, err + return nil, err } done, err := c.checkCertResponse(retOrder, &certRes, bundle) if err != nil { - return CertificateResource{}, err + return nil, err } if done { break } if i == maxChecks-1 { - return CertificateResource{}, fmt.Errorf("polled for certificate %d times; giving up", i) + return nil, fmt.Errorf("polled for certificate %d times; giving up", i) } } - return certRes, nil + return &certRes, nil } // checkCertResponse checks to see if the certificate is ready and a link is contained in the diff --git a/cli_handlers.go b/cli_handlers.go index 450092ba..4c939c86 100644 --- a/cli_handlers.go +++ b/cli_handlers.go @@ -125,7 +125,7 @@ func setup(c *cli.Context) (*Configuration, *Account, *acme.Client) { return conf, acc, client } -func saveCertRes(certRes acme.CertificateResource, conf *Configuration) { +func saveCertRes(certRes *acme.CertificateResource, conf *Configuration) { // make sure no funny chars are in the cert names (like wildcards ;)) domainName := strings.Replace(certRes.Domain, "*", "_", -1) @@ -277,28 +277,23 @@ func run(c *cli.Context) error { logger().Fatal("Please specify --domains/-d (or --csr/-c if you already have a CSR)") } - var cert acme.CertificateResource - var failures map[string]error + var cert *acme.CertificateResource + var err error if hasDomains { // obtain a certificate, generating a new private key - cert, failures = client.ObtainCertificate(c.GlobalStringSlice("domains"), !c.Bool("no-bundle"), nil, c.Bool("must-staple")) + cert, err = client.ObtainCertificate(c.GlobalStringSlice("domains"), !c.Bool("no-bundle"), nil, c.Bool("must-staple")) } else { // read the CSR csr, err := readCSRFile(c.GlobalString("csr")) - if err != nil { - // we couldn't read the CSR - failures = map[string]error{"csr": err} - } else { + if err == nil { // obtain a certificate for this CSR - cert, failures = client.ObtainCertificateForCSR(*csr, !c.Bool("no-bundle")) + cert, err = client.ObtainCertificateForCSR(*csr, !c.Bool("no-bundle")) } } - if len(failures) > 0 { - for k, v := range failures { - logger().Printf("[%s] Could not obtain certificates\n\t%s", k, v.Error()) - } + if err != nil { + logger().Printf("Could not obtain certificates\n\t%s", err.Error()) // Make sure to return a non-zero exit code if ObtainSANCertificate // returned at least one error. Due to us not returning partial @@ -306,8 +301,7 @@ func run(c *cli.Context) error { os.Exit(1) } - err := checkFolder(conf.CertPath()) - if err != nil { + if err := checkFolder(conf.CertPath()); err != nil { logger().Fatalf("Could not check/create path: %s", err.Error()) } @@ -322,8 +316,7 @@ func revoke(c *cli.Context) error { logger().Fatalf("Account %s is not registered. Use 'run' to register a new account.\n", acc.Email) } - err := checkFolder(conf.CertPath()) - if err != nil { + if err := checkFolder(conf.CertPath()); err != nil { logger().Fatalf("Could not check/create path: %s", err.Error()) } @@ -386,8 +379,7 @@ func renew(c *cli.Context) error { } var certRes acme.CertificateResource - err = json.Unmarshal(metaBytes, &certRes) - if err != nil { + if err := json.Unmarshal(metaBytes, &certRes); err != nil { logger().Fatalf("Error while marshalling the meta data for domain %s\n\t%s", domain, err.Error()) }