forked from TrueCloudLab/lego
Make CertResources json savable. Fix cli_handlers to use it.
This commit is contained in:
xenolf
parent
dc4125d3cf
commit
29a27ba807
2 changed files with 45 additions and 34 deletions
|
|
@ -84,9 +84,9 @@ type revokeCertMessage struct {
|
||||||
// PrivateKey and Certificate are both already PEM encoded
|
// PrivateKey and Certificate are both already PEM encoded
|
||||||
// and can be directly written to disk.
|
// and can be directly written to disk.
|
||||||
type CertificateResource struct {
|
type CertificateResource struct {
|
||||||
Domain string
|
Domain string `json:"domain"`
|
||||||
CertURL string
|
CertURL string `json:"certUrl"`
|
||||||
CertStableURL string
|
CertStableURL string `json:"certStableUrl"`
|
||||||
PrivateKey []byte
|
PrivateKey []byte `json:"-"`
|
||||||
Certificate []byte
|
Certificate []byte `json:"-"`
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,7 @@ package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"bufio"
|
"bufio"
|
||||||
|
"encoding/json"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"os"
|
"os"
|
||||||
"path"
|
"path"
|
||||||
|
|
@ -18,21 +19,53 @@ func checkFolder(path string) error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func run(c *cli.Context) {
|
func setup(c *cli.Context) (*Configuration, *Account, *acme.Client) {
|
||||||
err := checkFolder(c.GlobalString("path"))
|
err := checkFolder(c.GlobalString("path"))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger().Fatalf("Cound not check/create path: %v", err)
|
logger().Fatalf("Cound not check/create path: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
conf := NewConfiguration(c)
|
conf := NewConfiguration(c)
|
||||||
|
|
||||||
//TODO: move to account struct? Currently MUST pass email.
|
|
||||||
if !c.GlobalIsSet("email") {
|
if !c.GlobalIsSet("email") {
|
||||||
logger().Fatal("You have to pass an account (email address) to the program using --email or -m")
|
logger().Fatal("You have to pass an account (email address) to the program using --email or -m")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//TODO: move to account struct? Currently MUST pass email.
|
||||||
acc := NewAccount(c.GlobalString("email"), conf)
|
acc := NewAccount(c.GlobalString("email"), conf)
|
||||||
client := acme.NewClient(c.GlobalString("server"), acc, conf.RsaBits(), conf.OptPort(), c.GlobalBool("devMode"))
|
return conf, acc, acme.NewClient(c.GlobalString("server"), acc, conf.RsaBits(), conf.OptPort(), c.GlobalBool("devMode"))
|
||||||
|
}
|
||||||
|
|
||||||
|
func saveCertRes(certRes *acme.CertificateResource, conf *Configuration) {
|
||||||
|
// We store the certificate, private key and metadata in different files
|
||||||
|
// as web servers would not be able to work with a combined file.
|
||||||
|
certOut := path.Join(conf.CertPath(), certRes.Domain+".crt")
|
||||||
|
privOut := path.Join(conf.CertPath(), certRes.Domain+".key")
|
||||||
|
metaOut := path.Join(conf.CertPath(), certRes.Domain+".json")
|
||||||
|
|
||||||
|
err := ioutil.WriteFile(certOut, certRes.Certificate, 0600)
|
||||||
|
if err != nil {
|
||||||
|
logger().Printf("Unable to save Certificate for domain %s\n\t%v", certRes.Domain, err)
|
||||||
|
}
|
||||||
|
|
||||||
|
err = ioutil.WriteFile(privOut, certRes.PrivateKey, 0600)
|
||||||
|
if err != nil {
|
||||||
|
logger().Printf("Unable to save PrivateKey for domain %s\n\t%v", certRes.Domain, err)
|
||||||
|
}
|
||||||
|
|
||||||
|
jsonBytes, err := json.MarshalIndent(certRes, "", "\t")
|
||||||
|
if err != nil {
|
||||||
|
logger().Printf("Unable to marshal CertResource for domain %s\n\t%v", certRes.Domain, err)
|
||||||
|
}
|
||||||
|
|
||||||
|
err = ioutil.WriteFile(metaOut, jsonBytes, 0600)
|
||||||
|
if err != nil {
|
||||||
|
logger().Printf("Unable to save CertResource for domain %s\n\t%v", certRes.Domain, err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func run(c *cli.Context) {
|
||||||
|
|
||||||
|
conf, acc, client := setup(c)
|
||||||
if acc.Registration == nil {
|
if acc.Registration == nil {
|
||||||
reg, err := client.Register()
|
reg, err := client.Register()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
@ -98,37 +131,15 @@ func run(c *cli.Context) {
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, certRes := range certs {
|
for _, certRes := range certs {
|
||||||
certOut := path.Join(conf.CertPath(), certRes.Domain+".crt")
|
saveCertRes(&certRes, conf)
|
||||||
privOut := path.Join(conf.CertPath(), certRes.Domain+".key")
|
|
||||||
|
|
||||||
err = ioutil.WriteFile(certOut, certRes.Certificate, 0600)
|
|
||||||
if err != nil {
|
|
||||||
logger().Printf("Unable to save Certificate for domain %s\n\t%v", certRes.Domain, err)
|
|
||||||
}
|
|
||||||
|
|
||||||
err = ioutil.WriteFile(privOut, certRes.PrivateKey, 0600)
|
|
||||||
if err != nil {
|
|
||||||
logger().Printf("Unable to save PrivateKey for domain %s\n\t%v", certRes.Domain, err)
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func revoke(c *cli.Context) {
|
func revoke(c *cli.Context) {
|
||||||
err := checkFolder(c.GlobalString("path"))
|
|
||||||
if err != nil {
|
|
||||||
logger().Fatalf("Cound not check/create path: %v", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
conf := NewConfiguration(c)
|
conf, _, client := setup(c)
|
||||||
if !c.GlobalIsSet("email") {
|
|
||||||
logger().Fatal("You have to pass an account (email address) to the program using --email or -m")
|
|
||||||
}
|
|
||||||
|
|
||||||
acc := NewAccount(c.GlobalString("email"), conf)
|
err := checkFolder(conf.CertPath())
|
||||||
client := acme.NewClient(c.GlobalString("server"), acc, conf.RsaBits(), conf.OptPort(), c.GlobalBool("devMode"))
|
|
||||||
|
|
||||||
err = checkFolder(conf.CertPath())
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger().Fatalf("Cound not check/create path: %v", err)
|
logger().Fatalf("Cound not check/create path: %v", err)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue