pogpp/lego
1
0
Fork 0
forked from TrueCloudLab/lego
Code Pull requests Activity

Support for cert revocation

Browse source
This commit is contained in:
xenolf 2015-09-27 14:51:44 +02:00
parent 754e0d4ffa
commit b3035b16b5
3 changed files with 60 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
acme/client.go
View file

@ -158,6 +158,27 @@ func (c *Client) ObtainCertificates(domains []string) ([]CertificateResource, er
return c.requestCertificates(challenges) return c.requestCertificates(challenges)
} }
func (c *Client) RevokeCertificate(certificate []byte) error {
encodedCert := base64.URLEncoding.EncodeToString(certificate)
jsonBytes, err := json.Marshal(revokeCertMessage{Resource: "revoke-cert", Certificate: encodedCert})
if err != nil {
return err
}
resp, err := c.jws.post(c.directory.RevokeCertURL, jsonBytes)
if err != nil {
return err
}
if resp.StatusCode != 200 {
body, _ := ioutil.ReadAll(resp.Body)
return fmt.Errorf("The server returned an error while trying to revoke the certificate.\n%s", body)
}
return nil
}
// Looks through the challenge combinations to find a solvable match. // Looks through the challenge combinations to find a solvable match.
// Then solves the challenges in series and returns. // Then solves the challenges in series and returns.
func (c *Client) solveChallenges(challenges []*authorizationResource) error { func (c *Client) solveChallenges(challenges []*authorizationResource) error {

5
acme/messages.go
View file

@ -75,6 +75,11 @@ type csrMessage struct {
Authorizations []string `json:"authorizations"` Authorizations []string `json:"authorizations"`
} }
type revokeCertMessage struct {
Resource string `json:"resource"`
Certificate string `json:"certificate"`
}
// CertificateResource represents a CA issued certificate. // CertificateResource represents a CA issued certificate.
// PrivateKey and Certificate are both already PEM encoded // PrivateKey and Certificate are both already PEM encoded
// and can be directly written to disk. // and can be directly written to disk.

34
cli_handlers.go
View file

@ -113,3 +113,37 @@ func run(c *cli.Context) {
} }
} }
func revoke(c *cli.Context) {
err := checkFolder(c.GlobalString("path"))
if err != nil {
logger().Fatalf("Cound not check/create path: %v", err)
}
conf := NewConfiguration(c)
if !c.GlobalIsSet("email") {
logger().Fatal("You have to pass an account (email address) to the program using --email or -m")
}
acc := NewAccount(c.GlobalString("email"), conf)
client := acme.NewClient(c.GlobalString("server"), acc, conf.RsaBits(), conf.OptPort())
err = checkFolder(conf.CertPath())
if err != nil {
logger().Fatalf("Cound not check/create path: %v", err)
}
for _, domain := range c.GlobalStringSlice("domains") {
logger().Printf("Trying to revoke certificate for domain %s", domain)
certPath := path.Join(conf.CertPath(), domain+".crt")
certBytes, err := ioutil.ReadFile(certPath)
err = client.RevokeCertificate(certBytes)
if err != nil {
logger().Printf("Error while revoking the certificate for domain %s\n\t%v", domain, err)
} else {
logger().Print("Certificate was revoked.")
}
}
}