reworked cert issuing

src/pki/acme.go

@@ -66,15 +66,26 @@ func (u *User) HandleRegistration(cfg *config.Config, client *lego.Client) (err
 }
 
 // RequestNewCert returns a newly requested certificate to letsencrypt
-func (u *User) RequestNewCert(cfg *config.Config, domainname *string) (certs *certificate.Resource, err error) {
+func (u *User) RequestNewCert(cfg *config.Config, domainnames *[]string) (certs *certificate.Resource, err error) {
 	legoconfig := lego.NewConfig(u)
 	legoconfig.CADirURL = cfg.ACME.AuthURL
 	legoconfig.Certificate.KeyType = certcrypto.RSA2048
 
-	dom := domain.Domain{Domain: *domainname}
-	_, err = cfg.Db.Get(&dom)
-	if err != nil {
-		log.Println(err)
+	var dom domain.Domain
+	var has bool
+	for _, d := range *domainnames {
+		dom = domain.Domain{Domain: d}
+		if has, err = cfg.Db.Get(&dom); has {
+			break
+		}
+		if err != nil {
+			log.Println(err)
+		}
+	}
+
+	if !has {
+		err = fmt.Errorf("supplied domain not in allow domains")
+		return
 	}
 
 	var provider challenge.Provider
@@ -110,7 +121,7 @@ func (u *User) RequestNewCert(cfg *config.Config, domainname *string) (certs *ce
 	}
 
 	request := certificate.ObtainRequest{
-		Domains: []string{*domainname, fmt.Sprintf(`*.%s`, *domainname)},
+		Domains: *domainnames,
 		Bundle:  true,
 	}
 

src/pkiws/server.go

@@ -30,7 +30,7 @@ func RunServer(cfg *config.Config) (err error) {
 		return c.String(http.StatusOK, "Welcome to PKI software (https://git.paulbsd.com/paulbsd/pki)")
 	})
 	e.POST("/cert", func(c echo.Context) (err error) {
-		var request EntryRequest
+		var request = new(EntryRequest)
 		var result = make(map[string]EntryResponse)
 		err = c.Bind(&request)
 		if err != nil {

src/pkiws/serverhandle.go

@@ -25,31 +25,30 @@ func GetCertificate(cfg *config.Config, user *pki.User, domains *[]string) (resu
 	}
 	result = make(map[string]EntryResponse)
 
-	for _, domain := range *domains {
-		entry, err := user.GetEntry(cfg, &domain)
+	firstdomain := (*domains)[0]
+	entry, err := user.GetEntry(cfg, &firstdomain)
+	if err != nil {
+		certs, err := user.RequestNewCert(cfg, domains)
 		if err != nil {
-			certs, err := user.RequestNewCert(cfg, &domain)
-			if err != nil {
-				log.Printf("Error fetching new certificate %s\n", err)
-				return result, err
-			}
-			NotBefore, NotAfter, err := GetDates(certs.Certificate)
-			if err != nil {
-				log.Println("Error where parsing dates")
-				return result, err
-			}
-			entry := cert.Entry{Domain: certs.Domain,
-				Certificate:   string(certs.Certificate),
-				PrivateKey:    string(certs.PrivateKey),
-				ValidityBegin: NotBefore,
-				ValidityEnd:   NotAfter,
-				AuthURL:       cfg.ACME.AuthURL}
-			cfg.Db.Insert(&entry)
-			result[domain] = convertEntryToResponse(entry)
+			log.Printf("Error fetching new certificate %s\n", err)
 			return result, err
 		}
-		result[domain] = convertEntryToResponse(entry)
+		NotBefore, NotAfter, err := GetDates(certs.Certificate)
+		if err != nil {
+			log.Println("Error where parsing dates")
+			return result, err
+		}
+		entry := cert.Entry{Domain: certs.Domain,
+			Certificate:   string(certs.Certificate),
+			PrivateKey:    string(certs.PrivateKey),
+			ValidityBegin: NotBefore,
+			ValidityEnd:   NotAfter,
+			AuthURL:       cfg.ACME.AuthURL}
+		cfg.Db.Insert(&entry)
+		result[firstdomain] = convertEntryToResponse(entry)
+		return result, err
 	}
+	result[firstdomain] = convertEntryToResponse(entry)
 	return
 }