reworked cert issuing

2024-04-20 17:02:25 +02:00 · 2024-04-20 17:02:25 +02:00 · af826ff457
commit af826ff457
parent 90bfc25975
3 changed files with 38 additions and 28 deletions
--- a/src/pki/acme.go
+++ b/src/pki/acme.go
@ -66,16 +66,27 @@ func (u *User) HandleRegistration(cfg *config.Config, client *lego.Client) (err
 }
 // RequestNewCert returns a newly requested certificate to letsencrypt
-func (u *User) RequestNewCert(cfg *config.Config, domainname *string) (certs *certificate.Resource, err error) {
+func (u *User) RequestNewCert(cfg *config.Config, domainnames *[]string) (certs *certificate.Resource, err error) {
 	legoconfig := lego.NewConfig(u)
 	legoconfig.CADirURL = cfg.ACME.AuthURL
 	legoconfig.Certificate.KeyType = certcrypto.RSA2048
-	dom := domain.Domain{Domain: *domainname}
+	var dom domain.Domain
-	_, err = cfg.Db.Get(&dom)
+	var has bool
 	for _, d := range *domainnames {
 		dom = domain.Domain{Domain: d}
 		if has, err = cfg.Db.Get(&dom); has {
 			break
 		}
 		if err != nil {
 			log.Println(err)
 		}
 	}
 	if !has {
 		err = fmt.Errorf("supplied domain not in allow domains")
 		return
 	}
 	var provider challenge.Provider
@ -110,7 +121,7 @@ func (u *User) RequestNewCert(cfg *config.Config, domainname *string) (certs *ce
 	}
 	request := certificate.ObtainRequest{
-		Domains: []string{*domainname, fmt.Sprintf(`*.%s`, *domainname)},
+		Domains: *domainnames,
 		Bundle:  true,
 	}
--- a/src/pkiws/server.go
+++ b/src/pkiws/server.go
@ -30,7 +30,7 @@ func RunServer(cfg *config.Config) (err error) {
 		return c.String(http.StatusOK, "Welcome to PKI software (https://git.paulbsd.com/paulbsd/pki)")
 	})
 	e.POST("/cert", func(c echo.Context) (err error) {
-		var request EntryRequest
+		var request = new(EntryRequest)
 		var result = make(map[string]EntryResponse)
 		err = c.Bind(&request)
 		if err != nil {
--- a/src/pkiws/serverhandle.go
+++ b/src/pkiws/serverhandle.go
@ -25,10 +25,10 @@ func GetCertificate(cfg *config.Config, user *pki.User, domains *[]string) (resu
 	}
 	result = make(map[string]EntryResponse)
-	for _, domain := range *domains {
+	firstdomain := (*domains)[0]
-		entry, err := user.GetEntry(cfg, &domain)
+	entry, err := user.GetEntry(cfg, &firstdomain)
 	if err != nil {
-			certs, err := user.RequestNewCert(cfg, &domain)
+		certs, err := user.RequestNewCert(cfg, domains)
 		if err != nil {
 			log.Printf("Error fetching new certificate %s\n", err)
 			return result, err
@ -45,11 +45,10 @@ func GetCertificate(cfg *config.Config, user *pki.User, domains *[]string) (resu
 			ValidityEnd:   NotAfter,
 			AuthURL:       cfg.ACME.AuthURL}
 		cfg.Db.Insert(&entry)
-			result[domain] = convertEntryToResponse(entry)
+		result[firstdomain] = convertEntryToResponse(entry)
 		return result, err
 	}
-		result[domain] = convertEntryToResponse(entry)
+	result[firstdomain] = convertEntryToResponse(entry)
 	}
 	return
 }