reworked cert issuing
This commit is contained in:
parent
90bfc25975
commit
af826ff457
@ -66,16 +66,27 @@ func (u *User) HandleRegistration(cfg *config.Config, client *lego.Client) (err
|
|||||||
}
|
}
|
||||||
|
|
||||||
// RequestNewCert returns a newly requested certificate to letsencrypt
|
// RequestNewCert returns a newly requested certificate to letsencrypt
|
||||||
func (u *User) RequestNewCert(cfg *config.Config, domainname *string) (certs *certificate.Resource, err error) {
|
func (u *User) RequestNewCert(cfg *config.Config, domainnames *[]string) (certs *certificate.Resource, err error) {
|
||||||
legoconfig := lego.NewConfig(u)
|
legoconfig := lego.NewConfig(u)
|
||||||
legoconfig.CADirURL = cfg.ACME.AuthURL
|
legoconfig.CADirURL = cfg.ACME.AuthURL
|
||||||
legoconfig.Certificate.KeyType = certcrypto.RSA2048
|
legoconfig.Certificate.KeyType = certcrypto.RSA2048
|
||||||
|
|
||||||
dom := domain.Domain{Domain: *domainname}
|
var dom domain.Domain
|
||||||
_, err = cfg.Db.Get(&dom)
|
var has bool
|
||||||
|
for _, d := range *domainnames {
|
||||||
|
dom = domain.Domain{Domain: d}
|
||||||
|
if has, err = cfg.Db.Get(&dom); has {
|
||||||
|
break
|
||||||
|
}
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println(err)
|
log.Println(err)
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if !has {
|
||||||
|
err = fmt.Errorf("supplied domain not in allow domains")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
var provider challenge.Provider
|
var provider challenge.Provider
|
||||||
|
|
||||||
@ -110,7 +121,7 @@ func (u *User) RequestNewCert(cfg *config.Config, domainname *string) (certs *ce
|
|||||||
}
|
}
|
||||||
|
|
||||||
request := certificate.ObtainRequest{
|
request := certificate.ObtainRequest{
|
||||||
Domains: []string{*domainname, fmt.Sprintf(`*.%s`, *domainname)},
|
Domains: *domainnames,
|
||||||
Bundle: true,
|
Bundle: true,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -30,7 +30,7 @@ func RunServer(cfg *config.Config) (err error) {
|
|||||||
return c.String(http.StatusOK, "Welcome to PKI software (https://git.paulbsd.com/paulbsd/pki)")
|
return c.String(http.StatusOK, "Welcome to PKI software (https://git.paulbsd.com/paulbsd/pki)")
|
||||||
})
|
})
|
||||||
e.POST("/cert", func(c echo.Context) (err error) {
|
e.POST("/cert", func(c echo.Context) (err error) {
|
||||||
var request EntryRequest
|
var request = new(EntryRequest)
|
||||||
var result = make(map[string]EntryResponse)
|
var result = make(map[string]EntryResponse)
|
||||||
err = c.Bind(&request)
|
err = c.Bind(&request)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -25,10 +25,10 @@ func GetCertificate(cfg *config.Config, user *pki.User, domains *[]string) (resu
|
|||||||
}
|
}
|
||||||
result = make(map[string]EntryResponse)
|
result = make(map[string]EntryResponse)
|
||||||
|
|
||||||
for _, domain := range *domains {
|
firstdomain := (*domains)[0]
|
||||||
entry, err := user.GetEntry(cfg, &domain)
|
entry, err := user.GetEntry(cfg, &firstdomain)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
certs, err := user.RequestNewCert(cfg, &domain)
|
certs, err := user.RequestNewCert(cfg, domains)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("Error fetching new certificate %s\n", err)
|
log.Printf("Error fetching new certificate %s\n", err)
|
||||||
return result, err
|
return result, err
|
||||||
@ -45,11 +45,10 @@ func GetCertificate(cfg *config.Config, user *pki.User, domains *[]string) (resu
|
|||||||
ValidityEnd: NotAfter,
|
ValidityEnd: NotAfter,
|
||||||
AuthURL: cfg.ACME.AuthURL}
|
AuthURL: cfg.ACME.AuthURL}
|
||||||
cfg.Db.Insert(&entry)
|
cfg.Db.Insert(&entry)
|
||||||
result[domain] = convertEntryToResponse(entry)
|
result[firstdomain] = convertEntryToResponse(entry)
|
||||||
return result, err
|
return result, err
|
||||||
}
|
}
|
||||||
result[domain] = convertEntryToResponse(entry)
|
result[firstdomain] = convertEntryToResponse(entry)
|
||||||
}
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user