reworked cert issuing
This commit is contained in:
parent
90bfc25975
commit
af826ff457
@ -66,15 +66,26 @@ func (u *User) HandleRegistration(cfg *config.Config, client *lego.Client) (err
|
|||||||
}
|
}
|
||||||
|
|
||||||
// RequestNewCert returns a newly requested certificate to letsencrypt
|
// RequestNewCert returns a newly requested certificate to letsencrypt
|
||||||
func (u *User) RequestNewCert(cfg *config.Config, domainname *string) (certs *certificate.Resource, err error) {
|
func (u *User) RequestNewCert(cfg *config.Config, domainnames *[]string) (certs *certificate.Resource, err error) {
|
||||||
legoconfig := lego.NewConfig(u)
|
legoconfig := lego.NewConfig(u)
|
||||||
legoconfig.CADirURL = cfg.ACME.AuthURL
|
legoconfig.CADirURL = cfg.ACME.AuthURL
|
||||||
legoconfig.Certificate.KeyType = certcrypto.RSA2048
|
legoconfig.Certificate.KeyType = certcrypto.RSA2048
|
||||||
|
|
||||||
dom := domain.Domain{Domain: *domainname}
|
var dom domain.Domain
|
||||||
_, err = cfg.Db.Get(&dom)
|
var has bool
|
||||||
if err != nil {
|
for _, d := range *domainnames {
|
||||||
log.Println(err)
|
dom = domain.Domain{Domain: d}
|
||||||
|
if has, err = cfg.Db.Get(&dom); has {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
if err != nil {
|
||||||
|
log.Println(err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if !has {
|
||||||
|
err = fmt.Errorf("supplied domain not in allow domains")
|
||||||
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
var provider challenge.Provider
|
var provider challenge.Provider
|
||||||
@ -110,7 +121,7 @@ func (u *User) RequestNewCert(cfg *config.Config, domainname *string) (certs *ce
|
|||||||
}
|
}
|
||||||
|
|
||||||
request := certificate.ObtainRequest{
|
request := certificate.ObtainRequest{
|
||||||
Domains: []string{*domainname, fmt.Sprintf(`*.%s`, *domainname)},
|
Domains: *domainnames,
|
||||||
Bundle: true,
|
Bundle: true,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -30,7 +30,7 @@ func RunServer(cfg *config.Config) (err error) {
|
|||||||
return c.String(http.StatusOK, "Welcome to PKI software (https://git.paulbsd.com/paulbsd/pki)")
|
return c.String(http.StatusOK, "Welcome to PKI software (https://git.paulbsd.com/paulbsd/pki)")
|
||||||
})
|
})
|
||||||
e.POST("/cert", func(c echo.Context) (err error) {
|
e.POST("/cert", func(c echo.Context) (err error) {
|
||||||
var request EntryRequest
|
var request = new(EntryRequest)
|
||||||
var result = make(map[string]EntryResponse)
|
var result = make(map[string]EntryResponse)
|
||||||
err = c.Bind(&request)
|
err = c.Bind(&request)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -25,31 +25,30 @@ func GetCertificate(cfg *config.Config, user *pki.User, domains *[]string) (resu
|
|||||||
}
|
}
|
||||||
result = make(map[string]EntryResponse)
|
result = make(map[string]EntryResponse)
|
||||||
|
|
||||||
for _, domain := range *domains {
|
firstdomain := (*domains)[0]
|
||||||
entry, err := user.GetEntry(cfg, &domain)
|
entry, err := user.GetEntry(cfg, &firstdomain)
|
||||||
|
if err != nil {
|
||||||
|
certs, err := user.RequestNewCert(cfg, domains)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
certs, err := user.RequestNewCert(cfg, &domain)
|
log.Printf("Error fetching new certificate %s\n", err)
|
||||||
if err != nil {
|
|
||||||
log.Printf("Error fetching new certificate %s\n", err)
|
|
||||||
return result, err
|
|
||||||
}
|
|
||||||
NotBefore, NotAfter, err := GetDates(certs.Certificate)
|
|
||||||
if err != nil {
|
|
||||||
log.Println("Error where parsing dates")
|
|
||||||
return result, err
|
|
||||||
}
|
|
||||||
entry := cert.Entry{Domain: certs.Domain,
|
|
||||||
Certificate: string(certs.Certificate),
|
|
||||||
PrivateKey: string(certs.PrivateKey),
|
|
||||||
ValidityBegin: NotBefore,
|
|
||||||
ValidityEnd: NotAfter,
|
|
||||||
AuthURL: cfg.ACME.AuthURL}
|
|
||||||
cfg.Db.Insert(&entry)
|
|
||||||
result[domain] = convertEntryToResponse(entry)
|
|
||||||
return result, err
|
return result, err
|
||||||
}
|
}
|
||||||
result[domain] = convertEntryToResponse(entry)
|
NotBefore, NotAfter, err := GetDates(certs.Certificate)
|
||||||
|
if err != nil {
|
||||||
|
log.Println("Error where parsing dates")
|
||||||
|
return result, err
|
||||||
|
}
|
||||||
|
entry := cert.Entry{Domain: certs.Domain,
|
||||||
|
Certificate: string(certs.Certificate),
|
||||||
|
PrivateKey: string(certs.PrivateKey),
|
||||||
|
ValidityBegin: NotBefore,
|
||||||
|
ValidityEnd: NotAfter,
|
||||||
|
AuthURL: cfg.ACME.AuthURL}
|
||||||
|
cfg.Db.Insert(&entry)
|
||||||
|
result[firstdomain] = convertEntryToResponse(entry)
|
||||||
|
return result, err
|
||||||
}
|
}
|
||||||
|
result[firstdomain] = convertEntryToResponse(entry)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user