reworked cert issuing
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/tag Build is passing

This commit is contained in:
Paul 2024-04-20 17:02:25 +02:00
parent 90bfc25975
commit af826ff457
3 changed files with 38 additions and 28 deletions

View File

@ -66,15 +66,26 @@ func (u *User) HandleRegistration(cfg *config.Config, client *lego.Client) (err
} }
// RequestNewCert returns a newly requested certificate to letsencrypt // RequestNewCert returns a newly requested certificate to letsencrypt
func (u *User) RequestNewCert(cfg *config.Config, domainname *string) (certs *certificate.Resource, err error) { func (u *User) RequestNewCert(cfg *config.Config, domainnames *[]string) (certs *certificate.Resource, err error) {
legoconfig := lego.NewConfig(u) legoconfig := lego.NewConfig(u)
legoconfig.CADirURL = cfg.ACME.AuthURL legoconfig.CADirURL = cfg.ACME.AuthURL
legoconfig.Certificate.KeyType = certcrypto.RSA2048 legoconfig.Certificate.KeyType = certcrypto.RSA2048
dom := domain.Domain{Domain: *domainname} var dom domain.Domain
_, err = cfg.Db.Get(&dom) var has bool
if err != nil { for _, d := range *domainnames {
log.Println(err) dom = domain.Domain{Domain: d}
if has, err = cfg.Db.Get(&dom); has {
break
}
if err != nil {
log.Println(err)
}
}
if !has {
err = fmt.Errorf("supplied domain not in allow domains")
return
} }
var provider challenge.Provider var provider challenge.Provider
@ -110,7 +121,7 @@ func (u *User) RequestNewCert(cfg *config.Config, domainname *string) (certs *ce
} }
request := certificate.ObtainRequest{ request := certificate.ObtainRequest{
Domains: []string{*domainname, fmt.Sprintf(`*.%s`, *domainname)}, Domains: *domainnames,
Bundle: true, Bundle: true,
} }

View File

@ -30,7 +30,7 @@ func RunServer(cfg *config.Config) (err error) {
return c.String(http.StatusOK, "Welcome to PKI software (https://git.paulbsd.com/paulbsd/pki)") return c.String(http.StatusOK, "Welcome to PKI software (https://git.paulbsd.com/paulbsd/pki)")
}) })
e.POST("/cert", func(c echo.Context) (err error) { e.POST("/cert", func(c echo.Context) (err error) {
var request EntryRequest var request = new(EntryRequest)
var result = make(map[string]EntryResponse) var result = make(map[string]EntryResponse)
err = c.Bind(&request) err = c.Bind(&request)
if err != nil { if err != nil {

View File

@ -25,31 +25,30 @@ func GetCertificate(cfg *config.Config, user *pki.User, domains *[]string) (resu
} }
result = make(map[string]EntryResponse) result = make(map[string]EntryResponse)
for _, domain := range *domains { firstdomain := (*domains)[0]
entry, err := user.GetEntry(cfg, &domain) entry, err := user.GetEntry(cfg, &firstdomain)
if err != nil {
certs, err := user.RequestNewCert(cfg, domains)
if err != nil { if err != nil {
certs, err := user.RequestNewCert(cfg, &domain) log.Printf("Error fetching new certificate %s\n", err)
if err != nil {
log.Printf("Error fetching new certificate %s\n", err)
return result, err
}
NotBefore, NotAfter, err := GetDates(certs.Certificate)
if err != nil {
log.Println("Error where parsing dates")
return result, err
}
entry := cert.Entry{Domain: certs.Domain,
Certificate: string(certs.Certificate),
PrivateKey: string(certs.PrivateKey),
ValidityBegin: NotBefore,
ValidityEnd: NotAfter,
AuthURL: cfg.ACME.AuthURL}
cfg.Db.Insert(&entry)
result[domain] = convertEntryToResponse(entry)
return result, err return result, err
} }
result[domain] = convertEntryToResponse(entry) NotBefore, NotAfter, err := GetDates(certs.Certificate)
if err != nil {
log.Println("Error where parsing dates")
return result, err
}
entry := cert.Entry{Domain: certs.Domain,
Certificate: string(certs.Certificate),
PrivateKey: string(certs.PrivateKey),
ValidityBegin: NotBefore,
ValidityEnd: NotAfter,
AuthURL: cfg.ACME.AuthURL}
cfg.Db.Insert(&entry)
result[firstdomain] = convertEntryToResponse(entry)
return result, err
} }
result[firstdomain] = convertEntryToResponse(entry)
return return
} }