Mirror
/
acmed
mirror of https://github.com/breard-r/acmed.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge pull request #27 from dbrgn/log-domains 

Log certificate domains before and after renewal
pull/31/head
Rodolphe Bréard 5 years ago
committed by GitHub
parent
49eccdcf82 3e49c938ea
commit
5a3d249c44
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 16 additions and 8 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      acmed/src/acme_proto.rs
  2. 6
      acmed/src/acme_proto/account.rs
  3. 16
      acmed/src/certificate.rs

2
acmed/src/acme_proto.rs
View File

@ -210,6 +210,6 @@ pub fn request_certificate(cert: &Certificate, root_certs: &[String]) -> Result<
let (crt, _) = http::get_certificate(cert, root_certs, &crt_url, &data_builder, &nonce)?; let (crt, _) = http::get_certificate(cert, root_certs, &crt_url, &data_builder, &nonce)?;
storage::write_certificate(cert, &crt.as_bytes())?; storage::write_certificate(cert, &crt.as_bytes())?;
cert.info("Certificate renewed");
cert.info(&format!("Certificate renewed (domains: {})", cert.domain_list()));
Ok(()) Ok(())
} }

6
acmed/src/acme_proto/account.rs
View File

@ -50,13 +50,11 @@ pub fn init_account(cert: &Certificate) -> Result<(), Error> {
let sign_alg = SignatureAlgorithm::from_str(crate::DEFAULT_JWS_SIGN_ALGO)?; let sign_alg = SignatureAlgorithm::from_str(crate::DEFAULT_JWS_SIGN_ALGO)?;
let key_pair = sign_alg.gen_key_pair()?; let key_pair = sign_alg.gen_key_pair()?;
storage::set_account_keypair(cert, &key_pair)?; storage::set_account_keypair(cert, &key_pair)?;
let msg = format!("Account {} created.", &cert.account.name);
cert.info(&msg)
cert.info(&format!("Account {} created", &cert.account.name));
} else { } else {
// TODO: check if the keys are suitable for the specified signature algorithm // TODO: check if the keys are suitable for the specified signature algorithm
// and, if not, initiate a key rollover. // and, if not, initiate a key rollover.
let msg = format!("Account {} already exists.", &cert.account.name);
cert.debug(&msg)
cert.debug(&format!("Account {} already exists", &cert.account.name));
} }
Ok(()) Ok(())
} }

16
acmed/src/certificate.rs
View File

@ -105,7 +105,7 @@ impl Certificate {
fn is_expiring(&self, cert: &X509Certificate) -> Result<bool, Error> { fn is_expiring(&self, cert: &X509Certificate) -> Result<bool, Error> {
let expires_in = cert.expires_in()?; let expires_in = cert.expires_in()?;
self.debug(&format!("expires in {} days", expires_in.as_secs() / 86400));
self.debug(&format!("Certificate expires in {} days", expires_in.as_secs() / 86400));
// TODO: allow a custom duration (using time-parse ?) // TODO: allow a custom duration (using time-parse ?)
// 1814400 is 3 weeks (3 * 7 * 24 * 60 * 60) // 1814400 is 3 weeks (3 * 7 * 24 * 60 * 60)
let renewal_time = Duration::new(1_814_400, 0); let renewal_time = Duration::new(1_814_400, 0);
@ -134,7 +134,17 @@ impl Certificate {
has_miss has_miss
} }
/// Return a comma-separated list of the domains this certificate is valid for.
pub fn domain_list(&self) -> String {
self.domains
.iter()
.map(|domain| &*domain.dns)
.collect::<Vec<&str>>()
.join(",")
}
pub fn should_renew(&self) -> Result<bool, Error> { pub fn should_renew(&self) -> Result<bool, Error> {
self.debug(&format!("Checking for renewal (domains: {})", self.domain_list()));
if !certificate_files_exists(&self) { if !certificate_files_exists(&self) {
self.debug("certificate does not exist: requesting one"); self.debug("certificate does not exist: requesting one");
return Ok(true); return Ok(true);
@ -145,9 +155,9 @@ impl Certificate {
let renew = renew || self.is_expiring(&cert)?; let renew = renew || self.is_expiring(&cert)?;
if renew { if renew {
self.debug("The certificate will be renewed now.");
self.debug("The certificate will be renewed now");
} else { } else {
self.debug("The certificate will not be renewed now.");
self.debug("The certificate will not be renewed now");
} }
Ok(renew) Ok(renew)
} }

Write Preview
Loading…
Cancel
Save