Allow certificates to have the same name but different key type

4 years ago · e0ffe377a2
4 changed files with 15 additions and 7 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -15,6 +15,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

 ## [Unreleased]

+### Changed
+- Certificates are now allowed to share the same name if their respective key type is different.
+

 ## [0.14.0] - 2020-10-27

--- a/acmed/src/certificate.rs
+++ b/acmed/src/certificate.rs
@ -28,7 +28,7 @@ pub struct Certificate {

 impl fmt::Display for Certificate {
    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
-        write!(f, "{}", self.crt_name)
+        write!(f, "{}", self.get_id())
    }
 }

@ -51,6 +51,10 @@ impl HasLogger for Certificate {
 }

 impl Certificate {
+    pub fn get_id(&self) -> String {
+        format!("{}_{}", self.crt_name, self.key_type)
+    }
+
    pub fn get_identifier_from_str(&self, identifier: &str) -> Result<Identifier, Error> {
        let identifier = identifier.to_string();
        for d in self.identifiers.iter() {
--- a/acmed/src/main_event_loop.rs
+++ b/acmed/src/main_event_loop.rs
@ -95,10 +95,6 @@ impl MainEventLoop {
            let endpoint = crt.get_endpoint(&cnf, root_certs)?;
            let endpoint_name = endpoint.name.clone();
            let crt_name = crt.get_crt_name()?;
-            if certs.iter().any(|c| c.crt_name == crt_name) {
-                let msg = format!("{}: duplicate certificate name", crt_name);
-                return Err(msg.into());
-            }
            let key_type = crt.get_key_type()?;
            let hooks = crt.get_hooks(&cnf)?;
            let fm = FileManager {
@ -139,6 +135,11 @@ impl MainEventLoop {
                renew_delay: crt.get_renew_delay(&cnf)?,
                file_manager: fm,
            };
+            let crt_id = cert.get_id();
+            if certs.iter().any(|c| c.get_id() == crt_id) {
+                let msg = format!("{}: duplicate certificate id", crt_id);
+                return Err(msg.into());
+            }
            match accounts.get_mut(&crt.account) {
                Some(acc) => acc.add_endpoint_name(&endpoint_name),
                None => {
--- a/man/en/acmed.toml.5
+++ b/man/en/acmed.toml.5
@ -89,7 +89,7 @@ RS256
 .It Ic certificate
 Array of table representing a certificate that will be requested to a CA.
 .Pp
-Note that certificates are identified by the first identifier in the list of identifiers. That means that if you reorder the identifiers so that a different identifier is at the first position, a new certificate with a new name will be issued.
+Note that, by default, certificates are identified by the first identifier in the list of identifiers. That means that if you reorder the identifiers so that a different identifier is at the first position, a new certificate with a new name will be issued.
 .Bl -tag
 .It Ic account Ar string
 Name of the account to use.
@ -154,7 +154,7 @@ rsa4096
 .It Ic kp_reuse Ar boolean
 Set whether or not the private key should be reused when renewing the certificate. Default is false.
 .It Ic name
-Name of the certificate. Must be unique. Will be used in logs and in the associated file's name. The
+Name of the certificate. Must be unique unless the key type is different. Will be used in logs and in the associated file's name. The
 .Sq * ,
 .So
 :