dan/certifix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: dan:ba3795e3f2052e15a9c639c3557576677644030b
Branches Tags
dan:main
..
compare: dan:afd3088cee1b3beee0745686d2a51483bb22a4ac
Branches Tags
dan:main

No commits in common. "ba3795e3f2052e15a9c639c3557576677644030b" and "afd3088cee1b3beee0745686d2a51483bb22a4ac" have entirely different histories.
ba3795e3f2 ... afd3088cee

2 changed files with 21 additions and 52 deletions
Show Stats Expand all files Collapse all files

5
README.md
View File

@ -41,10 +41,11 @@ CN=CA openssl req -config openssl.cnf -x509 -new -nodes -key ca.key -sha256 -day
# create example client CSR for testing (check openssl.cnf against "psk" file) # create example client CSR for testing (check openssl.cnf against "psk" file)
CN=rotuer openssl req -config openssl.cnf -newkey rsa:2048 -nodes -keyout client.key -out client.csr CN=rotuer openssl req -config openssl.cnf -newkey rsa:2048 -nodes -keyout client.key -out client.csr
# build and start the server # start the server
nix-build && result/bin/certifix --challenge-password psk --certificate ca.crt --private-key ca.key localhost:19613 bin/certifix
# send it # send it
curl -v -H 'content-type: application/x-pem-file' --data-binary @client.csr http://localhost:8201/sign curl -v -H 'content-type: application/x-pem-file' --data-binary @client.csr http://localhost:8201/sign
``` ```

68
main.fnl
View File

@ -33,40 +33,14 @@
false) false)
(out:write_chunk text true)) (out:write_chunk text true))
(fn not-found [out] (send-error out 404 "not found"))
(fn slurp [filename] (fn slurp [filename]
(with-open [f (io.open filename "r")] (f:read "*a"))) (with-open [f (io.open filename "r")] (f:read "*a")))
(fn read-line [filename] (local ca-key (pkey.new (slurp "ca.key")))
(with-open [f (io.open filename "r")] (f:read "l"))) (local ca-crt (x509.new (slurp "ca.crt")))
(local psk (with-open [f (io.open "psk" "r")] (f:read "l")))
(fn assoc [tbl k v & more]
(tset tbl k v)
(case more
[k v] (assoc tbl k v)
_ tbl))
(fn parse-args [args]
(match args
["--certificate" f & rest]
(assoc (parse-args rest) :certificate (slurp f))
["--private-key" f & rest]
(assoc (parse-args rest) :private-key (slurp f))
["--challenge-password" f & rest]
(assoc (parse-args rest) :challenge-password (read-line f))
[bind-address] { : bind-address }
_ {}))
(local options
(doto
(parse-args arg)
(case
{: certificate : private-key : challenge-password : bind-address}
true
_
(assert nil "missing required command line params"))))
(local ca-key (pkey.new options.private-key))
(local ca-crt (x509.new options.certificate))
(fn new-crt [csr] (fn new-crt [csr]
(let [crt (let [crt
@ -84,7 +58,7 @@
(let [attr (csr:getAttributes)] (let [attr (csr:getAttributes)]
(accumulate [found false (accumulate [found false
_ v (ipairs (. attr "challengePassword"))] _ v (ipairs (. attr "challengePassword"))]
(or found (= v options.challenge-password))))) (or found (= v psk)))))
(fn handle-sign-csr [out] (fn handle-sign-csr [out]
@ -100,30 +74,24 @@
(let [hdrs (out:get_headers) (let [hdrs (out:get_headers)
method (hdrs:get ":method") method (hdrs:get ":method")
path (or (hdrs:get ":path") "/")] path (or (hdrs:get ":path") "/")]
(print :path path)
(case path (case path
"/sign" "/sign"
(handle-sign-csr out) (handle-sign-csr out)
_ _
(send-error out 404 "not found")))) (not-found out))))
;; ncall is the opposite of pcall: "non-protected call"
(macro ncall [f]
`(case ,f
ok# ok#
(nil err#) (error err#)))
(fn new-server [] (fn new-server []
(let [(addr port) (string.match options.bind-address "(.+):(%d+)$")] (server.listen
(case (server.listen {
{ :host :localhost
:host addr :port 8201
:port (tonumber port) :onstream on-stream
:onstream on-stream }))
})
f (doto f (print))
(nil e) (error e))))
(let [s (new-server)]
(ncall (s:listen)) (doto (new-server)
(: :listen)
(print "server ready") (print "server ready")
(ncall (s:loop))) (: :loop))