forked from dan/liminix
90 lines
2.2 KiB
Fennel
90 lines
2.2 KiB
Fennel
(local { : view } (require :fennel))
|
|
(local { : assoc : split } (require :anoia))
|
|
|
|
(local ctx (require :openssl.ssl.context))
|
|
(local csr (require :openssl.x509.csr))
|
|
(local altname (require :openssl.x509.altname))
|
|
(local pkey (require :openssl.pkey))
|
|
(local xn (require :openssl.x509.name))
|
|
|
|
(local http (require :fetch))
|
|
|
|
(macro ncall [f]
|
|
`(case ,f
|
|
ok# ok#
|
|
(nil err#) (error err#)))
|
|
|
|
|
|
(fn x509-name [subj]
|
|
(let [n (xn.new)]
|
|
(each [_ c (ipairs (split "," subj))]
|
|
(let [(k v) (string.match c "(.-)=(.+)")]
|
|
(n:add k v)))
|
|
n))
|
|
|
|
(fn x509-altname [subj]
|
|
(let [an (altname.new)]
|
|
(each [_ c (ipairs (split "," subj))]
|
|
(let [(k v) (string.match c "(.-)=(.+)")]
|
|
(if (= k "CN") (an:add "DNS" v))))
|
|
an))
|
|
|
|
(fn parse-args [args]
|
|
(case args
|
|
["--secret" secret & rest]
|
|
(assoc (parse-args rest)
|
|
:secret (with-open [f (ncall (io.open secret :r))] (f:read "l")))
|
|
|
|
["--subject" subject & rest]
|
|
(assoc (parse-args rest) :subject subject)
|
|
|
|
["--key-out" pathname & rest]
|
|
(assoc (parse-args rest) :key-out pathname)
|
|
|
|
["--certificate-out" pathname & rest]
|
|
(assoc (parse-args rest) :certificate-out pathname)
|
|
|
|
[server] { : server }
|
|
_ {}))
|
|
|
|
|
|
(local options (parse-args arg))
|
|
|
|
(fn private-key []
|
|
(pkey.new { :type :rsa :bits 1024 }))
|
|
|
|
(fn signing-request [pk]
|
|
(doto (csr.new)
|
|
(: :setVersion 3)
|
|
(: :setSubject (x509-name options.subject))
|
|
(: :setSubjectAlt (x509-altname options.subject))
|
|
(: :setPublicKey pk)
|
|
(: :addAttribute :challengePassword [options.secret])
|
|
(: :sign pk)))
|
|
|
|
|
|
(fn http-post [url body]
|
|
(match
|
|
(http.request "POST" url
|
|
"" 0
|
|
"application/x-pem-file"
|
|
body)
|
|
s s
|
|
(nil code msg) (error (.. "Error " code " POST " url ": " msg))))
|
|
|
|
|
|
(fn run []
|
|
(let [pk (private-key)
|
|
csr (signing-request pk)
|
|
;; key-out (or options.key-out-handle io.stdout)
|
|
;; cert-out (or options.cert-out-handle io.stdout)
|
|
cert (http-post options.server (csr:toPEM))]
|
|
(with-open [f (ncall (io.open options.key-out :w))]
|
|
(f:write (pk:toPEM :private)))
|
|
(with-open [f (ncall (io.open options.certificate-out :w))]
|
|
(f:write cert))
|
|
(print "done")))
|
|
|
|
|
|
{ : run }
|