func cmdCull() {
s, err := storage.NewFDB(*stateFlag)
log.Fatale(err, "storage")
err = storageops.Cull(s, *cullSimulateFlag)
log.Fatale(err, "cull")
}
func cmdImportKey() {
s, err := storage.NewFDB(*stateFlag)
log.Fatale(err, "storage")
err = importKey(s, *importKeyArg)
log.Fatale(err, "import key")
}
func cmdReconcile() {
s, err := storage.NewFDB(*stateFlag)
log.Fatale(err, "storage")
err = storageops.Reconcile(s)
log.Fatale(err, "reconcile")
}
func cmdWant() {
s, err := storage.NewFDB(*stateFlag)
log.Fatale(err, "storage")
alreadyExists := false
s.VisitTargets(func(t *storage.Target) error {
nm := map[string]struct{}{}
for _, n := range t.Satisfy.Names {
nm[n] = struct{}{}
}
for _, w := range *wantArg {
if _, ok := nm[w]; !ok {
return nil
}
}
alreadyExists = true
return nil
})
if alreadyExists {
return
}
tgt := storage.Target{
Satisfy: storage.TargetSatisfy{
Names: *wantArg,
},
}
err = s.SaveTarget(&tgt)
log.Fatale(err, "add target")
}
func cmdUnwant() {
s, err := storage.NewFDB(*stateFlag)
log.Fatale(err, "storage")
for _, hn := range *unwantArg {
err = storageops.RemoveTargetHostname(s, hn)
log.Fatale(err, "remove target hostname ", hn)
}
}
func cmdStatus() {
s, err := storage.NewFDB(*stateFlag)
log.Fatale(err, "storage")
info := StatusString(s)
log.Fatale(err, "status")
fmt.Print(info)
}
func revokeByCertificateID(certID string) {
s, err := storage.NewFDB(*stateFlag)
log.Fatale(err, "storage")
err = storageops.RevokeByCertificateOrKeyID(s, certID)
log.Fatale(err, "revoke")
err = storageops.Reconcile(s)
log.Fatale(err, "reconcile")
}
func cmdAccountThumbprint() {
s, err := storage.NewFDB(*stateFlag)
log.Fatale(err, "storage")
s.VisitAccounts(func(a *storage.Account) error {
thumbprint, _ := acmeutils.Base64Thumbprint(a.PrivateKey)
fmt.Printf("%s\t%s\n", thumbprint, a.ID())
return nil
})
}
func determineWebroot() string {
s, err := storage.NewFDB(*stateFlag)
log.Fatale(err, "storage")
webrootPaths := s.DefaultTarget().Request.Challenge.WebrootPaths
if len(webrootPaths) > 0 {
return webrootPaths[0]
}
return responder.StandardWebrootPath
}
func cmdImportLE() {
s, err := storage.NewFDB(*stateFlag)
log.Fatale(err, "storage")
lePath := *importLEArg
accountNames, err := getLEAccountNames(lePath)
log.Fatale(err, "cannot inspect accounts directory - do you have permissions to read the Let's Encrypt directory (i.e. are you root)?")
// In order to import a Let's Encrypt state directory, we must:
// - import the account keys
// - import the certificate keys
// - import the certificates
// Import account keys.
durls := map[string]struct{}{}
for _, accountName := range accountNames {
acct, err := importLEAccount(s, lePath, accountName)
log.Fatale(err, "import account")
durls[acct.DirectoryURL] = struct{}{}
}
keyFiles, err := filepath.Glob(filepath.Join(lePath, "keys", "*.pem"))
log.Fatale(err)
// Import certificate keys.
for _, keyFile := range keyFiles {
err := importKey(s, keyFile)
log.Fatale(err, "import key")
}
// Import certificates.
certFiles, err := filepath.Glob(filepath.Join(lePath, "archive", "*", "cert*.pem"))
log.Fatale(err)
for _, certFile := range certFiles {
err := importCert(s, certFile)
log.Fatale(err, "import certificate")
}
// If there is no default provider set, and we have only one directory URL
// imported, set it as the default provider.
if len(durls) == 1 && s.DefaultTarget().Request.Provider == "" {
for p := range durls {
s.DefaultTarget().Request.Provider = p
err := s.SaveTarget(s.DefaultTarget())
log.Fatale(err, "couldn't set default provider")
break
}
}
}
func cmdWant() {
s, err := storage.NewFDB(*stateFlag)
log.Fatale(err, "storage")
tgt := storage.Target{
Satisfy: storage.TargetSatisfy{
Names: *wantArg,
},
}
err = s.SaveTarget(&tgt)
log.Fatale(err, "add target")
}
func cmdWant() {
hostnames := *wantArg
// Ensure all hostnames provided are valid.
for idx := range hostnames {
norm, err := acmeutils.NormalizeHostname(hostnames[idx])
if err != nil {
log.Fatalf("invalid hostname: %#v: %v", hostnames[idx], err)
return
}
hostnames[idx] = norm
}
// Determine whether there already exists a target satisfying all given
// hostnames or a superset thereof.
s, err := storage.NewFDB(*stateFlag)
log.Fatale(err, "storage")
alreadyExists := false
s.VisitTargets(func(t *storage.Target) error {
nm := map[string]struct{}{}
for _, n := range t.Satisfy.Names {
nm[n] = struct{}{}
}
for _, w := range hostnames {
if _, ok := nm[w]; !ok {
return nil
}
}
alreadyExists = true
return nil
})
if alreadyExists {
return
}
// Add the target.
tgt := storage.Target{
Satisfy: storage.TargetSatisfy{
Names: hostnames,
},
}
err = s.SaveTarget(&tgt)
log.Fatale(err, "add target")
}
func cmdImportPEMAccount() {
s, err := storage.NewFDB(*stateFlag)
log.Fatale(err, "storage")
f, err := os.Open(*importPEMPathArg)
log.Fatale(err, "cannot open private key file")
defer f.Close()
b, err := ioutil.ReadAll(f)
log.Fatale(err, "cannot read file")
pk, err := acmeutils.LoadPrivateKey(b)
log.Fatale(err, "cannot parse private key")
_, err = s.ImportAccount(*importPEMURLArg, pk)
log.Fatale(err, "cannot import account key")
}
func cmdImportJWKAccount() {
s, err := storage.NewFDB(*stateFlag)
log.Fatale(err, "storage")
f, err := os.Open(*importJWKPathArg)
log.Fatale(err, "cannot open private key file")
defer f.Close()
b, err := ioutil.ReadAll(f)
log.Fatale(err, "cannot read file")
k := jose.JsonWebKey{}
err = k.UnmarshalJSON(b)
log.Fatale(err, "cannot unmarshal key")
_, err = s.ImportAccount(*importJWKURLArg, k.Key)
log.Fatale(err, "cannot import account key")
}
func cmdImportLE() {
s, err := storage.NewFDB(*stateFlag)
log.Fatale(err, "storage")
lePath := *importLEArg
accountNames, err := getLEAccountNames(lePath)
log.Fatale(err, "cannot inspect accounts directory - do you have permissions to read the Let's Encrypt directory (i.e. are you root)?")
// In order to import a Let's Encrypt state directory, we must:
// - import the account keys
// - import the certificate keys
// - import the certificates
// Import account keys.
for _, accountName := range accountNames {
err := importLEAccount(s, lePath, accountName)
log.Fatale(err, "import account")
}
keyFiles, err := filepath.Glob(filepath.Join(lePath, "keys", "*.pem"))
log.Fatale(err)
// Import certificate keys.
for _, keyFile := range keyFiles {
err := importKey(s, keyFile)
log.Fatale(err, "import key")
}
// Import certificates.
certFiles, err := filepath.Glob(filepath.Join(lePath, "archive", "*", "cert*.pem"))
log.Fatale(err)
for _, certFile := range certFiles {
err := importCert(s, certFile)
log.Fatale(err, "import certificate")
}
}
func cmdQuickstart() {
s, err := storage.NewFDB(*stateFlag)
log.Fatale(err, "storage")
serverURL := promptServerURL()
s.DefaultTarget().Request.Provider = serverURL
err = s.SaveTarget(s.DefaultTarget())
log.Fatale(err, "set provider URL")
// key type
keyType := promptKeyType()
switch keyType {
case "rsa":
s.DefaultTarget().Request.Key.Type = "rsa"
rsaKeySize := promptRSAKeySize()
if rsaKeySize != 0 {
s.DefaultTarget().Request.Key.RSASize = rsaKeySize
err = s.SaveTarget(s.DefaultTarget())
log.Fatale(err, "set preferred RSA Key size")
}
case "ecdsa":
s.DefaultTarget().Request.Key.Type = "ecdsa"
ecdsaCurve := promptECDSACurve()
if ecdsaCurve != "" {
s.DefaultTarget().Request.Key.ECDSACurve = ecdsaCurve
err = s.SaveTarget(s.DefaultTarget())
log.Fatale(err, "set preferred ECDSA curve")
}
}
// hook method
method := promptHookMethod()
var webroot []string
switch method {
case "webroot":
webroot = []string{promptWebrootDir()}
}
if len(webroot) != 0 {
err = os.MkdirAll(webroot[0], 0755)
log.Fatale(err, "couldn't create webroot path")
}
s.DefaultTarget().Request.Challenge.WebrootPaths = webroot
err = s.SaveTarget(s.DefaultTarget())
log.Fatale(err, "set webroot path")
prog, err := interaction.Auto.Status(&interaction.StatusInfo{
Title: "Registering account...",
})
log.Fatale(err, "status")
prog.SetProgress(0, 1)
err = storageops.EnsureRegistration(s)
log.Fatale(err, "couldn't complete registration")
prog.SetProgress(1, 1)
prog.Close()
if method == "redirector" {
promptSystemd()
}
installDefaultHooks()
if promptInstallCombinedHooks() {
installCombinedHooks()
}
promptCron()
promptGettingStarted()
}