feat: update
This commit is contained in:
45
README.md
45
README.md
@@ -1,3 +1,46 @@
|
|||||||
# acme-client-rs
|
# acme-client-rs
|
||||||
|
|
||||||
ACME Client in Rust
|
ACME Client in Rust
|
||||||
|
|
||||||
|
Acme client help:
|
||||||
|
```shell
|
||||||
|
$ acme-client --help
|
||||||
|
acme-client 0.3.0
|
||||||
|
Hatter Jiang <jht5945@gmail.com>
|
||||||
|
Acme auto challenge client, acme-client can issue certificates from Let's encrypt
|
||||||
|
|
||||||
|
USAGE:
|
||||||
|
acme-client [FLAGS] [OPTIONS]
|
||||||
|
|
||||||
|
FLAGS:
|
||||||
|
--check Check cert config
|
||||||
|
-h, --help Prints help information
|
||||||
|
--hide-logo Hide logo
|
||||||
|
-v, --verbose Verbose
|
||||||
|
-V, --version Print version
|
||||||
|
|
||||||
|
OPTIONS:
|
||||||
|
-a, --algo <algo> Pki algo [default: ec384]
|
||||||
|
-c, --config <config> Cert config
|
||||||
|
--dir <dir> Account key dir [default: acme_dir]
|
||||||
|
-d, --domain <domain>... Domains
|
||||||
|
--email <email> Contract email
|
||||||
|
-m, --mode <mode> Mode [default: prod]
|
||||||
|
-p, --port <port> Http port [default: 80]
|
||||||
|
--timeout <timeout> Timeout (ms) [default: 5000]
|
||||||
|
-t, --type <type> Type http or dns [default: http]
|
||||||
|
```
|
||||||
|
|
||||||
|
签发一张证书示例
|
||||||
|
* 先将域名指向对应的服务器,保证服务器上的 `80` 端口可被互联网访问
|
||||||
|
* `acme-client --email your-email@example.com --domain your-domain.example.com`
|
||||||
|
|
||||||
|
使用参数 `--config` 时的配置文件示例:
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"certItems": [{
|
||||||
|
"path": "dir_cryptofan_org",
|
||||||
|
"dnsNames": ["cryptofan.org", "www.cryptofan.org"]
|
||||||
|
}]
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|||||||
@@ -121,7 +121,7 @@ impl CertConfigItem {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
self.algo = None;
|
self.algo = None;
|
||||||
self.public_key_algo = Some(x509_certificate.public_key_algo.clone());
|
self.public_key_algo = Some(x509_certificate.public_key_algo);
|
||||||
Ok(Some(x509_certificate))
|
Ok(Some(x509_certificate))
|
||||||
} else {
|
} else {
|
||||||
if self.common_name.is_none() {
|
if self.common_name.is_none() {
|
||||||
@@ -141,24 +141,33 @@ impl CertConfigItem {
|
|||||||
if cert_path_buff.exists() {
|
if cert_path_buff.exists() {
|
||||||
let pem = opt_result!(fs::read_to_string(cert_path_buff.clone()), "Read file: {:?}, failed: {}", cert_path_buff);
|
let pem = opt_result!(fs::read_to_string(cert_path_buff.clone()), "Read file: {:?}, failed: {}", cert_path_buff);
|
||||||
let x509_certificate = opt_result!(x509::parse_x509(&format!("{}/{}", self.path, CERT_NAME), &pem), "Parse x509: {}/{}, faield: {}", self.path, CERT_NAME);
|
let x509_certificate = opt_result!(x509::parse_x509(&format!("{}/{}", self.path, CERT_NAME), &pem), "Parse x509: {}/{}, faield: {}", self.path, CERT_NAME);
|
||||||
|
|
||||||
|
let mut self_dns_names = vec![];
|
||||||
|
let mut cert_dns_names = vec![];
|
||||||
|
|
||||||
if let Some(common_name) = &self.common_name {
|
if let Some(common_name) = &self.common_name {
|
||||||
if common_name != &x509_certificate.common_name {
|
self_dns_names.push(common_name.to_lowercase());
|
||||||
warning!("Cert: {}, common name mis-match: {} vs {}", self.path, common_name, x509_certificate.common_name);
|
}
|
||||||
return Ok(None); // request for new cert
|
cert_dns_names.push(x509_certificate.common_name.to_lowercase());
|
||||||
|
|
||||||
|
self.dns_names.as_ref().map(|dns_names| dns_names.iter().map(|n| n.to_lowercase()).map(|n| {
|
||||||
|
if !self_dns_names.contains(&n) {
|
||||||
|
self_dns_names.push(n);
|
||||||
|
}
|
||||||
|
}));
|
||||||
|
for n in &x509_certificate.alt_names {
|
||||||
|
let n = n.to_lowercase();
|
||||||
|
if !cert_dns_names.contains(&n) {
|
||||||
|
cert_dns_names.push(n);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if let Some(dns_names) = &self.dns_names {
|
|
||||||
let mut sorted_dns_names = dns_names.clone();
|
self_dns_names.sort();
|
||||||
sorted_dns_names.sort();
|
cert_dns_names.sort();
|
||||||
let mut cert_sorted_dns_names = x509_certificate.alt_names.clone();
|
|
||||||
if let Some(pos) = cert_sorted_dns_names.iter().position(|n| n == self.common_name.as_ref().unwrap()) {
|
if self_dns_names != cert_dns_names {
|
||||||
cert_sorted_dns_names.remove(pos);
|
warning!("Cert: {}, dns names mis-match, required: {:?} vs certs: {:?}", self.path, self_dns_names, cert_dns_names);
|
||||||
}
|
return Ok(None); // request for new cert
|
||||||
cert_sorted_dns_names.sort();
|
|
||||||
if sorted_dns_names != cert_sorted_dns_names {
|
|
||||||
warning!("Cert: {}, dns names mis-match: {:?} vs {:?}", self.path, sorted_dns_names, cert_sorted_dns_names);
|
|
||||||
return Ok(None); // request for new cert
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
Ok(Some(x509_certificate))
|
Ok(Some(x509_certificate))
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
@@ -188,8 +188,8 @@ async fn main() -> tide::Result<()> {
|
|||||||
}
|
}
|
||||||
let filtered_cert_config = cert_config.filter_cert_config_items(30);
|
let filtered_cert_config = cert_config.filter_cert_config_items(30);
|
||||||
for item in &filtered_cert_config.cert_items {
|
for item in &filtered_cert_config.cert_items {
|
||||||
if item.common_name.as_ref().map(|n| n.contains("*")).unwrap_or(false)
|
if item.common_name.as_ref().map(|n| n.contains('*')).unwrap_or(false)
|
||||||
|| item.dns_names.as_ref().map(|dns_names| dns_names.iter().any(|n| n.contains("*"))).unwrap_or(false) {
|
|| item.dns_names.as_ref().map(|dns_names| dns_names.iter().any(|n| n.contains('*'))).unwrap_or(false) {
|
||||||
warning!("Currently not support wide card domain name");
|
warning!("Currently not support wide card domain name");
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user