From c8c90bc587cd7d4f7a99c398c662e00caed3570f Mon Sep 17 00:00:00 2001 From: Joe Bryan Date: Thu, 28 Jun 2018 15:56:20 -0400 Subject: [PATCH] integrates :acme with %eyre (receive new domains/orders, install certificates) --- app/acme.hoon | 24 ++++++++++++++++++++---- mar/acme/order.hoon | 9 +++++++++ sys/vane/eyre.hoon | 20 +++++++------------- 3 files changed, 36 insertions(+), 17 deletions(-) create mode 100644 mar/acme/order.hoon diff --git a/app/acme.hoon b/app/acme.hoon index dc29a65265..0c5eafc27c 100644 --- a/app/acme.hoon +++ b/app/acme.hoon @@ -1172,6 +1172,7 @@ += card $% [%hiss wire [~ ~] %httr %hiss hiss:eyre] [%well wire path (unit mime)] + [%rule wire %cert (unit [wain wain])] == :: +nonce-next: next effect to emit upon receiving nonce :: @@ -1501,6 +1502,15 @@ ?. ?=(^ rod) ~|(%no-active-order !!) =/ hed (my accept+['applicate/x-pem-file' ~] ~) (emit (request /acme/certificate/(scot %da now.bow) url %get hed ~)) + :: +install: tell %eyre about our certificate + :: + ++ install + ^+ this + ~| %install-effect-fail + ?> ?=(^ liv) + :: XX use pkcs8 + =/ key=wain (ring:en:pem:pkcs1 key.u.liv) + (emit %rule /install %cert `[key `wain`cer.u.liv]) :: +get-authz: get next ACME service domain authorization object :: ++ get-authz @@ -1743,11 +1753,10 @@ =/ cer=wain (to-wain:format q:(need r.rep)) =/ fig=config :: XX expiration date - [dom.u.rod key.u.rod cer *@da ego.u.rod] + [dom.u.rod key.u.rod cer (add now.bow ~d90) ego.u.rod] =? fig.hit ?=(^ liv) [u.liv fig.hit] - this(liv `fig, rod ~) - :: XX send configuration to eyre - :: XX other subscribers? + :: XX set renewal timer + install:effect(liv `fig, rod ~) :: +get-authz: accept ACME service authorization object :: ++ get-authz @@ -1864,6 +1873,11 @@ %finalize-trial finalize-trial:event :: XX delete-trial? == +:: +poke-acme-order: create new order for a set of domains +:: +++ poke-acme-order + |=(a=(set turf) abet:(add-order ~(tap in a))) +:: +poke-noun: for debugging :: ++ poke-noun |= a=* @@ -1882,8 +1896,10 @@ %final finalize-order:effect %poll check-order:effect %our (add-order /org/urbit/(crip +:(scow %p our.bow)) ~) + %rule install:effect %test test == +:: +poke-path: for debugging :: ++ poke-path |=(a=path abet:(add-order a ~)) diff --git a/mar/acme/order.hoon b/mar/acme/order.hoon new file mode 100644 index 0000000000..a43c30cc62 --- /dev/null +++ b/mar/acme/order.hoon @@ -0,0 +1,9 @@ +:: +:::: /mar/acme/order/hoon + :: +|_ a=(set (list @t)) +++ grab + |% + ++ noun (set (list @t)) + -- +-- diff --git a/sys/vane/eyre.hoon b/sys/vane/eyre.hoon index a37fc76c29..4d3f389c3e 100644 --- a/sys/vane/eyre.hoon +++ b/sys/vane/eyre.hoon @@ -671,10 +671,9 @@ |=(a=host ?>(?=(%& -.a) p.a)) =/ dif/(set (list @t)) (~(dif in mod) dom) =? dom ?=(^ dif) (~(uni in dom) mod) - ~& [%eyre %acme-order dom] - :: =? mow ?=(^ dif) - :: =/ cmd [%acme %poke `cage`[%acme-order !>(dom)]] - :: [[hen %pass ~ %g %deal [our our] cmd] mow] + =? mow ?=(^ dif) + =/ cmd [%acme %poke `cage`[%acme-order !>(dom)]] + :_(mow [hen %pass /acme/order %g %deal [our our] cmd]) %= +>.$ ged hen :: register external mow :_(mow [hen [%give %form fig]]) @@ -687,10 +686,8 @@ ?- -.p.kyz $cert ?: =(secure.fig p.p.kyz) +>.$ - %= +>.$ - secure.fig p.p.kyz - mow :_(mow [hen [%give %form fig]]) - == + =. secure.fig p.p.kyz + +>.$(mow :_(mow [ged [%give %form fig]])) :: $turf =/ mod/(set (list @t)) @@ -698,13 +695,10 @@ (~(put in dom) q.p.kyz) (~(del in dom) q.p.kyz) ?: =(dom mod) +>.$ - ~& [%eyre %acme-order dom] - :: =. mow - :: =/ cmd [%acme %poke `cage`[%acme-order !>(dom)]] - :: [[hen %pass ~ %g %deal [our our] cmd] mow] + =/ cmd [%acme %poke `cage`[%acme-order !>(mod)]] %= +>.$ dom mod - mow :_(mow [hen [%give %form fig]]) + mow :_(mow [hen %pass /acme/order %g %deal [our our] cmd]) == == ::