feat: Potentially handle renewing certificates

2024-01-01 14:47:13 +01:00
parent 3af3f6bb7e
commit d0a24a60ed
5 changed files with 57 additions and 20 deletions
--- a/internal/certificates/certificate.go
+++ b/internal/certificates/certificate.go
@@ -18,6 +18,35 @@ import (
 	"github.com/go-acme/lego/v4/lego"
 )

+func RenewCertificate(old *CertificateWrapper, acmeClient *lego.Client) (CertificateWrapper, error) {
+	pk, _ := base64.StdEncoding.DecodeString(old.PrivateKeyEncoded)
+	res := certificate.Resource{
+		PrivateKey:  pk,
+		Certificate: old.Certificate,
+		CSR:         old.CSR,
+	}
+
+	new, err := acmeClient.Certificate.Renew(res, true, false, "")
+	if err != nil {
+		return CertificateWrapper{}, err
+	}
+
+	// Convert the new certificate into a wrapper struct
+	tlsCert, err := tls.X509KeyPair(new.Certificate, new.PrivateKey)
+	if err != nil {
+		return CertificateWrapper{}, err
+	}
+	wrapper := CertificateWrapper{
+		TlsCertificate:    &tlsCert,
+		Domain:            old.Domain,
+		NotAfter:          time.Now().Add(time.Hour * 24 * 60),
+		PrivateKeyEncoded: base64.StdEncoding.EncodeToString(new.PrivateKey),
+		Certificate:       new.Certificate,
+		CSR:               new.CSR,
+	}
+	return wrapper, nil
+}
+
 func ObtainNewCertificate(domains []string, acmeClient *lego.Client) (CertificateWrapper, error) {
 	req := certificate.ObtainRequest{
 		Domains: domains,
@@ -36,12 +65,11 @@ func ObtainNewCertificate(domains []string, acmeClient *lego.Client) (Certificat
 	wrapper := CertificateWrapper{
 		TlsCertificate: &tlsCert,
 		Domain:         cert.Domain,
-		//NotAfter: tlsCert.Leaf.NotAfter,
+		//NotAfter:        tlsCert.Leaf.NotAfter,
 		NotAfter:          time.Now().Add(time.Hour * 24 * 60),
 		PrivateKeyEncoded: base64.StdEncoding.EncodeToString(cert.PrivateKey),
 		Certificate:       cert.Certificate,
-		IssuerCertificate: cert.IssuerCertificate,
-		CertificateUrl:    cert.CertURL,
+		CSR:               cert.CSR,
 	}
 	return wrapper, nil
 }
@@ -103,7 +131,6 @@ func MakeFallbackCertificate(pagesDomain string) (*CertificateWrapper, error) {
 		NotAfter:          notAfter,
 		PrivateKeyEncoded: base64.StdEncoding.EncodeToString(certcrypto.PEMEncode(key)),
 		Certificate:       outBytes,
-		IssuerCertificate: outBytes,
-		CertificateUrl:    "localhost",
+		CSR:               []byte{},
 	}, nil
 }
--- a/internal/certificates/store.go
+++ b/internal/certificates/store.go
@@ -19,8 +19,7 @@ type CertificateWrapper struct {
 	NotAfter          time.Time        `json:"not_after"`
 	PrivateKeyEncoded string           `json:"private_key"`
 	Certificate       []byte           `json:"certificate"`
-	IssuerCertificate []byte           `json:"issuer_certificate"`
-	CertificateUrl    string           `json:"certificate_url"`
+	CSR               []byte           `json:"csr"`
 }

 // A structure to store all the certificates we know of in.