Refactor server certificates

2 files changed, 27 insertions, 63 deletions

diff --git a/examples/auth.go b/examples/auth.go
index eb7b129..4d61ea2 100644
--- a/examples/auth.go
+++ b/examples/auth.go
@@ -41,7 +41,7 @@ func main() {
 	mux.HandleFunc("/logout", logout)
 
 	var server gemini.Server
-	if err := server.CertificateStore.Load("/var/lib/gemini/certs"); err != nil {
+	if err := server.Certificates.Load("/var/lib/gemini/certs"); err != nil {
 		log.Fatal(err)
 	}
 	server.Register("localhost", &mux)
diff --git a/examples/server.go b/examples/server.go
index 11ea9ed..6c29cdd 100644
--- a/examples/server.go
+++ b/examples/server.go
@@ -3,54 +3,38 @@
 package main
 
 import (
-	"bytes"
+	"crypto"
 	"crypto/tls"
 	"crypto/x509"
 	"encoding/pem"
+	"io"
 	"log"
 	"os"
 	"time"
 
-	gmi "git.sr.ht/~adnano/go-gemini"
+	"git.sr.ht/~adnano/go-gemini"
 )
 
 func main() {
-	var server gmi.Server
-	if err := server.CertificateStore.Load("/var/lib/gemini/certs"); err != nil {
+	var server gemini.Server
+	if err := server.Certificates.Load("/var/lib/gemini/certs"); err != nil {
 		log.Fatal(err)
 	}
-	server.GetCertificate = func(hostname string, store *gmi.CertificateStore) *tls.Certificate {
-		cert, err := store.Lookup(hostname)
-		if err != nil {
-			switch err {
-			case gmi.ErrCertificateExpired:
-				// Generate a new certificate if the current one is expired.
-				log.Print("Old certificate expired, creating new one")
-				fallthrough
-			case gmi.ErrCertificateUnknown:
-				// Generate a certificate if one does not exist.
-				cert, err := gmi.CreateCertificate(gmi.CertificateOptions{
-					DNSNames: []string{hostname},
-					Duration: time.Hour,
-				})
-				if err != nil {
-					// Failed to generate new certificate, abort
-					return nil
-				}
-				// Store and return the new certificate
-				err = writeCertificate("/var/lib/gemini/certs/"+hostname, cert)
-				if err != nil {
-					return nil
-				}
-				store.Add(hostname, cert)
-				return &cert
-			}
+	server.CreateCertificate = func(hostname string) (tls.Certificate, error) {
+		fmt.Println("Generating certificate for", hostname)
+		cert, err := gemini.CreateCertificate(gemini.CertificateOptions{
+			DNSNames: []string{hostname},
+			Duration: time.Minute, // for testing purposes
+		})
+		if err == nil {
+			// Write the new certificate to disk
+			err = writeCertificate("/var/lib/gemini/certs/"+hostname, cert)
 		}
-		return cert
+		return cert, err
 	}
 
-	var mux gmi.ServeMux
-	mux.Handle("/", gmi.FileServer(gmi.Dir("/var/www")))
+	var mux gemini.ServeMux
+	mux.Handle("/", gemini.FileServer(gemini.Dir("/var/www")))
 
 	server.Register("localhost", &mux)
 	if err := server.ListenAndServe(); err != nil {
@@ -61,22 +45,13 @@ func main() {
 // writeCertificate writes the provided certificate and private key
 // to path.crt and path.key respectively.
 func writeCertificate(path string, cert tls.Certificate) error {
-	crt, err := marshalX509Certificate(cert.Leaf.Raw)
-	if err != nil {
-		return err
-	}
-	key, err := marshalPrivateKey(cert.PrivateKey)
-	if err != nil {
-		return err
-	}
-
 	// Write the certificate
 	crtPath := path + ".crt"
 	crtOut, err := os.OpenFile(crtPath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
 	if err != nil {
 		return err
 	}
-	if _, err := crtOut.Write(crt); err != nil {
+	if err := marshalX509Certificate(crtOut, cert.Leaf.Raw); err != nil {
 		return err
 	}
 
@@ -86,30 +61,19 @@ func writeCertificate(path string, cert tls.Certificate) error {
 	if err != nil {
 		return err
 	}
-	if _, err := keyOut.Write(key); err != nil {
-		return err
-	}
-	return nil
+	return marshalPrivateKey(keyOut, cert.PrivateKey)
 }
 
-// marshalX509Certificate returns a PEM-encoded version of the given raw certificate.
-func marshalX509Certificate(cert []byte) ([]byte, error) {
-	var b bytes.Buffer
-	if err := pem.Encode(&b, &pem.Block{Type: "CERTIFICATE", Bytes: cert}); err != nil {
-		return nil, err
-	}
-	return b.Bytes(), nil
+// marshalX509Certificate writes a PEM-encoded version of the given certificate.
+func marshalX509Certificate(w io.Writer, cert []byte) error {
+	return pem.Encode(w, &pem.Block{Type: "CERTIFICATE", Bytes: cert})
 }
 
-// marshalPrivateKey returns PEM encoded versions of the given certificate and private key.
-func marshalPrivateKey(priv interface{}) ([]byte, error) {
-	var b bytes.Buffer
+// marshalPrivateKey writes a PEM-encoded version of the given private key.
+func marshalPrivateKey(w io.Writer, priv crypto.PrivateKey) error {
 	privBytes, err := x509.MarshalPKCS8PrivateKey(priv)
 	if err != nil {
-		return nil, err
-	}
-	if err := pem.Encode(&b, &pem.Block{Type: "PRIVATE KEY", Bytes: privBytes}); err != nil {
-		return nil, err
+		return err
 	}
-	return b.Bytes(), nil
+	return pem.Encode(w, &pem.Block{Type: "PRIVATE KEY", Bytes: privBytes})
 }