+(defun elpher-generate-certificate (name key-file cert-file &optional temporary)
+ (let ((exp-key-file (expand-file-name key-file))
+ (exp-cert-file (expand-file-name cert-file)))
+ (call-process "openssl" nil nil nil
+ "req" "-x509" "-newkey" "rsa:2048"
+ "-days" (if temporary "1" "36500")
+ "-nodes"
+ "-subj" (concat "/CN=" name)
+ "-keyout" exp-key-file
+ "-out" exp-cert-file)
+ (list (elpher-address-host (elpher-page-address elpher-current-page))
+ temporary exp-key-file exp-cert-file)))
+
+(defun elpher-generate-throwaway-certificate ()
+ (let* ((file-base (make-temp-name "elpher"))
+ (key-file (concat temporary-file-directory file-base ".key"))
+ (cert-file (concat temporary-file-directory file-base ".crt")))
+ (elpher-generate-certificate file-base key-file cert-file t)))
+
+(defun elpher-generate-permanent-certificate (file-base)
+ (let* ((key-file (concat elpher-certificate-directory file-base ".key"))
+ (cert-file (concat elpher-certificate-directory file-base ".crt")))
+ (elpher-generate-certificate file-base key-file cert-file)))
+
+(defun elpher-get-existing-certificate (file-base)
+ (let* ((key-file (concat elpher-certificate-directory file-base ".key"))
+ (cert-file (concat elpher-certificate-directory file-base ".crt")))
+ (list (elpher-address-host (elpher-page-address elpher-current-page))
+ nil
+ (expand-file-name key-file)
+ (expand-file-name cert-file))))
+
+(defun elpher-list-existing-certificates ()
+ (mapcar
+ (lambda (file)
+ (file-name-sans-extension file))
+ (directory-files elpher-certificate-directory nil "\.key$")))
+
+
+(defun elpher-get-current-keylist (address)
+ (if elpher-client-certificate
+ (if (string= (car elpher-client-certificate)
+ (elpher-address-host address))
+ (list (cddr elpher-client-certificate))
+ (when (cadr elpher-client-certificate)
+ (delete-file (elt elpher-client-certificate 2))
+ (delete-file (elt elpher-client-certificate 3)))
+ (setq elpher-client-certificate nil)
+ (message "Disabling client certificate for new host")
+ nil)
+ nil))