Skip to content

Commit 3ec60b5

Browse files
committed
refactor: harden security, fix bugs, and improve architecture
Security: - Change private key file permissions from 0644 to 0600 - Add domain name validation to prevent path traversal attacks - Fix RSA private key JSON serialization with PEM-based round-trip - Use explicit file permissions in saveCertificateChain Bug fixes: - AddCustomCert now stores file paths in CertFile/KeyFile, not PEM content - Parse real certificate expiry from x509 instead of hardcoded 88d/1y - HTTPHandler now respects Staging flag for ACME directory URL Architecture: - Add context.Context support to IssueCert and internal ACME calls - Add in-memory certificate cache in GetCert with InvalidateCertCache - Replace log.Printf with optional Logger interface - Use client.WaitAuthorization instead of manual polling loop Tests: - Add domain validation, RSA key round-trip, and file permission tests - Update AddCustomCert test to use real self-signed certificate
1 parent 7032538 commit 3ec60b5

3 files changed

Lines changed: 371 additions & 103 deletions

File tree

0 commit comments

Comments
 (0)