acme-pki 0.2.2 → 0.2.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f1b3bb99647eef45519719558500aff9ce5325234ce231c0b5f7579bedfb7cc6
-  data.tar.gz: 423f0acb7ce5aba3def12e8efa3abd2a07057f9b1e1bc95edca8dcbc9c1691ba
+  metadata.gz: 7599cb3c3ceecf3e1ce1fb057339106937398c2ce6887a9f16442de981d351af
+  data.tar.gz: c81b97fc9132d5442185cfc4ea011b93175e8568dfeb582c0f1e7834ba3b2942
 SHA512:
-  metadata.gz: 91fa143f71c8efbafab9271e972590867fb0d861bda0a7158a9842db7bf37cadcedb789e0bc3c54655719812ef0669c69c1f9d35600165e1938c6b2158a97937
-  data.tar.gz: e59060943b8256352be03b51ec8d4ed1440dceed48aad0382601c288f0b7857ad02cef52e1b050ed3e1c71433c35c8d20a789624bfa08ff24802d4135fb1f47b
+  metadata.gz: ade350294c8dc14ee322120e342697d5f98b0d66cc98b611e908fda4502e011b196ca25ba0b0b548579800db9865600898cc77f3cf2a035c1ed17e36f5acfcd5
+  data.tar.gz: beeb43ea7b6d2e2f2551bc114edcc69349f7bcd85d66f54a872dce086bc062bbd56b77ae619b5344404a786c7b7e05a5ed13b9efd585bddff4f6c897321b8aa9

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    acme-pki (0.2.1)
+    acme-pki (0.2.3)
       acme-client (~> 2.0)
       colorize (~> 0.8)
       faraday_middleware (~> 0.13)

data/bin/letsencrypt

@@ -22,79 +22,82 @@ EOTEXT
 ARGV << 'help' if ARGV.length.zero?
 
 case ARGV.shift
-	when /help|-[hH]|--help/
-		puts HELP
-		exit 0
-	when 'register'
-		OptionParser.new do |opts|
-			opts.banner = "Usage: #{File.basename __FILE__} register <email>"
-		end.parse!
-		if ARGV.empty?
-			puts "An email address is required !"
-			exit -1
-		end
-		pki.register ARGV.first
-	when 'key'
-		options = OpenStruct.new type: Acme::PKI::DEFAULT_KEY_TYPE
-		OptionParser.new do |opts|
-			opts.banner = "Usage: #{File.basename __FILE__} key <domain> [options]"
-			opts.on('-r [KEYSIZE]', '--rsa [KEYSIZE]', 'RSA key, key size') { |k| options.type = [:rsa, k.to_i] }
-			opts.on('-e [CURVE]', '--ecc [CURVE]', 'ECC key, curve') { |k| options.type = [:ecc, k] }
-		end.parse!
-		if ARGV.empty?
-			puts 'A domain is required !'
-			exit -1
-    end
-		pki.generate_key ARGV.first, type: options.type
-	when 'csr'
-		options = OpenStruct.new domains: []
-		OptionParser.new do |opts|
-			opts.banner = "Usage: #{File.basename __FILE__} csr <domain> [options]"
-			opts.on('-k [KEYFILE]', '--key [KEYFILE]', 'Key file') { |k| options.key = k }
-			opts.on('-d [DOMAIN]', '--domain [DOMAIN]', 'Domain') { |d| options.domains << d }
-		end.parse!
-		if ARGV.empty?
-			puts 'A domain is required !'
-			exit -1
-		end
-		pki.generate_csr ARGV.first, key: options.key, domains: options.domains
-	when 'crt'
-		options = OpenStruct.new
-		OptionParser.new do |opts|
-			opts.banner = "Usage: #{File.basename __FILE__} crt <domain> [options]"
-			opts.on('-c [CSR]', '--csr [CSR]', 'CSR file') { |c| options.csr = c }
-		end.parse!
-		if ARGV.empty?
-			puts 'A domain is required !'
-			exit -1
-		end
-		pki.generate_crt ARGV.first, csr: options.csr
-	when 'renew'
-		options = OpenStruct.new
-		OptionParser.new do |opts|
-			opts.banner = "Usage: #{File.basename __FILE__} renew <domain> [options]"
-			opts.on('-c [CSR]', '--csr [CSR]', 'CSR file') { |c| options.csr = c }
-		end.parse!
-		if ARGV.empty?
-			puts 'A domain is required !'
-			exit -1
-		end
-		exit pki.renew(ARGV.first, csr: options.csr) ? 0 : 1
-	when 'info'
-		type = :key
-		OptionParser.new do |opts|
-			opts.banner = "Usage: #{File.basename __FILE__} info <domain> [options]"
-			opts.on('-k', '--key', 'Key information') { type = :key }
-			opts.on('-c', '--crt', 'Certificate information') { type = :crt }
-		end.parse!
-		if ARGV.empty?
-			puts 'A domain is required !'
-			exit -1
-		end
-		case type
-			when :key
-				pki.key_info pki.key ARGV.first
-			when :crt
-				pki.chain_info pki.crt ARGV.first
-		end
+when /help|-[hH]|--help/
+  puts HELP
+  exit 0
+when 'register'
+  OptionParser.new do |opts|
+    opts.banner = "Usage: #{File.basename __FILE__} register <email>"
+  end.parse!
+  if ARGV.empty?
+    puts "An email address is required !"
+    exit -1
+  end
+  pki.register ARGV.first
+when 'key'
+  options = OpenStruct.new type: Acme::PKI::DEFAULT_KEY_TYPE
+  OptionParser.new do |opts|
+    opts.banner = "Usage: #{File.basename __FILE__} key <domain> [options]"
+    opts.on('-r [KEYSIZE]', '--rsa [KEYSIZE]', 'RSA key, key size') { |k| options.type = [:rsa, k.to_i] }
+    opts.on('-e [CURVE]', '--ecc [CURVE]', 'ECC key, curve') { |k| options.type = [:ecc, k] }
+  end.parse!
+  if ARGV.empty?
+    puts 'A domain is required !'
+    exit -1
+  end
+  pki.generate_key ARGV.first, type: options.type
+when 'csr'
+  options = OpenStruct.new domains: [], adds: [], removes: []
+  OptionParser.new do |opts|
+    opts.banner = "Usage: #{File.basename __FILE__} csr <domain> [options]"
+    opts.on('-k [KEYFILE]', '--key [KEYFILE]', 'Key file') { |k| options.key = k }
+    opts.on('-d [DOMAIN]', '--domain [DOMAIN]', 'Domain') { |d| options.domains << d }
+    opts.on('-a [DOMAIN]', '--add [DOMAIN]', 'Add domain') { |d| options.adds << d }
+    opts.on('-r [DOMAIN]', '--remove [DOMAIN]', 'Remove domain') { |d| options.removes << d }
+  end.parse!
+  if ARGV.empty?
+    puts 'A domain is required !'
+    exit -1
+  end
+  pki.generate_csr ARGV.first, key: options.key, domains: options.domains,
+                   add:             options.adds, remove: options.removes
+when 'crt'
+  options = OpenStruct.new
+  OptionParser.new do |opts|
+    opts.banner = "Usage: #{File.basename __FILE__} crt <domain> [options]"
+    opts.on('-c [CSR]', '--csr [CSR]', 'CSR file') { |c| options.csr = c }
+  end.parse!
+  if ARGV.empty?
+    puts 'A domain is required !'
+    exit -1
+  end
+  pki.generate_crt ARGV.first, csr: options.csr
+when 'renew'
+  options = OpenStruct.new
+  OptionParser.new do |opts|
+    opts.banner = "Usage: #{File.basename __FILE__} renew <domain> [options]"
+    opts.on('-c [CSR]', '--csr [CSR]', 'CSR file') { |c| options.csr = c }
+  end.parse!
+  if ARGV.empty?
+    puts 'A domain is required !'
+    exit -1
+  end
+  exit pki.renew(ARGV.first, csr: options.csr) ? 0 : 1
+when 'info'
+  type = :key
+  OptionParser.new do |opts|
+    opts.banner = "Usage: #{File.basename __FILE__} info <domain> [options]"
+    opts.on('-k', '--key', 'Key information') { type = :key }
+    opts.on('-c', '--crt', 'Certificate information') { type = :crt }
+  end.parse!
+  if ARGV.empty?
+    puts 'A domain is required !'
+    exit -1
+  end
+  case type
+  when :key
+    pki.key_info pki.key ARGV.first
+  when :crt
+    pki.chain_info pki.crt ARGV.first
+  end
 end

data/lib/acme/pki.rb

@@ -89,14 +89,20 @@ module Acme
       [key_file, key]
     end
 
-    def generate_csr(csr, domains: [], key: nil)
-      key      = csr unless key
-      domains  = [csr, *domains].collect { |d| SimpleIDN.to_ascii d }
+    def generate_csr(csr, domains: [], add: [], remove: [], key: nil)
+      key = csr unless key
       csr_file = self.csr csr
       key_file = self.key key
-
       self.generate_key key unless File.exist? key_file
 
+      domains = if add.empty? && remove.empty?
+                  [csr, *domains]
+                else
+                  tmp      = OpenSSL::X509::Request.new File.read csr_file
+                  domains = self.domains tmp
+                  domains - remove + add
+                end.collect { |d| SimpleIDN.to_ascii d }
+
       self.process "Generating CSR for #{domains.join ', '} with key #{key_file} into #{csr_file}" do
         key_file    = open(key_file, 'r') { |f| OpenSSL::PKey.read f }
         csr         = OpenSSL::X509::Request.new

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: acme-pki
 version: !ruby/object:Gem::Version
-  version: 0.2.2
+  version: 0.2.3
 platform: ruby
 authors:
 - Aeris
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-05-21 00:00:00.000000000 Z
+date: 2020-06-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -131,7 +131,7 @@ homepage: https://github.com/aeris/acme-pki/
 licenses:
 - AGPL-3.0+
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -147,7 +147,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubygems_version: 3.0.3
-signing_key: 
+signing_key:
 specification_version: 4
 summary: Ruby client for Let's Encrypt
 test_files: []