acme-r53-cli 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 0bffb5e1041e5b53ca07b2bfc74e50f54f72d52ac4887d064bb9d1c2fa819a3a
+  data.tar.gz: a537081d73193d5a501dc84f3c969e4163536169cbb3cd976d5346d4be2d85ef
+SHA512:
+  metadata.gz: a10e69c4040799553083bbbb5c07f6a3ef1a6606a3400aa291174124acd8d48092ef07da6715c4fab730a55d178c714b1f12457ad2de467dd38a512a2f98c769
+  data.tar.gz: 780afcc3f216d9beb8d66f596c6a4e12b2e7dd11058154134972264b400214184ba1f19cbdf19b0d1ed26beb465d607e787da179a1515944f1fb4b03c1aab9b8

data/bin/acme-r53.rb

@@ -0,0 +1,221 @@
+#!/usr/bin/env ruby
+
+require "openssl"
+
+require "docopt"
+require "acme-client"
+require "aws-sdk-route53"
+require "pry"
+
+require "acme-cli/version"
+
+doc = <<DOCOPT
+acme.rb
+
+Usage:
+  acme.rb sign [options] <domain_name> [<alt_name>...]
+  acme.rb register [options] --email <email> [--agree-terms]
+  acme.rb -h | --help
+  acme.rb -v | --version
+
+Options:
+  -h --help                  Show this message
+  -v --version               Show the version
+  --account <account.pem>    Provide existing account key
+  --domain <domain.pem>      Provide domain private key
+  --staging                  Use LE Staging directory
+
+DOCOPT
+
+def load_key(passed_in, passed_in_path, default_path)
+  if passed_in
+    STDERR.puts "Loading #{passed_in_path}"
+    if File.file?(passed_in_path)
+      STDERR.puts "[Error]: Cannot load #{passed_in_path}"
+      exit 1
+    end
+    OpenSSL::PKey::RSA.new(File.read(passed_in_path))
+  else
+    if File.file?(default_path)
+      STDERR.puts "Loading #{default_path}"
+      OpenSSL::PKey::RSA.new(File.read(default_path))
+    else
+      STDERR.puts "Creating key #{default_path}"
+      key = OpenSSL::PKey::RSA.new(4096)
+      File.write(default_path, key)
+      key
+    end
+  end
+end
+
+def get_test_name(entry, challenge)
+  if entry.include?("*")
+    "#{challenge.record_name}.#{entry.gsub("*.", "")}"
+  else
+    "#{challenge.record_name}.#{entry}"
+  end
+end
+
+def get_csr_names(identifier)
+  if identifier.include?("*")
+    [
+      identifier
+    ]
+  else
+    [
+      identifier
+    ]
+  end
+end
+
+def get_zone_name(record)
+  parts = record.split(/\./)
+  parts.slice(parts.length - 2, parts.length - 1).join(".") + "."
+end
+
+def update_dns(entry, challenge)
+  r53 = Aws::Route53::Client.new
+  top_domain = get_zone_name(entry)
+  zone = r53.list_hosted_zones.hosted_zones.select do |zone|
+    zone.name == top_domain
+  end.first
+
+  record = get_test_name(entry, challenge)
+
+  change = r53.change_resource_record_sets({
+    change_batch: {
+      changes: [{
+        action: "CREATE",
+        resource_record_set: {
+          resource_records: [
+            {
+              value: "\"#{challenge.record_content}\"",
+            },
+          ],
+          name: record,
+          ttl: 10,
+          type: challenge.record_type
+        }
+      }]
+    },
+    hosted_zone_id: zone.id
+  })
+
+  r53.wait_until(:resource_record_sets_changed, id: change.change_info.id)
+
+  [zone.id, record, challenge.record_type, challenge.record_content]
+end
+
+def delete_dns_record(zone_id, record, type, value)
+  r53 = Aws::Route53::Client.new
+
+  r53.change_resource_record_sets({
+    change_batch: {
+      changes: [{
+        action: "DELETE",
+        resource_record_set: {
+          resource_records: [
+            {
+              value: "\"#{value}\"",
+            },
+          ],
+          name: record,
+          ttl: 10,
+          type: type
+        }
+      }]
+    },
+    hosted_zone_id: zone_id
+  })
+end
+
+options = nil
+
+begin
+  options = Docopt::docopt(doc)
+rescue Docopt::Exit => e
+  STDERR.puts e.message
+end
+
+exit 1 if options == nil
+
+if options["--version"]
+  STDERR.puts AcmeCli::Version::VERSION
+  exit 0
+end
+
+## Load account key, or create on if missing
+account_key = load_key(
+  !!options["--account"],
+  options["--account"],
+  "./account.pem"
+)
+
+directory = if options["--staging"]
+  "https://acme-staging-v02.api.letsencrypt.org/directory"
+else
+  "https://acme-v02.api.letsencrypt.org/directory"
+end
+
+client = Acme::Client.new(
+  private_key: account_key,
+  directory: directory
+)
+
+if options["register"]
+  account = client.new_account(
+    contact: "mailto:#{options["<email>"]}",
+    terms_of_service_agreed: options["--agree-terms"]
+  )
+  STDERR.puts "Created account #{account.kid}"
+elsif options["sign"]
+  identifiers = if options["<alt_name>"]
+    options["<alt_name>"].unshift(options["<domain_name>"])
+  else
+    [options["<domain_name>"]]
+  end
+  STDERR.puts "Creating order for: #{identifiers.join(", ")}"
+  order = client.new_order(identifiers: identifiers)
+
+  order.authorizations.each_with_index do |auth, idx|
+    challenge = auth.dns
+
+    STDERR.puts "Creating dns record for: #{identifiers[idx]}"
+    record_created = update_dns(identifiers[idx], challenge)
+
+    STDERR.puts "Validating dns record: #{identifiers[idx]}"
+    challenge.request_validation
+    while challenge.status == 'pending'
+      sleep(2)
+      challenge.reload
+    end
+
+    STDERR.puts "Validated dns record: #{identifiers[idx]}" if challenge.status == "valid"
+
+    STDERR.puts "Delete dns record for: #{identifiers.first}"
+    delete_dns_record(*record_created)
+
+    if challenge.status != 'valid'
+      STDERR.puts "failed challenge for #{identifiers[idx]}: #{challenge.status}"
+      exit 1
+    end
+  end
+
+  domain_key = load_key(
+    !!options["--domain"],
+    options["--domain"],
+    "./domain.pem"
+  )
+
+  STDERR.puts "Signing cert for: #{identifiers.join(", ")}"
+
+  csr = Acme::Client::CertificateRequest.new(
+    private_key: domain_key,
+    common_name: identifiers.first,
+    names: identifiers[1..-1]
+  )
+  order.finalize(csr: csr)
+  sleep(1) while order.status == 'processing'
+
+  puts order.certificate
+end

data/lib/acme-cli/cli.rb

@@ -0,0 +1,3 @@
+module AcmeCli
+
+end

data/lib/acme-cli/version.rb

@@ -0,0 +1,5 @@
+module AcmeCli
+  module Version
+    VERSION = "0.0.1"
+  end
+end

metadata

@@ -0,0 +1,89 @@
+--- !ruby/object:Gem::Specification
+name: acme-r53-cli
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Ethan Apocaca
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-05-31 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: docopt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-route53
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+- !ruby/object:Gem::Dependency
+  name: acme-client
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+description: A cli interface for ACMEv2 DNS challenges with Route53
+email: papodaca@gmail.com
+executables:
+- acme-r53.rb
+extensions: []
+extra_rdoc_files: []
+files:
+- bin/acme-r53.rb
+- lib/acme-cli/cli.rb
+- lib/acme-cli/version.rb
+homepage: https://github.com/papodaca/acme-cli
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.6
+signing_key: 
+specification_version: 4
+summary: A cli interface for ACMEv2 DNS challenges with Route53
+test_files: []