acmesmith 0.11.0 → 0.11.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: bce001c8eca147fba2d1d2e0b43d30ebd175f096
-  data.tar.gz: 65fb44fdf5367fa3e6c66ecb837fd3119f07db76
+SHA256:
+  metadata.gz: 9103307f7ec55de437d48f87b97234fde521c25378ccf0d874a4dafee084bfa4
+  data.tar.gz: 3068795e54de705a900c98520c2568416ac38e63038313cee67ba43c3a6665ce
 SHA512:
-  metadata.gz: a544bb8d9ee438806215471846bd71dd34fcd3dc0cdd38d15a130292d255c1f221492c1c129bcdb5906ac8afc5819b161296dd0b64607ad36149966f7cf23d7e
-  data.tar.gz: ecc46f9cc09ec3630d14a3052b43b51659fdaba8716e43095bc578326e7e5fc99174da54b26d80abc1579b8bb7c35e991e405a5238a38fd7c805ca985b9fa630
+  metadata.gz: 8993dbe4814bf78af2cd5ecb03ca392fbbd1c00a8a770c596a917de37b5dca1e39568fb7b243b7223503c1378d9673f41ca91158a440fcb89f3eced562a2c6ca
+  data.tar.gz: aa3a6c64a357df063253b094f5ad85070932537e0baf8636f81d15530b080a2bd13885af4015e5e22d5f954a69f2d2143a49c631f2714bcc0ebdfd9dd03b86e8

data/acmesmith.gemspec

@@ -21,8 +21,10 @@ Acmesmith is an [ACME (Automatic Certificate Management Environment)](https://gi
   spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.add_dependency "acme-client"
-  spec.add_dependency "aws-sdk", "> 2"
+  spec.add_dependency "acme-client", '~> 1'
+  spec.add_dependency "aws-sdk-acm"
+  spec.add_dependency "aws-sdk-route53"
+  spec.add_dependency "aws-sdk-s3"
   spec.add_dependency "thor"
 
   spec.add_development_dependency "bundler"

data/lib/acmesmith/acme_client.rb

@@ -0,0 +1,64 @@
+require 'acme-client'
+
+module Acmesmith
+  class AcmeClient
+    # @param account_key [Acmesmith::AccountKey]
+    # @param endpoint [String]
+    def initialize(account_key, endpoint)
+      @acme = Acme::Client.new(private_key: account_key.private_key, endpoint: endpoint)
+    end
+
+    # @param contact [String]
+    def register(contact)
+      retry_once_on_bad_nonce do
+        @acme.register(contact: contact)
+      end
+    end
+
+    # @param domain [String]
+    def authorize(domain)
+      retry_once_on_bad_nonce do
+        @acme.authorize(domain: domain)
+      end
+    end
+
+    # @param csr [Acme::Client::CertificateRequest]
+    def new_certificate(csr)
+      retry_once_on_bad_nonce do
+        @acme.new_certificate(csr)
+      end
+    end
+
+    # @param challenge [Acme::Client::Resources::Challenges::Base]
+    def request_verification(challenge)
+      retry_once_on_bad_nonce do
+        challenge.request_verification
+      end
+    end
+
+    # @param challenge [Acme::Client::Resources::Challenges::Base]
+    def verify_status(challenge)
+      retry_once_on_bad_nonce do
+        challenge.verify_status
+      end
+    end
+
+    private
+
+    def retry_once_on_bad_nonce(&block)
+      retried = false
+      begin
+        block.call
+      rescue Acme::Client::Error::BadNonce => e
+        # Let's Encrypt returns badNonce error when the client sends too-old
+        # nonce. So retry the request once.
+        if retried
+          raise e
+        else
+          retried = true
+          retry
+        end
+      end
+    end
+  end
+end

data/lib/acmesmith/challenge_responders/route53.rb

@@ -1,6 +1,6 @@
 require 'acmesmith/challenge_responders/base'
 
-require 'aws-sdk'
+require 'aws-sdk-route53'
 
 module Acmesmith
   module ChallengeResponders

data/lib/acmesmith/client.rb

@@ -1,10 +1,8 @@
 require 'acmesmith/account_key'
+require 'acmesmith/acme_client'
 require 'acmesmith/certificate'
-
 require 'acmesmith/save_certificate_service'
 
-require 'acme-client'
-
 module Acmesmith
   class Client
     def initialize(config: nil)
@@ -13,8 +11,8 @@ module Acmesmith
 
     def register(contact)
       key = AccountKey.generate
-      acme = Acme::Client.new(private_key: key.private_key, endpoint: config['endpoint'])
-      registration = acme.register(contact: contact)
+      acme = AcmeClient.new(key, config['endpoint'])
+      registration = acme.register(contact)
       registration.agree_terms
 
       storage.put_account_key(key, account_key_passphrase)
@@ -24,7 +22,7 @@ module Acmesmith
 
     def authorize(*domains)
       targets = domains.map do |domain|
-        authz = acme.authorize(domain: domain)
+        authz = acme.authorize(domain)
         challenges = [authz.http01, authz.dns01, authz.tls_sni01].compact
         challenge = nil
         responder = config.challenge_responders.find do |x|
@@ -40,14 +38,14 @@ module Acmesmith
 
         targets.each do |target|
           puts "=> Requesting verifications..."
-          target[:challenge].request_verification
+          acme.request_verification(target[:challenge])
         end
           loop do
             all_valid = true
             targets.each do |target|
               next if target[:valid]
 
-              status = target[:challenge].verify_status
+              status = acme.verify_status(target[:challenge])
               puts " * [#{target[:domain]}] verify_status: #{status}"
 
               if status == 'valid'
@@ -232,7 +230,7 @@ module Acmesmith
     end
 
     def acme
-      @acme ||= Acme::Client.new(private_key: account_key.private_key, endpoint: config['endpoint'])
+      @acme ||= AcmeClient.new(account_key, config['endpoint'])
     end
 
     def certificate_key_passphrase

data/lib/acmesmith/post_issuing_hooks/acm.rb

@@ -1,4 +1,4 @@
-require 'aws-sdk'
+require 'aws-sdk-acm'
 require 'acmesmith/post_issuing_hooks/base'
 
 module Acmesmith

data/lib/acmesmith/storages/s3.rb

@@ -1,4 +1,4 @@
-require 'aws-sdk'
+require 'aws-sdk-s3'
 
 require 'acmesmith/storages/base'
 require 'acmesmith/account_key'

data/lib/acmesmith/version.rb

@@ -1,3 +1,3 @@
 module Acmesmith
-  VERSION = "0.11.0"
+  VERSION = "0.11.1"
 end

metadata

@@ -1,17 +1,45 @@
 --- !ruby/object:Gem::Specification
 name: acmesmith
 version: !ruby/object:Gem::Version
-  version: 0.11.0
+  version: 0.11.1
 platform: ruby
 authors:
 - sorah (Shota Fukumori)
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-08-02 00:00:00.000000000 Z
+date: 2018-05-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: acme-client
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-acm
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-route53
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -25,19 +53,19 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: aws-sdk
+  name: aws-sdk-s3
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '2'
+        version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '2'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement
@@ -120,6 +148,7 @@ files:
 - docs/vendor/aws.md
 - lib/acmesmith.rb
 - lib/acmesmith/account_key.rb
+- lib/acmesmith/acme_client.rb
 - lib/acmesmith/certificate.rb
 - lib/acmesmith/challenge_responders.rb
 - lib/acmesmith/challenge_responders/base.rb
@@ -162,7 +191,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.8
+rubygems_version: 2.7.6
 signing_key: 
 specification_version: 4
 summary: ACME client (Let's encrypt client) to manage certificate in multi server