acmesmith 2.2.0 → 2.3.0

data/lib/acmesmith/ordering_service.rb

@@ -0,0 +1,104 @@
+require 'acmesmith/authorization_service'
+require 'acmesmith/certificate'
+
+module Acmesmith
+  class OrderingService
+    class NotCompleted < StandardError; end
+
+    # @param acme [Acme::Client] ACME client
+    # @param identifiers [Array<String>] Array of domain names for a ordering certificate. The first item will be a common name.
+    # @param challenge_responder_rules [Array<Acmesmith::Config::ChallengeResponderRule>] responders
+    # @param not_before [Time]
+    # @param not_after [Time]
+    def initialize(acme:, identifiers:, challenge_responder_rules:, not_before: nil, not_after: nil)
+      @acme = acme
+      @identifiers = identifiers
+      @challenge_responder_rules = challenge_responder_rules
+      @not_before = not_before
+      @not_after = not_after
+    end
+
+    attr_reader :acme, :identifiers, :challenge_responder_rules, :not_before, :not_after
+
+    def perform!
+      puts "=> Ordering a certificate for the following identifiers:"
+      puts
+      puts " * CN:  #{common_name}"
+      sans.each do |san|
+        puts " * SAN: #{san}"
+      end
+
+      puts
+      puts "=> Placing an order"
+      @order = acme.new_order(identifiers: identifiers, not_before: not_before, not_after: not_after)
+      puts " * URL: #{order.url}"
+
+      ensure_authorization()
+
+      finalize_order()
+      wait_order_for_complete()
+
+      @certificate = Certificate.by_issuance(order.certificate, csr)
+
+      puts
+      puts "=> Certificate issued"
+      nil
+    end
+
+    def ensure_authorization
+      return if order.authorizations.empty? || order.status == 'ready'
+      puts "=> Looking for required domain authorizations"
+      puts
+      order.authorizations.map(&:domain).each do |domain|
+        puts " * #{domain}"
+      end
+      puts
+
+      AuthorizationService.new(challenge_responder_rules, order.authorizations).perform!
+    end
+
+    def finalize_order
+      puts
+      puts "=> Finalizing the order"
+      puts
+      puts csr.csr.to_pem
+      puts
+
+      print " * Requesting..."
+      order.finalize(csr: csr)
+      puts" [ ok ]"
+    end
+
+    def wait_order_for_complete
+      while %w(ready processing).include?(order.status)
+        order.reload()
+        puts " * Waiting for complete: status=#{order.status}"
+        sleep 2
+      end
+    end
+
+    def certificate
+      @certificate or raise NotCompleted, "not completed yet"
+    end
+
+    # @return Acme::Client::Resources::Order[]
+    def order
+      @order or raise "BUG: order not yet generated"
+    end
+
+    # @return [String]
+    def common_name
+      identifiers.first
+    end
+
+    # @return [Array<String>]
+    def sans
+      identifiers[1..-1]
+    end
+
+    # @return [Acme::Client::CertificateRequest]
+    def csr
+      @csr ||= Acme::Client::CertificateRequest.new(subject: { common_name: common_name }, names: sans)
+    end
+  end
+end

data/lib/acmesmith/storages/base.rb

@@ -7,30 +7,45 @@ module Acmesmith
       def initialize()
       end
 
+      # @return [Acmesmith::AccountKey]
       def get_account_key
         raise NotImplementedError
       end
 
+      # @param key [Acmesmith::AccountKey]
+      # @param passphrase [String, nil]
       def put_account_key(key, passphrase = nil)
         raise NotImplementedError
       end
 
+      # @param cert [Acmesmith::Certificate]
+      # @param passphrase [String, nil]
+      # @param update_current [true, false]
       def put_certificate(cert, passphrase = nil, update_current: true)
         raise NotImplementedError
       end
 
+      # @param common_name [String]
+      # @param version [String, nil]
+      # @return [Acmesmith::Certificate]
       def get_certificate(common_name, version: 'current')
         raise NotImplementedError
       end
 
+      # @param common_name [String]
+      # @return [String] array of common_names
       def list_certificates
         raise NotImplementedError
       end
 
+      # @param common_name [String]
+      # @return [String] array of versions
       def list_certificate_versions(common_name)
         raise NotImplementedError
       end
 
+      # @param common_name [String]
+      # @return [String] current version
       def get_current_certificate_version(common_name)
         raise NotImplementedError
       end

data/lib/acmesmith/storages/s3.rb

@@ -23,7 +23,7 @@ module Acmesmith
         @kms_key_id_account = kms_key_id_account
         @kms_key_id_certificate_key = kms_key_id_certificate_key
 
-        @s3 = Aws::S3::Client.new({region: region, signature_version: 'v4'}.tap do |opt| 
+        @s3 = Aws::S3::Client.new({region: region}.tap do |opt| 
           opt[:credentials] = Aws::Credentials.new(aws_access_key['access_key_id'], aws_access_key['secret_access_key'], aws_access_key['session_token']) if aws_access_key
         end)
       end
@@ -85,10 +85,10 @@ module Acmesmith
         put.call certificate_key(cert.common_name, cert.version), "#{h[:certificate].rstrip}\n", false
         put.call chain_key(cert.common_name, cert.version), "#{h[:chain].rstrip}\n", false
         put.call fullchain_key(cert.common_name, cert.version), "#{h[:fullchain].rstrip}\n", false
-        put.call private_key_key(cert.common_name, cert.version), "#{h[:private_key].rstrip}\n", true
+        put.call private_key_key(cert.common_name, cert.version), "#{h[:private_key].rstrip}\n", use_kms
 
         if generate_pkcs12?(cert)
-          put.call pkcs12_key(cert.common_name, cert.version), "#{cert.pkcs12(@pkcs12_passphrase).to_der}\n", true, 'application/x-pkcs12'
+          put.call pkcs12_key(cert.common_name, cert.version), "#{cert.pkcs12(@pkcs12_passphrase).to_der}\n", use_kms, 'application/x-pkcs12'
         end
 
         if update_current

data/lib/acmesmith/version.rb

@@ -1,3 +1,3 @@
 module Acmesmith
-  VERSION = "2.2.0"
+  VERSION = "2.3.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: acmesmith
 version: !ruby/object:Gem::Version
-  version: 2.2.0
+  version: 2.3.0
 platform: ruby
 authors:
-- sorah (Shota Fukumori)
+- Sorah Fukumori
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-08-08 00:00:00.000000000 Z
+date: 2020-05-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: acme-client
@@ -127,7 +127,7 @@ description: 'Acmesmith is an [ACME (Automatic Certificate Management Environmen
   certificate and keys on cloud services (e.g. AWS S3) securely, then allow to deploy
   issued certificates onto your servers smoothly. This works well on [Let''s encrypt](https://letsencrypt.org).
 
-'
+  '
 email:
 - her@sorah.jp
 executables:
@@ -135,28 +135,42 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
+- ".dockerignore"
+- ".github/workflows/build.yml"
 - ".gitignore"
 - ".rspec"
 - ".travis.yml"
 - CHANGELOG.md
+- Dockerfile
 - Gemfile
+- Gemfile.lock
 - LICENSE.txt
 - README.md
 - Rakefile
 - acmesmith.gemspec
 - bin/acmesmith
 - config.sample.yml
+- docs/challenge_responders/route53.md
+- docs/examples/UpdateWindowsCertificate.ps1
+- docs/post_issuing_hooks/acm.md
+- docs/post_issuing_hooks/shell.md
+- docs/storages/filesystem.md
+- docs/storages/s3.md
 - docs/vendor/aws.md
 - lib/acmesmith.rb
 - lib/acmesmith/account_key.rb
+- lib/acmesmith/authorization_service.rb
 - lib/acmesmith/certificate.rb
+- lib/acmesmith/challenge_responder_filter.rb
 - lib/acmesmith/challenge_responders.rb
 - lib/acmesmith/challenge_responders/base.rb
 - lib/acmesmith/challenge_responders/manual_dns.rb
+- lib/acmesmith/challenge_responders/pebble_challtestsrv_dns.rb
 - lib/acmesmith/challenge_responders/route53.rb
 - lib/acmesmith/client.rb
 - lib/acmesmith/command.rb
 - lib/acmesmith/config.rb
+- lib/acmesmith/ordering_service.rb
 - lib/acmesmith/post_issueing_hooks.rb
 - lib/acmesmith/post_issueing_hooks/base.rb
 - lib/acmesmith/post_issuing_hooks.rb
@@ -191,8 +205,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.7
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: ACME client (Let's encrypt client) to manage certificate in multi server