acmesmith 0.1.0 → 0.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9b35c4efa4b6c3d0c52ef547957374b6b004c29f
-  data.tar.gz: 09aa0fe3f0ff3030189c79b530d082468950a2f7
+  metadata.gz: 8fe41f9fc542993fc39879d1668e82c734adf0d7
+  data.tar.gz: b05f34a474211950271c627480415ed2cbd6c82d
 SHA512:
-  metadata.gz: fe49168655a265f35c1db3769260036f903cb4df15b82bfe6363c6462c0e140c1199de3ccaf0e5a141eedd382e70dfe5b7ae2efbdbdc0c7608b92d876d7cb0b2
-  data.tar.gz: 500736e89be09e585d115391cfc08e999c8d4d6c435c900c639088b3808e369ff43cebc4892ee29882e14d64fea8c2a3c2a4bc54d688f1a01084301bcf071398
+  metadata.gz: 190fc90677b2a516dc663cacc5183eca9a616fb9a40e2ca6e66cef3160fa2a08e1908d506df4dccaad0279cb8d457ec05dae43c72da8a4579e862ef6cbb5a700
+  data.tar.gz: 408e608f9791a8cbcbd3eca54e7d6ec60416c21360dbfdebdfb4b3cdec9b5c58e442803b6095ac84d2519c58ebca075b10cee9addaaca7dc3706df88d76c8468

data/.gitignore

@@ -7,6 +7,7 @@
 /pkg/
 /spec/reports/
 /tmp/
+acmesmith.yml
 config.yml
 config.dev.yml
 /storage/

data/README.md

@@ -4,6 +4,22 @@ Acmesmith is an [ACME (Automatic Certificate Management Environment)](https://gi
 
 This tool is written in Ruby, but this saves certificates in simple scheme, so you can fetch certificate by your own simple scripts.
 
+## Features
+
+- ACME client designed to work on multiple servers
+- ACME registration, domain authorization, certificate requests 
+  - Tested against [Let's encrypt](https://letsencrypt.org)
+- Storing keys in several ways
+  - Currently AWS S3 is supported
+- Challenge response
+  - Currently `dns-01` with AWS Route 53 is supported
+
+### Planned
+
+- Automated renewal of certificates that expiring soon
+- Automated deployments support (post issurance hook)
+- Example shellscripts to fetch certificates
+
 ## Installation
 
 Add this line to your application's Gemfile:
@@ -38,9 +54,11 @@ $ acmesmith show-certificate COMMON_NAME  # show certificate
 $ acmesmith show-private-key COMMON_NAME  # show private key
 ```
 
+See `acmesmith help [subcommand]` for more help.
+
 ## Configuration
 
-See [config.sample.yml](./config.sample.yml) to start.
+See [config.sample.yml](./config.sample.yml) to start. Default configuration file is `./acmesmith.yml`.
 
 ``` yaml
 endpoint: https://acme-staging.api.letsencrypt.org/

data/lib/acmesmith/command.rb

@@ -7,7 +7,8 @@ require 'acme/client'
 
 module Acmesmith
   class Command < Thor
-    class_option :config, default: './acmesmith.yml'
+    class_option :config, default: './acmesmith.yml', aliases: %w(-c)
+    class_option :passphrase_from_env,  type: :boolean, aliases: %w(-E), default: false, desc: 'Read $ACMESMITH_ACCOUNT_KEY_PASSPHRASE and $ACMESMITH_CERT_KEY_PASSPHRASE for passphrases'
 
     desc "register CONTACT", "Create account key (contact e.g. mailto:xxx@example.org)"
     def register(contact)
@@ -16,7 +17,7 @@ module Acmesmith
       registration = acme.register(contact: contact)
       registration.agree_terms
 
-      storage.put_account_key(key, config['account_key_passphrase'])
+      storage.put_account_key(key, account_key_passphrase)
       puts "Generated:\n#{key.private_key.public_key.to_pem}"
     end
 
@@ -52,7 +53,7 @@ module Acmesmith
       acme_cert = acme.new_certificate(csr)
 
       cert = Certificate.from_acme_client_certificate(acme_cert)
-      storage.put_certificate(cert, config['certificate_key_passphrase'])
+      storage.put_certificate(cert, certificate_key_passphrase)
 
       puts cert.certificate.to_text
       puts cert.certificate.to_pem
@@ -96,7 +97,7 @@ module Acmesmith
     method_option :version, type: :string, default: 'current'
     def show_private_key(common_name)
       cert = storage.get_certificate(common_name, version: options[:version])
-      cert.key_passphrase = config['certificate_key_passphrase'] if config['certificate_key_passphrase']
+      cert.key_passphrase = certificate_key_passphrase if certificate_key_passphrase
 
       puts cert.private_key.to_pem
     end
@@ -119,12 +120,28 @@ module Acmesmith
 
     def account_key
       @account_key ||= storage.get_account_key.tap do |x|
-        x.key_passphrase = config['account_key_passphrase'] if config['account_key_passphrase']
+        x.key_passphrase = account_key_passphrase if account_key_passphrase
       end
     end
 
     def acme
       @acme ||= Acme::Client.new(private_key: account_key.private_key, endpoint: config['endpoint'])
     end
+
+    def certificate_key_passphrase
+      if options[:passphrase_from_env]
+        ENV['ACMESMITH_CERTIFICATE_KEY_PASSPHRASE'] || config['certificate_key_passphrase']
+      else
+        config['certificate_key_passphrase']
+      end
+    end
+
+    def account_key_passphrase
+      if options[:passphrase_from_env]
+        ENV['ACMESMITH_ACCOUNT_KEY_PASSPHRASE'] || config['account_key_passphrase']
+      else
+        config['account_key_passphrase']
+      end
+    end
   end
 end

data/lib/acmesmith/storages/s3.rb

@@ -113,7 +113,7 @@ module Acmesmith
           prefix: certs_prefix,
         ).each.flat_map do |page|
           regexp = /\A#{Regexp.escape(certs_prefix)}/
-          page.common_prefixes.map { |_| _.sub(regexp, '').sub(/\/.+\z/, '') }.uniq
+          page.common_prefixes.map { |_| _.prefix.sub(regexp, '').sub(/\/.+\z/, '').sub(/\/\z/, '') }.uniq
         end
       end
 
@@ -125,7 +125,7 @@ module Acmesmith
           prefix: cert_ver_prefix,
         ).each.flat_map do |page|
           regexp = /\A#{Regexp.escape(cert_ver_prefix)}/
-          page.common_prefixes.map { |_| _.sub(regexp, '').sub(/\/.+\z/, '') }.uniq
+          page.common_prefixes.map { |_| _.prefix.sub(regexp, '').sub(/\/.+\z/, '').sub(/\/\z/, '') }.uniq
         end.reject { |_| _ == 'current' }
       end
 

data/lib/acmesmith/version.rb

@@ -1,3 +1,3 @@
 module Acmesmith
-  VERSION = "0.1.0"
+  VERSION = "0.1.1"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: acmesmith
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
 platform: ruby
 authors:
 - sorah (Shota Fukumori)