acmesmith 0.11.0 → 0.11.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/acmesmith.gemspec +4 -2
- data/lib/acmesmith/acme_client.rb +64 -0
- data/lib/acmesmith/challenge_responders/route53.rb +1 -1
- data/lib/acmesmith/client.rb +7 -9
- data/lib/acmesmith/post_issuing_hooks/acm.rb +1 -1
- data/lib/acmesmith/storages/s3.rb +1 -1
- data/lib/acmesmith/version.rb +1 -1
- metadata +37 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 9103307f7ec55de437d48f87b97234fde521c25378ccf0d874a4dafee084bfa4
|
|
4
|
+
data.tar.gz: 3068795e54de705a900c98520c2568416ac38e63038313cee67ba43c3a6665ce
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8993dbe4814bf78af2cd5ecb03ca392fbbd1c00a8a770c596a917de37b5dca1e39568fb7b243b7223503c1378d9673f41ca91158a440fcb89f3eced562a2c6ca
|
|
7
|
+
data.tar.gz: aa3a6c64a357df063253b094f5ad85070932537e0baf8636f81d15530b080a2bd13885af4015e5e22d5f954a69f2d2143a49c631f2714bcc0ebdfd9dd03b86e8
|
data/acmesmith.gemspec
CHANGED
|
@@ -21,8 +21,10 @@ Acmesmith is an [ACME (Automatic Certificate Management Environment)](https://gi
|
|
|
21
21
|
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
|
22
22
|
spec.require_paths = ["lib"]
|
|
23
23
|
|
|
24
|
-
spec.add_dependency "acme-client"
|
|
25
|
-
spec.add_dependency "aws-sdk"
|
|
24
|
+
spec.add_dependency "acme-client", '~> 1'
|
|
25
|
+
spec.add_dependency "aws-sdk-acm"
|
|
26
|
+
spec.add_dependency "aws-sdk-route53"
|
|
27
|
+
spec.add_dependency "aws-sdk-s3"
|
|
26
28
|
spec.add_dependency "thor"
|
|
27
29
|
|
|
28
30
|
spec.add_development_dependency "bundler"
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
require 'acme-client'
|
|
2
|
+
|
|
3
|
+
module Acmesmith
|
|
4
|
+
class AcmeClient
|
|
5
|
+
# @param account_key [Acmesmith::AccountKey]
|
|
6
|
+
# @param endpoint [String]
|
|
7
|
+
def initialize(account_key, endpoint)
|
|
8
|
+
@acme = Acme::Client.new(private_key: account_key.private_key, endpoint: endpoint)
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
# @param contact [String]
|
|
12
|
+
def register(contact)
|
|
13
|
+
retry_once_on_bad_nonce do
|
|
14
|
+
@acme.register(contact: contact)
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
# @param domain [String]
|
|
19
|
+
def authorize(domain)
|
|
20
|
+
retry_once_on_bad_nonce do
|
|
21
|
+
@acme.authorize(domain: domain)
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
# @param csr [Acme::Client::CertificateRequest]
|
|
26
|
+
def new_certificate(csr)
|
|
27
|
+
retry_once_on_bad_nonce do
|
|
28
|
+
@acme.new_certificate(csr)
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
# @param challenge [Acme::Client::Resources::Challenges::Base]
|
|
33
|
+
def request_verification(challenge)
|
|
34
|
+
retry_once_on_bad_nonce do
|
|
35
|
+
challenge.request_verification
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
# @param challenge [Acme::Client::Resources::Challenges::Base]
|
|
40
|
+
def verify_status(challenge)
|
|
41
|
+
retry_once_on_bad_nonce do
|
|
42
|
+
challenge.verify_status
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
private
|
|
47
|
+
|
|
48
|
+
def retry_once_on_bad_nonce(&block)
|
|
49
|
+
retried = false
|
|
50
|
+
begin
|
|
51
|
+
block.call
|
|
52
|
+
rescue Acme::Client::Error::BadNonce => e
|
|
53
|
+
# Let's Encrypt returns badNonce error when the client sends too-old
|
|
54
|
+
# nonce. So retry the request once.
|
|
55
|
+
if retried
|
|
56
|
+
raise e
|
|
57
|
+
else
|
|
58
|
+
retried = true
|
|
59
|
+
retry
|
|
60
|
+
end
|
|
61
|
+
end
|
|
62
|
+
end
|
|
63
|
+
end
|
|
64
|
+
end
|
data/lib/acmesmith/client.rb
CHANGED
|
@@ -1,10 +1,8 @@
|
|
|
1
1
|
require 'acmesmith/account_key'
|
|
2
|
+
require 'acmesmith/acme_client'
|
|
2
3
|
require 'acmesmith/certificate'
|
|
3
|
-
|
|
4
4
|
require 'acmesmith/save_certificate_service'
|
|
5
5
|
|
|
6
|
-
require 'acme-client'
|
|
7
|
-
|
|
8
6
|
module Acmesmith
|
|
9
7
|
class Client
|
|
10
8
|
def initialize(config: nil)
|
|
@@ -13,8 +11,8 @@ module Acmesmith
|
|
|
13
11
|
|
|
14
12
|
def register(contact)
|
|
15
13
|
key = AccountKey.generate
|
|
16
|
-
acme =
|
|
17
|
-
registration = acme.register(contact
|
|
14
|
+
acme = AcmeClient.new(key, config['endpoint'])
|
|
15
|
+
registration = acme.register(contact)
|
|
18
16
|
registration.agree_terms
|
|
19
17
|
|
|
20
18
|
storage.put_account_key(key, account_key_passphrase)
|
|
@@ -24,7 +22,7 @@ module Acmesmith
|
|
|
24
22
|
|
|
25
23
|
def authorize(*domains)
|
|
26
24
|
targets = domains.map do |domain|
|
|
27
|
-
authz = acme.authorize(domain
|
|
25
|
+
authz = acme.authorize(domain)
|
|
28
26
|
challenges = [authz.http01, authz.dns01, authz.tls_sni01].compact
|
|
29
27
|
challenge = nil
|
|
30
28
|
responder = config.challenge_responders.find do |x|
|
|
@@ -40,14 +38,14 @@ module Acmesmith
|
|
|
40
38
|
|
|
41
39
|
targets.each do |target|
|
|
42
40
|
puts "=> Requesting verifications..."
|
|
43
|
-
target[:challenge]
|
|
41
|
+
acme.request_verification(target[:challenge])
|
|
44
42
|
end
|
|
45
43
|
loop do
|
|
46
44
|
all_valid = true
|
|
47
45
|
targets.each do |target|
|
|
48
46
|
next if target[:valid]
|
|
49
47
|
|
|
50
|
-
status = target[:challenge]
|
|
48
|
+
status = acme.verify_status(target[:challenge])
|
|
51
49
|
puts " * [#{target[:domain]}] verify_status: #{status}"
|
|
52
50
|
|
|
53
51
|
if status == 'valid'
|
|
@@ -232,7 +230,7 @@ module Acmesmith
|
|
|
232
230
|
end
|
|
233
231
|
|
|
234
232
|
def acme
|
|
235
|
-
@acme ||=
|
|
233
|
+
@acme ||= AcmeClient.new(account_key, config['endpoint'])
|
|
236
234
|
end
|
|
237
235
|
|
|
238
236
|
def certificate_key_passphrase
|
data/lib/acmesmith/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,17 +1,45 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: acmesmith
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.11.
|
|
4
|
+
version: 0.11.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- sorah (Shota Fukumori)
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2018-05-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: acme-client
|
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
|
16
|
+
requirements:
|
|
17
|
+
- - "~>"
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: '1'
|
|
20
|
+
type: :runtime
|
|
21
|
+
prerelease: false
|
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
23
|
+
requirements:
|
|
24
|
+
- - "~>"
|
|
25
|
+
- !ruby/object:Gem::Version
|
|
26
|
+
version: '1'
|
|
27
|
+
- !ruby/object:Gem::Dependency
|
|
28
|
+
name: aws-sdk-acm
|
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
|
30
|
+
requirements:
|
|
31
|
+
- - ">="
|
|
32
|
+
- !ruby/object:Gem::Version
|
|
33
|
+
version: '0'
|
|
34
|
+
type: :runtime
|
|
35
|
+
prerelease: false
|
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
+
requirements:
|
|
38
|
+
- - ">="
|
|
39
|
+
- !ruby/object:Gem::Version
|
|
40
|
+
version: '0'
|
|
41
|
+
- !ruby/object:Gem::Dependency
|
|
42
|
+
name: aws-sdk-route53
|
|
15
43
|
requirement: !ruby/object:Gem::Requirement
|
|
16
44
|
requirements:
|
|
17
45
|
- - ">="
|
|
@@ -25,19 +53,19 @@ dependencies:
|
|
|
25
53
|
- !ruby/object:Gem::Version
|
|
26
54
|
version: '0'
|
|
27
55
|
- !ruby/object:Gem::Dependency
|
|
28
|
-
name: aws-sdk
|
|
56
|
+
name: aws-sdk-s3
|
|
29
57
|
requirement: !ruby/object:Gem::Requirement
|
|
30
58
|
requirements:
|
|
31
|
-
- - "
|
|
59
|
+
- - ">="
|
|
32
60
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: '
|
|
61
|
+
version: '0'
|
|
34
62
|
type: :runtime
|
|
35
63
|
prerelease: false
|
|
36
64
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
65
|
requirements:
|
|
38
|
-
- - "
|
|
66
|
+
- - ">="
|
|
39
67
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: '
|
|
68
|
+
version: '0'
|
|
41
69
|
- !ruby/object:Gem::Dependency
|
|
42
70
|
name: thor
|
|
43
71
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -120,6 +148,7 @@ files:
|
|
|
120
148
|
- docs/vendor/aws.md
|
|
121
149
|
- lib/acmesmith.rb
|
|
122
150
|
- lib/acmesmith/account_key.rb
|
|
151
|
+
- lib/acmesmith/acme_client.rb
|
|
123
152
|
- lib/acmesmith/certificate.rb
|
|
124
153
|
- lib/acmesmith/challenge_responders.rb
|
|
125
154
|
- lib/acmesmith/challenge_responders/base.rb
|
|
@@ -162,7 +191,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
162
191
|
version: '0'
|
|
163
192
|
requirements: []
|
|
164
193
|
rubyforge_project:
|
|
165
|
-
rubygems_version: 2.6
|
|
194
|
+
rubygems_version: 2.7.6
|
|
166
195
|
signing_key:
|
|
167
196
|
specification_version: 4
|
|
168
197
|
summary: ACME client (Let's encrypt client) to manage certificate in multi server
|