acmesmith 0.1.1 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 8fe41f9fc542993fc39879d1668e82c734adf0d7
-  data.tar.gz: b05f34a474211950271c627480415ed2cbd6c82d
+  metadata.gz: 15df7eafe88a11896e7e28357f90cf9aae7930af
+  data.tar.gz: ab82e92d3d058e53b8cf506b1400cc24cdcda07e
 SHA512:
-  metadata.gz: 190fc90677b2a516dc663cacc5183eca9a616fb9a40e2ca6e66cef3160fa2a08e1908d506df4dccaad0279cb8d457ec05dae43c72da8a4579e862ef6cbb5a700
-  data.tar.gz: 408e608f9791a8cbcbd3eca54e7d6ec60416c21360dbfdebdfb4b3cdec9b5c58e442803b6095ac84d2519c58ebca075b10cee9addaaca7dc3706df88d76c8468
+  metadata.gz: be000468b2e6adccdd7acd147ecd56fcf1ad27e349af8220abc93e53df7c99bba735f7d8767a2303263ab6f8eb1f9b018bbb8be5a8545d62701053edca28458b
+  data.tar.gz: 607b6bd951147624b728357b546d91181aad72b4fa9ee3c404eb4060500a618ca1f92d33f9a40123e2606445e4a866be8a875e6c76994fe88c7f54f0a50d8250

data/README.md

@@ -48,10 +48,12 @@ $ acmesmith request COMMON_NAME [SAN]     # request certificate for CN +COMMON_N
 ```
 
 ```
-$ acmesmith list [COMMON_NAME]            # list certificates or its versions
-$ acmesmith current COMMON_NAME           # show current version for certificate
-$ acmesmith show-certificate COMMON_NAME  # show certificate
-$ acmesmith show-private-key COMMON_NAME  # show private key
+$ acmesmith list [COMMON_NAME]                          # list certificates or its versions
+$ acmesmith current COMMON_NAME                         # show current version for certificate
+$ acmesmith show-certificate COMMON_NAME                # show certificate
+$ acmesmith show-private-key COMMON_NAME                # show private key
+$ acmesmith save-certificate COMMON_NAME --output=PATH  # Save certificate to a file
+$ acmesmith save-private-key COMMON_NAME --output=PATH  # Save private key to a file
 ```
 
 See `acmesmith help [subcommand]` for more help.
@@ -150,19 +152,14 @@ challenge_responders:
     },
     {
       "Effect": "Allow",
-      "Action": "route53:ListHostedZones",
+      "Action": ["route53:ListHostedZones", "route53:GetChange"],
       "Resource": "*"
-    }
+    },
     {
       "Effect": "Allow",
       "Action": "route53:ChangeResourceRecordSets",
       "Resource": ["arn:aws:route53:::hostedzone/*"]
     }
-    {
-      "Effect": "Allow",
-      "Action": "route53:GetChange",
-      "Resource": "*"
-    }
   ]
 }
 ```

data/lib/acmesmith/challenge_responders/route53.rb

@@ -118,7 +118,7 @@ module Acmesmith
 
       def hosted_zone_map
         @hosted_zone_map.map { |domain, zone_id|
-          [canonical_fqdn(domain), [zone_id]]
+          ["#{canonical_fqdn(domain)}.", [zone_id]] # XXX:
         }.to_h
       end
 

data/lib/acmesmith/command.rb

@@ -8,7 +8,7 @@ require 'acme/client'
 module Acmesmith
   class Command < Thor
     class_option :config, default: './acmesmith.yml', aliases: %w(-c)
-    class_option :passphrase_from_env,  type: :boolean, aliases: %w(-E), default: false, desc: 'Read $ACMESMITH_ACCOUNT_KEY_PASSPHRASE and $ACMESMITH_CERT_KEY_PASSPHRASE for passphrases'
+    class_option :passphrase_from_env,  type: :boolean, aliases: %w(-E), default: false, desc: 'Read $ACMESMITH_ACCOUNT_KEY_PASSPHRASE and $ACMESMITH_CERTIFICATE_KEY_PASSPHRASE for passphrases'
 
     desc "register CONTACT", "Create account key (contact e.g. mailto:xxx@example.org)"
     def register(contact)
@@ -93,6 +93,17 @@ module Acmesmith
     end
     map 'show-certiticate' => :show_certificate
 
+    desc 'save-certificate COMMON_NAME', 'Save certificate to a file'
+    method_option :version, type: :string, default: 'current'
+    method_option :output, type: :string, required: true, banner: 'PATH', desc: 'Path to output file'
+    method_option :mode, type: :string, default: '0600', desc: 'Mode (permission) of the output file on create'
+    def save_certificate(common_name)
+      cert = storage.get_certificate(common_name, version: options[:version])
+      File.open(options[:output], 'w', options[:mode].to_i(8)) do |f|
+        f.puts(cert.fullchain)
+      end
+    end
+
     desc "show-private-key COMMON_NAME", "show private key"
     method_option :version, type: :string, default: 'current'
     def show_private_key(common_name)
@@ -103,6 +114,18 @@ module Acmesmith
     end
     map 'show-private-key' => :show_private_key
 
+    desc 'save-private-key COMMON_NAME', 'Save private key to a file'
+    method_option :version, type: :string, default: 'current'
+    method_option :output, type: :string, required: true, banner: 'PATH', desc: 'Path to output file'
+    method_option :mode, type: :string, default: '0600', desc: 'Mode (permission) of the output file on create'
+    def save_private_key(common_name)
+      cert = storage.get_certificate(common_name, version: options[:version])
+      cert.key_passphrase = certificate_key_passphrase if certificate_key_passphrase
+      File.open(options[:output], 'w', options[:mode].to_i(8)) do |f|
+        f.puts(cert.private_key)
+      end
+    end
+
     # desc "autorenew", "request renewal of certificates which expires soon"
     # method_option :days, alias: %w(-d), type: :integer, default: 7, desc: 'specify threshold in days to select certificates to renew'
     # def autorenew

data/lib/acmesmith/storages/filesystem.rb

@@ -14,7 +14,7 @@ module Acmesmith
       attr_reader :path
 
       def get_account_key
-        raise NotExist unless account_key_path.exist?
+        raise NotExist.new("Account key doesn't exist") unless account_key_path.exist?
         AccountKey.new account_key_path.read
       end
 
@@ -37,7 +37,7 @@ module Acmesmith
       end
 
       def get_certificate(common_name, version: 'current')
-        raise NotExist unless certificate_base_path(common_name, version).exist?
+        raise NotExist.new("Certificate for #{common_name.inspect} of #{version} version doesn't exist") unless certificate_base_path(common_name, version).exist?
         certificate = certificate_path(common_name, version).read
         chain = chain_path(common_name, version).read
         private_key = private_key_path(common_name, version).read

data/lib/acmesmith/storages/s3.rb

@@ -31,7 +31,7 @@ module Acmesmith
         obj = @s3.get_object(bucket: bucket, key: account_key_key)
         AccountKey.new obj.body.read
       rescue Aws::S3::Errors::NoSuchKey
-        raise NotExist
+        raise NotExist.new("Account key doesn't exist")
       end
 
       def account_key_exist?
@@ -102,7 +102,7 @@ module Acmesmith
         private_key = @s3.get_object(bucket: bucket, key: private_key_key(common_name, version)).body.read
         Certificate.new(certificate, chain, private_key)
       rescue Aws::S3::Errors::NoSuchKey
-        raise NotExist
+        raise NotExist.new("Certificate for #{common_name.inspect} of #{version} version doesn't exist")
       end
 
       def list_certificates
@@ -153,7 +153,7 @@ module Acmesmith
           key: certificate_current_key(cn),
         ).body.read.chomp
       rescue Aws::S3::Errors::NoSuchKey
-        raise NotExist
+        raise NotExist.new("Certificate for #{cn.inspect} of current version doesn't exist")
       end
 
       def certificate_key(cn, ver)

data/lib/acmesmith/version.rb

@@ -1,3 +1,3 @@
 module Acmesmith
-  VERSION = "0.1.1"
+  VERSION = "0.2.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: acmesmith
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.0
 platform: ruby
 authors:
 - sorah (Shota Fukumori)
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-01-31 00:00:00.000000000 Z
+date: 2016-02-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: acme-client
@@ -153,7 +153,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.1
+rubygems_version: 2.5.2
 signing_key: 
 specification_version: 4
 summary: ACME client (Let's encrypt client) to manage certificate in multi server