acmesmith 0.1.1 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +8 -11
- data/lib/acmesmith/challenge_responders/route53.rb +1 -1
- data/lib/acmesmith/command.rb +24 -1
- data/lib/acmesmith/storages/filesystem.rb +2 -2
- data/lib/acmesmith/storages/s3.rb +3 -3
- data/lib/acmesmith/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 15df7eafe88a11896e7e28357f90cf9aae7930af
|
4
|
+
data.tar.gz: ab82e92d3d058e53b8cf506b1400cc24cdcda07e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: be000468b2e6adccdd7acd147ecd56fcf1ad27e349af8220abc93e53df7c99bba735f7d8767a2303263ab6f8eb1f9b018bbb8be5a8545d62701053edca28458b
|
7
|
+
data.tar.gz: 607b6bd951147624b728357b546d91181aad72b4fa9ee3c404eb4060500a618ca1f92d33f9a40123e2606445e4a866be8a875e6c76994fe88c7f54f0a50d8250
|
data/README.md
CHANGED
@@ -48,10 +48,12 @@ $ acmesmith request COMMON_NAME [SAN] # request certificate for CN +COMMON_N
|
|
48
48
|
```
|
49
49
|
|
50
50
|
```
|
51
|
-
$ acmesmith list [COMMON_NAME]
|
52
|
-
$ acmesmith current COMMON_NAME
|
53
|
-
$ acmesmith show-certificate COMMON_NAME
|
54
|
-
$ acmesmith show-private-key COMMON_NAME
|
51
|
+
$ acmesmith list [COMMON_NAME] # list certificates or its versions
|
52
|
+
$ acmesmith current COMMON_NAME # show current version for certificate
|
53
|
+
$ acmesmith show-certificate COMMON_NAME # show certificate
|
54
|
+
$ acmesmith show-private-key COMMON_NAME # show private key
|
55
|
+
$ acmesmith save-certificate COMMON_NAME --output=PATH # Save certificate to a file
|
56
|
+
$ acmesmith save-private-key COMMON_NAME --output=PATH # Save private key to a file
|
55
57
|
```
|
56
58
|
|
57
59
|
See `acmesmith help [subcommand]` for more help.
|
@@ -150,19 +152,14 @@ challenge_responders:
|
|
150
152
|
},
|
151
153
|
{
|
152
154
|
"Effect": "Allow",
|
153
|
-
"Action": "route53:ListHostedZones",
|
155
|
+
"Action": ["route53:ListHostedZones", "route53:GetChange"],
|
154
156
|
"Resource": "*"
|
155
|
-
}
|
157
|
+
},
|
156
158
|
{
|
157
159
|
"Effect": "Allow",
|
158
160
|
"Action": "route53:ChangeResourceRecordSets",
|
159
161
|
"Resource": ["arn:aws:route53:::hostedzone/*"]
|
160
162
|
}
|
161
|
-
{
|
162
|
-
"Effect": "Allow",
|
163
|
-
"Action": "route53:GetChange",
|
164
|
-
"Resource": "*"
|
165
|
-
}
|
166
163
|
]
|
167
164
|
}
|
168
165
|
```
|
data/lib/acmesmith/command.rb
CHANGED
@@ -8,7 +8,7 @@ require 'acme/client'
|
|
8
8
|
module Acmesmith
|
9
9
|
class Command < Thor
|
10
10
|
class_option :config, default: './acmesmith.yml', aliases: %w(-c)
|
11
|
-
class_option :passphrase_from_env, type: :boolean, aliases: %w(-E), default: false, desc: 'Read $ACMESMITH_ACCOUNT_KEY_PASSPHRASE and $
|
11
|
+
class_option :passphrase_from_env, type: :boolean, aliases: %w(-E), default: false, desc: 'Read $ACMESMITH_ACCOUNT_KEY_PASSPHRASE and $ACMESMITH_CERTIFICATE_KEY_PASSPHRASE for passphrases'
|
12
12
|
|
13
13
|
desc "register CONTACT", "Create account key (contact e.g. mailto:xxx@example.org)"
|
14
14
|
def register(contact)
|
@@ -93,6 +93,17 @@ module Acmesmith
|
|
93
93
|
end
|
94
94
|
map 'show-certiticate' => :show_certificate
|
95
95
|
|
96
|
+
desc 'save-certificate COMMON_NAME', 'Save certificate to a file'
|
97
|
+
method_option :version, type: :string, default: 'current'
|
98
|
+
method_option :output, type: :string, required: true, banner: 'PATH', desc: 'Path to output file'
|
99
|
+
method_option :mode, type: :string, default: '0600', desc: 'Mode (permission) of the output file on create'
|
100
|
+
def save_certificate(common_name)
|
101
|
+
cert = storage.get_certificate(common_name, version: options[:version])
|
102
|
+
File.open(options[:output], 'w', options[:mode].to_i(8)) do |f|
|
103
|
+
f.puts(cert.fullchain)
|
104
|
+
end
|
105
|
+
end
|
106
|
+
|
96
107
|
desc "show-private-key COMMON_NAME", "show private key"
|
97
108
|
method_option :version, type: :string, default: 'current'
|
98
109
|
def show_private_key(common_name)
|
@@ -103,6 +114,18 @@ module Acmesmith
|
|
103
114
|
end
|
104
115
|
map 'show-private-key' => :show_private_key
|
105
116
|
|
117
|
+
desc 'save-private-key COMMON_NAME', 'Save private key to a file'
|
118
|
+
method_option :version, type: :string, default: 'current'
|
119
|
+
method_option :output, type: :string, required: true, banner: 'PATH', desc: 'Path to output file'
|
120
|
+
method_option :mode, type: :string, default: '0600', desc: 'Mode (permission) of the output file on create'
|
121
|
+
def save_private_key(common_name)
|
122
|
+
cert = storage.get_certificate(common_name, version: options[:version])
|
123
|
+
cert.key_passphrase = certificate_key_passphrase if certificate_key_passphrase
|
124
|
+
File.open(options[:output], 'w', options[:mode].to_i(8)) do |f|
|
125
|
+
f.puts(cert.private_key)
|
126
|
+
end
|
127
|
+
end
|
128
|
+
|
106
129
|
# desc "autorenew", "request renewal of certificates which expires soon"
|
107
130
|
# method_option :days, alias: %w(-d), type: :integer, default: 7, desc: 'specify threshold in days to select certificates to renew'
|
108
131
|
# def autorenew
|
@@ -14,7 +14,7 @@ module Acmesmith
|
|
14
14
|
attr_reader :path
|
15
15
|
|
16
16
|
def get_account_key
|
17
|
-
raise NotExist unless account_key_path.exist?
|
17
|
+
raise NotExist.new("Account key doesn't exist") unless account_key_path.exist?
|
18
18
|
AccountKey.new account_key_path.read
|
19
19
|
end
|
20
20
|
|
@@ -37,7 +37,7 @@ module Acmesmith
|
|
37
37
|
end
|
38
38
|
|
39
39
|
def get_certificate(common_name, version: 'current')
|
40
|
-
raise NotExist unless certificate_base_path(common_name, version).exist?
|
40
|
+
raise NotExist.new("Certificate for #{common_name.inspect} of #{version} version doesn't exist") unless certificate_base_path(common_name, version).exist?
|
41
41
|
certificate = certificate_path(common_name, version).read
|
42
42
|
chain = chain_path(common_name, version).read
|
43
43
|
private_key = private_key_path(common_name, version).read
|
@@ -31,7 +31,7 @@ module Acmesmith
|
|
31
31
|
obj = @s3.get_object(bucket: bucket, key: account_key_key)
|
32
32
|
AccountKey.new obj.body.read
|
33
33
|
rescue Aws::S3::Errors::NoSuchKey
|
34
|
-
raise NotExist
|
34
|
+
raise NotExist.new("Account key doesn't exist")
|
35
35
|
end
|
36
36
|
|
37
37
|
def account_key_exist?
|
@@ -102,7 +102,7 @@ module Acmesmith
|
|
102
102
|
private_key = @s3.get_object(bucket: bucket, key: private_key_key(common_name, version)).body.read
|
103
103
|
Certificate.new(certificate, chain, private_key)
|
104
104
|
rescue Aws::S3::Errors::NoSuchKey
|
105
|
-
raise NotExist
|
105
|
+
raise NotExist.new("Certificate for #{common_name.inspect} of #{version} version doesn't exist")
|
106
106
|
end
|
107
107
|
|
108
108
|
def list_certificates
|
@@ -153,7 +153,7 @@ module Acmesmith
|
|
153
153
|
key: certificate_current_key(cn),
|
154
154
|
).body.read.chomp
|
155
155
|
rescue Aws::S3::Errors::NoSuchKey
|
156
|
-
raise NotExist
|
156
|
+
raise NotExist.new("Certificate for #{cn.inspect} of current version doesn't exist")
|
157
157
|
end
|
158
158
|
|
159
159
|
def certificate_key(cn, ver)
|
data/lib/acmesmith/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: acmesmith
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- sorah (Shota Fukumori)
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-
|
11
|
+
date: 2016-02-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: acme-client
|
@@ -153,7 +153,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
153
153
|
version: '0'
|
154
154
|
requirements: []
|
155
155
|
rubyforge_project:
|
156
|
-
rubygems_version: 2.5.
|
156
|
+
rubygems_version: 2.5.2
|
157
157
|
signing_key:
|
158
158
|
specification_version: 4
|
159
159
|
summary: ACME client (Let's encrypt client) to manage certificate in multi server
|