acmesmith 0.2.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +5 -2
- data/lib/acmesmith/certificate.rb +6 -0
- data/lib/acmesmith/command.rb +23 -4
- data/lib/acmesmith/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4360b52e2ad9bae70d23e26155063d46e7590fbd
|
|
4
|
+
data.tar.gz: 88e3f90208ec52d8e3509272d5bab71ee666472e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 54a4e48a88bbc94b5972dc531c5a79be4824a9146834cd7b92aa376a74f877b4143aed3221dda9f7c150495eab168044090ad3cc01ee4b9a2e4fe3ace43c1ea9
|
|
7
|
+
data.tar.gz: a43f52ebfe0b87a44f8fea7440506b8a46e930fd12fb6b8299f1316ad694cf5319b8e6cca8b14a493e8bb532a51c5281f8be5a25aa65f64e0acfa0e7d8a751b3
|
data/README.md
CHANGED
|
@@ -16,7 +16,6 @@ This tool is written in Ruby, but this saves certificates in simple scheme, so y
|
|
|
16
16
|
|
|
17
17
|
### Planned
|
|
18
18
|
|
|
19
|
-
- Automated renewal of certificates that expiring soon
|
|
20
19
|
- Automated deployments support (post issurance hook)
|
|
21
20
|
- Example shellscripts to fetch certificates
|
|
22
21
|
|
|
@@ -45,6 +44,7 @@ $ acmesmith register CONTACT # Create account key (contact e.g. mai
|
|
|
45
44
|
```
|
|
46
45
|
$ acmesmith authorize DOMAIN # Get authz for DOMAIN.
|
|
47
46
|
$ acmesmith request COMMON_NAME [SAN] # request certificate for CN +COMMON_NAME+ with SANs +SAN+
|
|
47
|
+
$ acmesmith add-san COMMON_NAME [SAN] # re-request existing certificate of CN with additional SAN(s)
|
|
48
48
|
```
|
|
49
49
|
|
|
50
50
|
```
|
|
@@ -56,6 +56,10 @@ $ acmesmith save-certificate COMMON_NAME --output=PATH # Save certificate to a
|
|
|
56
56
|
$ acmesmith save-private-key COMMON_NAME --output=PATH # Save private key to a file
|
|
57
57
|
```
|
|
58
58
|
|
|
59
|
+
```
|
|
60
|
+
$ acmesmith autorenew [-d DAYS] # Renew certificates which being expired soon
|
|
61
|
+
```
|
|
62
|
+
|
|
59
63
|
See `acmesmith help [subcommand]` for more help.
|
|
60
64
|
|
|
61
65
|
## Configuration
|
|
@@ -252,7 +256,6 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
|
|
|
252
256
|
|
|
253
257
|
- Tests
|
|
254
258
|
- Support post actions (notifying servers, deploying to somewhere, etc...)
|
|
255
|
-
- Automated renewal command (request new certificates for existing certificates that expires soon)
|
|
256
259
|
|
|
257
260
|
## Contributing
|
|
258
261
|
|
|
@@ -78,6 +78,12 @@ module Acmesmith
|
|
|
78
78
|
certificate.subject.to_a.assoc('CN')[1]
|
|
79
79
|
end
|
|
80
80
|
|
|
81
|
+
def sans
|
|
82
|
+
certificate.extensions.select { |_| _.oid == 'subjectAltName' }.flat_map do |ext|
|
|
83
|
+
ext.value.split(/,\s*/).select { |_| _.start_with?('DNS:') }.map { |_| _[4..-1] }
|
|
84
|
+
end
|
|
85
|
+
end
|
|
86
|
+
|
|
81
87
|
def version
|
|
82
88
|
"#{certificate.not_before.utc.strftime('%Y%m%d-%H%M%S')}_#{certificate.serial.to_i.to_s(16)}"
|
|
83
89
|
end
|
data/lib/acmesmith/command.rb
CHANGED
|
@@ -126,10 +126,29 @@ module Acmesmith
|
|
|
126
126
|
end
|
|
127
127
|
end
|
|
128
128
|
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
129
|
+
desc "autorenew", "request renewal of certificates which expires soon"
|
|
130
|
+
method_option :days, aliases: %w(-d), default: 7, desc: 'specify threshold in days to select certificates to renew'
|
|
131
|
+
def autorenew
|
|
132
|
+
storage.list_certificates.each do |cn|
|
|
133
|
+
puts "=> #{cn}"
|
|
134
|
+
cert = storage.get_certificate(cn)
|
|
135
|
+
not_after = cert.certificate.not_after.utc
|
|
136
|
+
|
|
137
|
+
puts " Not valid after: #{not_after}"
|
|
138
|
+
next unless (cert.certificate.not_after.utc - Time.now.utc) < (options[:days].to_i * 86400)
|
|
139
|
+
puts " * Renewing: CN=#{cert.common_name}, SANs=#{cert.sans.join(',')}"
|
|
140
|
+
request(cert.common_name, *cert.sans)
|
|
141
|
+
end
|
|
142
|
+
end
|
|
143
|
+
|
|
144
|
+
desc "add-san COMMON_NAME [ADDITIONAL_SANS]", "request renewal of existing certificate with additional SANs"
|
|
145
|
+
def add_san(common_name, *add_sans)
|
|
146
|
+
puts "=> reissuing CN=#{common_name} with new SANs #{add_sans.join(?,)}"
|
|
147
|
+
cert = storage.get_certificate(common_name)
|
|
148
|
+
sans = cert.sans + add_sans
|
|
149
|
+
puts " * SANs will be: #{sans.join(?,)}"
|
|
150
|
+
request(cert.common_name, *sans)
|
|
151
|
+
end
|
|
133
152
|
|
|
134
153
|
private
|
|
135
154
|
|
data/lib/acmesmith/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: acmesmith
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- sorah (Shota Fukumori)
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-02-
|
|
11
|
+
date: 2016-02-24 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: acme-client
|