apartment_acme_client 0.0.5 → 0.0.7

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +0 -3
  3. data/Rakefile +1 -1
  4. data/lib/apartment_acme_client/acme_client/real_client.rb +1 -0
  5. data/lib/apartment_acme_client/certificate_storage/s3.rb +1 -2
  6. data/lib/apartment_acme_client/dns_api/check_dns.rb +1 -1
  7. data/lib/apartment_acme_client/dns_api/route53.rb +2 -3
  8. data/lib/apartment_acme_client/encryption.rb +19 -8
  9. data/lib/apartment_acme_client/renewal_service.rb +4 -0
  10. data/lib/apartment_acme_client/version.rb +1 -1
  11. metadata +5 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 66eaebf9ae761526e149a5bedd237deee499a95107edb9ce3c1e3916e29c058b
4
- data.tar.gz: 4ab90728f136c38b453a24f54b760c84539c4333ae0cb24ba4122dcb54c124b6
3
+ metadata.gz: b3d126738e9200783bf929ef8f8e6dd406a9aec36e6e2cfab24e4791a7807e79
4
+ data.tar.gz: 89d4ba2e18df6deb075c0c6648f8eb08b6daae092b6d9809a4a34ecab0b1f7a4
5
5
  SHA512:
6
- metadata.gz: ff22698eadfef2b8b2e6d0c25793ad5bb1228ff66262c039ef01b969aabb42458caf4d3e6f0f8485a4eca5273b878328661437fe4591f6d809317a44811f1ae1
7
- data.tar.gz: 870ed58bb9befb87b788fa1976f4fd73b052982cc1b57be889c2783a1ec55372ce24d155b286fd5937c24bb910bbb69ece5cf101b3e7e298d8117adc51d7f100
6
+ metadata.gz: 6817464fa2b8b43627c511c5b81182d2da6ded01e0ec0a207dc0f4008b7e677d914a3a7e0b7c10cf29d4dd93114d160f07f38e8fdc50109bd31d3b0c251f874a
7
+ data.tar.gz: d197fc06dd5b544b44ef575c73140e364ebbe1a50852df103f8e828c220bc2beb6bc97233dee0ab5d7a2c619700d1003ef919f6b6c022a514bb5aae7b3fd7e60
data/README.md CHANGED
@@ -314,6 +314,3 @@ Aws.config.update(
314
314
  )
315
315
  )
316
316
  ```
317
-
318
- TODO
319
- - Get CI running
data/Rakefile CHANGED
@@ -8,7 +8,7 @@ require 'rdoc/task'
8
8
 
9
9
  RDoc::Task.new(:rdoc) do |rdoc|
10
10
  rdoc.rdoc_dir = 'rdoc'
11
- rdoc.title = 'ApartmentAcmeClien'
11
+ rdoc.title = 'ApartmentAcmeClient'
12
12
  rdoc.options << '--line-numbers'
13
13
  rdoc.rdoc_files.include('README.md')
14
14
  rdoc.rdoc_files.include('lib/**/*.rb')
data/lib/apartment_acme_client/acme_client/real_client.rb CHANGED
@@ -6,6 +6,7 @@ module ApartmentAcmeClient
6
6
  module AcmeClient
7
7
  class RealClient
8
8
  attr_reader :csr_private_key
9
+
9
10
  def initialize(acme_client_private_key:, csr_private_key:)
10
11
  @client = Acme::Client.new(
11
12
  private_key: acme_client_private_key,
data/lib/apartment_acme_client/certificate_storage/s3.rb CHANGED
@@ -81,8 +81,7 @@ module ApartmentAcmeClient
81
81
 
82
82
  def s3_file(filename)
83
83
  s3 = Aws::S3::Resource.new(region: ApartmentAcmeClient.aws_region)
84
- object = s3.bucket(ApartmentAcmeClient.aws_bucket).object(filename)
85
- object
84
+ s3.bucket(ApartmentAcmeClient.aws_bucket).object(filename)
86
85
  end
87
86
  end
88
87
  end
data/lib/apartment_acme_client/dns_api/check_dns.rb CHANGED
@@ -51,7 +51,7 @@ module ApartmentAcmeClient
51
51
  @nameservers
52
52
  end
53
53
 
54
- def wait_for_present(value, timeout_seconds: 60)
54
+ def wait_for_present(value, timeout_seconds: 120)
55
55
  time = 1
56
56
  until check_dns(value)
57
57
  puts "Waiting for DNS to update"
data/lib/apartment_acme_client/dns_api/route53.rb CHANGED
@@ -26,8 +26,7 @@ module ApartmentAcmeClient
26
26
  @values = values
27
27
  end
28
28
 
29
- # NOTE:
30
- # if you get error like:
29
+ # NOTE: If you get error like:
31
30
  #
32
31
  # "Invalid Resource Record: FATAL problem:
33
32
  # InvalidCharacterString
@@ -71,7 +70,7 @@ module ApartmentAcmeClient
71
70
  end
72
71
 
73
72
  def route53
74
- # Note: The `region` doesn't matter, because Route53 is global.
73
+ # NOTE: The `region` doesn't matter, because Route53 is global.
75
74
  @route53 ||= Aws::Route53::Client.new(region: 'us-east-1')
76
75
  end
77
76
 
data/lib/apartment_acme_client/encryption.rb CHANGED
@@ -48,7 +48,7 @@ module ApartmentAcmeClient
48
48
  # params:
49
49
  # - authorizations - a list of authorizations, which may be http or dns based (ignore the non-wildcard ones)
50
50
  # - wildcard_domain - the url of the wildcard's base domain (e.g. "site.example.com")
51
- def authorize_domains_with_dns(authorizations, wildcard_domain:) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
51
+ def authorize_domains_with_dns(authorizations, wildcard_domain:) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength, Metrics/PerceivedComplexity, Metrics/CyclomaticComplexity
52
52
  label = nil
53
53
  record_type = nil
54
54
  values = []
@@ -67,7 +67,7 @@ module ApartmentAcmeClient
67
67
  values << value
68
68
  end
69
69
 
70
- return unless values.any?
70
+ return true unless values.any?
71
71
 
72
72
  route53 = ApartmentAcmeClient::DnsApi::Route53.new(
73
73
  requested_domain: wildcard_domain,
@@ -76,18 +76,21 @@ module ApartmentAcmeClient
76
76
  values: values
77
77
  )
78
78
 
79
+ puts "writing #{label} to Route53"
79
80
  route53.write_record
80
81
 
81
82
  check_dns = ApartmentAcmeClient::DnsApi::CheckDns.new(wildcard_domain, label)
82
83
 
83
84
  check_dns.wait_for_present(values.first)
85
+ puts "waiting 60 seconds before requesting DNS check from LetsEncrypt"
86
+ sleep(60)
84
87
 
85
88
  if check_dns.check_dns(values.first)
86
89
  # DNS is updated, proceed with cert request
87
90
  dns_authorizations.each do |domain_authorization|
88
91
  domain_authorization.request_validation
89
92
 
90
- 30.times do
93
+ 60.times do
91
94
  # may be 'pending' initially
92
95
  break if domain_authorization.status == 'valid'
93
96
 
@@ -108,9 +111,10 @@ module ApartmentAcmeClient
108
111
  # returns true on success, false otherwise.
109
112
  #
110
113
  # from https://github.com/unixcharles/acme-client/tree/master#authorize-for-domain
111
- def authorize_domain_with_http(domain_authorization)
114
+ def authorize_domain_with_http(domain_authorization) # rubocop:disable Metrics/MethodLength
112
115
  challenge = domain_authorization.http
113
116
 
117
+ puts "authorizing Domain: #{domain_authorization.domain}"
114
118
  # The http method will require you to respond to a HTTP request.
115
119
 
116
120
  # You can retrieve the challenge token
@@ -148,7 +152,10 @@ module ApartmentAcmeClient
148
152
 
149
153
  30.times do
150
154
  # may be 'pending' initially
151
- break if challenge.status == 'valid'
155
+ if challenge.status == 'valid'
156
+ puts "authorized!"
157
+ break
158
+ end
152
159
 
153
160
  puts "Waiting for letsencrypt to authorize the single domain. Status: #{challenge.status}"
154
161
 
@@ -179,10 +186,14 @@ module ApartmentAcmeClient
179
186
 
180
187
  authorize_domain_with_http(authorization)
181
188
  end
182
- # Do the DNS (wildcard) authorizations
183
- authorize_domains_with_dns(order.authorizations, wildcard_domain: wildcard_domain)
184
189
 
185
- client.request_certificate(common_name: common_name, names: domain_names_requested, order: order)
190
+ # Do the DNS (wildcard) authorizations
191
+ if authorize_domains_with_dns(order.authorizations, wildcard_domain: wildcard_domain)
192
+ client.request_certificate(common_name: common_name, names: domain_names_requested, order: order)
193
+ else # rubocop:disable Style/EmptyElse
194
+ # error, not authorized
195
+ nil
196
+ end
186
197
  end
187
198
 
188
199
  # for use in order to store this on the machine for NGINX use
data/lib/apartment_acme_client/renewal_service.rb CHANGED
@@ -14,6 +14,10 @@ module ApartmentAcmeClient
14
14
  domains: good_domains,
15
15
  wildcard_domain: ApartmentAcmeClient.wildcard_domain
16
16
  )
17
+ if certificate.nil?
18
+ puts "ERROR, no certificate returned aborting"
19
+ return
20
+ end
17
21
 
18
22
  ApartmentAcmeClient::CertificateStorage::Proxy.singleton.store_certificate_string(certificate)
19
23
  ApartmentAcmeClient::CertificateStorage::Proxy.singleton.store_csr_private_key_string(encryptor.csr_private_key_string)
data/lib/apartment_acme_client/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module ApartmentAcmeClient
2
- VERSION = '0.0.5'
2
+ VERSION = '0.0.7'
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: apartment_acme_client
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.5
4
+ version: 0.0.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Robin Dunlop
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-01-20 00:00:00.000000000 Z
11
+ date: 2022-10-27 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -19,7 +19,7 @@ dependencies:
19
19
  version: 4.1.0
20
20
  - - "<"
21
21
  - !ruby/object:Gem::Version
22
- version: '6'
22
+ version: '7'
23
23
  type: :runtime
24
24
  prerelease: false
25
25
  version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
29
29
  version: 4.1.0
30
30
  - - "<"
31
31
  - !ruby/object:Gem::Version
32
- version: '6'
32
+ version: '7'
33
33
  - !ruby/object:Gem::Dependency
34
34
  name: acme-client
35
35
  requirement: !ruby/object:Gem::Requirement
@@ -231,8 +231,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
231
231
  - !ruby/object:Gem::Version
232
232
  version: '0'
233
233
  requirements: []
234
- rubyforge_project:
235
- rubygems_version: 2.7.6
234
+ rubygems_version: 3.0.3.1
236
235
  signing_key:
237
236
  specification_version: 4
238
237
  summary: Let's Encrypt interface for Multi-tenancy applications (like Apartment)