encryptbot 0.1.7 → 0.2.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CODE_OF_CONDUCT.md +1 -1
- data/Gemfile.lock +25 -19
- data/LICENSE.txt +1 -1
- data/README.md +38 -21
- data/encryptbot.gemspec +3 -4
- data/lib/encryptbot.rb +0 -2
- data/lib/encryptbot/cert.rb +22 -18
- data/lib/encryptbot/configuration.rb +4 -15
- data/lib/encryptbot/exceptions.rb +3 -8
- data/lib/encryptbot/version.rb +1 -1
- metadata +11 -28
- data/lib/encryptbot/services/cloudflare.rb +0 -111
- data/lib/encryptbot/services/dyn.rb +0 -145
- data/lib/encryptbot/slacker.rb +0 -16
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2842fcecfdb1899872dc4ebd8b3f1f934e86ea68fae4828df2879c45d9a0dddf
|
4
|
+
data.tar.gz: e26eb0dff819137e485e8a150c1ae19f67a55392575e76d4e88621de0fcead26
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 02bc72210d41bbec844f0ee999afafab0eadf269c81162f8fef6cc79c67f8003ae077cd5ca2ccd2a3536f4804ac155e76f20cdf49b0f3bbd7f4044196f01a2e7
|
7
|
+
data.tar.gz: e57d762640e8489c5bf0f57e4db55988d61cc1ca15f6a13f88d44daeb491693f85084b68bc5ebfc09214980bca7218213bc901047ed417e13c878e1f2e9ca999
|
data/CODE_OF_CONDUCT.md
CHANGED
@@ -55,7 +55,7 @@ further defined and clarified by project maintainers.
|
|
55
55
|
## Enforcement
|
56
56
|
|
57
57
|
Instances of abusive, harassing, or otherwise unacceptable behavior may be
|
58
|
-
reported by contacting the project team at
|
58
|
+
reported by contacting the project team at webmaster@adventistmedia.org.au. All
|
59
59
|
complaints will be reviewed and investigated and will result in a response that
|
60
60
|
is deemed necessary and appropriate to the circumstances. The project team is
|
61
61
|
obligated to maintain confidentiality with regard to the reporter of an incident.
|
data/Gemfile.lock
CHANGED
@@ -1,48 +1,54 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
encryptbot (0.
|
4
|
+
encryptbot (0.2.0)
|
5
5
|
acme-client
|
6
6
|
aws-sdk-route53
|
7
7
|
faraday
|
8
8
|
platform-api
|
9
|
-
slack-notifier
|
10
9
|
|
11
10
|
GEM
|
12
11
|
remote: https://rubygems.org/
|
13
12
|
specs:
|
14
|
-
acme-client (2.0.
|
13
|
+
acme-client (2.0.7)
|
15
14
|
faraday (>= 0.17, < 2.0.0)
|
16
|
-
aws-eventstream (1.
|
17
|
-
aws-partitions (1.
|
18
|
-
aws-sdk-core (3.
|
19
|
-
aws-eventstream (~> 1
|
15
|
+
aws-eventstream (1.1.1)
|
16
|
+
aws-partitions (1.432.0)
|
17
|
+
aws-sdk-core (3.113.0)
|
18
|
+
aws-eventstream (~> 1, >= 1.0.2)
|
20
19
|
aws-partitions (~> 1, >= 1.239.0)
|
21
20
|
aws-sigv4 (~> 1.1)
|
22
21
|
jmespath (~> 1.0)
|
23
|
-
aws-sdk-route53 (1.
|
24
|
-
aws-sdk-core (~> 3, >= 3.
|
22
|
+
aws-sdk-route53 (1.47.0)
|
23
|
+
aws-sdk-core (~> 3, >= 3.112.0)
|
25
24
|
aws-sigv4 (~> 1.1)
|
26
|
-
aws-sigv4 (1.
|
27
|
-
aws-eventstream (~> 1
|
25
|
+
aws-sigv4 (1.2.3)
|
26
|
+
aws-eventstream (~> 1, >= 1.0.2)
|
28
27
|
erubis (2.7.0)
|
29
|
-
excon (0.
|
30
|
-
faraday (1.
|
28
|
+
excon (0.79.0)
|
29
|
+
faraday (1.3.0)
|
30
|
+
faraday-net_http (~> 1.0)
|
31
31
|
multipart-post (>= 1.2, < 3)
|
32
|
-
|
32
|
+
ruby2_keywords
|
33
|
+
faraday-net_http (1.0.1)
|
34
|
+
heroics (0.1.2)
|
33
35
|
erubis (~> 2.0)
|
34
36
|
excon
|
35
37
|
moneta
|
36
38
|
multi_json (>= 1.9.2)
|
39
|
+
webrick
|
37
40
|
jmespath (1.4.0)
|
38
41
|
moneta (1.0.0)
|
39
|
-
multi_json (1.
|
42
|
+
multi_json (1.15.0)
|
40
43
|
multipart-post (2.1.1)
|
41
|
-
platform-api (
|
42
|
-
heroics (~> 0.
|
44
|
+
platform-api (3.3.0)
|
45
|
+
heroics (~> 0.1.1)
|
43
46
|
moneta (~> 1.0.0)
|
44
|
-
|
45
|
-
|
47
|
+
rate_throttle_client (~> 0.1.0)
|
48
|
+
rake (13.0.3)
|
49
|
+
rate_throttle_client (0.1.2)
|
50
|
+
ruby2_keywords (0.0.4)
|
51
|
+
webrick (1.7.0)
|
46
52
|
|
47
53
|
PLATFORMS
|
48
54
|
ruby
|
data/LICENSE.txt
CHANGED
data/README.md
CHANGED
@@ -1,13 +1,41 @@
|
|
1
1
|
# Encryptbot
|
2
2
|
|
3
|
-
Encryptbot
|
3
|
+
Encryptbot create a Let's Encrypt SSL certificate with multiple wildcard domains that is managed in Heroku.
|
4
4
|
|
5
5
|
The gem will:
|
6
6
|
|
7
|
-
- Create Let's Encrypt
|
8
|
-
- Add Let's Encrypt DNS Challenge TXT records
|
9
|
-
- Add certificate to
|
10
|
-
|
7
|
+
- Create a Let's Encrypt Certificate
|
8
|
+
- Add Let's Encrypt DNS Challenge TXT records for domains managed in AWS Route 53
|
9
|
+
- Add the certificate to a Heroku SNI endpoint
|
10
|
+
|
11
|
+
## Pre-setup
|
12
|
+
|
13
|
+
1. Using AWS Route 53, create a Hosted Zone
|
14
|
+
2. Create an AWS IAM user with the following permissions and get an API access key and secret.
|
15
|
+
|
16
|
+
```
|
17
|
+
{
|
18
|
+
"Version": "2012-10-17",
|
19
|
+
"Statement": [
|
20
|
+
{
|
21
|
+
"Sid": "VisualEditor0",
|
22
|
+
"Effect": "Allow",
|
23
|
+
"Action": "route53:ChangeResourceRecordSets",
|
24
|
+
"Resource": "arn:aws:route53:::hostedzone/YOUR_ZONE_NAME_ID_HERE"
|
25
|
+
},
|
26
|
+
{
|
27
|
+
"Sid": "VisualEditor1",
|
28
|
+
"Effect": "Allow",
|
29
|
+
"Action": "route53:GetChange",
|
30
|
+
"Resource": "arn:aws:route53:::change/*"
|
31
|
+
}
|
32
|
+
]
|
33
|
+
}
|
34
|
+
```
|
35
|
+
|
36
|
+
3. Add a CNAME called "_acme-challenege" pointing to your Route 53 name. If you're using Cloudflare, turn off proxying.
|
37
|
+
4. You're now ready to go.
|
38
|
+
|
11
39
|
|
12
40
|
## Installation
|
13
41
|
|
@@ -34,23 +62,12 @@ Add an initializer file to your rails application and all applicable config sett
|
|
34
62
|
Encryptbot.configure do |config|
|
35
63
|
config.heroku_app = "heroku_app_name"
|
36
64
|
config.heroku_token = "heroku_api_token"
|
37
|
-
config.
|
38
|
-
config.cloudflare_email = "cloudflare_account_email"
|
39
|
-
config.acme_email = "letsencrypt_account_email"
|
40
|
-
config.dyn_customer_name = "dyn_customer_name"
|
41
|
-
config.dyn_username = "dyn_username"
|
42
|
-
config.dyn_password = "dyn_password"
|
43
|
-
config.slack_webhook = "slack_webhook_url"
|
44
|
-
config.slack_bot_username = "name_for_slack_bot"
|
65
|
+
config.acme_email = "letsencrypt_account_email@email.com"
|
45
66
|
config.route53_hosted_zone_id = "Z123456"
|
46
67
|
config.route53_acme_record_name = "_acme-challenge.acme.domain.com"
|
47
68
|
config.route53_access_key_id = "aws_api_key"
|
48
69
|
config.route53_secret_access_key = "aws_api_secret"
|
49
|
-
config.domains = [
|
50
|
-
{domain: "*.domain1.com", service: "cloudflare"},
|
51
|
-
{domain: "*.domain2.com", service: "dyn"},
|
52
|
-
{domain: "domain3.com", service: "cloudflare"},
|
53
|
-
]
|
70
|
+
config.domains = ["*.domain1.com", "*.domain2.com"]
|
54
71
|
end
|
55
72
|
```
|
56
73
|
|
@@ -59,11 +76,11 @@ Request initial certificate
|
|
59
76
|
heroku run rails encryptbot:add_cert
|
60
77
|
```
|
61
78
|
|
62
|
-
Once the certificate has been initially setup, you can schedule the rake task to run every
|
79
|
+
Once the certificate has been initially setup, you can schedule the rake task to run every 30 days.
|
63
80
|
|
64
81
|
## Contributing
|
65
82
|
|
66
|
-
Bug reports and pull requests are welcome on GitHub at https://github.com/
|
83
|
+
Bug reports and pull requests are welcome on GitHub at https://github.com/adventistmedia/encryptbot. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
|
67
84
|
|
68
85
|
## License
|
69
86
|
|
@@ -71,4 +88,4 @@ The gem is available as open source under the terms of the [MIT License](https:/
|
|
71
88
|
|
72
89
|
## Code of Conduct
|
73
90
|
|
74
|
-
Everyone interacting in the encryptbot project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/
|
91
|
+
Everyone interacting in the encryptbot project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/adventistmedia/encryptbot/blob/master/CODE_OF_CONDUCT.md).
|
data/encryptbot.gemspec
CHANGED
@@ -6,12 +6,12 @@ require "encryptbot/version"
|
|
6
6
|
Gem::Specification.new do |spec|
|
7
7
|
spec.name = "encryptbot"
|
8
8
|
spec.version = Encryptbot::VERSION
|
9
|
-
spec.authors = ["
|
9
|
+
spec.authors = ["Adventist Media"]
|
10
10
|
spec.email = [""]
|
11
11
|
|
12
12
|
spec.summary = %q{Manage Let's Encrypt wildcard certificates on Heroku}
|
13
13
|
spec.description = %q{Manage Let's Encrypt wildcard certificates on Heroku}
|
14
|
-
spec.homepage = "https://github.com/
|
14
|
+
spec.homepage = "https://github.com/adventistmedia/encryptbot"
|
15
15
|
spec.license = "MIT"
|
16
16
|
|
17
17
|
spec.files = `git ls-files -z`.split("\x0").reject do |f|
|
@@ -24,8 +24,7 @@ Gem::Specification.new do |spec|
|
|
24
24
|
spec.add_dependency "acme-client"
|
25
25
|
spec.add_dependency "platform-api"
|
26
26
|
spec.add_dependency "faraday"
|
27
|
-
spec.add_dependency "slack-notifier"
|
28
27
|
spec.add_dependency "aws-sdk-route53"
|
29
|
-
spec.add_development_dependency "bundler", "
|
28
|
+
spec.add_development_dependency "bundler", ">= 2.1.0"
|
30
29
|
spec.add_development_dependency "rake", ">= 12.3.3"
|
31
30
|
end
|
data/lib/encryptbot.rb
CHANGED
data/lib/encryptbot/cert.rb
CHANGED
@@ -2,17 +2,15 @@ require "platform-api"
|
|
2
2
|
require "acme-client"
|
3
3
|
require "encryptbot/heroku"
|
4
4
|
require "encryptbot/exceptions"
|
5
|
-
require "encryptbot/slacker"
|
6
5
|
require "resolv"
|
7
6
|
|
8
7
|
module Encryptbot
|
9
8
|
class Cert
|
10
9
|
|
11
|
-
attr_reader :
|
10
|
+
attr_reader :domains, :account_email, :test_mode
|
12
11
|
|
13
12
|
def initialize
|
14
|
-
@
|
15
|
-
@domain_names = @domain_list.map{|d| d[:domain] }
|
13
|
+
@domains = Encryptbot.configuration.domains
|
16
14
|
@account_email = Encryptbot.configuration.acme_email
|
17
15
|
@test_mode = Encryptbot.configuration.test_mode
|
18
16
|
end
|
@@ -35,27 +33,23 @@ module Encryptbot
|
|
35
33
|
)
|
36
34
|
|
37
35
|
# create order
|
38
|
-
order = client.new_order(identifiers: @
|
36
|
+
order = client.new_order(identifiers: @domains)
|
39
37
|
|
38
|
+
puts "Start Authorization"
|
40
39
|
# authorization of domains
|
40
|
+
failed_domain_authorizations = []
|
41
41
|
order.authorizations.each do |authorization|
|
42
42
|
dns_challenge = authorization.dns
|
43
43
|
domain = authorization.domain
|
44
|
+
puts "Start Authorization of #{domain}"
|
44
45
|
dns_entry = {
|
45
46
|
name: dns_challenge.record_name,
|
46
47
|
type: dns_challenge.record_type,
|
47
48
|
content: dns_challenge.record_content
|
48
49
|
}
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
when "cloudflare"
|
53
|
-
Encryptbot::Services::Cloudflare.new(domain, dns_entry).add_challenge
|
54
|
-
when "dyn"
|
55
|
-
Encryptbot::Services::Dyn.new(domain, dns_entry).add_challenge
|
56
|
-
else
|
57
|
-
raise Encryptbot::Error::UnknownServiceError, "#{domain} service unknown"
|
58
|
-
end
|
50
|
+
|
51
|
+
Encryptbot::Services::Route53.new(domain, dns_entry).add_challenge
|
52
|
+
|
59
53
|
# check if the DNS service has updated
|
60
54
|
sleep(8)
|
61
55
|
|
@@ -73,22 +67,32 @@ module Encryptbot
|
|
73
67
|
sleep(2)
|
74
68
|
dns_challenge.reload
|
75
69
|
end
|
76
|
-
|
70
|
+
puts "Completed authorization of #{domain}. Status: #{dns_challenge.status}"
|
71
|
+
if dns_challenge.status == 'invalid'
|
72
|
+
failed_domain_authorizations << domain
|
73
|
+
end
|
77
74
|
end # end auth loop
|
78
75
|
|
76
|
+
if failed_domain_authorizations.any?
|
77
|
+
raise Encryptbot::Error::DomainAuthorizationFailedError, "Domains failed to authorize: #{failed_domain_authorizations.join(', ')}."
|
78
|
+
end
|
79
|
+
|
79
80
|
if order.status == "invalid"
|
80
81
|
raise Encryptbot::Error::InvalidOrderError, "Certificate order was invalid. DNS Challenge failed."
|
81
82
|
end
|
82
83
|
|
83
84
|
# Generate certificate
|
84
|
-
|
85
|
+
puts "Generate Certificate"
|
86
|
+
csr = Acme::Client::CertificateRequest.new(names: @domains)
|
85
87
|
order.finalize(csr: csr)
|
86
88
|
sleep(1) while order.status == "processing"
|
87
89
|
|
88
90
|
# add certificate to heroku
|
91
|
+
puts "Adding Certificate to heroku"
|
89
92
|
certificate = order.certificate
|
90
93
|
private_key = csr.private_key.to_pem
|
91
94
|
Encryptbot::Heroku.new.add_certificate(order.certificate, private_key)
|
95
|
+
puts "Completed"
|
92
96
|
end
|
93
97
|
|
94
98
|
# Check if TXT value has been set correctly
|
@@ -104,4 +108,4 @@ module Encryptbot
|
|
104
108
|
|
105
109
|
end
|
106
110
|
|
107
|
-
end
|
111
|
+
end
|
@@ -1,36 +1,25 @@
|
|
1
1
|
module Encryptbot
|
2
2
|
class Configuration
|
3
3
|
attr_accessor :heroku_app, :heroku_token,
|
4
|
-
:cloudflare_api_key, :cloudflare_email,
|
5
|
-
:dyn_customer_name, :dyn_username, :dyn_password,
|
6
4
|
:route53_hosted_zone_id, :route53_acme_record_name,
|
7
5
|
:route53_access_key_id, :route53_secret_access_key,
|
8
|
-
:acme_email, :domains, :test_mode
|
9
|
-
:slack_webhook, :slack_bot_username
|
6
|
+
:acme_email, :domains, :test_mode
|
10
7
|
|
11
8
|
def initialize
|
12
9
|
@heroku_app = nil
|
13
10
|
@heroku_token = nil
|
14
|
-
@cloudflare_api_key = nil
|
15
|
-
@cloudflare_email = nil
|
16
|
-
@dyn_customer_name = nil
|
17
|
-
@dyn_username = nil
|
18
|
-
@dyn_password = nil
|
19
11
|
@route53_hosted_zone_id = nil
|
20
12
|
@route53_acme_record_name = nil
|
21
13
|
@route53_access_key_id = nil
|
22
14
|
@route53_secret_access_key = nil
|
23
15
|
@acme_email = nil
|
24
|
-
@slack_webhook = nil
|
25
|
-
@slack_bot_username = "encryptbot"
|
26
16
|
@test_mode = false # use lets encrypt staging
|
27
|
-
@domains = [] #[
|
17
|
+
@domains = [] #["*.domain1.com","*.domain2.com"]
|
28
18
|
end
|
29
19
|
|
30
20
|
def valid?
|
31
|
-
heroku_app && heroku_token && acme_email && domains.any? &&
|
32
|
-
(cloudflare_api_key || dyn_customer_name || route53_access_key_id)
|
21
|
+
heroku_app && heroku_token && acme_email && domains.any? && route53_access_key_id
|
33
22
|
end
|
34
23
|
|
35
24
|
end
|
36
|
-
end
|
25
|
+
end
|
@@ -1,12 +1,9 @@
|
|
1
|
-
require "encryptbot/slacker"
|
2
|
-
|
3
1
|
module Encryptbot
|
4
2
|
module Error
|
5
3
|
|
6
4
|
class EncryptbotError < StandardError
|
7
5
|
|
8
6
|
def initialize(msg = "")
|
9
|
-
Encryptbot::Slacker.post_message("Unable to autorenew SSL certificate. #{self.class.name} #{msg}")
|
10
7
|
super(msg)
|
11
8
|
end
|
12
9
|
|
@@ -16,15 +13,13 @@ module Encryptbot
|
|
16
13
|
class HerokuCertificateError < EncryptbotError; end
|
17
14
|
# Exception raised due to configuration not been setup
|
18
15
|
class SetupError < EncryptbotError; end
|
19
|
-
# Exception raised when adding TXT record to Cloudflare
|
20
|
-
class CloudflareDNSError < EncryptbotError; end
|
21
|
-
# Exception raised when adding TXT record to Dyn
|
22
|
-
class DynDNSError < EncryptbotError; end
|
23
16
|
# Exception raised when route 53 fails to update
|
24
17
|
class Route53DNSError < EncryptbotError; end
|
25
18
|
# Exception raised when unknown error
|
26
19
|
class UnknownServiceError < EncryptbotError; end
|
27
20
|
# Exception raised as order was failed - this happens when the DNS Challenge failed
|
28
21
|
class InvalidOrderError < EncryptbotError; end
|
22
|
+
# Exception raised due to a domain failing authorization
|
23
|
+
class DomainAuthorizationFailedError < EncryptbotError; end
|
29
24
|
end
|
30
|
-
end
|
25
|
+
end
|
data/lib/encryptbot/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: encryptbot
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.2.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
|
-
-
|
8
|
-
autorequire:
|
7
|
+
- Adventist Media
|
8
|
+
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-05-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: acme-client
|
@@ -52,20 +52,6 @@ dependencies:
|
|
52
52
|
- - ">="
|
53
53
|
- !ruby/object:Gem::Version
|
54
54
|
version: '0'
|
55
|
-
- !ruby/object:Gem::Dependency
|
56
|
-
name: slack-notifier
|
57
|
-
requirement: !ruby/object:Gem::Requirement
|
58
|
-
requirements:
|
59
|
-
- - ">="
|
60
|
-
- !ruby/object:Gem::Version
|
61
|
-
version: '0'
|
62
|
-
type: :runtime
|
63
|
-
prerelease: false
|
64
|
-
version_requirements: !ruby/object:Gem::Requirement
|
65
|
-
requirements:
|
66
|
-
- - ">="
|
67
|
-
- !ruby/object:Gem::Version
|
68
|
-
version: '0'
|
69
55
|
- !ruby/object:Gem::Dependency
|
70
56
|
name: aws-sdk-route53
|
71
57
|
requirement: !ruby/object:Gem::Requirement
|
@@ -84,16 +70,16 @@ dependencies:
|
|
84
70
|
name: bundler
|
85
71
|
requirement: !ruby/object:Gem::Requirement
|
86
72
|
requirements:
|
87
|
-
- - "
|
73
|
+
- - ">="
|
88
74
|
- !ruby/object:Gem::Version
|
89
|
-
version:
|
75
|
+
version: 2.1.0
|
90
76
|
type: :development
|
91
77
|
prerelease: false
|
92
78
|
version_requirements: !ruby/object:Gem::Requirement
|
93
79
|
requirements:
|
94
|
-
- - "
|
80
|
+
- - ">="
|
95
81
|
- !ruby/object:Gem::Version
|
96
|
-
version:
|
82
|
+
version: 2.1.0
|
97
83
|
- !ruby/object:Gem::Dependency
|
98
84
|
name: rake
|
99
85
|
requirement: !ruby/object:Gem::Requirement
|
@@ -131,17 +117,14 @@ files:
|
|
131
117
|
- lib/encryptbot/exceptions.rb
|
132
118
|
- lib/encryptbot/heroku.rb
|
133
119
|
- lib/encryptbot/railtie.rb
|
134
|
-
- lib/encryptbot/services/cloudflare.rb
|
135
|
-
- lib/encryptbot/services/dyn.rb
|
136
120
|
- lib/encryptbot/services/route53.rb
|
137
|
-
- lib/encryptbot/slacker.rb
|
138
121
|
- lib/encryptbot/version.rb
|
139
122
|
- lib/tasks/encryptbot.rake
|
140
|
-
homepage: https://github.com/
|
123
|
+
homepage: https://github.com/adventistmedia/encryptbot
|
141
124
|
licenses:
|
142
125
|
- MIT
|
143
126
|
metadata: {}
|
144
|
-
post_install_message:
|
127
|
+
post_install_message:
|
145
128
|
rdoc_options: []
|
146
129
|
require_paths:
|
147
130
|
- lib
|
@@ -157,7 +140,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
157
140
|
version: '0'
|
158
141
|
requirements: []
|
159
142
|
rubygems_version: 3.0.3
|
160
|
-
signing_key:
|
143
|
+
signing_key:
|
161
144
|
specification_version: 4
|
162
145
|
summary: Manage Let's Encrypt wildcard certificates on Heroku
|
163
146
|
test_files: []
|
@@ -1,111 +0,0 @@
|
|
1
|
-
# a=Encryptbot::Services::Cloudflare.new("*.domain.com", {type: "TXT", name: "_acme-challenge.adventist.place", content: "test-3"});a.add_challenge
|
2
|
-
require "faraday"
|
3
|
-
require "json"
|
4
|
-
|
5
|
-
module Encryptbot
|
6
|
-
module Services
|
7
|
-
class Cloudflare
|
8
|
-
|
9
|
-
attr_accessor :domain, :api_key, :api_email, :zone_id, :dns_entry, :dns_record_id, :dns_record
|
10
|
-
|
11
|
-
def initialize(domain, dns_entry)
|
12
|
-
@domain = domain.to_s.gsub("*.", "") # cleanup wildcard by removing *. infront
|
13
|
-
@api_key = Encryptbot.configuration.cloudflare_api_key
|
14
|
-
@api_email = Encryptbot.configuration.cloudflare_email
|
15
|
-
@dns_entry = dns_entry # {content: "txt-record-content", type: "TXT", name: "_acme-challenge.domain.com"}
|
16
|
-
@dns_record = "#{dns_entry[:name]}.#{@domain}"
|
17
|
-
end
|
18
|
-
|
19
|
-
def add_challenge
|
20
|
-
begin
|
21
|
-
get_zone_id
|
22
|
-
setup_dns_record
|
23
|
-
rescue => e
|
24
|
-
raise Encryptbot::Error::CloudflareDNSError, e
|
25
|
-
end
|
26
|
-
end
|
27
|
-
|
28
|
-
def get_zone_id
|
29
|
-
response = get("/zones?name=#{@domain}")
|
30
|
-
if response["result"].any?
|
31
|
-
@zone_id = response["result"].first["id"]
|
32
|
-
end
|
33
|
-
end
|
34
|
-
|
35
|
-
def setup_dns_record
|
36
|
-
find_dns_record
|
37
|
-
return false if @zone_id.nil?
|
38
|
-
|
39
|
-
if @dns_record_id
|
40
|
-
update_dns_record
|
41
|
-
else
|
42
|
-
add_dns_record
|
43
|
-
end
|
44
|
-
end
|
45
|
-
|
46
|
-
def find_dns_record
|
47
|
-
response = get("/zones/#{@zone_id}/dns_records?name=#{@dns_record}&type=#{@dns_entry[:type]}")
|
48
|
-
if response["result"].any?
|
49
|
-
@dns_record_id = response["result"].first["id"]
|
50
|
-
end
|
51
|
-
end
|
52
|
-
|
53
|
-
def add_dns_record
|
54
|
-
response = post("/zones/#{@zone_id}/dns_records", {
|
55
|
-
type: @dns_entry[:type],
|
56
|
-
name: @dns_record,
|
57
|
-
content: @dns_entry[:content],
|
58
|
-
ttl: 120
|
59
|
-
})
|
60
|
-
response["success"]
|
61
|
-
end
|
62
|
-
|
63
|
-
def update_dns_record
|
64
|
-
response = put("/zones/#{@zone_id}/dns_records/#{@dns_record_id}", {
|
65
|
-
type: @dns_entry[:type],
|
66
|
-
name: @dns_record,
|
67
|
-
content: @dns_entry[:content],
|
68
|
-
ttl: 120
|
69
|
-
})
|
70
|
-
response["success"]
|
71
|
-
end
|
72
|
-
|
73
|
-
private
|
74
|
-
|
75
|
-
def post(endpoint_path, payload)
|
76
|
-
response = connection.post "https://api.cloudflare.com/client/v4#{endpoint_path}", payload.to_json
|
77
|
-
format_response(response)
|
78
|
-
end
|
79
|
-
|
80
|
-
def put(endpoint_path, payload)
|
81
|
-
response = connection.put "https://api.cloudflare.com/client/v4#{endpoint_path}", payload.to_json
|
82
|
-
format_response(response)
|
83
|
-
end
|
84
|
-
|
85
|
-
def get(endpoint_path)
|
86
|
-
response = connection.get "https://api.cloudflare.com/client/v4#{endpoint_path}"
|
87
|
-
format_response(response)
|
88
|
-
end
|
89
|
-
|
90
|
-
def connection
|
91
|
-
@connection ||= begin
|
92
|
-
headers = {
|
93
|
-
"X-Auth-Key" => @api_key,
|
94
|
-
"X-Auth-Email" => @api_email,
|
95
|
-
"Content-Type" => "application/json"
|
96
|
-
}
|
97
|
-
Faraday.new(url: "https://api.cloudflare.com", headers: headers)
|
98
|
-
end
|
99
|
-
end
|
100
|
-
|
101
|
-
def format_response(response)
|
102
|
-
if response.success?
|
103
|
-
JSON.parse(response.body)
|
104
|
-
else
|
105
|
-
nil
|
106
|
-
end
|
107
|
-
end
|
108
|
-
|
109
|
-
end
|
110
|
-
end
|
111
|
-
end
|
@@ -1,145 +0,0 @@
|
|
1
|
-
# a=Encryptbot::Services::Dyn.new("*.domain.com", {type: "TXT", name: "_acme-challenge", content: "test-3"});a.add_challenge
|
2
|
-
require "faraday"
|
3
|
-
require "json"
|
4
|
-
|
5
|
-
module Encryptbot
|
6
|
-
module Services
|
7
|
-
class Dyn
|
8
|
-
|
9
|
-
attr_accessor :domain, :dns_entry, :full_domain_name, :api_token, :customer_name, :username, :password
|
10
|
-
|
11
|
-
def initialize(domain, dns_entry)
|
12
|
-
@domain = domain.to_s.gsub("*.", "") # cleanup wildcard by removing *. infront
|
13
|
-
@dns_entry = dns_entry # {content: "txt-record-content", type: "TXT", name: "_acme-challenge.domain.com"}
|
14
|
-
@full_domain_name = "#{dns_entry[:name]}.#{@domain}"
|
15
|
-
@api_token = nil
|
16
|
-
@customer_name = Encryptbot.configuration.dyn_customer_name
|
17
|
-
@username = Encryptbot.configuration.dyn_username
|
18
|
-
@password = Encryptbot.configuration.dyn_password
|
19
|
-
end
|
20
|
-
|
21
|
-
# sign in
|
22
|
-
# check for txt record, update if already exists, otherwise create new one
|
23
|
-
# publish changes
|
24
|
-
# sign out
|
25
|
-
def add_challenge
|
26
|
-
begin
|
27
|
-
sign_in
|
28
|
-
success = setup_dns_record
|
29
|
-
sign_out
|
30
|
-
success
|
31
|
-
rescue => e
|
32
|
-
raise Encryptbot::Error::DynDNSError, e
|
33
|
-
end
|
34
|
-
|
35
|
-
end
|
36
|
-
|
37
|
-
def sign_in
|
38
|
-
response = post("/REST/Session/", {
|
39
|
-
customer_name: customer_name,
|
40
|
-
user_name: username,
|
41
|
-
password: password
|
42
|
-
})
|
43
|
-
if response && response["status"] == "success"
|
44
|
-
@api_token = response["data"]["token"]
|
45
|
-
end
|
46
|
-
if @api_token.nil?
|
47
|
-
raise Encryptbot::Error::DynDNSError, "Unable to get Dyn API Token"
|
48
|
-
end
|
49
|
-
end
|
50
|
-
|
51
|
-
def sign_out
|
52
|
-
response = delete("/REST/Session/")
|
53
|
-
end
|
54
|
-
|
55
|
-
def setup_dns_record
|
56
|
-
txt_endpoint = find_dns_record
|
57
|
-
|
58
|
-
if txt_endpoint
|
59
|
-
update_dns_record(txt_endpoint)
|
60
|
-
else
|
61
|
-
add_dns_record
|
62
|
-
end
|
63
|
-
end
|
64
|
-
|
65
|
-
def find_dns_record
|
66
|
-
response = get("/REST/TXTRecord/#{domain}/#{full_domain_name}/")
|
67
|
-
if response && response["status"] == "success"
|
68
|
-
return response["data"][0]
|
69
|
-
end
|
70
|
-
nil
|
71
|
-
end
|
72
|
-
|
73
|
-
def add_dns_record
|
74
|
-
response = post("/REST/TXTRecord/#{domain}/#{full_domain_name}/", {
|
75
|
-
rdata: {
|
76
|
-
txtdata: dns_entry[:content]
|
77
|
-
},
|
78
|
-
ttl: "30"
|
79
|
-
})
|
80
|
-
if response && response["status"] == "success"
|
81
|
-
return publish_changes
|
82
|
-
end
|
83
|
-
false
|
84
|
-
end
|
85
|
-
|
86
|
-
def update_dns_record(txt_endpoint)
|
87
|
-
response = put(txt_endpoint, {
|
88
|
-
rdata: {
|
89
|
-
txtdata: dns_entry[:content]
|
90
|
-
},
|
91
|
-
ttl: "30"
|
92
|
-
})
|
93
|
-
if response && response["status"] == "success"
|
94
|
-
return publish_changes
|
95
|
-
end
|
96
|
-
false
|
97
|
-
end
|
98
|
-
|
99
|
-
def publish_changes
|
100
|
-
response = put("/REST/Zone/#{domain}/", {publish: true})
|
101
|
-
response && response["status"] == "success"
|
102
|
-
end
|
103
|
-
|
104
|
-
private
|
105
|
-
|
106
|
-
def post(endpoint_path, payload)
|
107
|
-
response = connection.post "https://api2.dynect.net#{endpoint_path}", payload.to_json
|
108
|
-
format_response(response)
|
109
|
-
end
|
110
|
-
|
111
|
-
def put(endpoint_path, payload)
|
112
|
-
response = connection.put "https://api2.dynect.net#{endpoint_path}", payload.to_json
|
113
|
-
format_response(response)
|
114
|
-
end
|
115
|
-
|
116
|
-
def delete(endpoint_path)
|
117
|
-
response = connection.delete "https://api2.dynect.net#{endpoint_path}"
|
118
|
-
format_response(response)
|
119
|
-
end
|
120
|
-
|
121
|
-
def get(endpoint_path)
|
122
|
-
response = connection.get "https://api2.dynect.net#{endpoint_path}"
|
123
|
-
format_response(response)
|
124
|
-
end
|
125
|
-
|
126
|
-
# Api token if set for requests after sign in completed
|
127
|
-
def connection
|
128
|
-
headers = {
|
129
|
-
"Auth-Token" => api_token.to_s,
|
130
|
-
"Content-Type" => "application/json"
|
131
|
-
}
|
132
|
-
Faraday.new(url: "https://api2.dynect.net", headers: headers)
|
133
|
-
end
|
134
|
-
|
135
|
-
def format_response(response)
|
136
|
-
if response.success?
|
137
|
-
JSON.parse(response.body)
|
138
|
-
else
|
139
|
-
nil
|
140
|
-
end
|
141
|
-
end
|
142
|
-
|
143
|
-
end
|
144
|
-
end
|
145
|
-
end
|
data/lib/encryptbot/slacker.rb
DELETED
@@ -1,16 +0,0 @@
|
|
1
|
-
require "slack-notifier"
|
2
|
-
|
3
|
-
module Encryptbot
|
4
|
-
class Slacker
|
5
|
-
|
6
|
-
def self.post_message(message)
|
7
|
-
unless Encryptbot.configuration.slack_webhook.nil?
|
8
|
-
notifier.ping message
|
9
|
-
end
|
10
|
-
end
|
11
|
-
|
12
|
-
def self.notifier
|
13
|
-
@notifier ||= Slack::Notifier.new Encryptbot.configuration.slack_webhook, username: Encryptbot.configuration.slack_bot_username
|
14
|
-
end
|
15
|
-
end
|
16
|
-
end
|