encryptbot 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +8 -0
- data/CODE_OF_CONDUCT.md +74 -0
- data/Gemfile +6 -0
- data/Gemfile.lock +42 -0
- data/LICENSE.txt +21 -0
- data/README.md +70 -0
- data/Rakefile +2 -0
- data/bin/console +14 -0
- data/bin/setup +8 -0
- data/encryptbot.gemspec +30 -0
- data/lib/encryptbot/cert.rb +105 -0
- data/lib/encryptbot/configuration.rb +30 -0
- data/lib/encryptbot/exceptions.rb +27 -0
- data/lib/encryptbot/heroku.rb +43 -0
- data/lib/encryptbot/railtie.rb +9 -0
- data/lib/encryptbot/services/cloudflare.rb +111 -0
- data/lib/encryptbot/services/dyn.rb +145 -0
- data/lib/encryptbot/slack.rb +14 -0
- data/lib/encryptbot/version.rb +3 -0
- data/lib/encryptbot.rb +22 -0
- data/lib/tasks/encryptbot.rake +8 -0
- metadata +149 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 120d3113425408842a8291c2bfd9e6dcc9111835
|
4
|
+
data.tar.gz: 75dd6eac6066e637675f8b4eadf7f30e7efd59ba
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 5b82fa59488ad68ad7debe96cfbc6e705ebeb4df1a930d5fde61c037afe4c77811380ac3a198c734f0cfd6f29dbb40970ca1c01e7218f6481d29720b95b6e37f
|
7
|
+
data.tar.gz: 193d5bd943f3870a520eb46ee0ecace9d79112bc1fcc2c7cce4427e75c9b45caf0771b1f56c04c7a5573623af643b300d5217c0c9864e2de7630ec4a376c4e82
|
data/.gitignore
ADDED
data/CODE_OF_CONDUCT.md
ADDED
@@ -0,0 +1,74 @@
|
|
1
|
+
# Contributor Covenant Code of Conduct
|
2
|
+
|
3
|
+
## Our Pledge
|
4
|
+
|
5
|
+
In the interest of fostering an open and welcoming environment, we as
|
6
|
+
contributors and maintainers pledge to making participation in our project and
|
7
|
+
our community a harassment-free experience for everyone, regardless of age, body
|
8
|
+
size, disability, ethnicity, gender identity and expression, level of experience,
|
9
|
+
nationality, personal appearance, race, religion, or sexual identity and
|
10
|
+
orientation.
|
11
|
+
|
12
|
+
## Our Standards
|
13
|
+
|
14
|
+
Examples of behavior that contributes to creating a positive environment
|
15
|
+
include:
|
16
|
+
|
17
|
+
* Using welcoming and inclusive language
|
18
|
+
* Being respectful of differing viewpoints and experiences
|
19
|
+
* Gracefully accepting constructive criticism
|
20
|
+
* Focusing on what is best for the community
|
21
|
+
* Showing empathy towards other community members
|
22
|
+
|
23
|
+
Examples of unacceptable behavior by participants include:
|
24
|
+
|
25
|
+
* The use of sexualized language or imagery and unwelcome sexual attention or
|
26
|
+
advances
|
27
|
+
* Trolling, insulting/derogatory comments, and personal or political attacks
|
28
|
+
* Public or private harassment
|
29
|
+
* Publishing others' private information, such as a physical or electronic
|
30
|
+
address, without explicit permission
|
31
|
+
* Other conduct which could reasonably be considered inappropriate in a
|
32
|
+
professional setting
|
33
|
+
|
34
|
+
## Our Responsibilities
|
35
|
+
|
36
|
+
Project maintainers are responsible for clarifying the standards of acceptable
|
37
|
+
behavior and are expected to take appropriate and fair corrective action in
|
38
|
+
response to any instances of unacceptable behavior.
|
39
|
+
|
40
|
+
Project maintainers have the right and responsibility to remove, edit, or
|
41
|
+
reject comments, commits, code, wiki edits, issues, and other contributions
|
42
|
+
that are not aligned to this Code of Conduct, or to ban temporarily or
|
43
|
+
permanently any contributor for other behaviors that they deem inappropriate,
|
44
|
+
threatening, offensive, or harmful.
|
45
|
+
|
46
|
+
## Scope
|
47
|
+
|
48
|
+
This Code of Conduct applies both within project spaces and in public spaces
|
49
|
+
when an individual is representing the project or its community. Examples of
|
50
|
+
representing a project or community include using an official project e-mail
|
51
|
+
address, posting via an official social media account, or acting as an appointed
|
52
|
+
representative at an online or offline event. Representation of a project may be
|
53
|
+
further defined and clarified by project maintainers.
|
54
|
+
|
55
|
+
## Enforcement
|
56
|
+
|
57
|
+
Instances of abusive, harassing, or otherwise unacceptable behavior may be
|
58
|
+
reported by contacting the project team at flightofdan@gmail.com. All
|
59
|
+
complaints will be reviewed and investigated and will result in a response that
|
60
|
+
is deemed necessary and appropriate to the circumstances. The project team is
|
61
|
+
obligated to maintain confidentiality with regard to the reporter of an incident.
|
62
|
+
Further details of specific enforcement policies may be posted separately.
|
63
|
+
|
64
|
+
Project maintainers who do not follow or enforce the Code of Conduct in good
|
65
|
+
faith may face temporary or permanent repercussions as determined by other
|
66
|
+
members of the project's leadership.
|
67
|
+
|
68
|
+
## Attribution
|
69
|
+
|
70
|
+
This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
|
71
|
+
available at [http://contributor-covenant.org/version/1/4][version]
|
72
|
+
|
73
|
+
[homepage]: http://contributor-covenant.org
|
74
|
+
[version]: http://contributor-covenant.org/version/1/4/
|
data/Gemfile
ADDED
data/Gemfile.lock
ADDED
@@ -0,0 +1,42 @@
|
|
1
|
+
PATH
|
2
|
+
remote: .
|
3
|
+
specs:
|
4
|
+
encryptbot (0.1.0)
|
5
|
+
acme-client
|
6
|
+
faraday
|
7
|
+
platform-api
|
8
|
+
slack-notifier
|
9
|
+
|
10
|
+
GEM
|
11
|
+
remote: https://rubygems.org/
|
12
|
+
specs:
|
13
|
+
acme-client (2.0.0)
|
14
|
+
faraday (~> 0.9, >= 0.9.1)
|
15
|
+
erubis (2.7.0)
|
16
|
+
excon (0.62.0)
|
17
|
+
faraday (0.15.2)
|
18
|
+
multipart-post (>= 1.2, < 3)
|
19
|
+
heroics (0.0.24)
|
20
|
+
erubis (~> 2.0)
|
21
|
+
excon
|
22
|
+
moneta
|
23
|
+
multi_json (>= 1.9.2)
|
24
|
+
moneta (0.8.1)
|
25
|
+
multi_json (1.13.1)
|
26
|
+
multipart-post (2.0.0)
|
27
|
+
platform-api (2.1.0)
|
28
|
+
heroics (~> 0.0.23)
|
29
|
+
moneta (~> 0.8.1)
|
30
|
+
rake (10.5.0)
|
31
|
+
slack-notifier (2.3.2)
|
32
|
+
|
33
|
+
PLATFORMS
|
34
|
+
ruby
|
35
|
+
|
36
|
+
DEPENDENCIES
|
37
|
+
bundler (~> 1.16)
|
38
|
+
encryptbot!
|
39
|
+
rake (~> 10.0)
|
40
|
+
|
41
|
+
BUNDLED WITH
|
42
|
+
1.16.1
|
data/LICENSE.txt
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
The MIT License (MIT)
|
2
|
+
|
3
|
+
Copyright (c) 2018 danlewis
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in
|
13
|
+
all copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
21
|
+
THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,70 @@
|
|
1
|
+
# Encryptbot
|
2
|
+
|
3
|
+
Encryptbot creates and renews your Lets Encrypt SSL certificate on Heroku allowing for multiple wildcards.
|
4
|
+
|
5
|
+
The gem will:
|
6
|
+
|
7
|
+
- Create Lets Encrypt
|
8
|
+
- Add Lets Encrypt DNS Challenge TXT records to your DNS provider (cloudflare and Dyn supported)
|
9
|
+
- Add certificate to your Heroku SNI endpoint
|
10
|
+
- Send Slack notifications if the process fails.
|
11
|
+
|
12
|
+
## Installation
|
13
|
+
|
14
|
+
Add this line to your application's Gemfile:
|
15
|
+
|
16
|
+
```ruby
|
17
|
+
gem 'encryptbot'
|
18
|
+
```
|
19
|
+
|
20
|
+
And then execute:
|
21
|
+
|
22
|
+
$ bundle
|
23
|
+
|
24
|
+
Or install it yourself as:
|
25
|
+
|
26
|
+
$ gem install encryptbot
|
27
|
+
|
28
|
+
|
29
|
+
## Usage
|
30
|
+
|
31
|
+
Add an initializer file to your rails application and all applicable config settings.
|
32
|
+
|
33
|
+
```ruby
|
34
|
+
Encryptbot.configure do |config|
|
35
|
+
config.heroku_app = "heroku_app_name"
|
36
|
+
config.heroku_token = "heroku_api_token"
|
37
|
+
config.cloudflare_api_key = "cloudflare_api_key"
|
38
|
+
config.cloudflare_email = "cloudflare_account_email"
|
39
|
+
config.acme_email = "letsencrypt_account_email"
|
40
|
+
config.dyn_customer_name = "dyn_customer_name"
|
41
|
+
config.dyn_username = "dyn_username"
|
42
|
+
config.dyn_password = "dyn_password"
|
43
|
+
config.slack_webhook = "slack_webhook_url"
|
44
|
+
config.slack_bot_username = "name_for_slack_bot"
|
45
|
+
config.domains = [
|
46
|
+
{domain: "*.domain1.com", service: "cloudflare"},
|
47
|
+
{domain: "*.domain2.com", service: "dyn"},
|
48
|
+
{domain: "domain3.com", service: "cloudflare"},
|
49
|
+
]
|
50
|
+
end
|
51
|
+
```
|
52
|
+
|
53
|
+
Request initial certificate
|
54
|
+
```ruby
|
55
|
+
heroku run rails encryptbot:add_cert
|
56
|
+
```
|
57
|
+
|
58
|
+
Once the certificate has been initially setup, you can schedule the rake task to run every 60 days.
|
59
|
+
|
60
|
+
## Contributing
|
61
|
+
|
62
|
+
Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/encryptbot. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
|
63
|
+
|
64
|
+
## License
|
65
|
+
|
66
|
+
The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
|
67
|
+
|
68
|
+
## Code of Conduct
|
69
|
+
|
70
|
+
Everyone interacting in the encryptbot project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/encryptbot/blob/master/CODE_OF_CONDUCT.md).
|
data/Rakefile
ADDED
data/bin/console
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
require "bundler/setup"
|
4
|
+
require "encryptbot"
|
5
|
+
|
6
|
+
# You can add fixtures and/or initialization code here to make experimenting
|
7
|
+
# with your gem easier. You can also use a different console, if you like.
|
8
|
+
|
9
|
+
# (If you use this, don't forget to add pry to your Gemfile!)
|
10
|
+
# require "pry"
|
11
|
+
# Pry.start
|
12
|
+
|
13
|
+
require "irb"
|
14
|
+
IRB.start(__FILE__)
|
data/bin/setup
ADDED
data/encryptbot.gemspec
ADDED
@@ -0,0 +1,30 @@
|
|
1
|
+
|
2
|
+
lib = File.expand_path("../lib", __FILE__)
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
+
require "encryptbot/version"
|
5
|
+
|
6
|
+
Gem::Specification.new do |spec|
|
7
|
+
spec.name = "encryptbot"
|
8
|
+
spec.version = Encryptbot::VERSION
|
9
|
+
spec.authors = ["danlewis"]
|
10
|
+
spec.email = [""]
|
11
|
+
|
12
|
+
spec.summary = %q{Manage Lets Encrypt Wildcard certs to heroku}
|
13
|
+
spec.description = %q{Manage Lets Encrypt Wildcard certs to heroku}
|
14
|
+
spec.homepage = ""
|
15
|
+
spec.license = "MIT"
|
16
|
+
|
17
|
+
spec.files = `git ls-files -z`.split("\x0").reject do |f|
|
18
|
+
f.match(%r{^(test|spec|features)/})
|
19
|
+
end
|
20
|
+
spec.bindir = "exe"
|
21
|
+
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
22
|
+
spec.require_paths = ["lib"]
|
23
|
+
|
24
|
+
spec.add_dependency "acme-client"
|
25
|
+
spec.add_dependency "platform-api"
|
26
|
+
spec.add_dependency "faraday"
|
27
|
+
spec.add_dependency "slack-notifier"
|
28
|
+
spec.add_development_dependency "bundler", "~> 1.16"
|
29
|
+
spec.add_development_dependency "rake", "~> 10.0"
|
30
|
+
end
|
@@ -0,0 +1,105 @@
|
|
1
|
+
require "platform-api"
|
2
|
+
require "acme-client"
|
3
|
+
require "encryptbot/heroku"
|
4
|
+
require "encryptbot/exceptions"
|
5
|
+
require "encryptbot/slack"
|
6
|
+
require "resolv"
|
7
|
+
|
8
|
+
module Encryptbot
|
9
|
+
class Cert
|
10
|
+
|
11
|
+
attr_reader :domain_list, :domain_names, :account_email, :test_mode
|
12
|
+
|
13
|
+
def initialize
|
14
|
+
@domain_list = Encryptbot.configuration.domains
|
15
|
+
@domain_names = @domain_list.map{|d| d[:domain] }
|
16
|
+
@account_email = Encryptbot.configuration.acme_email
|
17
|
+
@test_mode = Encryptbot.configuration.test_mode
|
18
|
+
end
|
19
|
+
|
20
|
+
# Add certificate
|
21
|
+
def add
|
22
|
+
unless Encryptbot.configuration.valid?
|
23
|
+
raise Encryptbot::Error::SetupError, "Encryptbot is configured incorrectly. Check all required variables have been set."
|
24
|
+
end
|
25
|
+
|
26
|
+
# setup ACME client
|
27
|
+
private_key = OpenSSL::PKey::RSA.new(4096)
|
28
|
+
client = Acme::Client.new(
|
29
|
+
private_key: private_key,
|
30
|
+
directory: @test_mode ? "https://acme-staging-v02.api.letsencrypt.org/directory" : "https://acme-v02.api.letsencrypt.org/directory"
|
31
|
+
)
|
32
|
+
account = client.new_account(
|
33
|
+
contact: "mailto:#{@account_email}",
|
34
|
+
terms_of_service_agreed: true
|
35
|
+
)
|
36
|
+
|
37
|
+
# create order
|
38
|
+
order = client.new_order(identifiers: @domain_names)
|
39
|
+
|
40
|
+
# authorization of domains
|
41
|
+
order.authorizations.each do |authorization|
|
42
|
+
dns_challenge = authorization.dns
|
43
|
+
domain = authorization.domain
|
44
|
+
dns_entry = {
|
45
|
+
name: dns_challenge.record_name,
|
46
|
+
type: dns_challenge.record_type,
|
47
|
+
content: dns_challenge.record_content
|
48
|
+
}
|
49
|
+
case @domain_list.detect{|t| t[:domain].gsub("*.", "") == domain }[:service]
|
50
|
+
when "cloudflare"
|
51
|
+
Encryptbot::Services::Cloudflare.new(domain, dns_entry).add_challenge
|
52
|
+
when "dyn"
|
53
|
+
Encryptbot::Services::Dyn.new(domain, dns_entry).add_challenge
|
54
|
+
else
|
55
|
+
raise Encryptbot::Error::UnknownServiceError, "#{domain} service unknown"
|
56
|
+
end
|
57
|
+
# check if the DNS service has updated
|
58
|
+
sleep(8)
|
59
|
+
|
60
|
+
attempts = 3
|
61
|
+
while !ready_for_challenge(domain, dns_challenge) && attempts > 0
|
62
|
+
sleep(8)
|
63
|
+
attempts -= 1
|
64
|
+
end
|
65
|
+
|
66
|
+
# request verifification
|
67
|
+
dns_challenge.request_validation
|
68
|
+
|
69
|
+
# check if dns challange was accepted
|
70
|
+
while dns_challenge.status == "pending"
|
71
|
+
sleep(2)
|
72
|
+
dns_challenge.reload
|
73
|
+
end
|
74
|
+
|
75
|
+
end # end auth loop
|
76
|
+
|
77
|
+
if order.status == "invalid"
|
78
|
+
raise Encryptbot::Error::InvalidOrderError, "Certificate order was invalid. DNS Challenge failed."
|
79
|
+
end
|
80
|
+
|
81
|
+
# Generate certificate
|
82
|
+
csr = Acme::Client::CertificateRequest.new(names: @domain_names)
|
83
|
+
order.finalize(csr: csr)
|
84
|
+
sleep(1) while order.status == "processing"
|
85
|
+
|
86
|
+
# add certificate to heroku
|
87
|
+
certificate = order.certificate
|
88
|
+
private_key = csr.private_key.to_pem
|
89
|
+
Encryptbot::Heroku.new.add_certificate(order.certificate, private_key)
|
90
|
+
end
|
91
|
+
|
92
|
+
# Check if TXT value has been set correctly
|
93
|
+
def ready_for_challenge(domain, dns_challenge)
|
94
|
+
record = "#{dns_challenge.record_name}.#{domain}"
|
95
|
+
challenge_value = dns_challenge.record_content
|
96
|
+
txt_value = Resolv::DNS.open do |dns|
|
97
|
+
records = dns.getresources(record, Resolv::DNS::Resource::IN::TXT);
|
98
|
+
records.empty? ? nil : records.map(&:data).join(" ")
|
99
|
+
end
|
100
|
+
txt_value == challenge_value
|
101
|
+
end
|
102
|
+
|
103
|
+
end
|
104
|
+
|
105
|
+
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
module Encryptbot
|
2
|
+
class Configuration
|
3
|
+
attr_accessor :heroku_app, :heroku_token,
|
4
|
+
:cloudflare_api_key, :cloudflare_email,
|
5
|
+
:dyn_customer_name, :dyn_username, :dyn_password,
|
6
|
+
:acme_email, :domains, :test_mode,
|
7
|
+
:slack_webhook, :slack_bot_username
|
8
|
+
|
9
|
+
def initialize
|
10
|
+
@heroku_app = nil
|
11
|
+
@heroku_token = nil
|
12
|
+
@cloudflare_api_key = nil
|
13
|
+
@cloudflare_email = nil
|
14
|
+
@dyn_customer_name = nil
|
15
|
+
@dyn_username = nil
|
16
|
+
@dyn_password = nil
|
17
|
+
@acme_email = nil
|
18
|
+
@slack_webhook = nil
|
19
|
+
@slack_bot_username = "encryptbot"
|
20
|
+
@test_mode = false # use lets encrypt staging
|
21
|
+
@domains = [] #[{domain: "*.domain.com", service: "cloudflare"}, {domain: "*.domain.com", service: "dyn"}]
|
22
|
+
end
|
23
|
+
|
24
|
+
def valid?
|
25
|
+
heroku_app && heroku_token && acme_email && domains.any? &&
|
26
|
+
(cloudflare_api_key || dyn_customer_name)
|
27
|
+
end
|
28
|
+
|
29
|
+
end
|
30
|
+
end
|
@@ -0,0 +1,27 @@
|
|
1
|
+
require "encryptbot/slack"
|
2
|
+
|
3
|
+
module Encryptbot
|
4
|
+
module Error
|
5
|
+
|
6
|
+
class EncryptbotError < StandardError
|
7
|
+
|
8
|
+
def initialize(msg = "")
|
9
|
+
Encryptbot::Slack.post_message("Unable to autorenew SSL certificate. #{self.class.name} #{msg}")
|
10
|
+
super(msg)
|
11
|
+
end
|
12
|
+
|
13
|
+
end
|
14
|
+
|
15
|
+
# Exception raised when error adding certificate to Heroku
|
16
|
+
class HerokuCertificateError < EncryptbotError; end
|
17
|
+
# Exception raised due to configuration not been setup
|
18
|
+
class SetupError < EncryptbotError; end
|
19
|
+
# Exception raised when adding TXT record to Cloudflare
|
20
|
+
class CloudflareDNSError < EncryptbotError; end
|
21
|
+
# Exception raised when adding TXT record to Dyn
|
22
|
+
class DynDNSError < EncryptbotError; end
|
23
|
+
class UnknownServiceError < EncryptbotError; end
|
24
|
+
# Exception raised as order was failed - this happens when the DNS Challenge failed
|
25
|
+
class InvalidOrderError < EncryptbotError; end
|
26
|
+
end
|
27
|
+
end
|
@@ -0,0 +1,43 @@
|
|
1
|
+
require 'platform-api'
|
2
|
+
|
3
|
+
module Encryptbot
|
4
|
+
class Heroku
|
5
|
+
|
6
|
+
attr_accessor :app, :token
|
7
|
+
|
8
|
+
def initialize
|
9
|
+
@app = Encryptbot.configuration.heroku_app
|
10
|
+
@token = Encryptbot.configuration.heroku_token
|
11
|
+
end
|
12
|
+
|
13
|
+
def add_certificate(certificate, private_key)
|
14
|
+
# list certificate to check if one already exists
|
15
|
+
sni_endpoints = platform.sni_endpoint.list(@app)
|
16
|
+
|
17
|
+
begin
|
18
|
+
if sni_endpoints.any?
|
19
|
+
# update existing ssl certificate
|
20
|
+
platform.sni_endpoint.update(@app, sni_endpoints[0]["name"], {
|
21
|
+
certificate_chain: certificate,
|
22
|
+
private_key: private_key
|
23
|
+
})
|
24
|
+
else
|
25
|
+
# add new ssl certificate
|
26
|
+
platform.sni_endpoint.create(@app, {
|
27
|
+
certificate_chain: certificate,
|
28
|
+
private_key: private_key
|
29
|
+
})
|
30
|
+
end
|
31
|
+
rescue => e
|
32
|
+
raise Encryptbot::Error::HerokuCertificateError, e
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
private
|
37
|
+
|
38
|
+
def platform
|
39
|
+
@platform ||= PlatformAPI.connect_oauth(@token)
|
40
|
+
end
|
41
|
+
|
42
|
+
end
|
43
|
+
end
|
@@ -0,0 +1,111 @@
|
|
1
|
+
# a=Encryptbot::Services::Cloudflare.new("*.domain.com", {type: "TXT", name: "_acme-challenge.adventist.place", content: "test-3"});a.add_challenge
|
2
|
+
require "faraday"
|
3
|
+
require "json"
|
4
|
+
|
5
|
+
module Encryptbot
|
6
|
+
module Services
|
7
|
+
class Cloudflare
|
8
|
+
|
9
|
+
attr_accessor :domain, :api_key, :api_email, :zone_id, :dns_entry, :dns_record_id, :dns_record
|
10
|
+
|
11
|
+
def initialize(domain, dns_entry)
|
12
|
+
@domain = domain.to_s.gsub("*.", "") # cleanup wildcard by removing *. infront
|
13
|
+
@api_key = Encryptbot.configuration.cloudflare_api_key
|
14
|
+
@api_email = Encryptbot.configuration.cloudflare_email
|
15
|
+
@dns_entry = dns_entry # {content: "txt-record-content", type: "TXT", name: "_acme-challenge.domain.com"}
|
16
|
+
@dns_record = "#{dns_entry[:name]}.#{@domain}"
|
17
|
+
end
|
18
|
+
|
19
|
+
def add_challenge
|
20
|
+
begin
|
21
|
+
get_zone_id
|
22
|
+
setup_dns_record
|
23
|
+
rescue => e
|
24
|
+
raise Encryptbot::Error::CloudflareDNSError, e
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
def get_zone_id
|
29
|
+
response = get("/zones?name=#{@domain}")
|
30
|
+
if response["result"].any?
|
31
|
+
@zone_id = response["result"].first["id"]
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
def setup_dns_record
|
36
|
+
find_dns_record
|
37
|
+
return false if @zone_id.nil?
|
38
|
+
|
39
|
+
if @dns_record_id
|
40
|
+
update_dns_record
|
41
|
+
else
|
42
|
+
add_dns_record
|
43
|
+
end
|
44
|
+
end
|
45
|
+
|
46
|
+
def find_dns_record
|
47
|
+
response = get("/zones/#{@zone_id}/dns_records?name=#{@dns_record}&type=#{@dns_entry[:type]}")
|
48
|
+
if response["result"].any?
|
49
|
+
@dns_record_id = response["result"].first["id"]
|
50
|
+
end
|
51
|
+
end
|
52
|
+
|
53
|
+
def add_dns_record
|
54
|
+
response = post("/zones/#{@zone_id}/dns_records", {
|
55
|
+
type: @dns_entry[:type],
|
56
|
+
name: @dns_record,
|
57
|
+
content: @dns_entry[:content],
|
58
|
+
ttl: 120
|
59
|
+
})
|
60
|
+
response["success"]
|
61
|
+
end
|
62
|
+
|
63
|
+
def update_dns_record
|
64
|
+
response = put("/zones/#{@zone_id}/dns_records/#{@dns_record_id}", {
|
65
|
+
type: @dns_entry[:type],
|
66
|
+
name: @dns_record,
|
67
|
+
content: @dns_entry[:content],
|
68
|
+
ttl: 120
|
69
|
+
})
|
70
|
+
response["success"]
|
71
|
+
end
|
72
|
+
|
73
|
+
private
|
74
|
+
|
75
|
+
def post(endpoint_path, payload)
|
76
|
+
response = connection.post "https://api.cloudflare.com/client/v4#{endpoint_path}", payload.to_json
|
77
|
+
format_response(response)
|
78
|
+
end
|
79
|
+
|
80
|
+
def put(endpoint_path, payload)
|
81
|
+
response = connection.put "https://api.cloudflare.com/client/v4#{endpoint_path}", payload.to_json
|
82
|
+
format_response(response)
|
83
|
+
end
|
84
|
+
|
85
|
+
def get(endpoint_path)
|
86
|
+
response = connection.get "https://api.cloudflare.com/client/v4#{endpoint_path}"
|
87
|
+
format_response(response)
|
88
|
+
end
|
89
|
+
|
90
|
+
def connection
|
91
|
+
@connection ||= begin
|
92
|
+
headers = {
|
93
|
+
"X-Auth-Key" => @api_key,
|
94
|
+
"X-Auth-Email" => @api_email,
|
95
|
+
"Content-Type" => "application/json"
|
96
|
+
}
|
97
|
+
Faraday.new(url: "https://api.cloudflare.com", headers: headers)
|
98
|
+
end
|
99
|
+
end
|
100
|
+
|
101
|
+
def format_response(response)
|
102
|
+
if response.success?
|
103
|
+
JSON.parse(response.body)
|
104
|
+
else
|
105
|
+
nil
|
106
|
+
end
|
107
|
+
end
|
108
|
+
|
109
|
+
end
|
110
|
+
end
|
111
|
+
end
|
@@ -0,0 +1,145 @@
|
|
1
|
+
# a=Encryptbot::Services::Dyn.new("*.domain.com", {type: "TXT", name: "_acme-challenge", content: "test-3"});a.add_challenge
|
2
|
+
require "faraday"
|
3
|
+
require "json"
|
4
|
+
|
5
|
+
module Encryptbot
|
6
|
+
module Services
|
7
|
+
class Dyn
|
8
|
+
|
9
|
+
attr_accessor :domain, :dns_entry, :full_domain_name, :api_token, :customer_name, :username, :password
|
10
|
+
|
11
|
+
def initialize(domain, dns_entry)
|
12
|
+
@domain = domain.to_s.gsub("*.", "") # cleanup wildcard by removing *. infront
|
13
|
+
@dns_entry = dns_entry # {content: "txt-record-content", type: "TXT", name: "_acme-challenge.domain.com"}
|
14
|
+
@full_domain_name = "#{dns_entry[:name]}.#{@domain}"
|
15
|
+
@api_token = nil
|
16
|
+
@customer_name = Encryptbot.configuration.dyn_customer_name
|
17
|
+
@username = Encryptbot.configuration.dyn_username
|
18
|
+
@password = Encryptbot.configuration.dyn_password
|
19
|
+
end
|
20
|
+
|
21
|
+
# sign in
|
22
|
+
# check for txt record, update if already exists, otherwise create new one
|
23
|
+
# publish changes
|
24
|
+
# sign out
|
25
|
+
def add_challenge
|
26
|
+
begin
|
27
|
+
sign_in
|
28
|
+
success = setup_dns_record
|
29
|
+
sign_out
|
30
|
+
success
|
31
|
+
rescue => e
|
32
|
+
raise Encryptbot::Error::DynDNSError, e
|
33
|
+
end
|
34
|
+
|
35
|
+
end
|
36
|
+
|
37
|
+
def sign_in
|
38
|
+
response = post("/REST/Session/", {
|
39
|
+
customer_name: customer_name,
|
40
|
+
user_name: username,
|
41
|
+
password: password
|
42
|
+
})
|
43
|
+
if response && response["status"] == "success"
|
44
|
+
@api_token = response["data"]["token"]
|
45
|
+
end
|
46
|
+
if @api_token.nil?
|
47
|
+
raise Encryptbot::Error::DynDNSError, "Unable to get Dyn API Token"
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
51
|
+
def sign_out
|
52
|
+
response = delete("/REST/Session/")
|
53
|
+
end
|
54
|
+
|
55
|
+
def setup_dns_record
|
56
|
+
txt_endpoint = find_dns_record
|
57
|
+
|
58
|
+
if txt_endpoint
|
59
|
+
update_dns_record(txt_endpoint)
|
60
|
+
else
|
61
|
+
add_dns_record
|
62
|
+
end
|
63
|
+
end
|
64
|
+
|
65
|
+
def find_dns_record
|
66
|
+
response = get("/REST/TXTRecord/#{domain}/#{full_domain_name}/")
|
67
|
+
if response && response["status"] == "success"
|
68
|
+
return response["data"][0]
|
69
|
+
end
|
70
|
+
nil
|
71
|
+
end
|
72
|
+
|
73
|
+
def add_dns_record
|
74
|
+
response = post("/REST/TXTRecord/#{domain}/#{full_domain_name}/", {
|
75
|
+
rdata: {
|
76
|
+
txtdata: dns_entry[:content]
|
77
|
+
},
|
78
|
+
ttl: "30"
|
79
|
+
})
|
80
|
+
if response && response["status"] == "success"
|
81
|
+
return publish_changes
|
82
|
+
end
|
83
|
+
false
|
84
|
+
end
|
85
|
+
|
86
|
+
def update_dns_record(txt_endpoint)
|
87
|
+
response = put(txt_endpoint, {
|
88
|
+
rdata: {
|
89
|
+
txtdata: dns_entry[:content]
|
90
|
+
},
|
91
|
+
ttl: "30"
|
92
|
+
})
|
93
|
+
if response && response["status"] == "success"
|
94
|
+
return publish_changes
|
95
|
+
end
|
96
|
+
false
|
97
|
+
end
|
98
|
+
|
99
|
+
def publish_changes
|
100
|
+
response = put("/REST/Zone/#{domain}/", {publish: true})
|
101
|
+
response && response["status"] == "success"
|
102
|
+
end
|
103
|
+
|
104
|
+
private
|
105
|
+
|
106
|
+
def post(endpoint_path, payload)
|
107
|
+
response = connection.post "https://api2.dynect.net#{endpoint_path}", payload.to_json
|
108
|
+
format_response(response)
|
109
|
+
end
|
110
|
+
|
111
|
+
def put(endpoint_path, payload)
|
112
|
+
response = connection.put "https://api2.dynect.net#{endpoint_path}", payload.to_json
|
113
|
+
format_response(response)
|
114
|
+
end
|
115
|
+
|
116
|
+
def delete(endpoint_path)
|
117
|
+
response = connection.delete "https://api2.dynect.net#{endpoint_path}"
|
118
|
+
format_response(response)
|
119
|
+
end
|
120
|
+
|
121
|
+
def get(endpoint_path)
|
122
|
+
response = connection.get "https://api2.dynect.net#{endpoint_path}"
|
123
|
+
format_response(response)
|
124
|
+
end
|
125
|
+
|
126
|
+
# Api token if set for requests after sign in completed
|
127
|
+
def connection
|
128
|
+
headers = {
|
129
|
+
"Auth-Token" => api_token.to_s,
|
130
|
+
"Content-Type" => "application/json"
|
131
|
+
}
|
132
|
+
Faraday.new(url: "https://api2.dynect.net", headers: headers)
|
133
|
+
end
|
134
|
+
|
135
|
+
def format_response(response)
|
136
|
+
if response.success?
|
137
|
+
JSON.parse(response.body)
|
138
|
+
else
|
139
|
+
nil
|
140
|
+
end
|
141
|
+
end
|
142
|
+
|
143
|
+
end
|
144
|
+
end
|
145
|
+
end
|
@@ -0,0 +1,14 @@
|
|
1
|
+
module Encryptbot
|
2
|
+
class Slack
|
3
|
+
|
4
|
+
def self.post_message(message)
|
5
|
+
unless Encryptbot.configuration.slack_webhook.nil?
|
6
|
+
notifier.ping message
|
7
|
+
end
|
8
|
+
end
|
9
|
+
|
10
|
+
def self.notifier
|
11
|
+
@notifier ||= Slack::Notifier.new Encryptbot.configuration.slack_webhook, username: Encryptbot.configuration.slack_bot_username
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
data/lib/encryptbot.rb
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
require "encryptbot/configuration"
|
2
|
+
require "encryptbot/cert"
|
3
|
+
require "encryptbot/version"
|
4
|
+
require "encryptbot/services/cloudflare"
|
5
|
+
require "encryptbot/services/dyn"
|
6
|
+
|
7
|
+
if defined?(Rails)
|
8
|
+
require "encryptbot/railtie"
|
9
|
+
end
|
10
|
+
|
11
|
+
module Encryptbot
|
12
|
+
|
13
|
+
class << self
|
14
|
+
attr_accessor :configuration
|
15
|
+
end
|
16
|
+
|
17
|
+
def self.configure
|
18
|
+
self.configuration ||= Configuration.new
|
19
|
+
yield(configuration) if block_given?
|
20
|
+
end
|
21
|
+
|
22
|
+
end
|
metadata
ADDED
@@ -0,0 +1,149 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: encryptbot
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- danlewis
|
8
|
+
autorequire:
|
9
|
+
bindir: exe
|
10
|
+
cert_chain: []
|
11
|
+
date: 2018-05-24 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: acme-client
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ">="
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - ">="
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '0'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: platform-api
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - ">="
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '0'
|
34
|
+
type: :runtime
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - ">="
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: faraday
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - ">="
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '0'
|
48
|
+
type: :runtime
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - ">="
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '0'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: slack-notifier
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - ">="
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '0'
|
62
|
+
type: :runtime
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - ">="
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '0'
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: bundler
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - "~>"
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '1.16'
|
76
|
+
type: :development
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - "~>"
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '1.16'
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: rake
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
86
|
+
requirements:
|
87
|
+
- - "~>"
|
88
|
+
- !ruby/object:Gem::Version
|
89
|
+
version: '10.0'
|
90
|
+
type: :development
|
91
|
+
prerelease: false
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - "~>"
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: '10.0'
|
97
|
+
description: Manage Lets Encrypt Wildcard certs to heroku
|
98
|
+
email:
|
99
|
+
- ''
|
100
|
+
executables: []
|
101
|
+
extensions: []
|
102
|
+
extra_rdoc_files: []
|
103
|
+
files:
|
104
|
+
- ".gitignore"
|
105
|
+
- CODE_OF_CONDUCT.md
|
106
|
+
- Gemfile
|
107
|
+
- Gemfile.lock
|
108
|
+
- LICENSE.txt
|
109
|
+
- README.md
|
110
|
+
- Rakefile
|
111
|
+
- bin/console
|
112
|
+
- bin/setup
|
113
|
+
- encryptbot.gemspec
|
114
|
+
- lib/encryptbot.rb
|
115
|
+
- lib/encryptbot/cert.rb
|
116
|
+
- lib/encryptbot/configuration.rb
|
117
|
+
- lib/encryptbot/exceptions.rb
|
118
|
+
- lib/encryptbot/heroku.rb
|
119
|
+
- lib/encryptbot/railtie.rb
|
120
|
+
- lib/encryptbot/services/cloudflare.rb
|
121
|
+
- lib/encryptbot/services/dyn.rb
|
122
|
+
- lib/encryptbot/slack.rb
|
123
|
+
- lib/encryptbot/version.rb
|
124
|
+
- lib/tasks/encryptbot.rake
|
125
|
+
homepage: ''
|
126
|
+
licenses:
|
127
|
+
- MIT
|
128
|
+
metadata: {}
|
129
|
+
post_install_message:
|
130
|
+
rdoc_options: []
|
131
|
+
require_paths:
|
132
|
+
- lib
|
133
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
134
|
+
requirements:
|
135
|
+
- - ">="
|
136
|
+
- !ruby/object:Gem::Version
|
137
|
+
version: '0'
|
138
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
139
|
+
requirements:
|
140
|
+
- - ">="
|
141
|
+
- !ruby/object:Gem::Version
|
142
|
+
version: '0'
|
143
|
+
requirements: []
|
144
|
+
rubyforge_project:
|
145
|
+
rubygems_version: 2.6.13
|
146
|
+
signing_key:
|
147
|
+
specification_version: 4
|
148
|
+
summary: Manage Lets Encrypt Wildcard certs to heroku
|
149
|
+
test_files: []
|