RubyGems - letscert - Versions diffs - 0.2.1 - Mend

letscert 0.2.1

Files changed (17) hide show

checksums.yaml +7 -0
data/LICENSE +21 -0
data/README.md +16 -0
data/Rakefile +3 -0
data/bin/letscert +8 -0
data/bin/letscert~ +4 -0
data/lib/letscert/certificate.rb~ +14 -0
data/lib/letscert/io_plugin.rb +335 -0
data/lib/letscert/io_plugin.rb~ +9 -0
data/lib/letscert/runner.rb +469 -0
data/lib/letscert/runner.rb~ +10 -0
data/lib/letscert.rb +13 -0
data/lib/letscert.rb~ +6 -0
data/tasks/gem.rake +34 -0
data/tasks/gem.rake~ +34 -0
data/tasks/yard.rake +6 -0
metadata +89 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 93eea77b95f4023766df113b6fcf0af05cac41f7
+  data.tar.gz: eefe4a0c05303c3c3b7d6cd554aa518b73d3da43
+SHA512:
+  metadata.gz: 308c8ddba083a0622f81e213fcd31133b5b8161b8571ee437a05cf4bd5695cef031f0beec14945361b197822a075727e57264e12a5ecdbf49d3e23862401f74b
+  data.tar.gz: b4bded7e572fa89fb693d2f511a002a0e1f523272ffeaa0bb3de441bc15dcad2b4de2cee6ebfad35a441fe7d0bfa7796e0b9166cd4c693192fc30762dfac5355

data/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+Copyright (c) 2016 Sylvain Daubert
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md ADDED Viewed

@@ -0,0 +1,16 @@
+# letscert
+A simple `Let's Encrypt` client in ruby.
+I think `simp_le` do it the right way: it is simple, it is safe as it does not needed to be run as root,
+but it is Python (no one is perfect :-)) So I started to create a clone, but in Ruby.
+Work in progress.
+# Usage
+Generate a key pair and get signed certificate
+```bash
+letscert -d example.com:/var/www/example.com/html -f key.pem -f cert.pem -f fullchain.pem
+```
+The command is the same for certificate renewal.

data/Rakefile ADDED Viewed

@@ -0,0 +1,3 @@
+Dir.glob('tasks/*.rake').each do |file|
+  load file
+end

data/bin/letscert ADDED Viewed

@@ -0,0 +1,8 @@
+#!/usr/bin/ruby
+require 'acme-client'
+require 'letscert'
+code = LetsCert::Runner.run
+exit code

data/bin/letscert~ ADDED Viewed

@@ -0,0 +1,4 @@
+#!/usr/bin/ruby
+require 'acme-client'

data/lib/letscert/certificate.rb~ ADDED Viewed

@@ -0,0 +1,14 @@
+module LetsCert
+  # Class to handle certificates.
+  class Certificate
+    # Load all certificates passed as arguments
+    # @param [Array<String>] files
+    # @return [Array<Certificate>]
+    def self.load(*files)
+    end
+  end
+end

data/lib/letscert/io_plugin.rb ADDED Viewed

@@ -0,0 +1,335 @@
+require 'json'
+require 'base64'
+module LetsCert
+  # Input/output plugin
+  class IOPlugin
+    # Plugin name
+    # @return [String]
+    attr_reader :name
+    # Allowed plugin names
+    ALLOWED_PLUGINS = %w(account_key.json cert.der cert.pem chain.pem full.pem) +
+                      %w(fullchain.pem key.der key.pem)
+    @@registered = {}
+    # Get empty data
+    def self.empty_data
+      { account_key: nil, key: nil, cert: nil, chain: nil }
+    end
+    # Register a plugin
+    def self.register(klass, *args)
+      plugin = klass.new(*args)
+      if plugin.name =~ /[\/\\]/ or ['.', '..'].include?(plugin.name)
+        raise Error, "plugin name should just ne a file name, without path"
+      end
+      @@registered[plugin.name] = plugin
+      klass
+    end
+    # Get registered plugins
+    def self.registered
+      @@registered
+    end
+    # Set logger
+    def self.logger=(logger)
+      @@logger = logger
+    end
+    # @param [String] name
+    def initialize(name)
+      @name = name
+    end
+    # Get logger instance
+    # @return [Logger]
+    def logger
+      @logger ||= self.class.class_variable_get(:@@logger)
+    end
+    # @abstract This method must be overriden in subclasses
+    def load
+      raise NotImplementedError
+    end
+    # @abstract This method must be overriden in subclasses
+    def save
+      raise NotImplementedError
+    end
+  end
+  # Mixin for IOPmugin subclasses that handle files
+  module FileIOPluginMixin
+    # Load data from file named {#name}
+    # @return [Hash]
+    def load
+      logger.debug { "Loading #@name" }
+      begin
+        content = File.read(@name)
+      rescue SystemCallError => ex
+        if ex.is_a? Errno::ENOENT
+          logger.info { "no #@name file" }
+          return self.class.empty_data
+        end
+        raise
+      end
+      load_from_content(content)
+    end
+    # @abstract
+    # @return [Hash]
+    def load_from_content(content)
+      raise NotImplementedError
+    end
+    # Save data to file {#name}
+    # @param [Hash] data
+    # @return [void]
+    def save_to_file(data)
+      return if data.nil?
+      logger.info { "saving #@name" }
+      begin
+        File.open(name, 'w') do |f|
+          f.write(data)
+        end
+      rescue Errno => ex
+        @logger.error { ex.message }
+        raise Error, "Error when saving #@name"
+      end
+    end
+  end
+  # Mixin for IOPlugin subclasses that handle JWK
+  module JWKIOPluginMixin
+    # Load crypto data from JSON-encoded file
+    # @param [String] data JSON-encoded data
+    # @return [Hash]
+    def load_jwk(data)
+      return nil if data.empty?
+      hsh = JSON.parse(data)
+      key = OpenSSL::PKey::RSA.new
+      key.n = OpenSSL::BN.new(Base64.strict_decode64(hsh['n']))
+      key.e = OpenSSL::BN.new(Base64.strict_decode64(hsh['e']))
+      key.d = OpenSSL::BN.new(Base64.strict_decode64(hsh['e']))
+      key.p = OpenSSL::BN.new(Base64.strict_decode64(hsh['p']))
+      key.q = OpenSSL::BN.new(Base64.strict_decode64(hsh['q']))
+      key.dmp1 = OpenSSL::BN.new(Base64.strict_decode64(hsh['dp']))
+      key.dmq1 = OpenSSL::BN.new(Base64.strict_decode64(hsh['dq']))
+      key.iqmp = OpenSSL::BN.new(Base64.strict_decode64(hsh['qi']))
+      key
+    end
+    # Dump crypto data (key) to a JSON-encoded string
+    # @param [OpenSSL::PKey] jwk
+    # @return [String]
+    def dump_jwk(jwk)
+      hsh = jwk.params
+      # Add and rename some fields to be compatible with simp_le
+      hsh['kty'] = 'RSA'
+      hsh['qi'] = hsh['iqmp'].dup
+      hsh['dp'] = hsh['dmp1'].dup
+      hsh['dq'] = hsh['dmq1'].dup
+      hsh.delete('iqmp')
+      hsh.delete('dmpl')
+      hsh.delete('dmql')
+      hsh.rehash
+      hsh.each_key do |key|
+        if hsh[key].is_a?(OpenSSL::BN)
+          hsh[key] = Base64.strict_encode64(hsh[key].to_s)
+        end
+      end
+      hsh.to_json
+    end
+  end
+  # Account key IO plugin
+  class AccountKey < IOPlugin
+    include FileIOPluginMixin
+    include JWKIOPluginMixin
+    def persisted
+      { account_key: true }
+    end
+    def load_from_content(content)
+      { account_key: load_jwk(content) }
+    end
+    def save(data)
+      save_to_file(dump_jwk(data[:account_key]))
+    end
+  end
+  IOPlugin.register(AccountKey, 'account_key.json')
+  # OpenSSL IOPlugin
+  class OpenSSLIOPlugin < IOPlugin
+    # @private Regulat expression to discriminate PEM
+    PEM_RE = /
+^-----BEGIN ((?:[\x21-\x2c\x2e-\x7e](?:[- ]?[\x21-\x2c\x2e-\x7e])*)?)\s*-----$
+.*?
+^-----END \1-----\s*
+/x
+    def initialize(name, type)
+      case type
+      when :pem
+      when :der
+      else
+        raise ArgumentError, "type should be :pem or :der"
+      end
+      @type = type
+      super(name)
+    end
+    def load_key(data)
+      OpenSSL::PKey::RSA.new data
+    end
+    def dump_key(key)
+      case @type
+      when :pem
+        key.to_pem
+      when :der
+        key.to_der
+      end
+    end
+    alias :dump_cert :dump_key
+    def load_cert(data)
+      OpenSSL::X509::Certificate.new data
+    end
+    private
+    def split_pems(data)
+      m = data.match(PEM_RE)
+      while (m) do
+        yield m[0]
+        m = [data[m.end(0)..-1]].match(PEM_RE)
+      end
+    end
+  end
+  # Key file plugin
+  class KeyFile < OpenSSLIOPlugin
+    include FileIOPluginMixin
+    def persisted
+      @persisted ||= { key: true }
+    end
+    def load_from_content(content)
+      { key: load_key(content) }
+    end
+    def save(data)
+      save_to_file(dump_key(data[:key]))
+    end
+  end
+  IOPlugin.register(KeyFile, 'key.pem', :pem)
+  IOPlugin.register(KeyFile, 'key.der', :der)
+  # Chain file plugin
+  class ChainFile < OpenSSLIOPlugin
+    include FileIOPluginMixin
+    def persisted
+      @persisted ||= { chain: true }
+    end
+    def load_from_content(content)
+      chain = []
+      split_pems(content) do |pem|
+        chain << load_cert(pem)
+      end
+      { chain: chain }
+    end
+    def save(data)
+      save_to_file(data[:chain].map { |c| dump_cert(c) }.join)
+    end
+  end
+  IOPlugin.register(ChainFile, 'chain.pem', :pem)
+  # Fullchain file plugin
+  class FullChainFile < ChainFile
+    def persisted
+      @persisted ||= { cert: true, chain: true }
+    end
+    def load
+      data = super
+      if data[:chain].nil? or data[:chain].empty?
+        cert, chain = nil, nil
+      else
+        cert, chain = data[:chain]
+      end
+      { account_key: data[:account_key], key: data[:key], cert: cert, chain: chain }
+    end
+    def save(data)
+      super(account_key: data[:account_key], key: data[:key], cert: nil,
+            chain: [data[:cert]] + data[:chain])
+    end
+  end
+  IOPlugin.register(FullChainFile, 'fullchain.pem', :pem)
+  # Cert file plugin
+  class CertFile < OpenSSLIOPlugin
+    include FileIOPluginMixin
+    def persisted
+      @persisted ||= { cert: true }
+    end
+    def load_from_content(content)
+      { cert: load_cert(content) }
+    end
+    def save(data)
+      save_to_file(dump_cert(data[:cert]))
+    end
+  end
+  IOPlugin.register(CertFile, 'cert.pem', :pem)
+  IOPlugin.register(CertFile, 'cert.der', :der)
+end

data/lib/letscert/io_plugin.rb~ ADDED Viewed

@@ -0,0 +1,9 @@
+module LetsCert
+  class IOPlugin
+    ALLOWED_PLUGINS = %w(account_key.json cert.der cert.pem chain.pem full.pem) +
+                      %w(fullchain.pem key.der key.pem)
+  end
+end

data/lib/letscert/runner.rb ADDED Viewed

@@ -0,0 +1,469 @@
+require 'optparse'
+require 'logger'
+require 'fileutils'
+require_relative 'io_plugin'
+module LetsCert
+  class Runner
+    # Custom logger formatter
+    class LoggerFormatter < Logger::Formatter
+      # @private
+      FORMAT = "[%s] %5s: %s\n"
+      # @param [String] severity
+      # @param [Datetime] time
+      # @param [nil,String] progname
+      # @param [String] msg
+      # @return [String]
+      def call(severity, time, progname, msg)
+        FORMAT % [format_datetime(time), severity, msg2str(msg)]
+      end
+      private
+      def format_datetime(time)
+        time.strftime("%Y-%d-%d %H:%M:%S")
+      end
+    end
+    # Exit value for OK
+    RETURN_OK = 1
+    # Exit value for OK but with creation/renewal of certificate data
+    RETURN_OK_CERT = 0
+    # Exit value for error(s)
+    RETURN_ERROR = 2
+    # @return [Logger]
+    attr_reader :logger
+    # Run LetsCert
+    # @return [Integer]
+    # @see #run
+    def self.run
+      runner = new
+      runner.parse_options
+      runner.run
+    end
+    def initialize
+      @options = {
+        verbose: 0,
+        domains: [],
+        files: [],
+        cert_key_size: 2048,
+        valid_min: 30 * 24 * 60 * 60,
+        account_key_public_exponent: 65537,
+        account_key_size: 4096,
+        tos_sha256: '33d233c8ab558ba6c8ebc370a509acdded8b80e5d587aa5d192193f35226540f',
+        user_agent: 'letscert/0',
+        server: 'https://acme-v01.api.letsencrypt.org/directory',
+      }
+      @logger = Logger.new(STDOUT)
+      @logger.formatter = LoggerFormatter.new
+    end
+    # @return [Integer] exit code
+    #   * 0 if certificate data were created or updated
+    #   * 1 if renewal was not necessery
+    #   * 2 in case of errors
+    def run
+      if @options[:print_help]
+        puts @opt_parser
+        exit RETURN_OK
+      end
+      if @options[:show_version]
+        puts "letscert #{LetsCert::VERSION}"
+        puts "Copyright (c) 2016 Sylvain Daubert"
+        puts "License MIT: see http://opensource.org/licenses/MIT"
+        exit RETURN_OK
+      end
+      case @options[:verbose]
+      when 0
+        @logger.level = Logger::Severity::WARN
+      when 1
+        @logger.level = Logger::Severity::INFO
+      when 2..5
+        @logger.level = Logger::Severity::DEBUG
+      end
+      @logger.debug { "options are: #{@options.inspect}" }
+      IOPlugin.logger = @logger
+      begin
+        if @options[:revoke]
+          revoke
+          RETURN_OK
+        elsif @options[:domains].empty?
+          raise Error, 'At leat one domain must be given with --domain option'
+        else
+          # Check all components are covered by plugins
+          persisted = IOPlugin.empty_data
+          @options[:files].each do |file|
+            persisted.merge!(IOPlugin.registered[file].persisted) do |k, oldv, newv|
+              oldv || newv
+            end
+          end
+          not_persisted = persisted.keys.find_all { |k| !persisted[k] }
+          unless not_persisted.empty?
+            raise Error, 'Selected IO plugins do not cover following components: ' +
+                         not_persisted.join(', ')
+          end
+          data = load_data_from_disk(@options[:files])
+          if valid_existing_cert(data[:cert], @options[:domains], @options[:valid_min])
+            @logger.info { 'no need to update cert' }
+            RETURN_OK
+          else
+            # update/create cert
+            new_data(data)
+            RETURN_OK_CERT
+          end
+        end
+      rescue Error, Acme::Client::Error => ex
+        @logger.error ex.message
+        puts "Error: #{ex.message}"
+        RETURN_ERROR
+      end
+    end
+    def parse_options
+      @opt_parser = OptionParser.new do |opts|
+        opts.banner = "Usage: lestcert [options]"
+        opts.separator('')
+        opts.on('-h', '--help', 'Show this help message and exit') do
+          @options[:print_help] = true
+        end
+        opts.on('-V', '--version', 'Show version and exit') do |v|
+          @options[:show_version] = v
+        end
+        opts.on('-v', '--verbose', 'Run verbosely') { |v| @options[:verbose] += 1 if v }
+        opts.separator("\nWebroot manager:")
+        opts.on('-d', '--domain DOMAIN[:PATH]',
+                'Domain name to include in the certificate.',
+                'Must be specified at least once.',
+                'Its path on the disk must also be provided.') do |domain|
+          @options[:domains] << domain
+        end
+        opts.on('--default_root PATH', 'Default webroot path',
+                'Use for domains without PATH part.') do |path|
+          @options[:default_root] = path
+        end
+        opts.separator("\nCertificate data files:")
+        opts.on('--revoke', 'Revoke existing certificates') do |revoke|
+          @options[:revoke] = revoke
+        end
+        opts.on("-f", "--file FILE", 'Input/output file.',
+                'Can be specified multiple times',
+                'Allowed values: account_key.json, cert.der,',
+                'cert.pem, chain.pem, full.pem,',
+                'fullchain.pem, key.der, key.pem.') do |file|
+          @options[:files] << file
+        end
+        opts.on('--cert-key-size BITS', Integer,
+                'Certificate key size in bits',
+                '(default: 2048)') do |bits|
+          @options[:cert_key_size] = bits
+        end
+        opts.on('--valid-min SECONDS', Integer, 'Renew existing certificate if validity',
+                'is lesser than SECONDS (default: 2592000 (30 days))') do |time|
+          @options[:valid_min] = time
+        end
+        opts.on('--reuse-key', 'Reuse previous private key') do |rk|
+          @options[:reuse_key] = rk
+        end
+        opts.separator("\nRegistration:")
+        opts.separator("  Automatically register an account with he ACME CA specified" +
+                       " by --server")
+        opts.separator('')
+        opts.on('--account-key-public-exponent BITS', Integer,
+                'Account key public exponent value (default: 65537)') do |bits|
+          @options[:account_key_public_exponent] = bits
+        end
+        opts.on('--account-key-size BITS', Integer,
+                'Account key size (default: 4096)') do |bits|
+          @options[:account_key_size] = bits
+        end
+        opts.on('--tos-sha256 HASH', String,
+                'SHA-256 digest of the content of Terms Of Service URI') do |hash|
+          @options[:tos_sha256] = hash
+        end
+        opts.on('--email EMAIL', String,
+                'E-mail address. CA is likely to use it to',
+                'remind about expiring certificates, as well',
+                'as for account recovery. It is highly',
+                'recommended to set this value.') do |email|
+          @options[:email] = email
+        end
+        opts.separator("\nHTTP:")
+        opts.separator('  Configure properties of HTTP requests and responses.')
+        opts.separator('')
+        opts.on('--user-agent NAME', 'User-Agent sent in all HTTP requests',
+                '(default: letscert/0)') do |ua|
+          @options[:user_agent] = ua
+        end
+        opts.on('--server URI', 'URI for the CA ACME API endpoint',
+                '(default: https://acme-v01.api.letsencrypt.org/directory)') do |uri|
+          @options[:server] = uri
+        end
+      end
+      @opt_parser.parse!
+    end
+    def revoke
+      @logger.info { "load certificates: #{@options[:files].join(', ')}" }
+      if @options[:files].empty?
+        raise Error, 'no certificate to revoke. Pass at least one with '+
+                     ' -f option.'
+      end
+      # Temp
+      @logger.warn "Not yet implemented"
+    end
+    private
+    def get_account_key(data)
+      if data.nil?
+        logger.info { 'No account key. Generate a new one...' }
+        OpenSSL::PKey::RSA.new(@options[:account_key_size])
+      else
+        data
+      end
+    end
+    # Get ACME client.
+    #
+    # Client is only created on first call, then it is cached.
+    def get_acme_client(account_key)
+      return @client if @client
+      key = get_account_key(account_key)
+      @logger.debug { "connect to #{@options[:server]}" }
+      @client = Acme::Client.new(private_key: key, endpoint: @options[:server])
+      if @options[:email].nil?
+        @logger.warn { '--email was not provided. ACME CA will have no way to ' +
+                       'contact you!' }
+      end
+      begin
+        @logger.debug { "register with #{@options[:email]}" }
+        registration = @client.register(contact: "mailto:#{@options[:email]}")
+      rescue Acme::Client::Error::Malformed => ex
+        if ex.message != 'Registration key is already in use'
+          raise
+        end
+      else
+        #if registration.term_of_service_uri
+        #  @logger.debug { "get terms of service" }
+        #  terms = registration.get_terms
+        #  if !terms.nil?
+        #    tos_digest = OpenSSL::Digest::SHA256.digest(terms)
+        #    if tos_digest != @options[:tos_sha256]
+        #      raise Error, 'Terms Of Service mismatch'
+        #    end
+             @logger.debug { "agree terms of service" }
+             registration.agree_terms
+        #  end
+        #end
+      end
+      @client
+    end
+    # Load existing data from disk
+    def load_data_from_disk(files)
+      all_data = IOPlugin.empty_data
+      files.each do |plugin_name|
+        persisted = IOPlugin.registered[plugin_name].persisted
+        data = IOPlugin.registered[plugin_name].load
+        test = IOPlugin.empty_data.keys.all? do |key|
+          persisted[key] or data[key].nil?
+        end
+        raise Error unless test
+        # Merge data into all_data. New value replace old one only if old one was
+        # not defined
+        all_data.merge!(data) do |key, oldval, newval|
+          oldval || newval
+        end
+      end
+      all_data
+    end
+    # Check if +cert+ exists and is always valid
+    # @todo For now, only check exitence.
+    def valid_existing_cert(cert, domains, valid_min)
+      if cert.nil?
+        @logger.debug { 'no existing cert' }
+        return false
+      end
+      subjects = []
+      cert.extensions.each do |ext|
+        if ext.oid == 'subjectAltName'
+          subjects += ext.value.split(/,\s*/).map { |s| s.sub(/DNS:/, '') }
+        end
+      end
+      @logger.debug { "cert SANs: #{subjects.join(', ')}" }
+      # Check all domains are subjects of certificate
+      unless domains.all? { |domain| subjects.include? domain }
+        raise Error, "At least one domain is not declared as a certificate subject." +
+                     "Backup and remove existing cert if you want to proceed"
+      end
+      !renewal_necessary?(cert, valid_min)
+    end
+    # Check if a renewal is necessary for +cert+
+    def renewal_necessary?(cert, valid_min)
+      now = Time.now.utc
+      diff = (cert.not_after - now).to_i
+      @logger.debug { "Certificate expires in #{diff}s on #{cert.not_after}" +
+                      " (relative to #{now})" }
+      diff < valid_min
+    end
+    # Create/renew key/cert/chain
+    def new_data(data)
+      @logger.info {"create key/cert/chain..." }
+      roots = compute_roots
+      @logger.debug { "webroots are: #{roots.inspect}" }
+      client = get_acme_client(data[:account_key])
+      @logger.debug { 'Get authorization for all domains' }
+      challenges = {}
+      roots.keys.each do |domain|
+        authorization = client.authorize(domain: domain)
+         if authorization
+           challenges[domain] = authorization.http01
+         else
+           challenges[domain] = nil
+         end
+      end
+      @logger.debug { 'Check all challenges are HTTP-01' }
+      if challenges.values.any? { |chall| chall.nil? }
+        raise Error, 'CA did not offer http-01-only challenge. ' +
+                     'This client is unable to solve any other challenges.'
+      end
+      challenges.each do |domain, challenge|
+        begin
+          FileUtils.mkdir_p(File.join(roots[domain], File.dirname(challenge.filename)))
+        rescue SystemCallError => ex
+          raise Error, ex.message
+        end
+        path = File.join(roots[domain], challenge.filename)
+        logger.debug { "Save validation #{challenge.file_content} to #{path}" }
+        File.write path, challenge.file_content
+        challenge.request_verification
+        status = 'pending'
+        while(status == 'pending') do
+          sleep(1)
+          status = challenge.verify_status
+        end
+        if status != 'valid'
+          @logger.warn { "#{domain} was not successfully verified!" }
+        else
+          @logger.info { "#{domain} was successfully verified." }
+        end
+        File.unlink path
+      end
+      if @options[:reuse_key] and !data[:key].nil?
+        @logger.info { 'Reuse existing private key' }
+        key = data[:key]
+      else
+        @logger.info { 'Generate new private key' }
+        key = OpenSSL::PKey::RSA.generate(@options[:cert_key_size])
+      end
+      csr = Acme::Client::CertificateRequest.new(names: roots.keys, private_key: key)
+      cert = client.new_certificate(csr)
+      IOPlugin.registered.each do |name, plugin|
+        plugin.save( account_key: client.private_key, key: key, cert: cert.x509,
+                     chain: cert.x509_chain)
+      end
+    end
+    # Compute webroots
+    # @return [Hash] whre key are domains and value are their webroot path
+    def compute_roots
+      roots = {}
+      no_roots = []
+      @options[:domains].each do |domain|
+        match = domain.match(/([\w+\.]+):(.*)/)
+        if match
+          roots[match[1]] = match[2]
+        elsif @options[:default_root]
+          roots[domain] = @options[:default_root]
+        else
+          no_roots << domain
+        end
+      end
+      if !no_roots.empty?
+        raise Error, 'root for the following domain(s) are not specified: ' +
+                     no_roots.join(', ') + ".\nTry --default_root or use " +
+                     '-d example.com:/var/www/html syntax.'
+      end
+      roots
+    end
+  end
+end

data/lib/letscert/runner.rb~ ADDED Viewed

@@ -0,0 +1,10 @@
+module LetsCert
+  class Runner
+    def self.run
+    end
+  end
+end

data/lib/letscert.rb ADDED Viewed

@@ -0,0 +1,13 @@
+# Namespace for all letcert's classes.
+module LetsCert
+  # Letscert version number
+  VERSION = '0.2.1'
+  # Base error class
+  class Error < StandardError; end
+end
+require_relative 'letscert/runner'

data/lib/letscert.rb~ ADDED Viewed

@@ -0,0 +1,6 @@
+module LetsCert
+  # Letscert version number
+  VERSION = '0.0.1'
+end

data/tasks/gem.rake ADDED Viewed

@@ -0,0 +1,34 @@
+require 'rubygems/package_task'
+require_relative '../lib/letscert.rb'
+spec = Gem::Specification.new do |s|
+  s.name = 'letscert'
+  s.version = LetsCert::VERSION
+  s.license = 'MIT'
+  s.summary = "letscert, a simple Let's Encrypt client"
+  s.description = <<-EOF
+letscert is a simple Let's Encrypt client written in Ruby. It aims at be as clean as
+simp_le.
+EOF
+  s.authors << 'Sylvain Daubert'
+  s.email = 'sylvain.daubert@laposte.net'
+  s.homepage = 'https://github.com/sdaubert/letscert'
+  files = Dir['{spec,lib,bin,tasks}/**/*']
+  files += ['README.md', 'LICENSE', 'Rakefile']
+  # For now, device is not in gem.
+  s.files = files
+  s.executables = ['letscert']
+  s.add_dependency 'acme-client', '~>0.2.4'
+  s.add_dependency 'yard', '~>0.8.7'
+  #s.add_development_dependency 'rspec', '~>3.4'
+end
+Gem::PackageTask.new(spec) do |pkg|
+  pkg.need_zip = true
+  pkg.need_tar = true
+end

data/tasks/gem.rake~ ADDED Viewed

@@ -0,0 +1,34 @@
+require 'rubygems/package_task'
+require_relative '../lib/letscert.rb'
+spec = Gem::Specification.new do |s|
+  s.name = 'letscert'
+  s.version = LetsCert::VERSION
+  s.summary = "letscert, a simple Let's Encrypt client"
+  s.description = <<-EOF
+letscert is a simple Let's Encrypt client written in Ruby. It aims at be as clean as
+simp_le.
+EOF
+  s.authors << 'Sylvain Daubert'
+  s.email = 'sylvain.daubert@laposte.net'
+  s.homepage = 'https://github.com/sdaubert/letscert'
+  files = Dir['{spec,lib,bin,tasks}/**/*']
+  files += ['README.md', 'MIT-LICENSE', 'Rakefile']
+  # For now, device is not in gem.
+  s.files = files
+  s.executables = ['letscert']
+  s.add_dependency 'acme-client', '~>0.2.4'
+  s.add_dependency 'yard', '~>0.8.7'
+  #s.add_development_dependency 'rspec', '~>2.14.0'
+end
+Gem::PackageTask.new(spec) do |pkg|
+  pkg.need_zip = true
+  pkg.need_tar = true
+end
+~

data/tasks/yard.rake ADDED Viewed

@@ -0,0 +1,6 @@
+require 'yard'
+YARD::Rake::YardocTask.new do |t|
+  t.options = ['--no-private']
+  t.files = ['lib/**/*.rb']
+end

metadata ADDED Viewed

@@ -0,0 +1,89 @@
+--- !ruby/object:Gem::Specification
+name: letscert
+version: !ruby/object:Gem::Version
+  version: 0.2.1
+platform: ruby
+authors:
+- Sylvain Daubert
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2016-02-04 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: acme-client
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.2.4
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.2.4
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.8.7
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.8.7
+description: |
+  letscert is a simple Let's Encrypt client written in Ruby. It aims at be as clean as
+  simp_le.
+email: sylvain.daubert@laposte.net
+executables:
+- letscert
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- README.md
+- Rakefile
+- bin/letscert
+- bin/letscert~
+- lib/letscert.rb
+- lib/letscert.rb~
+- lib/letscert/certificate.rb~
+- lib/letscert/io_plugin.rb
+- lib/letscert/io_plugin.rb~
+- lib/letscert/runner.rb
+- lib/letscert/runner.rb~
+- tasks/gem.rake
+- tasks/gem.rake~
+- tasks/yard.rake
+homepage: https://github.com/sdaubert/letscert
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.2.2
+signing_key:
+specification_version: 4
+summary: letscert, a simple Let's Encrypt client
+test_files: []