RubyGems - letscert - Versions diffs - 0.2.1 - Mend

letscert 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

checksums.yaml +7 -0
data/LICENSE +21 -0
data/README.md +16 -0
data/Rakefile +3 -0
data/bin/letscert +8 -0
data/bin/letscert~ +4 -0
data/lib/letscert/certificate.rb~ +14 -0
data/lib/letscert/io_plugin.rb +335 -0
data/lib/letscert/io_plugin.rb~ +9 -0
data/lib/letscert/runner.rb +469 -0
data/lib/letscert/runner.rb~ +10 -0
data/lib/letscert.rb +13 -0
data/lib/letscert.rb~ +6 -0
data/tasks/gem.rake +34 -0
data/tasks/gem.rake~ +34 -0
data/tasks/yard.rake +6 -0
metadata +89 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 93eea77b95f4023766df113b6fcf0af05cac41f7
+  data.tar.gz: eefe4a0c05303c3c3b7d6cd554aa518b73d3da43
+SHA512:
+  metadata.gz: 308c8ddba083a0622f81e213fcd31133b5b8161b8571ee437a05cf4bd5695cef031f0beec14945361b197822a075727e57264e12a5ecdbf49d3e23862401f74b
+  data.tar.gz: b4bded7e572fa89fb693d2f511a002a0e1f523272ffeaa0bb3de441bc15dcad2b4de2cee6ebfad35a441fe7d0bfa7796e0b9166cd4c693192fc30762dfac5355

data/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+Copyright (c) 2016 Sylvain Daubert
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md ADDED Viewed

@@ -0,0 +1,16 @@
+# letscert
+A simple `Let's Encrypt` client in ruby.
+I think `simp_le` do it the right way: it is simple, it is safe as it does not needed to be run as root,
+but it is Python (no one is perfect :-)) So I started to create a clone, but in Ruby.
+Work in progress.
+# Usage
+Generate a key pair and get signed certificate
+```bash
+letscert -d example.com:/var/www/example.com/html -f key.pem -f cert.pem -f fullchain.pem
+```
+The command is the same for certificate renewal.

data/Rakefile ADDED Viewed

@@ -0,0 +1,3 @@
+Dir.glob('tasks/*.rake').each do |file|
+  load file
+end

data/bin/letscert ADDED Viewed

@@ -0,0 +1,8 @@
+#!/usr/bin/ruby
+require 'acme-client'
+require 'letscert'
+code = LetsCert::Runner.run
+exit code

data/bin/letscert~ ADDED Viewed

@@ -0,0 +1,4 @@
+#!/usr/bin/ruby
+require 'acme-client'

data/lib/letscert/certificate.rb~ ADDED Viewed

@@ -0,0 +1,14 @@
+module LetsCert
+  # Class to handle certificates.
+  class Certificate
+    # Load all certificates passed as arguments
+    # @param [Array<String>] files
+    # @return [Array<Certificate>]
+    def self.load(*files)
+    end
+  end
+end

data/lib/letscert/io_plugin.rb ADDED Viewed

@@ -0,0 +1,335 @@
+require 'json'
+require 'base64'
+module LetsCert
+  # Input/output plugin
+  class IOPlugin
+    # Plugin name
+    # @return [String]
+    attr_reader :name
+    # Allowed plugin names
+    ALLOWED_PLUGINS = %w(account_key.json cert.der cert.pem chain.pem full.pem) +
+                      %w(fullchain.pem key.der key.pem)
+    @@registered = {}
+    # Get empty data
+    def self.empty_data
+      { account_key: nil, key: nil, cert: nil, chain: nil }
+    end
+    # Register a plugin
+    def self.register(klass, *args)
+      plugin = klass.new(*args)
+      if plugin.name =~ /[\/\\]/ or ['.', '..'].include?(plugin.name)
+        raise Error, "plugin name should just ne a file name, without path"
+      end
+      @@registered[plugin.name] = plugin
+      klass
+    end
+    # Get registered plugins
+    def self.registered
+      @@registered
+    end
+    # Set logger
+    def self.logger=(logger)
+      @@logger = logger
+    end
+    # @param [String] name
+    def initialize(name)
+      @name = name
+    end
+    # Get logger instance
+    # @return [Logger]
+    def logger
+      @logger ||= self.class.class_variable_get(:@@logger)
+    end
+    # @abstract This method must be overriden in subclasses
+    def load
+      raise NotImplementedError
+    end
+    # @abstract This method must be overriden in subclasses
+    def save
+      raise NotImplementedError
+    end
+  end
+  # Mixin for IOPmugin subclasses that handle files
+  module FileIOPluginMixin
+    # Load data from file named {#name}
+    # @return [Hash]
+    def load
+      logger.debug { "Loading #@name" }
+      begin
+        content = File.read(@name)
+      rescue SystemCallError => ex
+        if ex.is_a? Errno::ENOENT
+          logger.info { "no #@name file" }
+          return self.class.empty_data
+        end
+        raise
+      end
+      load_from_content(content)
+    end
+    # @abstract
+    # @return [Hash]
+    def load_from_content(content)
+      raise NotImplementedError
+    end
+    # Save data to file {#name}
+    # @param [Hash] data
+    # @return [void]
+    def save_to_file(data)
+      return if data.nil?
+      logger.info { "saving #@name" }
+      begin
+        File.open(name, 'w') do |f|
+          f.write(data)
+        end
+      rescue Errno => ex
+        @logger.error { ex.message }
+        raise Error, "Error when saving #@name"
+      end
+    end
+  end
+  # Mixin for IOPlugin subclasses that handle JWK
+  module JWKIOPluginMixin
+    # Load crypto data from JSON-encoded file
+    # @param [String] data JSON-encoded data
+    # @return [Hash]
+    def load_jwk(data)
+      return nil if data.empty?
+      hsh = JSON.parse(data)
+      key = OpenSSL::PKey::RSA.new
+      key.n = OpenSSL::BN.new(Base64.strict_decode64(hsh['n']))
+      key.e = OpenSSL::BN.new(Base64.strict_decode64(hsh['e']))
+      key.d = OpenSSL::BN.new(Base64.strict_decode64(hsh['e']))
+      key.p = OpenSSL::BN.new(Base64.strict_decode64(hsh['p']))
+      key.q = OpenSSL::BN.new(Base64.strict_decode64(hsh['q']))
+      key.dmp1 = OpenSSL::BN.new(Base64.strict_decode64(hsh['dp']))
+      key.dmq1 = OpenSSL::BN.new(Base64.strict_decode64(hsh['dq']))
+      key.iqmp = OpenSSL::BN.new(Base64.strict_decode64(hsh['qi']))
+      key
+    end
+    # Dump crypto data (key) to a JSON-encoded string
+    # @param [OpenSSL::PKey] jwk
+    # @return [String]
+    def dump_jwk(jwk)
+      hsh = jwk.params
+      # Add and rename some fields to be compatible with simp_le
+      hsh['kty'] = 'RSA'
+      hsh['qi'] = hsh['iqmp'].dup
+      hsh['dp'] = hsh['dmp1'].dup
+      hsh['dq'] = hsh['dmq1'].dup
+      hsh.delete('iqmp')
+      hsh.delete('dmpl')
+      hsh.delete('dmql')
+      hsh.rehash
+      hsh.each_key do |key|
+        if hsh[key].is_a?(OpenSSL::BN)
+          hsh[key] = Base64.strict_encode64(hsh[key].to_s)
+        end
+      end
+      hsh.to_json
+    end
+  end
+  # Account key IO plugin
+  class AccountKey < IOPlugin
+    include FileIOPluginMixin
+    include JWKIOPluginMixin
+    def persisted
+      { account_key: true }
+    end
+    def load_from_content(content)
+      { account_key: load_jwk(content) }
+    end
+    def save(data)
+      save_to_file(dump_jwk(data[:account_key]))
+    end
+  end
+  IOPlugin.register(AccountKey, 'account_key.json')
+  # OpenSSL IOPlugin
+  class OpenSSLIOPlugin < IOPlugin
+    # @private Regulat expression to discriminate PEM
+    PEM_RE = /
+^-----BEGIN ((?:[\x21-\x2c\x2e-\x7e](?:[- ]?[\x21-\x2c\x2e-\x7e])*)?)\s*-----$
+.*?
+^-----END \1-----\s*
+/x
+    def initialize(name, type)
+      case type
+      when :pem
+      when :der
+      else
+        raise ArgumentError, "type should be :pem or :der"
+      end
+      @type = type
+      super(name)
+    end
+    def load_key(data)
+      OpenSSL::PKey::RSA.new data
+    end
+    def dump_key(key)
+      case @type
+      when :pem
+        key.to_pem
+      when :der
+        key.to_der
+      end
+    end
+    alias :dump_cert :dump_key
+    def load_cert(data)
+      OpenSSL::X509::Certificate.new data
+    end
+    private
+    def split_pems(data)
+      m = data.match(PEM_RE)
+      while (m) do
+        yield m[0]
+        m = [data[m.end(0)..-1]].match(PEM_RE)
+      end
+    end
+  end
+  # Key file plugin
+  class KeyFile < OpenSSLIOPlugin
+    include FileIOPluginMixin
+    def persisted
+      @persisted ||= { key: true }
+    end
+    def load_from_content(content)
+      { key: load_key(content) }
+    end
+    def save(data)
+      save_to_file(dump_key(data[:key]))
+    end
+  end
+  IOPlugin.register(KeyFile, 'key.pem', :pem)
+  IOPlugin.register(KeyFile, 'key.der', :der)
+  # Chain file plugin
+  class ChainFile < OpenSSLIOPlugin
+    include FileIOPluginMixin
+    def persisted
+      @persisted ||= { chain: true }
+    end
+    def load_from_content(content)
+      chain = []
+      split_pems(content) do |pem|
+        chain << load_cert(pem)
+      end
+      { chain: chain }
+    end
+    def save(data)
+      save_to_file(data[:chain].map { |c| dump_cert(c) }.join)
+    end
+  end
+  IOPlugin.register(ChainFile, 'chain.pem', :pem)
+  # Fullchain file plugin
+  class FullChainFile < ChainFile
+    def persisted
+      @persisted ||= { cert: true, chain: true }
+    end
+    def load
+      data = super
+      if data[:chain].nil? or data[:chain].empty?
+        cert, chain = nil, nil
+      else
+        cert, chain = data[:chain]
+      end
+      { account_key: data[:account_key], key: data[:key], cert: cert, chain: chain }
+    end
+    def save(data)
+      super(account_key: data[:account_key], key: data[:key], cert: nil,
+            chain: [data[:cert]] + data[:chain])
+    end
+  end
+  IOPlugin.register(FullChainFile, 'fullchain.pem', :pem)
+  # Cert file plugin
+  class CertFile < OpenSSLIOPlugin
+    include FileIOPluginMixin
+    def persisted
+      @persisted ||= { cert: true }
+    end
+    def load_from_content(content)
+      { cert: load_cert(content) }
+    end
+    def save(data)
+      save_to_file(dump_cert(data[:cert]))
+    end
+  end
+  IOPlugin.register(CertFile, 'cert.pem', :pem)
+  IOPlugin.register(CertFile, 'cert.der', :der)
+end

data/lib/letscert/io_plugin.rb~ ADDED Viewed

@@ -0,0 +1,9 @@
+module LetsCert
+  class IOPlugin
+    ALLOWED_PLUGINS = %w(account_key.json cert.der cert.pem chain.pem full.pem) +
+                      %w(fullchain.pem key.der key.pem)
+  end
+end

data/lib/letscert/runner.rb ADDED Viewed

@@ -0,0 +1,469 @@
+require 'optparse'
+require 'logger'
+require 'fileutils'
+require_relative 'io_plugin'
+module LetsCert
+  class Runner
+    # Custom logger formatter
+    class LoggerFormatter < Logger::Formatter
+      # @private
+      FORMAT = "[%s] %5s: %s\n"
+      # @param [String] severity
+      # @param [Datetime] time
+      # @param [nil,String] progname
+      # @param [String] msg
+      # @return [String]
+      def call(severity, time, progname, msg)
+        FORMAT % [format_datetime(time), severity, msg2str(msg)]
+      end
+      private
+      def format_datetime(time)
+        time.strftime("%Y-%d-%d %H:%M:%S")
+      end
+    end
+    # Exit value for OK
+    RETURN_OK = 1
+    # Exit value for OK but with creation/renewal of certificate data
+    RETURN_OK_CERT = 0
+    # Exit value for error(s)
+    RETURN_ERROR = 2
+    # @return [Logger]
+    attr_reader :logger
+    # Run LetsCert
+    # @return [Integer]
+    # @see #run
+    def self.run
+      runner = new
+      runner.parse_options
+      runner.run
+    end
+    def initialize
+      @options = {
+        verbose: 0,
+        domains: [],
+        files: [],
+        cert_key_size: 2048,
+        valid_min: 30 * 24 * 60 * 60,
+        account_key_public_exponent: 65537,
+        account_key_size: 4096,
+        tos_sha256: '33d233c8ab558ba6c8ebc370a509acdded8b80e5d587aa5d192193f35226540f',
+        user_agent: 'letscert/0',
+        server: 'https://acme-v01.api.letsencrypt.org/directory',
+      }
+      @logger = Logger.new(STDOUT)
+      @logger.formatter = LoggerFormatter.new
+    end
+    # @return [Integer] exit code
+    #   * 0 if certificate data were created or updated
+    #   * 1 if renewal was not necessery
+    #   * 2 in case of errors
+    def run
+      if @options[:print_help]
+        puts @opt_parser
+        exit RETURN_OK
+      end
+      if @options[:show_version]
+        puts "letscert #{LetsCert::VERSION}"
+        puts "Copyright (c) 2016 Sylvain Daubert"
+        puts "License MIT: see http://opensource.org/licenses/MIT"
+        exit RETURN_OK
+      end
+      case @options[:verbose]
+      when 0
+        @logger.level = Logger::Severity::WARN
+      when 1
+        @logger.level = Logger::Severity::INFO
+      when 2..5
+        @logger.level = Logger::Severity::DEBUG
+      end
+      @logger.debug { "options are: #{@options.inspect}" }
+      IOPlugin.logger = @logger
+      begin
+        if @options[:revoke]
+          revoke
+          RETURN_OK
+        elsif @options[:domains].empty?
+          raise Error, 'At leat one domain must be given with --domain option'
+        else
+          # Check all components are covered by plugins
+          persisted = IOPlugin.empty_data
+          @options[:files].each do |file|
+            persisted.merge!(IOPlugin.registered[file].persisted) do |k, oldv, newv|
+              oldv || newv
+            end
+          end
+          not_persisted = persisted.keys.find_all { |k| !persisted[k] }
+          unless not_persisted.empty?
+            raise Error, 'Selected IO plugins do not cover following components: ' +
+                         not_persisted.join(', ')
+          end
+          data = load_data_from_disk(@options[:files])
+          if valid_existing_cert(data[:cert], @options[:domains], @options[:valid_min])
+            @logger.info { 'no need to update cert' }
+            RETURN_OK
+          else
+            # update/create cert
+            new_data(data)
+            RETURN_OK_CERT
+          end
+        end
+      rescue Error, Acme::Client::Error => ex
+        @logger.error ex.message
+        puts "Error: #{ex.message}"
+        RETURN_ERROR
+      end
+    end
+    def parse_options
+      @opt_parser = OptionParser.new do |opts|
+        opts.banner = "Usage: lestcert [options]"
+        opts.separator('')
+        opts.on('-h', '--help', 'Show this help message and exit') do
+          @options[:print_help] = true
+        end
+        opts.on('-V', '--version', 'Show version and exit') do |v|
+          @options[:show_version] = v
+        end
+        opts.on('-v', '--verbose', 'Run verbosely') { |v| @options[:verbose] += 1 if v }
+        opts.separator("\nWebroot manager:")
+        opts.on('-d', '--domain DOMAIN[:PATH]',
+                'Domain name to include in the certificate.',
+                'Must be specified at least once.',
+                'Its path on the disk must also be provided.') do |domain|
+          @options[:domains] << domain
+        end
+        opts.on('--default_root PATH', 'Default webroot path',
+                'Use for domains without PATH part.') do |path|
+          @options[:default_root] = path
+        end
+        opts.separator("\nCertificate data files:")
+        opts.on('--revoke', 'Revoke existing certificates') do |revoke|
+          @options[:revoke] = revoke
+        end
+        opts.on("-f", "--file FILE", 'Input/output file.',
+                'Can be specified multiple times',
+                'Allowed values: account_key.json, cert.der,',
+                'cert.pem, chain.pem, full.pem,',
+                'fullchain.pem, key.der, key.pem.') do |file|
+          @options[:files] << file
+        end
+        opts.on('--cert-key-size BITS', Integer,
+                'Certificate key size in bits',
+                '(default: 2048)') do |bits|
+          @options[:cert_key_size] = bits
+        end
+        opts.on('--valid-min SECONDS', Integer, 'Renew existing certificate if validity',
+                'is lesser than SECONDS (default: 2592000 (30 days))') do |time|
+          @options[:valid_min] = time
+        end
+        opts.on('--reuse-key', 'Reuse previous private key') do |rk|
+          @options[:reuse_key] = rk
+        end
+        opts.separator("\nRegistration:")
+        opts.separator("  Automatically register an account with he ACME CA specified" +
+                       " by --server")
+        opts.separator('')
+        opts.on('--account-key-public-exponent BITS', Integer,
+                'Account key public exponent value (default: 65537)') do |bits|
+          @options[:account_key_public_exponent] = bits
+        end
+        opts.on('--account-key-size BITS', Integer,
+                'Account key size (default: 4096)') do |bits|
+          @options[:account_key_size] = bits
+        end
+        opts.on('--tos-sha256 HASH', String,
+                'SHA-256 digest of the content of Terms Of Service URI') do |hash|
+          @options[:tos_sha256] = hash
+        end
+        opts.on('--email EMAIL', String,
+                'E-mail address. CA is likely to use it to',
+                'remind about expiring certificates, as well',
+                'as for account recovery. It is highly',
+                'recommended to set this value.') do |email|
+          @options[:email] = email
+        end
+        opts.separator("\nHTTP:")
+        opts.separator('  Configure properties of HTTP requests and responses.')
+        opts.separator('')
+        opts.on('--user-agent NAME', 'User-Agent sent in all HTTP requests',
+                '(default: letscert/0)') do |ua|
+          @options[:user_agent] = ua
+        end
+        opts.on('--server URI', 'URI for the CA ACME API endpoint',
+                '(default: https://acme-v01.api.letsencrypt.org/directory)') do |uri|
+          @options[:server] = uri
+        end
+      end
+      @opt_parser.parse!
+    end
+    def revoke
+      @logger.info { "load certificates: #{@options[:files].join(', ')}" }
+      if @options[:files].empty?
+        raise Error, 'no certificate to revoke. Pass at least one with '+
+                     ' -f option.'
+      end
+      # Temp
+      @logger.warn "Not yet implemented"
+    end
+    private
+    def get_account_key(data)
+      if data.nil?
+        logger.info { 'No account key. Generate a new one...' }
+        OpenSSL::PKey::RSA.new(@options[:account_key_size])
+      else
+        data
+      end
+    end
+    # Get ACME client.
+    #
+    # Client is only created on first call, then it is cached.
+    def get_acme_client(account_key)
+      return @client if @client
+      key = get_account_key(account_key)
+      @logger.debug { "connect to #{@options[:server]}" }
+      @client = Acme::Client.new(private_key: key, endpoint: @options[:server])
+      if @options[:email].nil?
+        @logger.warn { '--email was not provided. ACME CA will have no way to ' +
+                       'contact you!' }
+      end
+      begin
+        @logger.debug { "register with #{@options[:email]}" }
+        registration = @client.register(contact: "mailto:#{@options[:email]}")
+      rescue Acme::Client::Error::Malformed => ex
+        if ex.message != 'Registration key is already in use'
+          raise
+        end
+      else
+        #if registration.term_of_service_uri
+        #  @logger.debug { "get terms of service" }
+        #  terms = registration.get_terms
+        #  if !terms.nil?
+        #    tos_digest = OpenSSL::Digest::SHA256.digest(terms)
+        #    if tos_digest != @options[:tos_sha256]
+        #      raise Error, 'Terms Of Service mismatch'
+        #    end
+             @logger.debug { "agree terms of service" }
+             registration.agree_terms
+        #  end
+        #end
+      end
+      @client
+    end
+    # Load existing data from disk
+    def load_data_from_disk(files)
+      all_data = IOPlugin.empty_data
+      files.each do |plugin_name|
+        persisted = IOPlugin.registered[plugin_name].persisted
+        data = IOPlugin.registered[plugin_name].load
+        test = IOPlugin.empty_data.keys.all? do |key|
+          persisted[key] or data[key].nil?
+        end
+        raise Error unless test
+        # Merge data into all_data. New value replace old one only if old one was
+        # not defined
+        all_data.merge!(data) do |key, oldval, newval|
+          oldval || newval
+        end
+      end
+      all_data
+    end
+    # Check if +cert+ exists and is always valid
+    # @todo For now, only check exitence.
+    def valid_existing_cert(cert, domains, valid_min)
+      if cert.nil?
+        @logger.debug { 'no existing cert' }
+        return false
+      end
+      subjects = []
+      cert.extensions.each do |ext|
+        if ext.oid == 'subjectAltName'
+          subjects += ext.value.split(/,\s*/).map { |s| s.sub(/DNS:/, '') }
+        end
+      end
+      @logger.debug { "cert SANs: #{subjects.join(', ')}" }
+      # Check all domains are subjects of certificate
+      unless domains.all? { |domain| subjects.include? domain }
+        raise Error, "At least one domain is not declared as a certificate subject." +
+                     "Backup and remove existing cert if you want to proceed"
+      end
+      !renewal_necessary?(cert, valid_min)
+    end
+    # Check if a renewal is necessary for +cert+
+    def renewal_necessary?(cert, valid_min)
+      now = Time.now.utc
+      diff = (cert.not_after - now).to_i
+      @logger.debug { "Certificate expires in #{diff}s on #{cert.not_after}" +
+                      " (relative to #{now})" }
+      diff < valid_min
+    end
+    # Create/renew key/cert/chain
+    def new_data(data)
+      @logger.info {"create key/cert/chain..." }
+      roots = compute_roots
+      @logger.debug { "webroots are: #{roots.inspect}" }
+      client = get_acme_client(data[:account_key])
+      @logger.debug { 'Get authorization for all domains' }
+      challenges = {}
+      roots.keys.each do |domain|
+        authorization = client.authorize(domain: domain)
+         if authorization
+           challenges[domain] = authorization.http01
+         else
+           challenges[domain] = nil
+         end
+      end
+      @logger.debug { 'Check all challenges are HTTP-01' }
+      if challenges.values.any? { |chall| chall.nil? }
+        raise Error, 'CA did not offer http-01-only challenge. ' +
+                     'This client is unable to solve any other challenges.'
+      end
+      challenges.each do |domain, challenge|
+        begin
+          FileUtils.mkdir_p(File.join(roots[domain], File.dirname(challenge.filename)))
+        rescue SystemCallError => ex
+          raise Error, ex.message
+        end
+        path = File.join(roots[domain], challenge.filename)
+        logger.debug { "Save validation #{challenge.file_content} to #{path}" }
+        File.write path, challenge.file_content
+        challenge.request_verification
+        status = 'pending'
+        while(status == 'pending') do
+          sleep(1)
+          status = challenge.verify_status
+        end
+        if status != 'valid'
+          @logger.warn { "#{domain} was not successfully verified!" }
+        else
+          @logger.info { "#{domain} was successfully verified." }
+        end
+        File.unlink path
+      end
+      if @options[:reuse_key] and !data[:key].nil?
+        @logger.info { 'Reuse existing private key' }
+        key = data[:key]
+      else
+        @logger.info { 'Generate new private key' }
+        key = OpenSSL::PKey::RSA.generate(@options[:cert_key_size])
+      end
+      csr = Acme::Client::CertificateRequest.new(names: roots.keys, private_key: key)
+      cert = client.new_certificate(csr)
+      IOPlugin.registered.each do |name, plugin|
+        plugin.save( account_key: client.private_key, key: key, cert: cert.x509,
+                     chain: cert.x509_chain)
+      end
+    end
+    # Compute webroots
+    # @return [Hash] whre key are domains and value are their webroot path
+    def compute_roots
+      roots = {}
+      no_roots = []
+      @options[:domains].each do |domain|
+        match = domain.match(/([\w+\.]+):(.*)/)
+        if match
+          roots[match[1]] = match[2]
+        elsif @options[:default_root]
+          roots[domain] = @options[:default_root]
+        else
+          no_roots << domain
+        end
+      end
+      if !no_roots.empty?
+        raise Error, 'root for the following domain(s) are not specified: ' +
+                     no_roots.join(', ') + ".\nTry --default_root or use " +
+                     '-d example.com:/var/www/html syntax.'
+      end
+      roots
+    end
+  end
+end

data/lib/letscert/runner.rb~ ADDED Viewed

@@ -0,0 +1,10 @@
+module LetsCert
+  class Runner
+    def self.run
+    end
+  end
+end

data/lib/letscert.rb ADDED Viewed

@@ -0,0 +1,13 @@
+# Namespace for all letcert's classes.
+module LetsCert
+  # Letscert version number
+  VERSION = '0.2.1'
+  # Base error class
+  class Error < StandardError; end
+end
+require_relative 'letscert/runner'

data/lib/letscert.rb~ ADDED Viewed

@@ -0,0 +1,6 @@
+module LetsCert
+  # Letscert version number
+  VERSION = '0.0.1'
+end

data/tasks/gem.rake ADDED Viewed

@@ -0,0 +1,34 @@
+require 'rubygems/package_task'
+require_relative '../lib/letscert.rb'
+spec = Gem::Specification.new do |s|
+  s.name = 'letscert'
+  s.version = LetsCert::VERSION
+  s.license = 'MIT'
+  s.summary = "letscert, a simple Let's Encrypt client"
+  s.description = <<-EOF
+letscert is a simple Let's Encrypt client written in Ruby. It aims at be as clean as
+simp_le.
+EOF
+  s.authors << 'Sylvain Daubert'
+  s.email = 'sylvain.daubert@laposte.net'
+  s.homepage = 'https://github.com/sdaubert/letscert'
+  files = Dir['{spec,lib,bin,tasks}/**/*']
+  files += ['README.md', 'LICENSE', 'Rakefile']
+  # For now, device is not in gem.
+  s.files = files
+  s.executables = ['letscert']
+  s.add_dependency 'acme-client', '~>0.2.4'
+  s.add_dependency 'yard', '~>0.8.7'
+  #s.add_development_dependency 'rspec', '~>3.4'
+end
+Gem::PackageTask.new(spec) do |pkg|
+  pkg.need_zip = true
+  pkg.need_tar = true
+end

data/tasks/gem.rake~ ADDED Viewed

@@ -0,0 +1,34 @@
+require 'rubygems/package_task'
+require_relative '../lib/letscert.rb'
+spec = Gem::Specification.new do |s|
+  s.name = 'letscert'
+  s.version = LetsCert::VERSION
+  s.summary = "letscert, a simple Let's Encrypt client"
+  s.description = <<-EOF
+letscert is a simple Let's Encrypt client written in Ruby. It aims at be as clean as
+simp_le.
+EOF
+  s.authors << 'Sylvain Daubert'
+  s.email = 'sylvain.daubert@laposte.net'
+  s.homepage = 'https://github.com/sdaubert/letscert'
+  files = Dir['{spec,lib,bin,tasks}/**/*']
+  files += ['README.md', 'MIT-LICENSE', 'Rakefile']
+  # For now, device is not in gem.
+  s.files = files
+  s.executables = ['letscert']
+  s.add_dependency 'acme-client', '~>0.2.4'
+  s.add_dependency 'yard', '~>0.8.7'
+  #s.add_development_dependency 'rspec', '~>2.14.0'
+end
+Gem::PackageTask.new(spec) do |pkg|
+  pkg.need_zip = true
+  pkg.need_tar = true
+end
+~

data/tasks/yard.rake ADDED Viewed

@@ -0,0 +1,6 @@
+require 'yard'
+YARD::Rake::YardocTask.new do |t|
+  t.options = ['--no-private']
+  t.files = ['lib/**/*.rb']
+end

metadata ADDED Viewed

@@ -0,0 +1,89 @@
+--- !ruby/object:Gem::Specification
+name: letscert
+version: !ruby/object:Gem::Version
+  version: 0.2.1
+platform: ruby
+authors:
+- Sylvain Daubert
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2016-02-04 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: acme-client
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.2.4
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.2.4
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.8.7
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.8.7
+description: |
+  letscert is a simple Let's Encrypt client written in Ruby. It aims at be as clean as
+  simp_le.
+email: sylvain.daubert@laposte.net
+executables:
+- letscert
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- README.md
+- Rakefile
+- bin/letscert
+- bin/letscert~
+- lib/letscert.rb
+- lib/letscert.rb~
+- lib/letscert/certificate.rb~
+- lib/letscert/io_plugin.rb
+- lib/letscert/io_plugin.rb~
+- lib/letscert/runner.rb
+- lib/letscert/runner.rb~
+- tasks/gem.rake
+- tasks/gem.rake~
+- tasks/yard.rake
+homepage: https://github.com/sdaubert/letscert
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.2.2
+signing_key:
+specification_version: 4
+summary: letscert, a simple Let's Encrypt client
+test_files: []