letscert 0.5.0 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/README.md +4 -1
- data/letscert.gemspec +1 -1
- data/lib/letscert/certificate.rb +28 -7
- data/lib/letscert/runner.rb +25 -2
- data/lib/letscert/version.rb +1 -1
- metadata +4 -4
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 510c269bc1fe51684e676d4b566f03535f5d8a58
|
|
4
|
+
data.tar.gz: 241b3100db0e5bf7682273adceed0a6ed164bb4a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f14a0d228cd125277d4c55df41417e62d761492496b5cd02bc43a2c333f8c47329206c39a1bd579030059601da6c40c0aac8701f2b148642c766c90e8e18bedc
|
|
7
|
+
data.tar.gz: be1d7083454b4e65580e6de083e020ee7705ac59a652fe6c44cea85f5ab3195a634576597bcd0ddc28825848c3c1816b703e3f25ab6643addd3811567a387051
|
checksums.yaml.gz.sig
CHANGED
|
Binary file
|
data.tar.gz.sig
CHANGED
|
Binary file
|
data/README.md
CHANGED
|
@@ -26,8 +26,11 @@ letscert -d example.org:/var/www/example.org/html --email my.name@example.org \
|
|
|
26
26
|
-f account_key.json -f key.pem -f cert.pem -f chain.pem
|
|
27
27
|
```
|
|
28
28
|
|
|
29
|
-
|
|
29
|
+
Theses commands generate RSA certificates, using a RSA account key. To generate ECDSA
|
|
30
|
+
keys and certificates, use `--cert-ecdsa CURVE` (CURVE: `prime256v1` or `sec384r1`)
|
|
31
|
+
and/or `--account-key-type ecdsa` options.
|
|
30
32
|
|
|
33
|
+
Commands are the sames for certificate renewal.
|
|
31
34
|
|
|
32
35
|
## Generate a key pair and get a signed certificate for multi-domains:
|
|
33
36
|
Generate a single certificate for `example.org` and `www.example.org`:
|
data/letscert.gemspec
CHANGED
data/lib/letscert/certificate.rb
CHANGED
|
@@ -50,7 +50,7 @@ module LetsCert
|
|
|
50
50
|
# @param [OpenSSL::PKey::PKey,nil] account_key private key to
|
|
51
51
|
# authenticate to ACME server
|
|
52
52
|
# @param [OpenSSL::PKey::PKey, nil] key private key from which make a
|
|
53
|
-
# certificate. If +nil+, generate a new one with +options[:
|
|
53
|
+
# certificate. If +nil+, generate a new one with +options[:cert_key_size]+
|
|
54
54
|
# bits.
|
|
55
55
|
# @param [Hash] options option hash
|
|
56
56
|
# @option options [Fixnum] :account_key_size ACME account private key size
|
|
@@ -72,6 +72,9 @@ module LetsCert
|
|
|
72
72
|
check_roots(options[:roots])
|
|
73
73
|
logger.debug { "webroots are: #{options[:roots].inspect}" }
|
|
74
74
|
|
|
75
|
+
account_key = get_account_key(account_key, options[:account_key_type],
|
|
76
|
+
options[:account_key_size])
|
|
77
|
+
|
|
75
78
|
client = get_acme_client(account_key, options)
|
|
76
79
|
|
|
77
80
|
do_challenges client, options[:roots]
|
|
@@ -88,7 +91,7 @@ module LetsCert
|
|
|
88
91
|
|
|
89
92
|
options[:files] ||= []
|
|
90
93
|
options[:files].each do |plugname|
|
|
91
|
-
IOPlugin.registered[plugname].save(account_key:
|
|
94
|
+
IOPlugin.registered[plugname].save(account_key: account_key,
|
|
92
95
|
key: pkey, cert: @cert,
|
|
93
96
|
chain: @chain)
|
|
94
97
|
end
|
|
@@ -157,10 +160,8 @@ module LetsCert
|
|
|
157
160
|
def get_acme_client(account_key, options)
|
|
158
161
|
return @client if @client
|
|
159
162
|
|
|
160
|
-
key = get_account_key(account_key, options[:account_key_size])
|
|
161
|
-
|
|
162
163
|
logger.debug { "connect to #{options[:server]}" }
|
|
163
|
-
@client = Acme::Client.new(private_key:
|
|
164
|
+
@client = Acme::Client.new(private_key: account_key, endpoint: options[:server])
|
|
164
165
|
|
|
165
166
|
yield @client if block_given?
|
|
166
167
|
|
|
@@ -212,12 +213,28 @@ module LetsCert
|
|
|
212
213
|
|
|
213
214
|
# Generate a new account key if no one is given in +data+
|
|
214
215
|
# @param [OpenSSL::PKey,nil] key
|
|
216
|
+
# @param [String] key_type +'rsa'+ or +'ecdsa'+
|
|
215
217
|
# @param [Integer] key_size
|
|
216
218
|
# @return [OpenSSL::PKey::PKey]
|
|
217
|
-
def get_account_key(key, key_size)
|
|
219
|
+
def get_account_key(key, key_type, key_size)
|
|
218
220
|
if key.nil?
|
|
219
221
|
logger.info { 'No account key. Generate a new one...' }
|
|
220
|
-
|
|
222
|
+
case key_type
|
|
223
|
+
when 'rsa'
|
|
224
|
+
OpenSSL::PKey::RSA.new key_size
|
|
225
|
+
when 'ecdsa'
|
|
226
|
+
curve = case key_size
|
|
227
|
+
when 256
|
|
228
|
+
'prime256v1'
|
|
229
|
+
when 384
|
|
230
|
+
'secp384r1'
|
|
231
|
+
else
|
|
232
|
+
raise Error, 'ECDSA account key size: only 256 or 384 bits'
|
|
233
|
+
end
|
|
234
|
+
generate_ecdsa_key curve
|
|
235
|
+
else
|
|
236
|
+
raise Error, "unsupported '#{key_type}' account key type"
|
|
237
|
+
end
|
|
221
238
|
else
|
|
222
239
|
key
|
|
223
240
|
end
|
|
@@ -313,8 +330,10 @@ module LetsCert
|
|
|
313
330
|
end
|
|
314
331
|
|
|
315
332
|
if options[:cert_ecdsa]
|
|
333
|
+
logger.debug { "generate a #{options[:cert_ecdsa]}-bit ECDSA private key" }
|
|
316
334
|
generate_ecdsa_key options[:cert_ecdsa]
|
|
317
335
|
else
|
|
336
|
+
logger.debug { "generate a #{options[:cert_rsa]}-bit RSA private key" }
|
|
318
337
|
OpenSSL::PKey::RSA.generate options[:cert_rsa]
|
|
319
338
|
end
|
|
320
339
|
end
|
|
@@ -351,8 +370,10 @@ module LetsCert
|
|
|
351
370
|
# @param [OpenSSL::PKey::PKey] pkey private key to use
|
|
352
371
|
# @return [OpenSSL::PKey::PKey] +pkey+
|
|
353
372
|
def generate_certificate_from_pkey(domains, pkey)
|
|
373
|
+
logger.debug { 'generate certificate request' }
|
|
354
374
|
csr = Acme::Client::CertificateRequest.new(names: domains,
|
|
355
375
|
private_key: pkey)
|
|
376
|
+
logger.debug { 'requesting certificate...' }
|
|
356
377
|
acme_cert = client.new_certificate(csr)
|
|
357
378
|
@cert = acme_cert.x509
|
|
358
379
|
@chain = acme_cert.x509_chain
|
data/lib/letscert/runner.rb
CHANGED
|
@@ -45,6 +45,12 @@ module LetsCert
|
|
|
45
45
|
# Default key size for RSA certificates
|
|
46
46
|
RSA_DEFAULT_KEY_SIZE = 2048
|
|
47
47
|
|
|
48
|
+
# Default account key size for RSA type
|
|
49
|
+
RSA_DEFAULT_ACCOUNT_KEY_SIZE = 4096
|
|
50
|
+
|
|
51
|
+
# Default account key size for ECDSA type
|
|
52
|
+
ECDSA_DEFAULT_ACCOUNT_KEY_SIZE = 384
|
|
53
|
+
|
|
48
54
|
# Get options
|
|
49
55
|
# @return [Hash]
|
|
50
56
|
attr_reader :options
|
|
@@ -66,7 +72,7 @@ module LetsCert
|
|
|
66
72
|
domains: [],
|
|
67
73
|
files: [],
|
|
68
74
|
valid_min: ValidTime.new('30d'),
|
|
69
|
-
|
|
75
|
+
account_key_type: 'rsa',
|
|
70
76
|
tos_sha256: '33d233c8ab558ba6c8ebc370a509acdded8b80e5d587aa5d192193f3' \
|
|
71
77
|
'5226540f',
|
|
72
78
|
server: 'https://acme-v01.api.letsencrypt.org/directory'
|
|
@@ -188,9 +194,16 @@ module LetsCert
|
|
|
188
194
|
' specified by --server')
|
|
189
195
|
opts.separator('')
|
|
190
196
|
|
|
197
|
+
opts.on('--account-key-type TYPE', %w(rsa ecdsa),
|
|
198
|
+
'Account key type: rsa or ecdsa',
|
|
199
|
+
'(Defaul: rsa)') do |type|
|
|
200
|
+
@options[:account_key_type] = type
|
|
201
|
+
end
|
|
202
|
+
|
|
191
203
|
opts.on('--account-key-size BITS', Integer,
|
|
192
204
|
'Account key size (default: ' \
|
|
193
|
-
"#{
|
|
205
|
+
"#{RSA_DEFAULT_ACCOUNT_KEY_SIZE} (RSA) or ",
|
|
206
|
+
"#{ECDSA_DEFAULT_ACCOUNT_KEY_SIZE} (ECDSA))") do |bits|
|
|
194
207
|
@options[:account_key_size] = bits
|
|
195
208
|
end
|
|
196
209
|
|
|
@@ -221,6 +234,7 @@ module LetsCert
|
|
|
221
234
|
@opt_parser.parse!
|
|
222
235
|
compute_roots
|
|
223
236
|
select_default_cert_type_if_none_specified
|
|
237
|
+
select_default_account_key_size_if_none_specified
|
|
224
238
|
end
|
|
225
239
|
|
|
226
240
|
# Check all components are covered by plugins
|
|
@@ -374,6 +388,15 @@ module LetsCert
|
|
|
374
388
|
end
|
|
375
389
|
end
|
|
376
390
|
|
|
391
|
+
def select_default_account_key_size_if_none_specified
|
|
392
|
+
case @options[:account_key_type]
|
|
393
|
+
when 'rsa'
|
|
394
|
+
@options[:account_key_size] ||= RSA_DEFAULT_ACCOUNT_KEY_SIZE
|
|
395
|
+
when 'ecdsa'
|
|
396
|
+
@options[:account_key_size] ||= ECDSA_DEFAULT_ACCOUNT_KEY_SIZE
|
|
397
|
+
end
|
|
398
|
+
end
|
|
399
|
+
|
|
377
400
|
def persisted_data
|
|
378
401
|
persisted = IOPlugin.empty_data
|
|
379
402
|
@options[:files].each do |file|
|
data/lib/letscert/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: letscert
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.6.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sylvain Daubert
|
|
@@ -31,7 +31,7 @@ cert_chain:
|
|
|
31
31
|
dMi8WSKt03lfzyxIqZseBwVYYn+XMlzCcJLXCUgZXHcBRRRDH5wGDqOqXjL25b2O
|
|
32
32
|
6m3JJngqkCFrOw==
|
|
33
33
|
-----END CERTIFICATE-----
|
|
34
|
-
date: 2017-
|
|
34
|
+
date: 2017-06-03 00:00:00.000000000 Z
|
|
35
35
|
dependencies:
|
|
36
36
|
- !ruby/object:Gem::Dependency
|
|
37
37
|
name: acme-client
|
|
@@ -39,14 +39,14 @@ dependencies:
|
|
|
39
39
|
requirements:
|
|
40
40
|
- - "~>"
|
|
41
41
|
- !ruby/object:Gem::Version
|
|
42
|
-
version: 0.
|
|
42
|
+
version: 0.6.1
|
|
43
43
|
type: :runtime
|
|
44
44
|
prerelease: false
|
|
45
45
|
version_requirements: !ruby/object:Gem::Requirement
|
|
46
46
|
requirements:
|
|
47
47
|
- - "~>"
|
|
48
48
|
- !ruby/object:Gem::Version
|
|
49
|
-
version: 0.
|
|
49
|
+
version: 0.6.1
|
|
50
50
|
- !ruby/object:Gem::Dependency
|
|
51
51
|
name: bundler
|
|
52
52
|
requirement: !ruby/object:Gem::Requirement
|
metadata.gz.sig
CHANGED
|
Binary file
|