letsencrypt_plugin 0.0.6 → 0.0.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 970e5b0545fab8204c13aca8399e6807f1602ba6
-  data.tar.gz: 2d5439882e197c9a5d13c0b75becbcd6f0f636db
+  metadata.gz: 77fec6d13d402402a206ec4d4691e5bac1e78f94
+  data.tar.gz: 0ff5be2480ed5bb421f678b301a9f8c4e1da6ea5
 SHA512:
-  metadata.gz: c9290e25b80543791e4a271d0447e5b2b523f846b8cbc684b25be5eba7a8fd9417c0804175474d247773bcfe2142d5716a292597e79db056732e963e0171dcc6
-  data.tar.gz: 9b0d082740c97fb5bbe2114cb05870fa864b0372e0579a124b9e9a0d1f1baa160dfe21c2b35b1a3a404ac136f5e12b3b9df2db39fd42b9d10ac52a244f887824
+  metadata.gz: 94a936bfa6798b4917cbdcb0afa243f655cbcd6e6decd5451635ae08578bd676bcf5ccffd4a7c97d4df43d0f8884d01d902b1c5dc98e09b4b196153140d6f674
+  data.tar.gz: 4c4f999d13674ae6693b7a576fe657367f47cfbfb3e1916fb33a05e1fe4bedc44e7141fb11a51985eeea6d50ca502fdd9ea922b0b92e5aedddec7c7aaa3aa283

data/Rakefile

@@ -14,14 +14,11 @@ RDoc::Task.new(:rdoc) do |rdoc|
   rdoc.rdoc_files.include('lib/**/*.rb')
 end
 
-APP_RAKEFILE = File.expand_path("../test/dummy/Rakefile", __FILE__)
+APP_RAKEFILE = File.expand_path('../test/dummy/Rakefile', __FILE__)
 load 'rails/tasks/engine.rake'
 
-
 load 'rails/tasks/statistics.rake'
 
-
-
 Bundler::GemHelper.install_tasks
 
 require 'rake/testtask'
@@ -33,5 +30,4 @@ Rake::TestTask.new(:test) do |t|
   t.verbose = false
 end
 
-
 task default: :test

data/app/controllers/letsencrypt_plugin/application_controller.rb

@@ -1,28 +1,33 @@
 module LetsencryptPlugin
   class ApplicationController < ActionController::Base
-    before_action :get_challenge_response, only: [:index]
+    before_action :challenge_response, only: [:index]
     before_action :validate_length, only: [:index]
-    
+
     def index
       # There is only one item in DB with challenge response from our task
       # we will use it to render plain text response
       render plain: @response.response, status: :ok
     end
-    
+
     private
-      def validate_length
-        # Challenge request should have at least 128bit
-        challenge_failed('Challenge failed - Request has invalid length!') if params[:challenge].nil? || params[:challenge].length < 16 || params[:challenge].length > 256
-      end
 
-      def get_challenge_response
-        @response = Challenge.first
-        challenge_failed('Challenge failed - Can not get response from database!') if @response.nil?
-      end
+    def validate_length
+      # Challenge request should have at least 128bit
+      challenge_failed('Challenge failed - Request has invalid length!') if invalid_length
+    end
+
+    def challenge_response
+      @response = CONFIG[:challenge_dir_name] ? Challenge.new : Challenge.first
+      challenge_failed('Challenge failed - Can not get response from database!') if @response.nil?
+    end
+
+    def challenge_failed(msg)
+      Rails.logger.error(msg)
+      render plain: msg, status: :bad_request
+    end
 
-      def challenge_failed(msg)
-        Rails.logger.error(msg)
-        render plain: msg, status: :bad_request
-      end
+    def invalid_length
+      params[:challenge].nil? || params[:challenge].length < 16 || params[:challenge].length > 256
+    end
   end
 end

data/app/models/letsencrypt_plugin/challenge.rb

@@ -1,4 +1,17 @@
 module LetsencryptPlugin
-  class Challenge < ActiveRecord::Base
+  # if the project doesn't use ActiveRecord, we assume the challenge will
+  # be stored in the filesystem
+  if defined?(ActiveRecord::Base) == 'constant' && ActiveRecord::Base.class == Class
+    class Challenge < ActiveRecord::Base
+    end
+  else
+    class Challenge
+      attr_accessor :response
+
+      def initialize
+        full_challenge_dir = File.join(Rails.root, CONFIG[:challenge_dir_name], 'challenge')
+        @response = IO.read(full_challenge_dir)
+      end
+    end
   end
 end

data/lib/letsencrypt_plugin.rb

@@ -1,4 +1,141 @@
-require "letsencrypt_plugin/engine"
+require 'letsencrypt_plugin/engine'
+require 'letsencrypt_plugin/file_output'
+require 'letsencrypt_plugin/heroku_output'
+require 'letsencrypt_plugin/file_store'
+require 'letsencrypt_plugin/database_store'
+require 'openssl'
+require 'acme/client'
 
 module LetsencryptPlugin
+  class CertGenerator
+    attr_reader :options
+
+    def initialize(options = {})
+      @options = options
+      @options.freeze
+    end
+
+    def authorize_and_handle_challenge(domains)
+      result = false
+      domains.each do |domain|
+        authorize(domain)
+        handle_challenge
+        request_challenge_verification
+        result = valid_verification_status
+        break unless result
+      end
+      result
+    end
+
+    def generate_certificate
+      create_client
+      register
+
+      domains = @options[:domain].split(' ')
+      if authorize_and_handle_challenge(domains)
+        # We can now request a certificate
+        Rails.logger.info('Creating CSR...')
+        save_certificate(@client.new_certificate(Acme::Client::CertificateRequest.new(names: domains)))
+        Rails.logger.info('Certificate has been generated.')
+      end
+    end
+
+    def create_client
+      @client ||= Acme::Client.new(private_key: load_private_key, endpoint: @options[:endpoint])
+    rescue Exception => e
+      Rails.logger.error(e.to_s)
+      raise e
+    end
+
+    def valid_key_size?(key)
+      key.n.num_bits >= 2048 && key.n.num_bits <= 4096
+    end
+
+    def privkey_path
+      fail 'Private key is not set, please check your '\
+        'config/letsencrypt_plugin.yml file!' if @options[:private_key].nil? || @options[:private_key].empty?
+      File.join(Rails.root, @options[:private_key])
+    end
+
+    def open_priv_key
+      private_key_path = privkey_path
+      fail "Can not open private key: #{private_key_path}" unless File.exist?(private_key_path) && !File.directory?(private_key_path)
+      OpenSSL::PKey::RSA.new(File.read(private_key_path))
+    end
+
+    def load_private_key
+      Rails.logger.info('Loading private key...')
+      private_key = open_priv_key
+      fail "Invalid key size: #{private_key.n.num_bits}." \
+        ' Required size is between 2048 - 4096 bits' unless valid_key_size?(private_key)
+      private_key
+    end
+
+    def register
+      Rails.logger.info('Trying to register at Let\'s Encrypt service...')
+      begin
+        registration = @client.register(contact: "mailto:#{@options[:email]}")
+        registration.agree_terms
+        Rails.logger.info('Registration succeed.')
+      rescue
+        Rails.logger.info('Already registered.')
+      end
+    end
+
+    def common_domain_name
+      @domain ||= @options[:domain].split(' ').first.to_s
+    end
+
+    def authorize(domain = common_domain_name)
+      Rails.logger.info("Sending authorization request for: #{domain}...")
+      @authorization = @client.authorize(domain: domain)
+    end
+
+    def store_challenge(challenge)
+      if @options[:challenge_dir_name].nil? || @options[:challenge_dir_name].empty?
+        DatabaseStore.new(challenge.file_content).store
+      else
+        FileStore.new(challenge.file_content, @options[:challenge_dir_name]).store
+      end
+      sleep(2)
+    end
+
+    def handle_challenge
+      @challenge = @authorization.http01
+      store_challenge(@challenge)
+    end
+
+    def request_challenge_verification
+      @challenge.request_verification
+    end
+
+    def wait_for_status(challenge)
+      Rails.logger.info('Waiting for challenge status...')
+      counter = 0
+      while challenge.verify_status == 'pending' && counter < 10
+        sleep(1)
+        counter += 1
+      end
+    end
+
+    def valid_verification_status
+      wait_for_status(@challenge)
+      begin
+        Rails.logger.error('Challenge verification failed! ' \
+          "Error: #{@challenge.error['type']}: #{@challenge.error['detail']}")
+        return false
+      end unless @challenge.verify_status == 'valid'
+      true
+    end
+
+    # Save the certificate and key
+    def save_certificate(certificate)
+      begin
+        return HerokuOutput.new(common_domain_name, certificate).output unless ENV['DYNO'].nil?
+        output_dir = File.join(Rails.root, @options[:output_cert_dir])
+        return FileOutput.new(common_domain_name, certificate, output_dir).output if File.directory?(output_dir)
+        Rails.logger.error("Output directory: '#{output_dir}' does not exist!")
+      end unless certificate.nil?
+    end
+  end
 end

data/lib/letsencrypt_plugin/certificate_output.rb

@@ -0,0 +1,17 @@
+module LetsencryptPlugin
+  class CertificateOutput
+    def initialize(domain, cert)
+      @certificate = cert
+      @domain = domain
+    end
+
+    def output
+      display_info
+
+      output_cert('cert.pem', @certificate.to_pem)
+      output_cert('key.pem', @certificate.request.private_key.to_pem)
+      output_cert('chain.pem', @certificate.chain_to_pem)
+      output_cert('fullchain.pem', @certificate.fullchain_to_pem)
+    end
+  end
+end

data/lib/letsencrypt_plugin/challenge_store.rb

@@ -0,0 +1,18 @@
+module LetsencryptPlugin
+  class ChallengeStore
+    def initialize(challenge_content)
+      @content = challenge_content
+    end
+
+    def store
+      display_info
+      store_content
+    end
+
+    protected
+
+    def display_info
+      Rails.logger.info('Storing challenge information...')
+    end
+  end
+end

data/lib/letsencrypt_plugin/database_store.rb

@@ -0,0 +1,11 @@
+require 'letsencrypt_plugin/challenge_store'
+
+module LetsencryptPlugin
+  class DatabaseStore < ChallengeStore
+    def store_content
+      ch = LetsencryptPlugin::Challenge.first
+      ch = LetsencryptPlugin::Challenge.new if ch.nil?
+      ch.update(response: @content)
+    end
+  end
+end

data/lib/letsencrypt_plugin/file_output.rb

@@ -0,0 +1,18 @@
+require 'letsencrypt_plugin/certificate_output'
+
+module LetsencryptPlugin
+  class FileOutput < CertificateOutput
+    def initialize(domain, cert, out_dir)
+      super(domain, cert)
+      @output_dir = out_dir
+    end
+
+    def output_cert(cert_type, cert_content)
+      File.write(File.join(@output_dir, "#{@domain}-#{cert_type}"), cert_content)
+    end
+
+    def display_info
+      Rails.logger.info('Saving certificates and key...')
+    end
+  end
+end

data/lib/letsencrypt_plugin/file_store.rb

@@ -0,0 +1,16 @@
+require 'letsencrypt_plugin/challenge_store'
+
+module LetsencryptPlugin
+  class FileStore < ChallengeStore
+    def initialize(challenge_content, challenge_dir_name)
+      super(challenge_content)
+      @challenge_dir_name = challenge_dir_name
+    end
+
+    def store_content
+      full_challenge_dir = File.join(Rails.root, @challenge_dir_name)
+      Dir.mkdir(full_challenge_dir) unless File.directory?(full_challenge_dir)
+      File.open(File.join(full_challenge_dir, 'challenge'), 'w') { |file| file.write(@content) }
+    end
+  end
+end

data/lib/letsencrypt_plugin/heroku_output.rb

@@ -0,0 +1,19 @@
+require 'letsencrypt_plugin/certificate_output'
+
+module LetsencryptPlugin
+  class HerokuOutput < CertificateOutput
+    def initialize(domain, cert)
+      super(domain, cert)
+    end
+
+    def output_cert(cert_type, cert_content)
+      Rails.logger.info("====== #{@domain}-#{cert_type} ======")
+      puts cert_content
+    end
+
+    def display_info
+      Rails.logger.info('You are running this script on Heroku, please copy-paste certificates to your local machine')
+      Rails.logger.info('and then follow https://devcenter.heroku.com/articles/ssl-endpoint guide:')
+    end
+  end
+end

data/lib/letsencrypt_plugin/version.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 module LetsencryptPlugin
-  VERSION = "0.0.6"
+  VERSION = '0.0.7'.freeze
 end

data/lib/tasks/letsencrypt_plugin_tasks.rake

@@ -1,7 +1,7 @@
 require 'openssl'
 require 'acme/client'
 
-#Sets up logging - should only be called from other rake tasks
+# Sets up logging - should only be called from other rake tasks
 task setup_logger: :environment do
   logger           = Logger.new(STDOUT)
   logger.level     = Logger::INFO
@@ -9,100 +9,7 @@ task setup_logger: :environment do
 end
 
 desc "Generates SSL certificate using Let's Encrypt service"
-task :letsencrypt_plugin => :setup_logger do
-  def generate_certificate()
-    client ||= Acme::Client.new(private_key: load_private_key, endpoint: CONFIG[:endpoint])
-    Rails.logger.info("Trying to register at Let's Encrypt service...")
-    begin
-      registration = client.register(contact: "mailto:#{CONFIG[:email]}")
-      registration.agree_terms
-      Rails.logger.info("Registration succeed.")
-    rescue
-      Rails.logger.info("Already registered.")
-    end
-
-    Rails.logger.info("Sending authorization request...")
-    authorization = client.authorize(domain: CONFIG[:domain])
-    challenge = authorization.http01
-    
-    store_challenge(challenge)
-
-    challenge.request_verification # => true
-    
-    wait_for_status(challenge)
-    
-    if challenge.verify_status == 'valid'
-      # We can now request a certificate
-      certificate = client.new_certificate(create_csr)
-      save_certificate(certificate)
-
-      Rails.logger.info("Certificate has been generated.")
-    else
-      Rails.logger.error("Challenge verification failed! Error: #{challenge.error['type']}: #{challenge.error['detail']}")
-    end
-  end
-  
-  def load_private_key
-    Rails.logger.info("Loading private key...")
-    OpenSSL::PKey::RSA.new(File.read(File.join(Rails.root, CONFIG[:private_key])))
-  end
-  
-  def store_challenge(challenge)
-    Rails.logger.info("Storing challenge information...")
-    ch = LetsencryptPlugin::Challenge.first
-    if ch.nil?
-      ch = LetsencryptPlugin::Challenge.new
-      ch.save!(:response => challenge.file_content)
-    else
-      ch.update(:response => challenge.file_content)
-    end
-    sleep(2)
-  end 
-  
-  def wait_for_status(challenge)
-    Rails.logger.info("Waiting for challenge status...")
-    counter = 0
-    while challenge.verify_status == 'pending' && counter < 10
-      sleep(1)
-      counter += 1
-    end
-  end
-
-  def create_csr
-    Rails.logger.info("Creating CSR...")
-    Acme::Client::CertificateRequest.new(names: [ CONFIG[:domain] ])
-  end
-  
-  # Save the certificate and key
-  def save_certificate(certificate)
-    if !certificate.nil?
-      if !ENV['DYNO'].nil?      
-        Rails.logger.info('You are running this script on Heroku, please copy-paste certificates to your local machine')
-        Rails.logger.info('and then follow https://devcenter.heroku.com/articles/ssl-endpoint guide:')
-
-        Rails.logger.info("====== #{CONFIG[:domain]}-cert.pem ======")
-        puts certificate.to_pem
-
-        Rails.logger.info("====== #{CONFIG[:domain]}-key.pem ======")
-        puts certificate.request.private_key.to_pem
-        
-        Rails.logger.info("====== #{CONFIG[:domain]}-chain.pem ======")
-        puts certificate.chain_to_pem
-        
-        Rails.logger.info("====== #{CONFIG[:domain]}-fullchain.pem ======")
-        puts certificate.fullchain_to_pem
-        
-      elsif File.directory?(File.join(Rails.root, CONFIG[:output_cert_dir]))
-        Rails.logger.info("Saving certificates and key...")
-        File.write(File.join(Rails.root, CONFIG[:output_cert_dir], "#{CONFIG[:domain]}-cert.pem"), certificate.to_pem)
-        File.write(File.join(Rails.root, CONFIG[:output_cert_dir], "#{CONFIG[:domain]}-key.pem"), certificate.request.private_key.to_pem)
-        File.write(File.join(Rails.root, CONFIG[:output_cert_dir], "#{CONFIG[:domain]}-chain.pem"), certificate.chain_to_pem)
-        File.write(File.join(Rails.root, CONFIG[:output_cert_dir], "#{CONFIG[:domain]}-fullchain.pem"), certificate.fullchain_to_pem)
-      else
-        Rails.logger.error("Output directory: '#{File.join(Rails.root, CONFIG[:output_cert_dir])}' does not exist!")
-      end
-    end
-  end
-  
-  generate_certificate
+task letsencrypt_plugin: :setup_logger do
+  cert_generator = LetsencryptPlugin::CertGenerator.new(CONFIG)
+  cert_generator.generate_certificate
 end