letsencrypt_plugin 0.0.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 108dfbd0e792c1bacf5f3e34cd23a0f6c91f0ce2
+  data.tar.gz: c4c828959d1f7c7774d56c089afc551694fb8449
+SHA512:
+  metadata.gz: d038926e551cf7a9bea240c97feb17fd5d99e0c2f695cd642fd6f52478e06ba444b5318f8cb55b73182b70bc8b3b46ef5b34ab1e0541094e87c04663f81fb5eb
+  data.tar.gz: 60ad86e901086d6cf528cf1d3c4e78482f1fd5798b667400aa287a67d2e02f040c90d04835d6cbbcf5d88a0a0febf1767d05746c3fdf07167280093f097b4cd8

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2015 lgromanowski
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Rakefile

@@ -0,0 +1,37 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'LetsencryptPlugin'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("../test/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+
+load 'rails/tasks/statistics.rake'
+
+
+
+Bundler::GemHelper.install_tasks
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+
+task default: :test

data/app/assets/javascripts/letsencrypt_plugin/application.js

@@ -0,0 +1,13 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or any plugin's vendor/assets/javascripts directory can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// compiled file.
+//
+// Read Sprockets README (https://github.com/rails/sprockets#sprockets-directives) for details
+// about supported directives.
+//
+//= require_tree .

data/app/assets/stylesheets/letsencrypt_plugin/application.css

@@ -0,0 +1,15 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any styles
+ * defined in the other CSS/SCSS files in this directory. It is generally better to create a new
+ * file per style scope.
+ *
+ *= require_tree .
+ *= require_self
+ */

data/app/controllers/letsencrypt_plugin/application_controller.rb

@@ -0,0 +1,22 @@
+module LetsencryptPlugin
+  class ApplicationController < ActionController::Base
+    before_action :validate_length, only: [:index]
+    
+    def index
+      # There is only one item in DB with challenge response from our task
+      # we will use it to render plain text response
+      @response = Challenge.first
+      render plain: @response.response
+    end
+    
+    private
+      def validate_length
+        # Challenge request should have at least 128bit
+        challenge_failed if params[:challenge].nil? || params[:challenge].length < 16 || params[:challenge].length > 256
+      end
+      
+      def challenge_failed
+        raise ActionController::RoutingError.new('Challenge failed - invalid request.')
+      end
+  end
+end

data/app/helpers/letsencrypt_plugin/application_helper.rb

@@ -0,0 +1,4 @@
+module LetsencryptPlugin
+  module ApplicationHelper
+  end
+end

data/app/models/letsencrypt_plugin/challenge.rb

@@ -0,0 +1,4 @@
+module LetsencryptPlugin
+  class Challenge < ActiveRecord::Base
+  end
+end

data/app/views/layouts/letsencrypt_plugin/application.html.erb

@@ -0,0 +1 @@
+<%= yield %>

data/config/initializers/letsencrypt_plugin.rb

@@ -0,0 +1,3 @@
+CONFIG = YAML.load_file(Rails.root.join('config', 'letsencrypt_plugin.yml'))
+CONFIG.merge! CONFIG.fetch(Rails.env, {})
+CONFIG.symbolize_keys!

data/config/routes.rb

@@ -0,0 +1,3 @@
+LetsencryptPlugin::Engine.routes.draw do
+  get '.well-known/acme-challenge/:challenge' => 'application#index'
+end

data/db/migrate/20151206135029_create_letsencrypt_plugin_challenges.rb

@@ -0,0 +1,9 @@
+class CreateLetsencryptPluginChallenges < ActiveRecord::Migration
+  def change
+    create_table :letsencrypt_plugin_challenges do |t|
+      t.text :response
+
+      t.timestamps null: false
+    end
+  end
+end

data/lib/letsencrypt_plugin.rb

@@ -0,0 +1,4 @@
+require "letsencrypt_plugin/engine"
+
+module LetsencryptPlugin
+end

data/lib/letsencrypt_plugin/engine.rb

@@ -0,0 +1,5 @@
+module LetsencryptPlugin
+  class Engine < ::Rails::Engine
+    isolate_namespace LetsencryptPlugin
+  end
+end

data/lib/letsencrypt_plugin/version.rb

@@ -0,0 +1,3 @@
+module LetsencryptPlugin
+  VERSION = "0.0.2"
+end

data/lib/tasks/letsencrypt_plugin_tasks.rake

@@ -0,0 +1,96 @@
+require 'openssl'
+require 'acme-client'
+
+#Sets up logging - should only be called from other rake tasks
+task setup_logger: :environment do
+  logger           = Logger.new(STDOUT)
+  logger.level     = Logger::INFO
+  Rails.logger     = logger
+end
+
+desc "Generates SSL certificate using Let's Encrypt service"
+task :letsencrypt_plugin => :setup_logger do
+  def generate_certificate()
+    client ||= Acme::Client.new(private_key: load_private_key, endpoint: CONFIG[:endpoint])
+    Rails.logger.info("Trying to register at Let's Encrypt service...")
+    begin
+      registration = client.register(contact: 'mailto:#{CONFIG[:email]}')
+      registration.agree_terms
+      Rails.logger.info("Registration succeed.")
+    rescue
+      Rails.logger.info("Already registered.")
+    end
+
+    Rails.logger.info("Sending authorization request...")
+    authorization = client.authorize(domain: CONFIG[:domain])
+    challenge = authorization.http01
+    
+    store_challenge(challenge)
+
+    challenge.request_verification # => true
+    
+    wait_for_status(challenge)
+    
+    if challenge.verify_status == 'valid'
+      certificate_private_key = OpenSSL::PKey::RSA.new(2048)
+      csr = create_csr(certificate_private_key)
+      # We can now request a certificate
+      certificate = client.new_certificate(csr) # => #<Acme::Certificate ....>
+      save_certificate(certificate, certificate_private_key)
+
+      Rails.logger.info("Certificate has been generated.")
+    else
+      Rails.logger.error("Challenge verification failed!")
+    end
+  end
+  
+  def load_private_key
+    Rails.logger.info("Loading private key...")
+    OpenSSL::PKey::RSA.new(File.read(File.join(Rails.root, CONFIG[:private_key])))
+  end
+  
+  def store_challenge(challenge)
+    Rails.logger.info("Storing challenge information...")
+    ch = LetsencryptPlugin::Challenge.first
+    if ch.nil?
+      ch = LetsencryptPlugin::Challenge.new
+      ch.save!(:response => challenge.file_content)
+    else
+      ch.update(:response => challenge.file_content)
+    end
+    sleep(1)
+  end
+
+  def wait_for_status(challenge)
+    Rails.logger.info("Waiting for challenge status...")
+    counter = 0
+    while challenge.verify_status == 'pending' && counter < 10
+      sleep(1)
+      counter += 1
+    end
+  end
+
+  def create_csr(certificate_private_key)
+    Rails.logger.info("Creating CSR...")
+    csr = OpenSSL::X509::Request.new
+    csr.subject = OpenSSL::X509::Name.new([
+      ['CN', CONFIG[:domain], OpenSSL::ASN1::UTF8STRING]
+    ])
+    csr.public_key = certificate_private_key.public_key
+    csr.sign(certificate_private_key, OpenSSL::Digest::SHA256.new)
+    csr
+  end
+  
+  # Save the certificate and key
+  def save_certificate(certificate, certificate_private_key)
+    if !certificate.nil?
+      Rails.logger.info("Saving certificates and key...")
+      File.write(File.join(CONFIG[:output_cert_dir], "#{CONFIG[:domain]}-cert.pem"), certificate.to_pem)
+      File.write(File.join(CONFIG[:output_cert_dir], "#{CONFIG[:domain]}-key.pem"), certificate_private_key.to_pem)
+      File.write(File.join(CONFIG[:output_cert_dir], "#{CONFIG[:domain]}-chain.pem"), certificate.chain_to_pem)
+      File.write(File.join(CONFIG[:output_cert_dir], "#{CONFIG[:domain]}-fullchain.pem"), certificate.fullchain_to_pem)
+    end
+  end
+  
+  generate_certificate
+end

data/test/dummy/README.rdoc

@@ -0,0 +1,28 @@
+== README
+
+This README would normally document whatever steps are necessary to get the
+application up and running.
+
+Things you may want to cover:
+
+* Ruby version
+
+* System dependencies
+
+* Configuration
+
+* Database creation
+
+* Database initialization
+
+* How to run the test suite
+
+* Services (job queues, cache servers, search engines, etc.)
+
+* Deployment instructions
+
+* ...
+
+
+Please feel free to use a different markup language if you do not plan to run
+<tt>rake doc:app</tt>.

data/test/dummy/Rakefile

@@ -0,0 +1,6 @@
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require File.expand_path('../config/application', __FILE__)
+
+Rails.application.load_tasks

data/test/dummy/app/assets/javascripts/application.js

@@ -0,0 +1,13 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or any plugin's vendor/assets/javascripts directory can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// compiled file.
+//
+// Read Sprockets README (https://github.com/rails/sprockets#sprockets-directives) for details
+// about supported directives.
+//
+//= require_tree .

data/test/dummy/app/assets/stylesheets/application.css

@@ -0,0 +1,15 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any styles
+ * defined in the other CSS/SCSS files in this directory. It is generally better to create a new
+ * file per style scope.
+ *
+ *= require_tree .
+ *= require_self
+ */

data/test/dummy/app/controllers/application_controller.rb

@@ -0,0 +1,5 @@
+class ApplicationController < ActionController::Base
+  # Prevent CSRF attacks by raising an exception.
+  # For APIs, you may want to use :null_session instead.
+  protect_from_forgery with: :exception
+end

data/test/dummy/app/helpers/application_helper.rb

@@ -0,0 +1,2 @@
+module ApplicationHelper
+end

data/test/dummy/app/views/layouts/application.html.erb

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Dummy</title>
+  <%= stylesheet_link_tag    'application', media: 'all', 'data-turbolinks-track' => true %>
+  <%= javascript_include_tag 'application', 'data-turbolinks-track' => true %>
+  <%= csrf_meta_tags %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/test/dummy/bin/bundle

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
+load Gem.bin_path('bundler', 'bundle')

data/test/dummy/bin/rails

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+APP_PATH = File.expand_path('../../config/application', __FILE__)
+require_relative '../config/boot'
+require 'rails/commands'

data/test/dummy/bin/rake

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+require_relative '../config/boot'
+require 'rake'
+Rake.application.run

data/test/dummy/bin/setup

@@ -0,0 +1,29 @@
+#!/usr/bin/env ruby
+require 'pathname'
+
+# path to your application root.
+APP_ROOT = Pathname.new File.expand_path('../../',  __FILE__)
+
+Dir.chdir APP_ROOT do
+  # This script is a starting point to setup your application.
+  # Add necessary setup steps to this file:
+
+  puts "== Installing dependencies =="
+  system "gem install bundler --conservative"
+  system "bundle check || bundle install"
+
+  # puts "\n== Copying sample files =="
+  # unless File.exist?("config/database.yml")
+  #   system "cp config/database.yml.sample config/database.yml"
+  # end
+
+  puts "\n== Preparing database =="
+  system "bin/rake db:setup"
+
+  puts "\n== Removing old logs and tempfiles =="
+  system "rm -f log/*"
+  system "rm -rf tmp/cache"
+
+  puts "\n== Restarting application server =="
+  system "touch tmp/restart.txt"
+end

data/test/dummy/config.ru

@@ -0,0 +1,4 @@
+# This file is used by Rack-based servers to start the application.
+
+require ::File.expand_path('../config/environment', __FILE__)
+run Rails.application

data/test/dummy/config/application.rb

@@ -0,0 +1,26 @@
+require File.expand_path('../boot', __FILE__)
+
+require 'rails/all'
+
+Bundler.require(*Rails.groups)
+require "letsencrypt_plugin"
+
+module Dummy
+  class Application < Rails::Application
+    # Settings in config/environments/* take precedence over those specified here.
+    # Application configuration should go into files in config/initializers
+    # -- all .rb files in that directory are automatically loaded.
+
+    # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
+    # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
+    # config.time_zone = 'Central Time (US & Canada)'
+
+    # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
+    # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
+    # config.i18n.default_locale = :de
+
+    # Do not swallow errors in after_commit/after_rollback callbacks.
+    config.active_record.raise_in_transactional_callbacks = true
+  end
+end
+