letsencrypt_standalone 0.1.11

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: f5cfab69f72511700b1af722b981aa051b7df7af
+  data.tar.gz: ce88586ddcdc681eaa8326c9d48e5f7e7596a116
+SHA512:
+  metadata.gz: 7130decc64246670ce93c85cc844307f7b65dcdd41b68e118c0d00b3f4876e399de7bafd7307776771721b4a3f04f192db22c551580dd52c680e25721477d600
+  data.tar.gz: 50a6ef511005d4319d5072206cd4c4446cb73ff4d2fc319196d6534fc89e1135f0c5e67819a49e441e18fc52b807004c12f9ec38b7f12ef4de1af1f39f919d8c

data/.gitignore

@@ -0,0 +1,11 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+/public
+/ssl_certs

data/.rspec

@@ -0,0 +1,2 @@
+--format documentation
+--color

data/.travis.yml

@@ -0,0 +1,4 @@
+language: ruby
+rvm:
+  - 2.3.0
+before_install: gem install bundler -v 1.11.2

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,49 @@
+# Contributor Code of Conduct
+
+As contributors and maintainers of this project, and in the interest of
+fostering an open and welcoming community, we pledge to respect all people who
+contribute through reporting issues, posting feature requests, updating
+documentation, submitting pull requests or patches, and other activities.
+
+We are committed to making participation in this project a harassment-free
+experience for everyone, regardless of level of experience, gender, gender
+identity and expression, sexual orientation, disability, personal appearance,
+body size, race, ethnicity, age, religion, or nationality.
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery
+* Personal attacks
+* Trolling or insulting/derogatory comments
+* Public or private harassment
+* Publishing other's private information, such as physical or electronic
+  addresses, without explicit permission
+* Other unethical or unprofessional conduct
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+By adopting this Code of Conduct, project maintainers commit themselves to
+fairly and consistently applying these principles to every aspect of managing
+this project. Project maintainers who do not follow or enforce the Code of
+Conduct may be permanently removed from the project team.
+
+This code of conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community.
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting a project maintainer at grigory.aksentiev@gmail.com. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. Maintainers are
+obligated to maintain confidentiality with regard to the reporter of an
+incident.
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 1.3.0, available at
+[http://contributor-covenant.org/version/1/3/0/][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/3/0/

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in letsencrypt_standalone.gemspec
+gemspec

data/README.md

@@ -0,0 +1,27 @@
+## Installation
+
+    $ gem install letsencrypt_standalone
+
+## Usage
+
+config file like this:
+
+```
+{
+  "path": "./",
+  "ssl_dir": "ssl_certs", //relative to "path"
+  "email": "admin@example.com",
+  "domains": [
+    {
+      "host": "example.com"
+    }
+  ]
+}
+
+```
+
+choose acme backend
+
+```
+LE_ENVIRONMENT=staging
+```

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "letsencrypt_standalone"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+require "pry"
+Pry.start
+
+# require "irb"
+# IRB.start

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/exe/le_standalone

@@ -0,0 +1,118 @@
+#!/usr/bin/env ruby
+require 'optparse'
+require 'json'
+require 'acme-client'
+require 'fileutils'
+require 'webrick'
+require 'logger'
+require 'letsencrypt_standalone'
+
+# Default logger
+logger = LetsencryptStandalone::Base.logger
+
+OptionParser.new do |opts|
+  opts.banner = "le_standalone [options]"
+
+  opts.on("-c", "--config File", String, "Path to config file. Default: ./le_standalone.json") do |item|
+    config_file = item
+  end
+
+  opts.on("-p", "--port N", Integer, "Port. Default: 12080") do |port|
+    config.port = port if !port.nil?
+  end
+
+  opts.on("-a", "--add Domains", Array, "Add domain(s) to config, generate key and try to obtain certificate.") do |list|
+    config.add(domains: list)
+  end
+
+  opts.on("-l", "--log File", String, "Log file") do |file|
+    # Overwrite default logger with the new one of specified
+    logger = LetsencryptStandalone::Base.logger(log_destination: file) if file
+  end
+
+  opts.on_tail("--version", "Show version") do
+    puts LetsencryptStandalone::VERSION
+    exit
+  end
+
+  opts.on_tail("-h", "--help", "Show this message") do
+    puts opts
+    exit
+  end
+end.parse!
+
+begin
+
+  # Config
+  config      = LetsencryptStandalone::Config.new
+  config.port = 12080
+
+  # Webrick conf
+  FileUtils.mkdir_p(config.www_root)
+
+  Thread.new do
+    log = WEBrick::Log.new(logger, WEBrick::Log::DEBUG)
+    server = WEBrick::HTTPServer.new :Port => config.port,
+                                     :DocumentRoot => config.www_root,
+                                     :Logger => log
+    server.start
+  end
+
+  # Account
+  client = LetsencryptStandalone::Client.new  account: config.account,
+                                              email: config.email
+
+  # Let's encrypt!
+  config.domains.each do |params|
+    domain = LetsencryptStandalone::Domain.new(params: params)
+    config.push_private_key_name(domain: domain)
+
+    if domain.certificates
+      certificate = LetsencryptStandalone::Certificate.new(client: client.acme_client, domain: domain)
+      next if !certificate.needs_refresh?
+    end
+
+    logger.info "Starting #{domain.host} tasks"
+    domain.validate(client: client)
+
+    tries = config.tries
+    tries.times do |n|
+      begin
+        # verified?
+        status = domain.verify_status
+        if status == 'valid'
+          logger.info "Verified #{domain.host} challenge. Obtaining certificate."
+          certificate ||= LetsencryptStandalone::Certificate.new(client: client.acme_client, domain: domain)
+                            .obtain_new
+
+          certificate.save
+          break
+        else
+          logger.info "Could not verify #{domain.host} challenge. Status #{status}"
+          logger.warn "FAIL: Certificate for #{domain.host} has not been obtained during #{tries} tries." if n == tries
+        end
+        sleep 1
+      rescue Acme::Client::Error::Malformed
+        next
+      end
+    end
+
+    # write cert path to config
+    if certificate
+      config.push_certs_locations(files: certificate.files, domain: domain)
+      logger.info "SUCCESS: Certificate for #{domain.host} was obtained"
+    end
+
+    logger.info "Finished #{domain.host} tasks"
+  end
+
+  # Refresh configuration for future use
+  config.config[:account] = client.account
+  config.write
+
+  # Make clean
+  FileUtils.rm_rf config.www_root
+
+rescue Exception => err
+  logger.fatal err
+end

data/le_standalone.gemspec

@@ -0,0 +1,36 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'letsencrypt_standalone/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "letsencrypt_standalone"
+  spec.version       = LetsencryptStandalone::VERSION
+  spec.authors       = ["Grigory Aksentyev"]
+  spec.email         = ["grigory.aksentiev@gmail.com"]
+
+  spec.summary       = %q{Generate and sign ssl certificate with let's encrypt}
+  spec.description   = %q{Run stangalone server which do all work, the put the stuff generated to path specified}
+  # spec.homepage      = "TODO: Put your gem's website or public repo URL here."
+
+  # Prevent pushing this gem to RubyGems.org by setting 'allowed_push_host', or
+  # delete this section to allow pushing this gem to any host.
+  # if spec.respond_to?(:metadata)
+  #   spec.metadata['allowed_push_host'] = "TODO: Set to 'http://mygemserver.com'"
+  # else
+  #   raise "RubyGems 2.0 or newer is required to protect against public gem pushes."
+  # end
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.11"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+  spec.add_development_dependency "pry"
+  spec.add_development_dependency "pry-byebug"
+
+  spec.add_dependency 'acme-client'
+end

data/le_standalone.json

@@ -0,0 +1,15 @@
+{
+  "path": "./",
+  "email": "admin@example.com",
+  ::
+  "domains": [
+    {
+      "host": "example.com",
+      "private_key": "private_key.pem"
+    },
+    {
+      "host": "www.example.com",
+      "private_key": "private_key.pem"
+    }
+  ]
+}

data/lib/letsencrypt_standalone.rb

@@ -0,0 +1,11 @@
+require 'letsencrypt_standalone/base'
+require 'letsencrypt_standalone/certificate'
+require 'letsencrypt_standalone/client'
+require 'letsencrypt_standalone/config'
+require 'letsencrypt_standalone/domain'
+require 'letsencrypt_standalone/version'
+
+module LetsencryptStandalone
+  PROD_URL  = 'https://acme-v01.api.letsencrypt.org/'
+  STAGE_URL = 'https://acme-staging.api.letsencrypt.org/'
+end

data/lib/letsencrypt_standalone/base.rb

@@ -0,0 +1,34 @@
+require 'letsencrypt_standalone'
+
+module LetsencryptStandalone
+  require 'logger'
+  class Base
+    class << self
+      def logger(log_destination: STDOUT)
+        @@logger = Logger.new(log_destination)
+        @@logger.level = Logger::INFO
+        @@logger
+      end
+    end
+
+    def logger
+      @@logger
+    end
+
+    def endpoint_url
+      ENV['LE_ENVIRONMENT'] == 'staging' ? STAGE_URL : PROD_URL
+    end
+
+    def output_dir
+      File.join(path, ssl_subdir)
+    end
+
+    def ssl_subdir
+      @ssl_subdir ||= LetsencryptStandalone::Config.new.ssl_subdir
+    end
+
+    def path
+      @path ||= LetsencryptStandalone::Config.new.config[:path]
+    end
+  end
+end

data/lib/letsencrypt_standalone/certificate.rb

@@ -0,0 +1,49 @@
+require 'letsencrypt_standalone'
+require 'fileutils'
+require 'acme-client'
+require 'openssl'
+
+module LetsencryptStandalone
+  class Certificate < Base
+
+    @@default_names = {
+               certificate: 'cert.pem',
+               chain:       'chain.pem',
+               fullchain:   'fullchain.pem'
+             }
+
+    attr_reader :files
+
+    def initialize(domain:, client:)
+      @files       = domain.certificates || @@default_names
+      @domain      = domain.host
+      @client      = client
+      @private_key = domain.private_key
+    end
+
+    def obtain_new
+      csr = Acme::Client::CertificateRequest.new(names: Array(@domain), private_key: @private_key)
+      @certificate = @client.new_certificate(csr) # => #<Acme::Client::Certificate ....>
+      return self
+    end
+
+    def needs_refresh?
+      cert = @files[:certificate]
+      if cert.not_after > Time.now + 2*24*3600
+        logger.info("It doesnt need to refresh cert for domain: #{@domain}")
+        false
+      else
+        logger.info("It needs to refresh cert for domain: #{@domain}")
+        true
+      end
+    end
+
+    def save
+      # Save the certificate and the private key to files
+      FileUtils.mkdir_p(File.join(output_dir, @domain))
+      File.write(File.join(output_dir, @domain, @files[:certificate]), @certificate.to_pem)
+      File.write(File.join(output_dir, @domain, @files[:chain]), @certificate.chain_to_pem)
+      File.write(File.join(output_dir, @domain, @files[:fullchain]), @certificate.fullchain_to_pem)
+    end
+  end
+end

data/lib/letsencrypt_standalone/client.rb

@@ -0,0 +1,48 @@
+require 'letsencrypt_standalone'
+require 'acme/client'
+require 'openssl'
+
+module LetsencryptStandalone
+  class Client < Base
+    attr_reader :account, :email, :acme_client
+
+    def initialize(account: nil, email:)
+      @email = email
+      @account = account
+      @acme_client = Acme::Client.new(private_key: private_key, endpoint: endpoint_url)
+
+      if !account
+        logger.info "Account key not found. Creating..."
+        @account = 'account.pem'
+        create(email)
+        save_account_key
+        raise 'No email specified' if !email
+      end
+    end
+
+    def create(email)
+      contact = 'mailto:' + email #https://github.com/schubergphilis/letsencrypt/issues/3
+      @acme_client.register(contact: contact).agree_terms
+    end
+
+    def authorize(domain:)
+      @acme_client.authorize(domain: domain)
+    end
+
+    private
+
+    def private_key
+      @private_key ||= if account && File.exist?(File.join(path, account))
+                         OpenSSL::PKey::RSA.new(File.read(File.join(path, account)))
+                       else
+                         OpenSSL::PKey::RSA.new(4096)
+                       end
+    end
+
+    def save_account_key
+      logger.info "Saving account key."
+      FileUtils.mkdir_p path
+      File.new(File.join(path, account), 'w').write(private_key.to_pem)
+    end
+  end
+end

data/lib/letsencrypt_standalone/config.rb

@@ -0,0 +1,55 @@
+require 'letsencrypt_standalone'
+
+module LetsencryptStandalone
+  class Config < Base
+    attr_accessor :config, :location, :port
+    def initialize(config_file: nil)
+      @location ||= 'le_standalone.json'
+      @config = JSON.parse(File.read(@location), :symbolize_names => true)
+    end
+
+    def output_dir
+      config.output_dir || super
+    end
+
+    %i(account domains email path).each do |meth|
+      define_method meth do
+        config.fetch(meth, nil)
+      end
+    end
+
+    def ssl_subdir
+      config[:ssl_subdir] || 'ssl_certs'
+    end
+
+    def www_root
+      config[:www_root] || 'public'
+    end
+
+    def tries
+      config.fetch(:tries, 5)
+    end
+
+    def add(domains:)
+      domains.each do |domain|
+        @config[:domains] << {host: domain}
+      end
+    end
+
+    def push_certs_locations(files:, domain:)
+      config[:domains].map! do |d|
+        d[:host] == domain.host ? d.merge(certificates: files) : d
+      end
+    end
+
+    def push_private_key_name(domain:)
+      config[:domains].map! do |d|
+        d[:host] == domain.host ? d.merge(private_key: domain.private_key_name) : d
+      end
+    end
+
+    def write
+      File.new(location, 'w').write(JSON.pretty_generate(config))
+    end
+  end
+end

data/lib/letsencrypt_standalone/domain.rb

@@ -0,0 +1,84 @@
+require 'letsencrypt_standalone'
+require 'openssl'
+require 'fileutils'
+
+module LetsencryptStandalone
+  class Domain < Base
+    attr_accessor :host, :private_key, :certificates
+    attr_reader :private_key_name, :private_key_path
+
+    @@default_private_key_name = 'private_key.pem'
+
+    def initialize(params:, path: './')
+      @host = params.fetch(:host)
+      @private_key_name = params.fetch(:private_key, @@default_private_key_name)
+      @private_key_path = File.join(output_dir,@host, @private_key_name)
+
+      if params.has_key? :certificates
+        load_certs(params)
+      end
+      load_private_key
+    end
+
+    def host_dir
+      @host_dir ||= File.join(output_dir, host)
+    end
+
+    def validate(client:)
+      authorization = client.authorize(domain: self.host)
+      #The http-01 method will require you to respond to a HTTP request.
+      @challenge = authorization.http01
+
+      # Save the file. We'll create a public directory to serve it from, and inside it we'll create the challenge file.
+      FileUtils.mkdir_p(File.join(config.www_root, File.dirname(@challenge.filename)))
+
+      # We'll write the content of the file
+      File.write(File.join(config.www_root, @challenge.filename), @challenge.file_content)
+
+      # try to verify
+      @challenge.request_verification
+    end
+
+    def verify_status
+      @challenge.verify_status
+    end
+
+    private
+
+    def load_private_key
+      logger.info "Trying to use existing private key for #{@host}"
+      if File.exists? File.join(host_dir, @private_key_name)
+        @private_key = OpenSSL::PKey::RSA.new(File.read(@private_key_path))
+      else
+        @private_key = generate_key
+        save_private_key
+      end
+    end
+
+    def config
+      @config ||= LetsencryptStandalone::Config.new
+    end
+
+    def create_host_dir
+      FileUtils.mkdir_p(host_dir)
+    end
+
+    def save_private_key
+      create_host_dir
+      File.new(@private_key_path, 'w').write(@private_key.to_pem)
+    end
+
+    def load_certs(params)
+      @certificates = {}
+      params[:certificates].each do |type, file|
+        cert = OpenSSL::X509::Certificate.new(File.read(File.join(host_dir, file)))
+        @certificates[type] = cert
+        logger.info "Trying to use existing cert #{type} for #{@host}"
+      end
+    end
+
+    def generate_key
+      OpenSSL::PKey::RSA.new(4096)
+    end
+  end
+end

data/lib/letsencrypt_standalone/version.rb

@@ -0,0 +1,3 @@
+module LetsencryptStandalone
+  VERSION = "0.1.11"
+end

metadata

@@ -0,0 +1,149 @@
+--- !ruby/object:Gem::Specification
+name: letsencrypt_standalone
+version: !ruby/object:Gem::Version
+  version: 0.1.11
+platform: ruby
+authors:
+- Grigory Aksentyev
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2016-03-31 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.11'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.11'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry-byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: acme-client
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Run stangalone server which do all work, the put the stuff generated
+  to path specified
+email:
+- grigory.aksentiev@gmail.com
+executables:
+- le_standalone
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- CODE_OF_CONDUCT.md
+- Gemfile
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- exe/le_standalone
+- le_standalone.gemspec
+- le_standalone.json
+- lib/letsencrypt_standalone.rb
+- lib/letsencrypt_standalone/base.rb
+- lib/letsencrypt_standalone/certificate.rb
+- lib/letsencrypt_standalone/client.rb
+- lib/letsencrypt_standalone/config.rb
+- lib/letsencrypt_standalone/domain.rb
+- lib/letsencrypt_standalone/version.rb
+homepage: 
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: Generate and sign ssl certificate with let's encrypt
+test_files: []
+has_rdoc: