puma-acme 0.1.0 → 0.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a03fafd8bedea51ad2a908d71c255510bc2cd852d0f5587916e3bce12635c58d
-  data.tar.gz: 146ab48df5ba65410b00fb065d891373076814efb47bfc184e94f164b6b75f6b
+  metadata.gz: 627c59d3385c6bd13e5a80e2eabade6fdc7c979d84594ce19223972588c6ab3d
+  data.tar.gz: faebef3c6288f8d1a4588999ae4bf7d6561a6cb23981333b212b426d32562bb0
 SHA512:
-  metadata.gz: 746645713f39db8403b0299ee0a473b6b54c750fdd8d4f9a371a00894c02b35fb96367c22195e1707beea93a0ef65939235c0f6cddb4f0be43606546957db440
-  data.tar.gz: 74f1b2504eeb5dc97fe6ce421c389989cfd6ce5a5783daeb911d556b0fac915292d9d4ce6710ef81b027901f75426e0aecff3a86fbf58927dc99529d9e18a11a
+  metadata.gz: 95128f3fcff6e220ce51ca8678aa530e5ef7b53b79b60b680c4d2c7f9e466535d3599c89e155efc85d5cc5f0998034f029e2c170c92b7a9586416d66738a617a
+  data.tar.gz: ff84a445f469fcbbd51334b725a30a5840cc1d0a2f3914b89ac72fd8b496d7881c5e8f6f7b577ae763502ade3f29034161ba4acaabfecac59268205c026f3e0a

data/CHANGELOG.md

@@ -1,5 +1,9 @@
 ## [Unreleased]
 
+## 0.1.1 - 1/16/24
+
+- puma 5.6 compatibility
+
 ## 0.1.0 - 12/29/23
 
 - Initial release

data/Gemfile

@@ -1,3 +1,5 @@
 source 'https://rubygems.org'
 
 gemspec
+
+gem 'byebug'

data/Gemfile.lock

@@ -1,58 +1,75 @@
 PATH
   remote: .
   specs:
-    puma-acme (0.1.0)
+    puma-acme (0.1.1)
       acme-client (~> 2.0.13)
       pstore (~> 0.1)
-      puma (~> 6.4)
+      puma (~> 5.6)
       sinatra (~> 3.1)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    acme-client (2.0.15)
+    acme-client (2.0.16)
       faraday (>= 1.0, < 3.0.0)
       faraday-retry (>= 1.0, < 3.0.0)
+    addressable (2.8.6)
+      public_suffix (>= 2.0.2, < 6.0)
     base64 (0.2.0)
-    faraday (2.7.12)
-      base64
-      faraday-net_http (>= 2.0, < 3.1)
-      ruby2_keywords (>= 0.0.4)
-    faraday-net_http (3.0.2)
+    byebug (11.1.3)
+    crack (0.4.5)
+      rexml
+    faraday (2.9.0)
+      faraday-net_http (>= 2.0, < 3.2)
+    faraday-net_http (3.1.0)
+      net-http
     faraday-retry (2.2.0)
       faraday (~> 2.0)
+    hashdiff (1.1.0)
     http.rb (0.12.0)
     minitest (5.20.0)
     minitest-mock_expectations (1.2.0)
     mustermann (3.0.0)
       ruby2_keywords (~> 0.0.1)
+    net-http (0.4.1)
+      uri
     nio4r (2.7.0)
     pstore (0.1.3)
-    puma (6.4.0)
+    public_suffix (5.0.4)
+    puma (5.6.8)
       nio4r (~> 2.0)
     rack (2.2.8)
-    rack-protection (3.1.0)
+    rack-protection (3.2.0)
+      base64 (>= 0.1.0)
       rack (~> 2.2, >= 2.2.4)
     rake (13.1.0)
+    rexml (3.2.6)
     ruby2_keywords (0.0.5)
-    sinatra (3.1.0)
+    sinatra (3.2.0)
       mustermann (~> 3.0)
       rack (~> 2.2, >= 2.2.4)
-      rack-protection (= 3.1.0)
+      rack-protection (= 3.2.0)
       tilt (~> 2.0)
     tilt (2.3.0)
+    uri (0.13.0)
     vcr (6.2.0)
+    webmock (3.19.1)
+      addressable (>= 2.8.0)
+      crack (>= 0.3.2)
+      hashdiff (>= 0.4.0, < 2.0.0)
 
 PLATFORMS
   arm64-darwin-23
 
 DEPENDENCIES
+  byebug
   http.rb (~> 0.12)
   minitest (~> 5.14)
   minitest-mock_expectations (~> 1.2)
   puma-acme!
   rake (~> 13.0)
   vcr (~> 6.1)
+  webmock (~> 3.19)
 
 BUNDLED WITH
    2.3.26

data/LICENSE.txt

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2023 Anchor Security, Inc.
+Copyright (c) 2024 Anchor Security, Inc.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/README.md

@@ -1,28 +1,24 @@
 # puma-acme
 
-A [Puma](https://puma.io/) plugin for for SSL certs via
-[ACME](https://www.rfc-editor.org/rfc/rfc8555.html).
+A [Puma](https://puma.io/) plugin for adding HTTPS support to a Puma server
+with SSL certs via [ACME](https://www.rfc-editor.org/rfc/rfc8555.html).
 
-Easily add HTTPS support to a Puma server. To use, configure the server
-name(s), accept the TOS, and add a bind directive. The plugin will handle ACME
-account creation, order handling, challenge responses, and certificate
-provisioning. A rack handler for
+To use, configure the server name(s), accept the TOS, and add a bind directive.
+The plugin will handle ACME account creation, order handling, challenge
+responses, and certificate provisioning. A
 [HTTP-01](https://letsencrypt.org/docs/challenge-types/#http-01-challenge)
-is added to the app so that the non-SSL address can automatically answer
-challenges.
+rack handler also allows non-SSL addresses to automatically answer challenges.
 
-On first boot, the server will boot without the SSL listener, and run the ACME
-order workflow in a background thread of the main process. When the workflow
-finishes and the certificate is ready, the server performs a graceful restart
-and binds to the SSL port.
+On first boot, the server will start without SSL and run the ACME workflow in a
+background thread. When the workflow finishes, the server will gracefully
+restart and bind to the SSL port.
 
 If the configured cache contains an unexpired certificate that matches the
 algorithm and server name(s), it will use the cert to bind a listener at server
 boot.
 
-Automatic renewals can be enabled by configuring a renewal interval based on
-the remaining time as a duration or a fraction. See the `acme_renew_at`
-directive for details.
+Setting a renewal interval based on the remaining time as a duration or a
+fraction will enable automatic renewal. See `acme_renew_at` for details.
 
 Supports standalone and cluster mode, along with graceful & rolling restarts.
 
@@ -45,7 +41,7 @@ config.bind 'tcp://0.0.0.0:80'
 
 plugin :acme
 
-acme_server_name 'puma-acme.example.org' 
+acme_server_name 'puma-acme.example.org'
 acme_tos_agreed true
 
 config.bind 'acme://0.0.0.0:443'
@@ -60,22 +56,21 @@ advanced:
 # Recommended for account recovery and revocation.
 acme_contact 'mailto:acme-user@exmaple.org'
 
-# Specify multiple server names (SAN extension).
+# Specify server names (SAN extension).
 acme_server_names 'puma-acme.example.org', 'www.puma-acme.example.org'
 
 # Enable automatic renewal based on an amount of time or fraction of life
-# remaining. For an amount of time, use a number of seconds as an Integer, for
-# example the value 2592000 will set renewal to 30 days before certificate
-# expiration. Use a Float between 0 and 1 for fraction of life remaining, for
-# example the value 0.75 will set renewal at %75 of the way through the
-# certificate lifetime.
+# remaining. For an amount of time, use Integer seconds, for example the value
+# 2592000 will set renewal to 30 days before certificate expiry. For a fraction
+# of life remaining, use a Float between 0 and 1, for example the value 0.75
+# will set renewal at 75% of the way through the certificate lifetime.
 acme_renew_at 0.75
 
-# URL of ACME server's directory URL, default is LetsEncrypt.
+# URL of ACME server's directory URL, defaults to LetsEncrypt.
 acme_directory 'https://acme.example.org/directory'
 
-# Accept the Terms of Service (TOS) of an ACME server, the value can be either
-# the server's directory URL as a string, or true to accept any server's TOS.
+# Accept the Terms of Service (TOS) of an ACME server with the server's
+# directory URL as a string or true to accept any server's TOS.
 acme_tos_agreed 'https://acme.example.org/directory'
 
 # External Account Binding (EAB) token KID & secret HMAC key for the ACME
@@ -83,29 +78,27 @@ acme_tos_agreed 'https://acme.example.org/directory'
 acme_eab_kid      ENV['ACME_KID']
 acme_eab_hmac_key ENV['ACME_HMAC_KEY']
 
-# Encryption key algorithm, :ecdsa & :rsa are supported, :ecdsa is the default.
+# Encryption key algorithm, either :ecdsa or :rsa, defaults to :ecdsa.
 acme_algorithm :ecdsa
 
-# Provision mode, :background and :foreground are supported, :background is the
-# default. Background mode will provision certificates in a background thread
-# without blocking binding or request serving for non-acme listeners.
-# Foreground mode blocks all binding listeners until a certificate is
-# provisioned, and is only compatable with zero-challenge ACME flow.
-acme_mode :background 
+# Provision mode, either :background or :foreground, defaults to :background.
+# Background mode provisions certificates in a background thread without
+# blocking binding or request serving for non-acme listeners.
+# Foreground mode blocks all binding listeners until a certificate
+# provisions, compatible only with zero-challenge ACME flow.
+acme_mode :background
 
-# Store account, order, and certificate data in any ActiveSupport::Cache::Store
-# compatable cache store. A local filesystem based cache in the default.
+# ActiveSupport::Cache::Store compatible cache to store account, order, and
+# certificate data. Defaults to a local filesystem based cache.
 acme_cache Rails.cache
 
-# Path to the cache directory for the default cache, 'tmp/acme' is the default.
+# Path to the cache directory for the default cache, defaults to 'tmp/acme'.
 acme_cache_dir 'tmp/acme'
 
-# Time to wait in seconds before checking for an updated order status, 1 second
-# is the default.
+# Time to wait in seconds before rechecking order status, defaults to 1 second.
 acme_poll_interval 1
 
-# Time to wait in seconds before checking for automatic renewal, default is 1
-# hour.
+# Time to wait in seconds before checking for renewal, defaults to 1 hour.
 acme_renew_interval 60 * 60
 ```
 
@@ -117,5 +110,5 @@ acme_renew_interval 60 * 60
 
 ## License
 
-The gem is available as open source under the terms of the [MIT
+puma-acme is available as open source under the terms of the [MIT
 License](http://opensource.org/licenses/MIT).

data/lib/puma/acme/plugin.rb

@@ -41,11 +41,11 @@ module Puma
           manager: @manager
         )
 
-        @log_writer = launcher.log_writer
+        @logger = launcher.respond_to?(:log_writer) ? launcher.log_writer : launcher.events
 
         cert = @manager.cert!(identifiers: identifiers, algorithm: algorithm)
         if cert.usable?
-          @log_writer.debug 'Acme: cert already provisioned'
+          @logger.debug 'Acme: cert already provisioned'
 
           bind_to(launcher, cert)
 
@@ -57,17 +57,17 @@ module Puma
             end
           end
         elsif mode == :background
-          @log_writer.log 'Puma background provisioning cert via puma-acme plugin...'
+          @logger.log 'Puma background provisioning cert via puma-acme plugin...'
 
           in_background do
             provision(cert, poll_interval: poll_interval)
 
-            @log_writer.log 'Puma restarting after provisioning cert via puma-acme plugin...'
+            @logger.log 'Puma restarting after provisioning cert via puma-acme plugin...'
 
             launcher.restart
           end
         elsif mode == :foreground
-          @log_writer.log 'Puma foreground provisioning cert via puma-acme plugin...'
+          @logger.log 'Puma foreground provisioning cert via puma-acme plugin...'
 
           provision(cert, poll_interval: poll_interval)
           bind_to(launcher, cert)
@@ -92,7 +92,7 @@ module Puma
           'cert_pem' => cert.cert_pem
         }
 
-        ctx = MiniSSL::ContextBuilder.new(params, @log_writer).context
+        ctx = MiniSSL::ContextBuilder.new(params, @logger).context
 
         launcher.binder.before_parse_hook do
           @acme_binds.each do |str|
@@ -100,16 +100,16 @@ module Puma
 
             if (fd = launcher.binder.inherited_fds.delete(str))
               io = launcher.binder.inherit_ssl_listener(fd, ctx)
-              @log_writer.log "* Inherited #{str}"
+              @logger.log "* Inherited #{str}"
             elsif (fd = launcher.binder.activated_sockets.delete([:acme, uri.host, uri.port]))
               io = launcher.binder.inherit_ssl_listener(fd, ctx)
-              @log_writer.log "* Activated #{str}"
+              @logger.log "* Activated #{str}"
             else
               io = launcher.binder.add_ssl_listener(uri.host, uri.port, ctx)
             end
 
             cert.identifiers.each do |identifier|
-              @log_writer.log "* Listening on ssl://#{uri.host}:#{uri.port} for https://#{identifier.value} (puma-acme)"
+              @logger.log "* Listening on ssl://#{uri.host}:#{uri.port} for https://#{identifier.value} (puma-acme)"
             end
 
             launcher.binder.listeners << [str, io]
@@ -119,13 +119,13 @@ module Puma
 
       def provision(cert, poll_interval:)
         unless @manager.account
-          @log_writer.debug 'Acme: creating account'
+          @logger.debug 'Acme: creating account'
 
           @manager.account!
         end
 
         if cert.order.nil?
-          @log_writer.debug 'Acme: creating order'
+          @logger.debug 'Acme: creating order'
           @manager.order!(cert)
         else
           @manager.reload!(cert)
@@ -134,23 +134,23 @@ module Puma
         loop do
           case cert.order.status.to_sym
           when :valid
-            @log_writer.debug 'Acme: downloading cert'
+            @logger.debug 'Acme: downloading cert'
 
             @manager.download!(cert)
 
             return
           when :processing, :pending
-            @log_writer.debug "Acme: waiting on #{cert.order.status} order"
+            @logger.debug "Acme: waiting on #{cert.order.status} order"
 
             sleep poll_interval
 
             @manager.reload!(cert)
           when :ready
-            @log_writer.debug 'Acme: finalizing ready order'
+            @logger.debug 'Acme: finalizing ready order'
 
             @manager.finalize!(cert)
           when :invalid
-            @log_writer.debug 'Acme: invalid order, re-ordering'
+            @logger.debug 'Acme: invalid order, re-ordering'
 
             @manager.order!(cert)
           end
@@ -171,7 +171,7 @@ module Puma
 
           next unless cert.renewable?(renew_at)
 
-          @log_writer.debug 'Acme: creating renewal order'
+          @logger.debug 'Acme: creating renewal order'
 
           @manager.order!(cert)
 

data/lib/puma/acme/version.rb

@@ -2,6 +2,6 @@
 
 module Puma
   module Acme
-    VERSION = '0.1.0'
+    VERSION = '0.1.1'
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: puma-acme
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
 platform: ruby
 authors:
 - Anchor Security, Inc
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-12-29 00:00:00.000000000 Z
+date: 2024-01-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: acme-client
@@ -44,14 +44,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '6.4'
+        version: '5.6'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '6.4'
+        version: '5.6'
 - !ruby/object:Gem::Dependency
   name: sinatra
   requirement: !ruby/object:Gem::Requirement
@@ -136,6 +136,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '6.1'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.19'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.19'
 description: A Puma webserver plugin for automatic access to certificates from Let's
   Encrypt and any other ACME-based CA.
 email:
@@ -183,7 +197,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.26
+rubygems_version: 3.4.10
 signing_key:
 specification_version: 4
 summary: Puma plugin for ACME.