surtr 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +82 -0
- data/lib/surtr/acme.rb +68 -0
- data/lib/surtr/dns.rb +21 -0
- data/lib/surtr/version.rb +1 -1
- metadata +4 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6347d467f10a9aa0d07d119f77d9608bb633c684f61e05ed55bf3747ff56dae0
|
|
4
|
+
data.tar.gz: 717b3f089df4fb666fa2459fa31dd2e45ac6487a5b7882bc7049f99fbaecad4b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: '0885c832971d73ba1769c86e4b905c801f67c0ffe806d2fdb1215b5dc91d7925e52c072d235b32443e028a99efd49b5d94027fb08fe50405b7a5df811ee4b088'
|
|
7
|
+
data.tar.gz: 66bd2612418a162992e6911be922186697c8a274db2e74147954ba95afca588f6592c84c8872690eafce09906d8f4ecb8ec8466eb078a19125699a36e27a7b61
|
data/Gemfile.lock
ADDED
|
@@ -0,0 +1,82 @@
|
|
|
1
|
+
PATH
|
|
2
|
+
remote: .
|
|
3
|
+
specs:
|
|
4
|
+
surtr (0.1.0)
|
|
5
|
+
acme-client
|
|
6
|
+
clamp
|
|
7
|
+
google-cloud-dns
|
|
8
|
+
|
|
9
|
+
GEM
|
|
10
|
+
remote: https://rubygems.org/
|
|
11
|
+
specs:
|
|
12
|
+
acme-client (0.6.3)
|
|
13
|
+
faraday (~> 0.9, >= 0.9.1)
|
|
14
|
+
addressable (2.5.2)
|
|
15
|
+
public_suffix (>= 2.0.2, < 4.0)
|
|
16
|
+
clamp (1.2.1)
|
|
17
|
+
declarative (0.0.10)
|
|
18
|
+
declarative-option (0.1.0)
|
|
19
|
+
faraday (0.14.0)
|
|
20
|
+
multipart-post (>= 1.2, < 3)
|
|
21
|
+
google-api-client (0.19.8)
|
|
22
|
+
addressable (~> 2.5, >= 2.5.1)
|
|
23
|
+
googleauth (>= 0.5, < 0.7.0)
|
|
24
|
+
httpclient (>= 2.8.1, < 3.0)
|
|
25
|
+
mime-types (~> 3.0)
|
|
26
|
+
representable (~> 3.0)
|
|
27
|
+
retriable (>= 2.0, < 4.0)
|
|
28
|
+
google-cloud-core (1.2.0)
|
|
29
|
+
google-cloud-env (~> 1.0)
|
|
30
|
+
google-cloud-dns (0.28.0)
|
|
31
|
+
google-api-client (~> 0.19.0)
|
|
32
|
+
google-cloud-core (~> 1.2)
|
|
33
|
+
googleauth (~> 0.6.2)
|
|
34
|
+
zonefile (~> 1.04)
|
|
35
|
+
google-cloud-env (1.0.1)
|
|
36
|
+
faraday (~> 0.11)
|
|
37
|
+
googleauth (0.6.2)
|
|
38
|
+
faraday (~> 0.12)
|
|
39
|
+
jwt (>= 1.4, < 3.0)
|
|
40
|
+
logging (~> 2.0)
|
|
41
|
+
memoist (~> 0.12)
|
|
42
|
+
multi_json (~> 1.11)
|
|
43
|
+
os (~> 0.9)
|
|
44
|
+
signet (~> 0.7)
|
|
45
|
+
httpclient (2.8.3)
|
|
46
|
+
jwt (2.1.0)
|
|
47
|
+
little-plugger (1.1.4)
|
|
48
|
+
logging (2.2.2)
|
|
49
|
+
little-plugger (~> 1.1)
|
|
50
|
+
multi_json (~> 1.10)
|
|
51
|
+
memoist (0.16.0)
|
|
52
|
+
mime-types (3.1)
|
|
53
|
+
mime-types-data (~> 3.2015)
|
|
54
|
+
mime-types-data (3.2016.0521)
|
|
55
|
+
multi_json (1.13.1)
|
|
56
|
+
multipart-post (2.0.0)
|
|
57
|
+
os (0.9.6)
|
|
58
|
+
public_suffix (3.0.2)
|
|
59
|
+
rake (10.5.0)
|
|
60
|
+
representable (3.0.4)
|
|
61
|
+
declarative (< 0.1.0)
|
|
62
|
+
declarative-option (< 0.2.0)
|
|
63
|
+
uber (< 0.2.0)
|
|
64
|
+
retriable (3.1.1)
|
|
65
|
+
signet (0.8.1)
|
|
66
|
+
addressable (~> 2.3)
|
|
67
|
+
faraday (~> 0.9)
|
|
68
|
+
jwt (>= 1.5, < 3.0)
|
|
69
|
+
multi_json (~> 1.10)
|
|
70
|
+
uber (0.1.0)
|
|
71
|
+
zonefile (1.06)
|
|
72
|
+
|
|
73
|
+
PLATFORMS
|
|
74
|
+
ruby
|
|
75
|
+
|
|
76
|
+
DEPENDENCIES
|
|
77
|
+
bundler (~> 1.16)
|
|
78
|
+
rake (~> 10.0)
|
|
79
|
+
surtr!
|
|
80
|
+
|
|
81
|
+
BUNDLED WITH
|
|
82
|
+
1.16.1
|
data/lib/surtr/acme.rb
ADDED
|
@@ -0,0 +1,68 @@
|
|
|
1
|
+
require "openssl"
|
|
2
|
+
require "acme-client"
|
|
3
|
+
require "fileutils"
|
|
4
|
+
|
|
5
|
+
module Surtr
|
|
6
|
+
|
|
7
|
+
module ACME
|
|
8
|
+
|
|
9
|
+
def self.keygen (keyfile)
|
|
10
|
+
File.write keyfile, OpenSSL::PKey::RSA.new(4096).to_pem
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def self.register (keyfile, endpoint, email)
|
|
14
|
+
key = OpenSSL::PKey::RSA.new(File.read(keyfile))
|
|
15
|
+
client = Acme::Client.new(private_key: key, endpoint: "https://acme-#{endpoint}.api.letsencrypt.org")
|
|
16
|
+
client.register(contact: "mailto:#{email}").agree_terms
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def self.challenge (keyfile, endpoint, domain)
|
|
20
|
+
key = OpenSSL::PKey::RSA.new(File.read(keyfile))
|
|
21
|
+
client = Acme::Client.new(private_key: key, endpoint: "https://acme-#{endpoint}.api.letsencrypt.org")
|
|
22
|
+
auth = client.authorize(domain: domain)
|
|
23
|
+
case auth.status
|
|
24
|
+
when "pending"
|
|
25
|
+
challenge = auth.dns01
|
|
26
|
+
puts "#{domain}: not verified. DNS record required:"
|
|
27
|
+
puts " " + [[challenge.record_name, domain].join("."), challenge.record_type, challenge.record_content.inspect].join(" ")
|
|
28
|
+
when "valid"
|
|
29
|
+
puts "#{domain}: verified"
|
|
30
|
+
else
|
|
31
|
+
fail "#{domain}: unexpected authorization status: #{auth.status}"
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def self.verify (keyfile, endpoint, domain)
|
|
36
|
+
key = OpenSSL::PKey::RSA.new(File.read(keyfile))
|
|
37
|
+
client = Acme::Client.new(private_key: key, endpoint: "https://acme-#{endpoint}.api.letsencrypt.org")
|
|
38
|
+
auth = client.authorize(domain: domain)
|
|
39
|
+
case auth.status
|
|
40
|
+
when "pending"
|
|
41
|
+
challenge = auth.dns01
|
|
42
|
+
challenge.request_verification
|
|
43
|
+
while auth.verify_status == "pending"
|
|
44
|
+
sleep 0.1
|
|
45
|
+
end
|
|
46
|
+
when "valid"
|
|
47
|
+
puts "#{domain}: verified"
|
|
48
|
+
else
|
|
49
|
+
fail "#{domain}: unexpected authorization status: #{auth.status}"
|
|
50
|
+
end
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
|
|
54
|
+
def self.certificate (keyfile, endpoint, destination, domains)
|
|
55
|
+
key = OpenSSL::PKey::RSA.new(File.read(keyfile))
|
|
56
|
+
client = Acme::Client.new(private_key: key, endpoint: "https://acme-#{endpoint}.api.letsencrypt.org")
|
|
57
|
+
csr = Acme::Client::CertificateRequest.new(names: domains)
|
|
58
|
+
certificate = client.new_certificate(csr)
|
|
59
|
+
FileUtils.mkpath destination
|
|
60
|
+
File.write File.join(destination, "privkey.pem"), certificate.request.private_key.to_pem
|
|
61
|
+
File.write File.join(destination, "cert.pem"), certificate.to_pem
|
|
62
|
+
File.write File.join(destination, "chain.pem"), certificate.chain_to_pem
|
|
63
|
+
File.write File.join(destination, "fullchain.pem"), certificate.fullchain_to_pem
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
end
|
data/lib/surtr/dns.rb
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
require "google/cloud/dns"
|
|
2
|
+
|
|
3
|
+
module Surtr
|
|
4
|
+
|
|
5
|
+
module DNS
|
|
6
|
+
|
|
7
|
+
def self.gcp (project, name, type, value)
|
|
8
|
+
|
|
9
|
+
dns = Google::Cloud::Dns.new project: project
|
|
10
|
+
dns.zones.each do |zone|
|
|
11
|
+
if name.end_with?(zone.dns[0..-2])
|
|
12
|
+
zone.replace name, type, 60, value
|
|
13
|
+
break
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
end
|
data/lib/surtr/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: surtr
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Nathan Baum
|
|
@@ -90,6 +90,7 @@ extra_rdoc_files: []
|
|
|
90
90
|
files:
|
|
91
91
|
- ".gitignore"
|
|
92
92
|
- Gemfile
|
|
93
|
+
- Gemfile.lock
|
|
93
94
|
- LICENSE.txt
|
|
94
95
|
- README.md
|
|
95
96
|
- Rakefile
|
|
@@ -97,6 +98,8 @@ files:
|
|
|
97
98
|
- bin/setup
|
|
98
99
|
- exe/surtr
|
|
99
100
|
- lib/surtr.rb
|
|
101
|
+
- lib/surtr/acme.rb
|
|
102
|
+
- lib/surtr/dns.rb
|
|
100
103
|
- lib/surtr/version.rb
|
|
101
104
|
- surtr.gemspec
|
|
102
105
|
homepage:
|