Class: Acmesmith::Client
- Inherits:
-
Object
- Object
- Acmesmith::Client
- Defined in:
- lib/acmesmith/client.rb
Instance Method Summary collapse
- #add_san(common_name, *add_sans) ⇒ Object
- #authorize(*identifiers) ⇒ Object
- #autorenew(days: 7, common_names: nil) ⇒ Object
- #certificate_versions(common_name) ⇒ Object
- #certificates_list ⇒ Object
- #current(common_name) ⇒ Object
- #execute_post_issue_hooks(certificate) ⇒ Object
- #get_certificate(common_name, version: 'current', type: 'text') ⇒ Object
- #get_private_key(common_name, version: 'current') ⇒ Object
-
#initialize(config: nil) ⇒ Client
constructor
A new instance of Client.
- #new_account(contact, tos_agreed: true) ⇒ Object
- #order(*identifiers, not_before: nil, not_after: nil) ⇒ Object
- #post_issue_hooks(common_name) ⇒ Object
- #save(common_name, version: 'current', **kwargs) ⇒ Object
- #save_certificate(common_name, version: 'current', mode: '0600', output:, type: 'fullchain') ⇒ Object
- #save_pkcs12(common_name, version: 'current', mode: '0600', output:, passphrase:) ⇒ Object
- #save_private_key(common_name, version: 'current', mode: '0600', output:) ⇒ Object
Constructor Details
#initialize(config: nil) ⇒ Client
Returns a new instance of Client.
8 9 10 |
# File 'lib/acmesmith/client.rb', line 8 def initialize(config: nil) @config ||= config end |
Instance Method Details
#add_san(common_name, *add_sans) ⇒ Object
168 169 170 171 172 173 174 |
# File 'lib/acmesmith/client.rb', line 168 def add_san(common_name, *add_sans) puts "=> reissuing CN=#{common_name} with new SANs #{add_sans.join(?,)}" cert = storage.get_certificate(common_name) sans = cert.sans + add_sans puts " * SANs will be: #{sans.join(?,)}" order(cert.common_name, *sans) end |
#authorize(*identifiers) ⇒ Object
59 60 61 |
# File 'lib/acmesmith/client.rb', line 59 def (*identifiers) raise NotImplementedError, "Domain authorization in advance is still not available in acme-client (v2). Required authorizations will be performed when ordering certificates" end |
#autorenew(days: 7, common_names: nil) ⇒ Object
155 156 157 158 159 160 161 162 163 164 165 166 |
# File 'lib/acmesmith/client.rb', line 155 def autorenew(days: 7, common_names: nil) (common_names || storage.list_certificates).each do |cn| puts "=> #{cn}" cert = storage.get_certificate(cn) not_after = cert.certificate.not_after.utc puts " Not valid after: #{not_after}" next unless (cert.certificate.not_after.utc - Time.now.utc) < (days.to_i * 86400) puts " * Renewing: CN=#{cert.common_name}, SANs=#{cert.sans.join(',')}" order(cert.common_name, *cert.sans) end end |
#certificate_versions(common_name) ⇒ Object
78 79 80 |
# File 'lib/acmesmith/client.rb', line 78 def certificate_versions(common_name) storage.list_certificate_versions(common_name).sort end |
#certificates_list ⇒ Object
82 83 84 |
# File 'lib/acmesmith/client.rb', line 82 def certificates_list storage.list_certificates.sort end |
#current(common_name) ⇒ Object
86 87 88 |
# File 'lib/acmesmith/client.rb', line 86 def current(common_name) storage.get_current_certificate_version(common_name) end |
#execute_post_issue_hooks(certificate) ⇒ Object
68 69 70 71 72 73 74 75 76 |
# File 'lib/acmesmith/client.rb', line 68 def execute_post_issue_hooks(certificate) hooks = config.post_issuing_hooks(certificate.common_name) return if hooks.empty? puts "=> Executing post issuing hooks for CN=#{certificate.common_name}" hooks.each do |hook| hook.run(certificate: certificate) end puts end |
#get_certificate(common_name, version: 'current', type: 'text') ⇒ Object
90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 |
# File 'lib/acmesmith/client.rb', line 90 def get_certificate(common_name, version: 'current', type: 'text') cert = storage.get_certificate(common_name, version: version) certs = [] case type when 'text' certs << cert.certificate.to_text certs << cert.certificate.to_pem when 'certificate' certs << cert.certificate.to_pem when 'chain' certs << cert.chain when 'fullchain' certs << cert.fullchain end certs end |
#get_private_key(common_name, version: 'current') ⇒ Object
123 124 125 126 127 128 |
# File 'lib/acmesmith/client.rb', line 123 def get_private_key(common_name, version: 'current') cert = storage.get_certificate(common_name, version: version) cert.key_passphrase = certificate_key_passphrase if certificate_key_passphrase cert.private_key.to_pem end |
#new_account(contact, tos_agreed: true) ⇒ Object
12 13 14 15 16 17 18 19 20 |
# File 'lib/acmesmith/client.rb', line 12 def new_account(contact, tos_agreed: true) key = AccountKey.generate acme = Acme::Client.new(private_key: key.private_key, directory: config.fetch('directory')) acme.new_account(contact: contact, terms_of_service_agreed: tos_agreed) storage.put_account_key(key, account_key_passphrase) key end |
#order(*identifiers, not_before: nil, not_after: nil) ⇒ Object
22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 |
# File 'lib/acmesmith/client.rb', line 22 def order(*identifiers, not_before: nil, not_after: nil) puts "=> Ordering a certificate for the following identifiers:" puts identifiers.each do |id| puts " * #{id}" end puts puts "=> Generating CSR" csr = Acme::Client::CertificateRequest.new(subject: { common_name: identifiers.first }, names: identifiers[1..-1]) puts "=> Placing an order" order = acme.new_order(identifiers: identifiers, not_before: not_before, not_after: not_after) unless order..empty? || order.status == 'ready' puts "=> Looking for required domain authorizations" puts order..map(&:domain).each do |domain| puts " * #{domain}" end puts (order.) end cert = process_order_finalization(order, csr) puts "=> Certificate issued" puts print " * securing into the storage ..." storage.put_certificate(cert, certificate_key_passphrase) puts " [ ok ]" puts execute_post_issue_hooks(cert) cert end |
#post_issue_hooks(common_name) ⇒ Object
63 64 65 66 |
# File 'lib/acmesmith/client.rb', line 63 def post_issue_hooks(common_name) cert = storage.get_certificate(common_name) execute_post_issue_hooks(cert) end |
#save(common_name, version: 'current', **kwargs) ⇒ Object
148 149 150 151 152 153 |
# File 'lib/acmesmith/client.rb', line 148 def save(common_name, version: 'current', **kwargs) cert = storage.get_certificate(common_name, version: version) cert.key_passphrase = certificate_key_passphrase if certificate_key_passphrase SaveCertificateService.new(cert, **kwargs).perform! end |
#save_certificate(common_name, version: 'current', mode: '0600', output:, type: 'fullchain') ⇒ Object
109 110 111 112 113 114 115 116 117 118 119 120 121 |
# File 'lib/acmesmith/client.rb', line 109 def save_certificate(common_name, version: 'current', mode: '0600', output:, type: 'fullchain') cert = storage.get_certificate(common_name, version: version) File.open(output, 'w', mode.to_i(8)) do |f| case type when 'certificate' f.puts cert.certificate.to_pem when 'chain' f.puts cert.chain when 'fullchain' f.puts cert.fullchain end end end |
#save_pkcs12(common_name, version: 'current', mode: '0600', output:, passphrase:) ⇒ Object
138 139 140 141 142 143 144 145 146 |
# File 'lib/acmesmith/client.rb', line 138 def save_pkcs12(common_name, version: 'current', mode: '0600', output:, passphrase:) cert = storage.get_certificate(common_name, version: version) cert.key_passphrase = certificate_key_passphrase if certificate_key_passphrase p12 = cert.pkcs12(passphrase) File.open(output, 'w', mode.to_i(8)) do |f| f.puts p12.to_der end end |
#save_private_key(common_name, version: 'current', mode: '0600', output:) ⇒ Object
130 131 132 133 134 135 136 |
# File 'lib/acmesmith/client.rb', line 130 def save_private_key(common_name, version: 'current', mode: '0600', output:) cert = storage.get_certificate(common_name, version: version) cert.key_passphrase = certificate_key_passphrase if certificate_key_passphrase File.open(output, 'w', mode.to_i(8)) do |f| f.puts(cert.private_key) end end |