Class: Acmesmith::Client

Inherits:

Object

• Object
• Acmesmith::Client

Defined in:

lib/acmesmith/client.rb

Instance Method Summary

• #add_san(common_name, *add_sans) ⇒ Object
• #authorize(*identifiers) ⇒ Object
• #autorenew(days: 7, common_names: nil) ⇒ Object
• #certificate_versions(common_name) ⇒ Object
• #certificates_list ⇒ Object
• #current(common_name) ⇒ Object
• #execute_post_issue_hooks(certificate) ⇒ Object
• #get_certificate(common_name, version: 'current', type: 'text') ⇒ Object
• #get_private_key(common_name, version: 'current') ⇒ Object
• #initialize(config: nil) ⇒ Client constructor

  A new instance of Client.

• #new_account(contact, tos_agreed: true) ⇒ Object
• #order(*identifiers, not_before: nil, not_after: nil) ⇒ Object
• #post_issue_hooks(common_name) ⇒ Object
• #save(common_name, version: 'current', **kwargs) ⇒ Object
• #save_certificate(common_name, version: 'current', mode: '0600', output:, type: 'fullchain') ⇒ Object
• #save_pkcs12(common_name, version: 'current', mode: '0600', output:, passphrase:) ⇒ Object
• #save_private_key(common_name, version: 'current', mode: '0600', output:) ⇒ Object

Constructor Details

#initialize(config: nil) ⇒ Client

Returns a new instance of Client.

# File 'lib/acmesmith/client.rb', line 8

def initialize(config: nil)
  @config ||= config
end

Instance Method Details

#add_san(common_name, *add_sans) ⇒ Object

# File 'lib/acmesmith/client.rb', line 168

def add_san(common_name, *add_sans)
  puts "=> reissuing CN=#{common_name} with new SANs #{add_sans.join(?,)}"
  cert = storage.get_certificate(common_name)
  sans = cert.sans + add_sans
  puts " * SANs will be: #{sans.join(?,)}"
  order(cert.common_name, *sans)
end

#authorize(*identifiers) ⇒ Object

Raises:

• (NotImplementedError)

# File 'lib/acmesmith/client.rb', line 59

def authorize(*identifiers)
  raise NotImplementedError, "Domain authorization in advance is still not available in acme-client (v2). Required authorizations will be performed when ordering certificates"
end

#autorenew(days: 7, common_names: nil) ⇒ Object

# File 'lib/acmesmith/client.rb', line 155

def autorenew(days: 7, common_names: nil)
  (common_names || storage.list_certificates).each do |cn|
    puts "=> #{cn}"
    cert = storage.get_certificate(cn)
    not_after = cert.certificate.not_after.utc

    puts "   Not valid after: #{not_after}"
    next unless (cert.certificate.not_after.utc - Time.now.utc) < (days.to_i * 86400)
    puts " * Renewing: CN=#{cert.common_name}, SANs=#{cert.sans.join(',')}"
    order(cert.common_name, *cert.sans)
  end
end

#certificate_versions(common_name) ⇒ Object

# File 'lib/acmesmith/client.rb', line 78

def certificate_versions(common_name)
  storage.list_certificate_versions(common_name).sort
end

#certificates_list ⇒ Object

# File 'lib/acmesmith/client.rb', line 82

def certificates_list
  storage.list_certificates.sort
end

#current(common_name) ⇒ Object

# File 'lib/acmesmith/client.rb', line 86

def current(common_name)
  storage.get_current_certificate_version(common_name)
end

#execute_post_issue_hooks(certificate) ⇒ Object

# File 'lib/acmesmith/client.rb', line 68

def execute_post_issue_hooks(certificate)
  hooks = config.post_issuing_hooks(certificate.common_name)
  return if hooks.empty?
  puts "=> Executing post issuing hooks for CN=#{certificate.common_name}"
  hooks.each do |hook|
    hook.run(certificate: certificate)
  end
  puts
end

#get_certificate(common_name, version: 'current', type: 'text') ⇒ Object

# File 'lib/acmesmith/client.rb', line 90

def get_certificate(common_name, version: 'current', type: 'text')
  cert = storage.get_certificate(common_name, version: version)

  certs = []
  case type
  when 'text'
    certs << cert.certificate.to_text
    certs << cert.certificate.to_pem
  when 'certificate'
    certs << cert.certificate.to_pem
  when 'chain'
    certs << cert.chain
  when 'fullchain'
    certs << cert.fullchain
  end

  certs
end

#get_private_key(common_name, version: 'current') ⇒ Object

# File 'lib/acmesmith/client.rb', line 123

def get_private_key(common_name, version: 'current')
  cert = storage.get_certificate(common_name, version: version)
  cert.key_passphrase = certificate_key_passphrase if certificate_key_passphrase

  cert.private_key.to_pem
end

#new_account(contact, tos_agreed: true) ⇒ Object

# File 'lib/acmesmith/client.rb', line 12

def new_account(contact, tos_agreed: true)
  key = AccountKey.generate
  acme = Acme::Client.new(private_key: key.private_key, directory: config.fetch('directory'))
  acme.new_account(contact: contact, terms_of_service_agreed: tos_agreed)

  storage.put_account_key(key, account_key_passphrase)

  key
end

#order(*identifiers, not_before: nil, not_after: nil) ⇒ Object

# File 'lib/acmesmith/client.rb', line 22

def order(*identifiers, not_before: nil, not_after: nil)
  puts "=> Ordering a certificate for the following identifiers:"
  puts
  identifiers.each do |id|
    puts " * #{id}"
  end
  puts
  puts "=> Generating CSR"
  csr = Acme::Client::CertificateRequest.new(subject: { common_name: identifiers.first }, names: identifiers[1..-1])
  puts "=> Placing an order"
  order = acme.new_order(identifiers: identifiers, not_before: not_before, not_after: not_after)

  unless order.authorizations.empty? || order.status == 'ready'
    puts "=> Looking for required domain authorizations"
    puts
    order.authorizations.map(&:domain).each do |domain|
      puts " * #{domain}"
    end
    puts

    process_authorizations(order.authorizations)
  end

  cert = process_order_finalization(order, csr)

  puts "=> Certificate issued"
  puts
  print " * securing into the storage ..."
  storage.put_certificate(cert, certificate_key_passphrase)
  puts " [ ok ]"
  puts

  execute_post_issue_hooks(cert)

  cert
end

#post_issue_hooks(common_name) ⇒ Object

# File 'lib/acmesmith/client.rb', line 63

def post_issue_hooks(common_name)
  cert = storage.get_certificate(common_name)
  execute_post_issue_hooks(cert)
end

#save(common_name, version: 'current', **kwargs) ⇒ Object

# File 'lib/acmesmith/client.rb', line 148

def save(common_name, version: 'current', **kwargs)
  cert = storage.get_certificate(common_name, version: version)
  cert.key_passphrase = certificate_key_passphrase if certificate_key_passphrase

  SaveCertificateService.new(cert, **kwargs).perform!
end

#save_certificate(common_name, version: 'current', mode: '0600', output:, type: 'fullchain') ⇒ Object

# File 'lib/acmesmith/client.rb', line 109

def save_certificate(common_name, version: 'current', mode: '0600', output:, type: 'fullchain')
  cert = storage.get_certificate(common_name, version: version)
  File.open(output, 'w', mode.to_i(8)) do |f|
    case type
    when 'certificate'
      f.puts cert.certificate.to_pem
    when 'chain'
      f.puts cert.chain
    when 'fullchain'
      f.puts cert.fullchain
    end
  end
end

#save_pkcs12(common_name, version: 'current', mode: '0600', output:, passphrase:) ⇒ Object

# File 'lib/acmesmith/client.rb', line 138

def save_pkcs12(common_name, version: 'current', mode: '0600', output:, passphrase:)
  cert = storage.get_certificate(common_name, version: version)
  cert.key_passphrase = certificate_key_passphrase if certificate_key_passphrase
  
  p12 = cert.pkcs12(passphrase)
  File.open(output, 'w', mode.to_i(8)) do |f|
    f.puts p12.to_der
  end
end

#save_private_key(common_name, version: 'current', mode: '0600', output:) ⇒ Object

# File 'lib/acmesmith/client.rb', line 130

def save_private_key(common_name, version: 'current', mode: '0600', output:)
  cert = storage.get_certificate(common_name, version: version)
  cert.key_passphrase = certificate_key_passphrase if certificate_key_passphrase
  File.open(output, 'w', mode.to_i(8)) do |f|
    f.puts(cert.private_key)
  end
end