Class: KingslyCertbot::IpSecCertAdapter

Inherits:
Object
  • Object
show all
Defined in:
lib/kingsly_certbot/ip_sec_cert_adapter.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(cert_bundle, root = '/') ⇒ IpSecCertAdapter

Returns a new instance of IpSecCertAdapter.



7
8
9
10
11
12
13
14
15
 
# File 'lib/kingsly_certbot/ip_sec_cert_adapter.rb', line 7

def initialize(cert_bundle, root = '/')
  raise 'passed parameter not of type CertBundle' if cert_bundle.class != KingslyCertbot::CertBundle

  @cert_bundle = cert_bundle
  root = root.end_with?('/') ? root : "#{root}/"
  @cert_backup_dir = "#{root}etc/ipsec.d/backup"
  @cert_private_dir = "#{root}etc/ipsec.d/private"
  @certs_dir = "#{root}etc/ipsec.d/certs"
end

Instance Attribute Details

#cert_backup_dirObject (readonly)

Returns the value of attribute cert_backup_dir.



5
6
7
 
# File 'lib/kingsly_certbot/ip_sec_cert_adapter.rb', line 5

def cert_backup_dir
  @cert_backup_dir
end

#cert_private_dirObject (readonly)

Returns the value of attribute cert_private_dir.



5
6
7
 
# File 'lib/kingsly_certbot/ip_sec_cert_adapter.rb', line 5

def cert_private_dir
  @cert_private_dir
end

#certs_dirObject (readonly)

Returns the value of attribute certs_dir.



5
6
7
 
# File 'lib/kingsly_certbot/ip_sec_cert_adapter.rb', line 5

def certs_dir
  @certs_dir
end

Instance Method Details

#restart_serviceObject 



51
52
53
54
55
 
# File 'lib/kingsly_certbot/ip_sec_cert_adapter.rb', line 51

def restart_service
  result = Kernel.system('systemctl stop strongswan.service; sleep 10; systemctl start strongswan.service; sleep 10')
  $logger.error('ipsec restart command failed') unless result
  result
end

#update_assetsObject 



17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
 
# File 'lib/kingsly_certbot/ip_sec_cert_adapter.rb', line 17

def update_assets
  cert_filename = "#{@cert_bundle.subdomain}.#{@cert_bundle.tld}.pem"
  private_key_filepath = "#{cert_private_dir}/#{cert_filename}"
  cert_filepath = "#{certs_dir}/#{cert_filename}"

  if File.exist?(private_key_filepath) && File.exist?(cert_filepath)
    existing_private_key_content = File.read(private_key_filepath)
    existing_cert_content = File.read(cert_filepath)
    if existing_private_key_content == @cert_bundle.private_key && existing_cert_content == @cert_bundle.full_chain
      $logger.info('New certificate file is same as old cert file, skipping updating certificates')
      return false
    else
      time = Time.now.strftime('%Y%m%d_%H%M%S')
      backup_dir = "#{cert_backup_dir}/#{time}"
      $logger.info("Taking backup of existing certificates to #{backup_dir}")

      FileUtils.mkdir_p(backup_dir)
      FileUtils.mv(private_key_filepath, "#{backup_dir}/#{cert_filename}.private", force: true)
      FileUtils.mv(cert_filepath, "#{backup_dir}/#{cert_filename}.certs", force: true)
    end
  end

  FileUtils.mkdir_p(cert_private_dir) unless Dir.exist?(cert_private_dir)
  File.open(private_key_filepath, 'w') do |f|
    f.write(@cert_bundle.private_key)
  end

  FileUtils.mkdir_p(certs_dir) unless Dir.exist?(certs_dir)
  File.open(cert_filepath, 'w') do |f|
    f.write(@cert_bundle.full_chain)
  end
  return true
end