Class: Puma::Acme::Manager

Inherits:

Object

• Object
• Puma::Acme::Manager

Defined in:

lib/puma/acme/manager.rb

Overview

Manager tracks and performs the ACME workflow steps for a certificate.

Instance Attribute Summary

• #contact ⇒ Object readonly

  Returns the value of attribute contact.

• #directory ⇒ Object readonly

  Returns the value of attribute directory.

• #eab ⇒ Object readonly

  Returns the value of attribute eab.

• #tos_agreed ⇒ Object readonly

  Returns the value of attribute tos_agreed.

Instance Method Summary

• #account ⇒ Object
• #account! ⇒ Object
• #answer(type:, token:) ⇒ Object
• #cert(algorithm:, identifiers:) ⇒ Object
• #cert!(algorithm:, identifiers:) ⇒ Object
• #download!(cert) ⇒ Object
• #finalize!(cert) ⇒ Object
• #initialize(store:, directory:, tos_agreed:, eab:, contact: nil) ⇒ Manager constructor

  A new instance of Manager.

• #order!(cert) ⇒ Object
• #reload!(cert) ⇒ Object
• #validate!(challenge) ⇒ Object

Constructor Details

#initialize(store:, directory:, tos_agreed:, eab:, contact: nil) ⇒ Manager

Returns a new instance of Manager.

# File 'lib/puma/acme/manager.rb', line 9

def initialize(store:, directory:, tos_agreed:, eab:, contact: nil)
  @store = store
  @contact = contact
  @directory = directory
  @tos_agreed = [true, directory].include?(tos_agreed)
  @eab = eab
end

Instance Attribute Details

#contact ⇒ Object (readonly)

Returns the value of attribute contact.

# File 'lib/puma/acme/manager.rb', line 7

def contact
  @contact
end

#directory ⇒ Object (readonly)

Returns the value of attribute directory.

# File 'lib/puma/acme/manager.rb', line 7

def directory
  @directory
end

#eab ⇒ Object (readonly)

Returns the value of attribute eab.

# File 'lib/puma/acme/manager.rb', line 7

def eab
  @eab
end

#tos_agreed ⇒ Object (readonly)

Returns the value of attribute tos_agreed.

# File 'lib/puma/acme/manager.rb', line 7

def tos_agreed
  @tos_agreed
end

Instance Method Details

#account ⇒ Object

# File 'lib/puma/acme/manager.rb', line 17

def account
  @store.read(Account.key(directory: directory, contact: contact, eab: eab))
end

#account! ⇒ Object

# File 'lib/puma/acme/manager.rb', line 29

def account!
  @store.fetch(Account.key(directory: directory, contact: contact, eab: eab)) { create_account }
end

#answer(type:, token:) ⇒ Object

# File 'lib/puma/acme/manager.rb', line 25

def answer(type:, token:)
  @store.read(Answer.key(type: type, token: token))
end

#cert(algorithm:, identifiers:) ⇒ Object

# File 'lib/puma/acme/manager.rb', line 21

def cert(algorithm:, identifiers:)
  @store.read(Cert.key(algorithm: algorithm, identifiers: identifiers))
end

#cert!(algorithm:, identifiers:) ⇒ Object

# File 'lib/puma/acme/manager.rb', line 33

def cert!(algorithm:, identifiers:)
  @store.fetch(Cert.key(algorithm: algorithm, identifiers: identifiers)) { Cert.new(algorithm: algorithm, identifiers: identifiers) }
end

#download!(cert) ⇒ Object

# File 'lib/puma/acme/manager.rb', line 80

def download!(cert)
  stale_check!(cert)

  acme_order = client.order(url: cert.order.url)

  cert.cert_pem = acme_order.certificate

  @store.write(cert.key, cert) && cert
end

#finalize!(cert) ⇒ Object

# File 'lib/puma/acme/manager.rb', line 62

def finalize!(cert)
  stale_check!(cert)

  names = cert.identifiers.map(&:value)
  common_name = names.first
  private_key = new_key(cert.algorithm)

  csr = ::Acme::Client::CertificateRequest.new(common_name: common_name, names: names, private_key: private_key)

  acme_order = client.order(url: cert.order.url)
  return unless acme_order.finalize(csr: csr)

  cert.order = Order.from(acme_order)
  cert.key_pem = private_key.to_pem

  @store.write(cert.key, cert) && cert
end

#order!(cert) ⇒ Object

# File 'lib/puma/acme/manager.rb', line 37

def order!(cert)
  stale_check!(cert)

  identifiers = cert.identifiers.map(&:value)
  acme_order = client.new_order(**cert.to_h.slice(:not_before, :not_after).merge(identifiers: identifiers))
  cert.order = Order.from(acme_order)

  # TODO: maybe move this to caller
  cert.order.authorizations.each do |authz|
    authz.challenges.each do |challenge|
      next unless challenge.type == CHALLENGE_TYPE

      validate!(challenge)
    end
  end

  @store.write(cert.key, cert) && cert.order
end

#reload!(cert) ⇒ Object

# File 'lib/puma/acme/manager.rb', line 90

def reload!(cert)
  stale_check!(cert)

  acme_order = client.order(url: cert.order.url)
  cert.order = Order.from(acme_order)

  @store.write(cert.key, cert) && cert
end

#validate!(challenge) ⇒ Object

# File 'lib/puma/acme/manager.rb', line 56

def validate!(challenge)
  @store.write(challenge.answer.key, challenge.answer)

  client.request_challenge_validation(url: challenge.url)
end