Class: Acmesmith::AuthorizationService

Inherits:
Object
  • Object
show all
Defined in:
lib/acmesmith/authorization_service.rb

Defined Under Namespace

Classes: AuthorizationFailed, AuthorizationProcess, NoApplicableChallengeResponder

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(challenge_responder_rules, authorizations) ⇒ AuthorizationService

Returns a new instance of AuthorizationService.

Parameters:

  • challenge_responder_rules (Array<Acmemith::Config::ChallengeReponderRule>)
  • authorizations (Array<Acme::Client::Resources::Authorization>) 


34
35
36
37
 
# File 'lib/acmesmith/authorization_service.rb', line 34

def initialize(challenge_responder_rules, authorizations)
  @challenge_responder_rules = challenge_responder_rules
  @authorizations = authorizations
end

Instance Attribute Details

#authorizationsObject (readonly)

Returns the value of attribute authorizations.



39
40
41
 
# File 'lib/acmesmith/authorization_service.rb', line 39

def authorizations
  @authorizations
end

#challenge_responder_rulesObject (readonly)

Returns the value of attribute challenge_responder_rules.



39
40
41
 
# File 'lib/acmesmith/authorization_service.rb', line 39

def challenge_responder_rules
  @challenge_responder_rules
end

Instance Method Details

#cleanupObject 



121
122
123
124
125
126
127
128
129
130
131
132
133
134
 
# File 'lib/acmesmith/authorization_service.rb', line 121

def cleanup
  processes_by_responder.each do |responder, ps|
    puts "=> Cleaning the responses the challenges for the following identifier:"
    puts
    puts " * Responder:   #{responder.class}"
    puts " * Identifiers:"
    ps.each do |process|
      puts "     - #{process.domain} (#{process.challenge.challenge_type})"
    end
    puts

    responder.cleanup_all(*ps.map{ |t| [t.domain, t.challenge] })
  end
end

#perform!Object 



41
42
43
44
45
46
47
48
49
50
 
# File 'lib/acmesmith/authorization_service.rb', line 41

def perform!
  return if authorizations.empty?

  respond()
  request_validation()
  wait_for_validation()
  cleanup()

  puts "=> Authorized!"
end

#processesArray<AuthorizationProcess>

Returns:



137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
 
# File 'lib/acmesmith/authorization_service.rb', line 137

def processes
  @processes ||= authorizations.map do |authz|
    challenge = nil
    responder_rule = challenge_responder_rules.select do |rule|
      rule.filter.applicable?(authz.domain)
    end.find do |rule|
      challenge = authz.challenges.find do |c|
        # OMG, acme-client might return a Hash instead of Acme::Client::Resources::Challenge::* object...
        challenge_type = case
        when c.is_a?(Hash)
          c[:challenge_type]
        when c.is_a?(Acme::Client::Resources::Challenges::Unsupported)
          next
        when c.respond_to?(:challenge_type)
          c.challenge_type
        end
        rule.challenge_responder.support?(challenge_type)
      end
    end

    unless responder_rule
      raise NoApplicableChallengeResponder, "Cannot find a challenge responder for domain #{authz.domain.inspect}"
    end

    AuthorizationProcess.new(
      domain: authz.domain,
      authorization: authz,
      challenge_responder: responder_rule.challenge_responder,
      challenge: challenge,
    )
  end
end

#processes_by_responderArray<(Acmesmith::ChallengeResponders::Base, Array<AuthorizationProcess>)>

Returns:



171
172
173
 
# File 'lib/acmesmith/authorization_service.rb', line 171

def processes_by_responder
  @processes_by_responder ||= processes.group_by(&:responder_id).map { |_, ps| [ps[0].challenge_responder, ps] }
end

#request_validationObject 



68
69
70
71
72
73
74
75
76
77
78
 
# File 'lib/acmesmith/authorization_service.rb', line 68

def request_validation
  puts "=> Requesting validations..."
  puts
  processes.each do |process|
    print " * #{process.domain} (#{process.challenge.challenge_type}) ..."
    process.challenge.request_validation()
    puts " [ ok ]"
  end
  puts

end

#respondObject 



52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
 
# File 'lib/acmesmith/authorization_service.rb', line 52

def respond
  processes_by_responder.each do |responder, ps|
    puts "=> Responsing to the challenges for the following identifier:"
    puts
    puts " * Responder: #{responder.class}"
    puts " * Identifiers:"

    ps.each do |process|
      puts "     - #{process.domain} (#{process.challenge.challenge_type})"
    end

    puts
    responder.respond_all(*ps.map{ |t| [t.domain, t.challenge] })
  end
end

#wait_for_validationObject 



80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
 
# File 'lib/acmesmith/authorization_service.rb', line 80

def wait_for_validation
  puts "=> Waiting for the validation..."
  puts

  loop do
    processes.each do |process|
      next if process.valid?

      process.challenge.reload

      status = process.challenge.status
      puts " * [#{process.domain}] status: #{status}"

      case
      when process.valid?
        next
      when process.invalid?
        err = process[:challenge].error
        puts " ! [#{process[:domain]}] error: #{err.inspect}"
      end
    end
    break if processes.all?(&:completed?)
    sleep 3
  end

  puts

  invalid_processes = processes.select(&:invalid?)
  unless invalid_processes.empty?
    $stderr.puts ""
    $stderr.puts "!! Some identitiers failed to challenge"
    $stderr.puts ""
    invalid_processes.each do |process|
      $stderr.puts "   - #{process.domain}: #{process.challenge.error.inspect}"
    end
    $stderr.puts ""
    raise AuthorizationFailed, "Some identifiers failed to challenge: #{invalid_processes.map(&:domain).inspect}"
  end

end