Class: Acmesmith::Client

Inherits:

Object

• Object
• Acmesmith::Client

Defined in:

lib/acmesmith/client.rb

Instance Method Summary

• #add_san(name, *add_sans) ⇒ Object
• #authorize(*identifiers) ⇒ Object
• #autorenew(days: 30, remaining_life: nil, names: nil) ⇒ Object
• #certificate_versions(name) ⇒ Object
• #certificates_list ⇒ Object
• #current(name) ⇒ Object
• #execute_post_issue_hooks(certificate) ⇒ Object
• #get_certificate(name, version: 'current', type: 'text') ⇒ Object
• #get_private_key(name, version: 'current') ⇒ Object
• #initialize(config: nil) ⇒ Client constructor

  A new instance of Client.

• #new_account(contact, tos_agreed: true) ⇒ Object
• #order(*identifiers, key_type: 'rsa', rsa_key_size: 2048, elliptic_curve: 'prime256v1', not_before: nil, not_after: nil) ⇒ Object
• #post_issue_hooks(name) ⇒ Object
• #save(name, version: 'current', **kwargs) ⇒ Object
• #save_certificate(name, version: 'current', mode: '0600', output:, type: 'fullchain') ⇒ Object
• #save_pkcs12(name, version: 'current', mode: '0600', output:, passphrase:) ⇒ Object
• #save_private_key(name, version: 'current', mode: '0600', output:) ⇒ Object

Constructor Details

#initialize(config: nil) ⇒ Client

Returns a new instance of Client.

# File 'lib/acmesmith/client.rb', line 10

def initialize(config: nil)
  @config ||= config
end

Instance Method Details

#add_san(name, *add_sans) ⇒ Object

# File 'lib/acmesmith/client.rb', line 148

def add_san(name, *add_sans)
  puts "=> reissuing #{name.inspect} with new SANs #{add_sans.join(?,)}"
  cert = load_certificate_from_storage(name)
  sans = cert.sans + add_sans
  puts " * SANs will be: #{sans.join(?,)}"
  order_with_private_key(cert.name, *sans, private_key: regenerate_private_key(cert.public_key))
end

#authorize(*identifiers) ⇒ Object

Raises:

• (NotImplementedError)

# File 'lib/acmesmith/client.rb', line 29

def authorize(*identifiers)
  raise NotImplementedError, "Domain authorization in advance is still not available in acme-client (v2). Required authorizations will be performed when ordering certificates"
end

#autorenew(days: 30, remaining_life: nil, names: nil) ⇒ Object

# File 'lib/acmesmith/client.rb', line 125

def autorenew(days: 30, remaining_life: nil, names: nil)
  (names || storage.list_certificates).each do |cn|
    puts "=> #{cn}"
    cert = load_certificate_from_storage(cn)

    not_after = cert.certificate.not_after.utc

    lifetime = cert.certificate.not_after.utc - cert.certificate.not_before.utc
    remaining = cert.certificate.not_after.utc - Time.now.utc
    ratio = Rational(remaining,lifetime)

    has_to_renew = false
    has_to_renew ||= days && remaining < (days.to_i * 86400)
    has_to_renew ||= remaining_life && ratio < remaining_life

    puts "   Not valid after: #{not_after} (lifetime=#{format_duration(lifetime+1)}, remaining=#{format_duration(remaining)}, #{"%0.2f" % (ratio.to_f*100)}%)"
    next unless has_to_renew

    puts " * Renewing: #{cert.name.inspect}, SANs=#{cert.sans.join(',')}"
    order_with_private_key(cert.name, *cert.sans, private_key: regenerate_private_key(cert.public_key))
  end
end

#certificate_versions(name) ⇒ Object

# File 'lib/acmesmith/client.rb', line 48

def certificate_versions(name)
  storage.list_certificate_versions(name).sort
end

#certificates_list ⇒ Object

# File 'lib/acmesmith/client.rb', line 52

def certificates_list
  storage.list_certificates.sort
end

#current(name) ⇒ Object

# File 'lib/acmesmith/client.rb', line 56

def current(name)
  storage.get_current_certificate_version(name)
end

#execute_post_issue_hooks(certificate) ⇒ Object

# File 'lib/acmesmith/client.rb', line 38

def execute_post_issue_hooks(certificate)
  hooks = config.post_issuing_hooks(certificate.name)
  return if hooks.empty?
  puts "=> Executing post issuing hooks for CN=#{certificate.name}"
  hooks.each do |hook|
    hook.run(certificate: certificate)
  end
  puts
end

#get_certificate(name, version: 'current', type: 'text') ⇒ Object

# File 'lib/acmesmith/client.rb', line 60

def get_certificate(name, version: 'current', type: 'text')
  cert = storage.get_certificate(name, version: version)

  certs = []
  case type
  when 'text'
    certs << cert.certificate.to_text
    certs << cert.certificate.to_pem
  when 'certificate'
    certs << cert.certificate.to_pem
  when 'chain'
    certs << cert.chain
  when 'fullchain'
    certs << cert.fullchain
  end

  certs
end

#get_private_key(name, version: 'current') ⇒ Object

# File 'lib/acmesmith/client.rb', line 93

def get_private_key(name, version: 'current')
  cert = storage.get_certificate(name, version: version)
  cert.key_passphrase = certificate_key_passphrase if certificate_key_passphrase

  cert.private_key.to_pem
end

#new_account(contact, tos_agreed: true) ⇒ Object

# File 'lib/acmesmith/client.rb', line 14

def new_account(contact, tos_agreed: true)
  key = AccountKey.generate
  acme = Acme::Client.new(private_key: key.private_key, directory: config.directory, connection_options: config.connection_options, bad_nonce_retry: config.bad_nonce_retry)
  acme.new_account(contact: contact, terms_of_service_agreed: tos_agreed)

  storage.put_account_key(key, account_key_passphrase)

  key
end

#order(*identifiers, key_type: 'rsa', rsa_key_size: 2048, elliptic_curve: 'prime256v1', not_before: nil, not_after: nil) ⇒ Object

# File 'lib/acmesmith/client.rb', line 24

def order(*identifiers, key_type: 'rsa', rsa_key_size: 2048, elliptic_curve: 'prime256v1', not_before: nil, not_after: nil)
  private_key = generate_private_key(key_type: key_type, rsa_key_size: rsa_key_size, elliptic_curve: elliptic_curve)
  order_with_private_key(*identifiers, private_key: private_key, not_before: not_before, not_after: not_after)
end

#post_issue_hooks(name) ⇒ Object

# File 'lib/acmesmith/client.rb', line 33

def post_issue_hooks(name)
  cert = load_certificate_from_storage(name)
  execute_post_issue_hooks(cert)
end

#save(name, version: 'current', **kwargs) ⇒ Object

# File 'lib/acmesmith/client.rb', line 118

def save(name, version: 'current', **kwargs)
  cert = storage.get_certificate(name, version: version)
  cert.key_passphrase = certificate_key_passphrase if certificate_key_passphrase

  SaveCertificateService.new(cert, **kwargs).perform!
end

#save_certificate(name, version: 'current', mode: '0600', output:, type: 'fullchain') ⇒ Object

# File 'lib/acmesmith/client.rb', line 79

def save_certificate(name, version: 'current', mode: '0600', output:, type: 'fullchain')
  cert = storage.get_certificate(name, version: version)
  File.open(output, 'w', mode.to_i(8)) do |f|
    case type
    when 'certificate'
      f.puts cert.certificate.to_pem
    when 'chain'
      f.puts cert.chain
    when 'fullchain'
      f.puts cert.fullchain
    end
  end
end

#save_pkcs12(name, version: 'current', mode: '0600', output:, passphrase:) ⇒ Object

# File 'lib/acmesmith/client.rb', line 108

def save_pkcs12(name, version: 'current', mode: '0600', output:, passphrase:)
  cert = storage.get_certificate(name, version: version)
  cert.key_passphrase = certificate_key_passphrase if certificate_key_passphrase
  
  p12 = cert.pkcs12(passphrase)
  File.open(output, 'w', mode.to_i(8)) do |f|
    f.puts p12.to_der
  end
end

#save_private_key(name, version: 'current', mode: '0600', output:) ⇒ Object

# File 'lib/acmesmith/client.rb', line 100

def save_private_key(name, version: 'current', mode: '0600', output:)
  cert = storage.get_certificate(name, version: version)
  cert.key_passphrase = certificate_key_passphrase if certificate_key_passphrase
  File.open(output, 'w', mode.to_i(8)) do |f|
    f.puts(cert.private_key)
  end
end