Class: LetsCert::Runner

Inherits:

Object

Object
LetsCert::Runner

show all

Defined in:: lib/letscert/runner.rb

Defined Under Namespace

Classes: LoggerFormatter

Constant Summary collapse

RETURN_OK = Exit value for OK

RETURN_OK_CERT = Exit value for OK but with creation/renewal of certificate data

RETURN_ERROR = Exit value for error(s)

Instance Attribute Summary collapse

#logger ⇒ Logger readonly

Class Method Summary collapse

.run ⇒ Integer

Run LetsCert.

Instance Method Summary collapse

#initialize ⇒ Runner constructor

A new instance of Runner.
#parse_options ⇒ Object
#revoke ⇒ Object
#run ⇒ Integer

Exit code * 0 if certificate data were created or updated * 1 if renewal was not necessery * 2 in case of errors.

Constructor Details

#initialize ⇒ `Runner`

Returns a new instance of Runner.

# File 'lib/letscert/runner.rb', line 56

def initialize
  @options = {
    verbose: 0,
    domains: [],
    files: [],
    cert_key_size: 2048,
    valid_min: 30 * 24 * 60 * 60,
    account_key_public_exponent: 65537,
    account_key_size: 4096,
    tos_sha256: '33d233c8ab558ba6c8ebc370a509acdded8b80e5d587aa5d192193f35226540f',
    user_agent: 'letscert/0',
    server: 'https://acme-v01.api.letsencrypt.org/directory',
  }

  @logger = Logger.new(STDOUT)
  @logger.formatter = LoggerFormatter.new
end

Instance Attribute Details

#logger ⇒ `Logger` (readonly)

Returns:

(Logger)



44
45
46

# File 'lib/letscert/runner.rb', line 44

def logger
  @logger
end

Class Method Details

.run ⇒ `Integer`

Run LetsCert

Returns:

(Integer)

Instance Method Details

#parse_options ⇒ `Object`

# File 'lib/letscert/runner.rb', line 144

def parse_options
  @opt_parser = OptionParser.new do |opts|
    opts.banner = "Usage: lestcert [options]"

    opts.separator('')

    opts.on('-h', '--help', 'Show this help message and exit') do
      @options[:print_help] = true
    end
    opts.on('-V', '--version', 'Show version and exit') do |v|
      @options[:show_version] = v
    end
    opts.on('-v', '--verbose', 'Run verbosely') { |v| @options[:verbose] += 1 if v }


    opts.separator("\nWebroot manager:")

    opts.on('-d', '--domain DOMAIN[:PATH]',
            'Domain name to include in the certificate.',
            'Must be specified at least once.',
            'Its path on the disk must also be provided.') do |domain|
      @options[:domains] << domain
    end

    opts.on('--default_root PATH', 'Default webroot path',
            'Use for domains without PATH part.') do |path|
      @options[:default_root] = path
    end

    opts.separator("\nCertificate data files:")

    opts.on('--revoke', 'Revoke existing certificates') do |revoke|
      @options[:revoke] = revoke
    end

    opts.on("-f", "--file FILE", 'Input/output file.',
            'Can be specified multiple times',
            'Allowed values: account_key.json, cert.der,',
            'cert.pem, chain.pem, full.pem,',
            'fullchain.pem, key.der, key.pem.') do |file|
      @options[:files] << file
    end

    opts.on('--cert-key-size BITS', Integer,
            'Certificate key size in bits',
            '(default: 2048)') do |bits|
      @options[:cert_key_size] = bits
    end

    opts.on('--valid-min SECONDS', Integer, 'Renew existing certificate if validity',
            'is lesser than SECONDS (default: 2592000 (30 days))') do |time|
      @options[:valid_min] = time
    end

    opts.on('--reuse-key', 'Reuse previous private key') do |rk|
      @options[:reuse_key] = rk
    end

    opts.separator("\nRegistration:")
    opts.separator("  Automatically register an account with he ACME CA specified" +
                   " by --server")
    opts.separator('')

    opts.on('--account-key-public-exponent BITS', Integer,
            'Account key public exponent value (default: 65537)') do |bits|
      @options[:account_key_public_exponent] = bits
    end

    opts.on('--account-key-size BITS', Integer,
            'Account key size (default: 4096)') do |bits|
      @options[:account_key_size] = bits
    end

    opts.on('--tos-sha256 HASH', String,
            'SHA-256 digest of the content of Terms Of Service URI') do |hash|
      @options[:tos_sha256] = hash
    end

    opts.on('--email EMAIL', String,
            'E-mail address. CA is likely to use it to',
            'remind about expiring certificates, as well',
            'as for account recovery. It is highly',
            'recommended to set this value.') do |email|
      @options[:email] = email
    end

    opts.separator("\nHTTP:")
    opts.separator('  Configure properties of HTTP requests and responses.')
    opts.separator('')

    opts.on('--user-agent NAME', 'User-Agent sent in all HTTP requests',
            '(default: letscert/0)') do |ua|
      @options[:user_agent] = ua
    end
    
    opts.on('--server URI', 'URI for the CA ACME API endpoint',
            '(default: https://acme-v01.api.letsencrypt.org/directory)') do |uri|
      @options[:server] = uri
    end
  end

  @opt_parser.parse!
end

#revoke ⇒ `Object`

# File 'lib/letscert/runner.rb', line 248

def revoke
  @logger.info { "load certificates: #{@options[:files].join(', ')}" }
  if @options[:files].empty?
    raise Error, 'no certificate to revoke. Pass at least one with '+
                 ' -f option.'
  end

  # Temp
  @logger.warn "Not yet implemented"
end

#run ⇒ `Integer`

Returns exit code

0 if certificate data were created or updated
1 if renewal was not necessery
2 in case of errors.

Returns:

(Integer) —
exit code
- 0 if certificate data were created or updated
- 1 if renewal was not necessery
- 2 in case of errors

# File 'lib/letscert/runner.rb', line 78

def run
  if @options[:print_help]
    puts @opt_parser
    exit RETURN_OK
  end

  if @options[:show_version]
    puts "letscert #{LetsCert::VERSION}"
    puts "Copyright (c) 2016 Sylvain Daubert"
    puts "License MIT: see http://opensource.org/licenses/MIT"
    exit RETURN_OK
  end

  case @options[:verbose]
  when 0
    @logger.level = Logger::Severity::WARN
  when 1
    @logger.level = Logger::Severity::INFO
  when 2..5
    @logger.level = Logger::Severity::DEBUG
  end

  @logger.debug { "options are: #{@options.inspect}" }

  IOPlugin.logger = @logger

  begin
    if @options[:revoke]
      revoke
      RETURN_OK
    elsif @options[:domains].empty?
      raise Error, 'At leat one domain must be given with --domain option'
    else
      # Check all components are covered by plugins
      persisted = IOPlugin.empty_data
      @options[:files].each do |file|
        persisted.merge!(IOPlugin.registered[file].persisted) do |k, oldv, newv|
          oldv || newv
        end
      end
      not_persisted = persisted.keys.find_all { |k| !persisted[k] }
      unless not_persisted.empty?
        raise Error, 'Selected IO plugins do not cover following components: ' +
                     not_persisted.join(', ')
      end

      data = load_data_from_disk(@options[:files])

      if valid_existing_cert(data[:cert], @options[:domains], @options[:valid_min])
        @logger.info { 'no need to update cert' }
        RETURN_OK
      else
        # update/create cert
        new_data(data)
        RETURN_OK_CERT
      end
    end

  rescue Error, Acme::Client::Error => ex
    @logger.error ex.message
    puts "Error: #{ex.message}"
    RETURN_ERROR
  end
end

Class: LetsCert::Runner

Defined Under Namespace

Constant Summary collapse

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize ⇒ Runner

Instance Attribute Details

#logger ⇒ Logger (readonly)

Class Method Details

.run ⇒ Integer

Instance Method Details

#parse_options ⇒ Object

#revoke ⇒ Object

#run ⇒ Integer

#initialize ⇒ `Runner`

#logger ⇒ `Logger` (readonly)

.run ⇒ `Integer`

#parse_options ⇒ `Object`

#revoke ⇒ `Object`

#run ⇒ `Integer`