Class: LetsCert::Certificate

Inherits:
Object
  • Object
show all
Includes:
Loggable
Defined in:
lib/letscert/certificate.rb

Overview

Class to handle ACME operations on certificates

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Loggable

included, #logger

Class Method Details

.get(options, data) ⇒ Object

Get a new certificate, or renew an existing one

Parameters:

  • options (Hash)
  • data (Hash) 


39
40
41
 
# File 'lib/letscert/certificate.rb', line 39

def self.get(options, data)
  new.get options, data
end

.revoke(files) ⇒ Object

Revoke certificates

Parameters:

  • files (Array<String>) 


32
33
34
 
# File 'lib/letscert/certificate.rb', line 32

def self.revoke(files)
  logger.warn "revoke not yet implemented"
end

Instance Method Details

#get(options, data) ⇒ Object 



43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
 
# File 'lib/letscert/certificate.rb', line 43

def get(options, data)
  logger.info {"create key/cert/chain..." }
  roots = compute_roots(options)
  logger.debug { "webroots are: #{roots.inspect}" }

  client = get_acme_client(data[:account_key], options)

  do_challenges client, roots

  if options[:reuse_key] and !data[:key].nil?
    logger.info { 'Reuse existing private key' }
    key = data[:key]
  else
    logger.info { 'Generate new private key' }
    key = OpenSSL::PKey::RSA.generate(options[:cert_key_size])
  end

  csr = Acme::Client::CertificateRequest.new(names: roots.keys,
                                             private_key: key)
  cert = client.new_certificate(csr)

  options[:files].each do |plugname|
    IOPlugin.registered[plugname].save(account_key: client.private_key,
                                       key: key, cert: cert.x509,
                                       chain: cert.x509_chain)
  end
end