Class: AcmeWrapper

Inherits:

Object

• Object
• AcmeWrapper

Defined in:

lib/letsencrypt/cli/acme_wrapper.rb

Instance Method Summary

• #authorize(domain) ⇒ Object
• #cert(domains) ⇒ Object
• #client ⇒ Object
• #initialize(options) ⇒ AcmeWrapper constructor

  A new instance of AcmeWrapper.

• #log(message, severity = :info) ⇒ Object

Constructor Details

#initialize(options) ⇒ AcmeWrapper

Returns a new instance of AcmeWrapper.

# File 'lib/letsencrypt/cli/acme_wrapper.rb', line 6

def initialize(options)
  @options = options
  if !@options[:color]
    String.disable_colorization = true
  end
end

Instance Method Details

#authorize(domain) ⇒ Object

# File 'lib/letsencrypt/cli/acme_wrapper.rb', line 27

def authorize(domain)
  FileUtils.mkdir_p(@options[:webroot_path])
  log "Authorizing #{domain.blue}.."
  authorization = client.authorize(domain: domain)

  challenge = authorization.http01

  challenge_file = File.join(@options[:webroot_path], challenge.filename.split('/').last)
  log "Writing challenge to #{challenge_file}", :debug
  File.write(challenge_file, challenge.file_content)

  challenge.request_verification

  5.times do
    log "Checking verification...", :debug
    sleep 1
    break if challenge.verify_status != 'pending'
  end
  if challenge.verify_status == 'valid'
    log "Authorization successful for #{domain.green}"
    File.unlink(challenge_file)
    true
  else
    log "Authorization error for #{domain.red}", :error
    log challenge.error['detail']
    false
  end
end

#cert(domains) ⇒ Object

# File 'lib/letsencrypt/cli/acme_wrapper.rb', line 56

def cert(domains)
  return if certificate_exists_and_valid?
  csr = OpenSSL::X509::Request.new
  certificate_private_key = find_or_create_pkey(@options[:private_key_path], "private key", @options[:key_length] || 2048)

  csr.subject = OpenSSL::X509::Name.new([
    # ['C',             options[:country], OpenSSL::ASN1::PRINTABLESTRING],
    # ['ST',            options[:state],        OpenSSL::ASN1::PRINTABLESTRING],
    # ['L',             options[:city],         OpenSSL::ASN1::PRINTABLESTRING],
    # ['O',             options[:organization], OpenSSL::ASN1::UTF8STRING],
    # ['OU',            options[:department],   OpenSSL::ASN1::UTF8STRING],
    # ['CN',            options[:common_name],  OpenSSL::ASN1::UTF8STRING],
    # ['emailAddress',  options[:email],        OpenSSL::ASN1::UTF8STRING]
    ['CN', domains.first, OpenSSL::ASN1::UTF8STRING]
  ])
  if domains.count > 1
    ef = OpenSSL::X509::ExtensionFactory.new
    exts = [ ef.create_extension( "subjectAltName", domains.map{|domain| "DNS:#{domain}"}.join(','), false  ) ]
    attrval = OpenSSL::ASN1::Set([OpenSSL::ASN1::Sequence(exts)])
    attrs = [
      OpenSSL::X509::Attribute.new('extReq', attrval),
      OpenSSL::X509::Attribute.new('msExtReq', attrval),
    ]
    attrs.each do |attr|
      csr.add_attribute(attr)
    end
  end
  csr.public_key = certificate_private_key.public_key
  csr.sign(certificate_private_key, OpenSSL::Digest::SHA256.new)
  certificate = client.new_certificate(csr)
  File.write(@options[:fullchain_path], certificate.fullchain_to_pem)
  File.write(@options[:chain_path], certificate.chain_to_pem)
  File.write(@options[:certificate_path], certificate.to_pem)
  log "Certificate successfully created to #{@options[:fullchain_path]} #{@options[:chain_path]} and #{@options[:certificate_path]}!".green
  log "Certificate valid until: #{certificate.x509.not_after}"
end

#client ⇒ Object

# File 'lib/letsencrypt/cli/acme_wrapper.rb', line 23

def client
  @client ||= Acme::Client.new(private_key: account_key, endpoint: endpoint)
end

#log(message, severity = :info) ⇒ Object

# File 'lib/letsencrypt/cli/acme_wrapper.rb', line 13

def log(message, severity=:info)
  @logger ||= Logger.new(STDOUT).tap {|logger|
    logger.level = Logger::SEV_LABEL.index(@options[:log_level].upcase)
    logger.formatter = proc do |sev, datetime, progname, msg|
      "#{datetime.to_s.light_black}: #{msg}\n"
    end
  }
  @logger.send(severity, message)
end