Class: Vcert::CloudConnection

Inherits:
Object
  • Object
show all
Defined in:
lib/cloud/cloud.rb

Constant Summary collapse

CLOUD_PREFIX =
'<Cloud>'.freeze

Instance Method Summary collapse

Constructor Details

#initialize(url, apikey) ⇒ CloudConnection

Returns a new instance of CloudConnection.



7
8
9
10
11
12
13
14
# File 'lib/cloud/cloud.rb', line 7

def initialize(url, apikey)
  @url = if url.nil?
           'https://api.venafi.cloud/v1'.freeze
         else
           url
         end
  @apikey = apikey
end

Instance Method Details

#policy(zone_id) ⇒ Object



136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
# File 'lib/cloud/cloud.rb', line 136

def policy(zone_id)
  unless zone_id
    raise Vcert::ClientBadDataError, "Zone should be not nil"
  end
  status, data = get(URL_PROJECT_ZONE_DETAILS % zone_id)
  if status != 200
    raise Vcert::ServerUnexpectedBehaviorError, "Invalid status getting issuing template: %s for zone %s" % status, zone_id
  end
  template_id = data['certificateIssuingTemplateId']
  status, data = get(URL_TEMPLATE_BY_ID % template_id)
  if status != 200
    raise Vcert::ServerUnexpectedBehaviorError, "Invalid status getting policy: %s for issuing template %s" % status, template_id
  end
  parse_policy_responce_to_object(data)
end

#renew(request, generate_new_key: true) ⇒ Object



54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
# File 'lib/cloud/cloud.rb', line 54

def renew(request, generate_new_key: true)
  puts("Trying to renew certificate")
  if request.id == nil && request.thumbprint == nil
    raise Vcert::ClientBadDataError, "Either request ID or certificate thumbprint is required to renew the certificate"
  end
  if request.thumbprint != nil
    manage_id = search_by_thumbprint(request.thumbprint)
  end
  if request.id != nil
    prev_request = get_cert_status(request)
    manage_id = prev_request[:manage_id]
    zone = prev_request[:zoneId]
  end
  if manage_id == nil
    raise Vcert::VcertError, "Can't find the existing certificate"
  end

  status, data = get(URL_MANAGED_CERTIFICATE_BY_ID % manage_id)
  if status == 200
    request.id = data['latestCertificateRequestId']
  else
    raise Vcert::ServerUnexpectedBehaviorError, "Status #{status}"
  end

  if zone == nil
    prev_request = get_cert_status(request)
    zone = prev_request[:zoneId]
  end

  d = {existingManagedCertificateId: manage_id, zoneId: zone}
  if request.csr?
    d.merge!(certificateSigningRequest: request.csr)
    d.merge!(reuseCSR: false)
  elsif generate_new_key
    parsed_csr = parse_csr_fields(prev_request[:csr])
    renew_request = Vcert::Request.new(
        common_name: parsed_csr[:CN],
        san_dns: parsed_csr[:DNS],
        country: parsed_csr[:C],
        province: parsed_csr[:ST],
        locality: parsed_csr[:L],
        organization: parsed_csr[:O],
        organizational_unit: parsed_csr[:OU])
    d.merge!(certificateSigningRequest: renew_request.csr)
  else
    d.merge!(reuseCSR: true)
  end

  status, data = post(URL_CERTIFICATE_REQUESTS, data = d)
  if status == 201
    if generate_new_key
      return data['certificateRequests'][0]['id'], renew_request.private_key
    else
      return data['certificateRequests'][0]['id'], nil
    end

  else
    raise Vcert::ServerUnexpectedBehaviorError, "Status: #{status} Message: #{data}"
  end

end

#request(zone_tag, request) ⇒ Object



17
18
19
20
21
22
23
24
# File 'lib/cloud/cloud.rb', line 17

def request(zone_tag, request)
  zone_id = get_zoneId_by_tag(zone_tag)
  _, data = post(URL_CERTIFICATE_REQUESTS, {:zoneId => zone_id, :certificateSigningRequest => request.csr})
  LOG.debug("Raw response to certificate request:")
  LOG.debug(JSON.pretty_generate(data))
  request.id = data['certificateRequests'][0]["id"]
  request
end

#retrieve(request) ⇒ Object



26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
# File 'lib/cloud/cloud.rb', line 26

def retrieve(request)
  LOG.info(("Getting certificate status for ID %s" % request.id))
  status, data = get(URL_CERTIFICATE_STATUS % request.id)
  if [200, 409].include? status
    case data['status']
    when CERT_STATUS_PENDING, CERT_STATUS_REQUESTED
      LOG.info(("Certificate status is: %s" % data['status']))
      return nil
    when CERT_STATUS_FAILED
      raise Vcert::ServerUnexpectedBehaviorError, "Certificate issue status is FAILED"
    when CERT_STATUS_ISSUED
      status, full_chain = get(URL_CERTIFICATE_RETRIEVE % request.id + "?chainOrder=#{CHAIN_OPTION_ROOT_LAST}&format=PEM")
      if status == 200
        cert = parse_full_chain full_chain
        if cert.private_key == nil
          cert.private_key = request.private_key
        end
        return cert
      else
        LOG.error("Can't issue certificate: #{full_chain}")
        raise Vcert::ServerUnexpectedBehaviorError, "Status #{status}"
      end
    else
      raise Vcert::ServerUnexpectedBehaviorError, "Unknown certificate status #{data['status']}"
    end
  end
end

#zone_configuration(tag) ⇒ Object



116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
# File 'lib/cloud/cloud.rb', line 116

def zone_configuration(tag)
  if tag.to_s.strip.empty?
    raise Vcert::ClientBadDataError, "Zone should not be empty"
  end
  LOG.info("Getting configuration for zone #{tag}")
  _, data = get(URL_ZONE_BY_TAG % tag)
  template_id = data['certificateIssuingTemplateId']
  _, data = get(URL_TEMPLATE_BY_ID % template_id)
  kt = Vcert::KeyType.new data['keyTypes'][0]["keyType"], data['keyTypes'][0]["keyLengths"][0].to_i
  z = Vcert::ZoneConfiguration.new(
      country: Vcert::CertField.new(""),
      province: Vcert::CertField.new(""),
      locality: Vcert::CertField.new(""),
      organization: Vcert::CertField.new(""),
      organizational_unit: Vcert::CertField.new(""),
      key_type: Vcert::CertField.new(kt, locked: true),
  )
  return z
end