Class: PagesDomains::ObtainLetsEncryptCertificateService

Inherits:

Object

Object
PagesDomains::ObtainLetsEncryptCertificateService

show all

Defined in:: app/services/pages_domains/obtain_lets_encrypt_certificate_service.rb

Constant Summary collapse

CHALLENGE_PROCESSING_DELAY = time for processing validation requests for acme challenges 5-15 seconds is usually enough

1.minute.freeze

CERTIFICATE_PROCESSING_DELAY = time LetsEncrypt ACME server needs to generate the certificate no particular SLA, usually takes 10-15 seconds

1.minute.freeze

Instance Attribute Summary collapse

#pages_domain ⇒ Object readonly

Returns the value of attribute pages_domain.

Instance Method Summary collapse

#execute ⇒ Object
#initialize(pages_domain) ⇒ ObtainLetsEncryptCertificateService constructor

A new instance of ObtainLetsEncryptCertificateService.

Constructor Details

#initialize(pages_domain) ⇒ `ObtainLetsEncryptCertificateService`

Returns a new instance of ObtainLetsEncryptCertificateService.



15
16
17

# File 'app/services/pages_domains/obtain_lets_encrypt_certificate_service.rb', line 15

def initialize(pages_domain)
  @pages_domain = pages_domain
end

Instance Attribute Details

#pages_domain ⇒ `Object` (readonly)

Returns the value of attribute pages_domain.



13
14
15

# File 'app/services/pages_domains/obtain_lets_encrypt_certificate_service.rb', line 13

def pages_domain
  @pages_domain
end

Instance Method Details

#execute ⇒ `Object`

# File 'app/services/pages_domains/obtain_lets_encrypt_certificate_service.rb', line 19

def execute
  pages_domain.acme_orders.expired.delete_all
  acme_order = pages_domain.acme_orders.first

  unless acme_order
    service_response = ::PagesDomains::CreateAcmeOrderService.new(pages_domain).execute
    if service_response.error?
      save_order_error(service_response[:acme_order], service_response.message)
      return
    end

    PagesDomainSslRenewalWorker.perform_in(CHALLENGE_PROCESSING_DELAY, pages_domain.id)
    return
  end

  api_order = ::Gitlab::LetsEncrypt::Client.new.load_order(acme_order.url)

  begin
    # https://www.rfc-editor.org/rfc/rfc8555#section-7.1.6 - statuses diagram
    case api_order.status
    when 'ready'
      api_order.request_certificate(private_key: acme_order.private_key, domain: pages_domain.domain)
      PagesDomainSslRenewalWorker.perform_in(CERTIFICATE_PROCESSING_DELAY, pages_domain.id)
    when 'valid'
      save_certificate(acme_order.private_key, api_order)
      acme_order.destroy!
    when 'invalid'
      save_order_error(acme_order, api_order.challenge_error)
    end
  rescue Acme::Client::Error => e
    save_order_error(acme_order, e.message)
  end
end