tidy

author: Hendrik Jäger <gitcommit@henk.geekmail.org> 2024-02-01 16:02:58 +0100
committer: Hendrik Jäger <gitcommit@henk.geekmail.org> 2024-02-01 16:02:58 +0100
commit: 14b4edf199e865cc50f03544be3c11925d50460d (patch)
tree: 50ae8044c3b5323bd160cac4029676ced5363094 /macir.rb
parent: 07495d9f32df050861343f62c5d89365dca762de (diff)
1 files changed, 42 insertions, 38 deletions
diff --git a/macir.rb b/macir.rb
index fb79323..57ec69e 100644
--- a/macir.rb
+++ b/macir.rb
@@ -16,6 +16,7 @@ def read_config( path = 'config.yaml' )
     raise
   rescue Errno::ENOENT
     $stderr.puts "IO failed: " + $!.to_s
+    raise
   end
   return config
 end
@@ -40,7 +41,7 @@ end
 
 def read_cert_key( domain )
   folder = "./certs/#{domain}/"
-  path = folder + "current.key"
+  path = "#{folder}/current.key"
   p "Reading cert key from #{path}"
   if File.readable?( path )
     p "File #{path} is readable, trying to parse"
@@ -61,43 +62,45 @@ def read_cert_key( domain )
 end
 
 def deploy_dns01_challenge_token( domain, challenge, nameserver, config )
-  p "Creating DNS UPDATE packet"
+  p 'Creating DNS UPDATE packet'
   update = Dnsruby::Update.new( domain )
   # TODO: delete challenge token record after validation
   update.delete( challenge.record_name + "." + domain, challenge.record_type )
   update.add( challenge.record_name + "." + domain, challenge.record_type, 10, challenge.record_content )
 
-  p "Creating object for contacting nameserver"
+  p 'Creating object for contacting nameserver'
   res = Dnsruby::Resolver.new( nameserver )
   res.dnssec = false
 
-  p "Looking up TSIG parameters"
+  p 'Looking up TSIG parameters'
   tsig_name = config['domains'][domain]['tsig_key']
   tsig_key = config['tsig_keys'][tsig_name]['key']
   tsig_alg = config['tsig_keys'][tsig_name]['algorithm']
 
-  p "Creating TSIG object"
-  tsig = Dnsruby::RR.create({
-    :name      => tsig_name,
-    :type      => 'TSIG',
-    :key       => tsig_key,
-    :algorithm => tsig_alg,
-  })
-
-  p "Signing DNS UPDATE packet with TSIG object"
+  p 'Creating TSIG object'
+  tsig = Dnsruby::RR.create(
+    {
+      name: tsig_name,
+      type: 'TSIG',
+      key: tsig_key,
+      algorithm: tsig_alg,
+    }
+  )
+
+  p 'Signing DNS UPDATE packet with TSIG object'
   tsig.apply(update)
 
-  p "Sending UPDATE to nameserver"
+  p 'Sending UPDATE to nameserver'
   response = res.send_message(update)
 end
 
 def wait_for_challenge_propagation( domain, challenge )
-  p "Creating recursor object for checking challenge propagation"
+  p 'Creating recursor object for checking challenge propagation'
   rec = Dnsruby::Recursor.new
   p "Getting NS records for #{domain}"
   domain_auth_ns = rec.query_no_validation_or_recursion( domain, "NS" )
 
-  p "Checking challenge status on all NS"
+  p 'Checking challenge status on all NS'
   domain_auth_ns.answer.each do |ns|
     nameserver = ns.rdata.to_s
     p "Creating resolver object for checking propagation on #{nameserver}"
@@ -105,14 +108,14 @@ def wait_for_challenge_propagation( domain, challenge )
     res.dnssec = false
     res.do_caching = false
     begin
-      p "Querying ACME challenge record"
+      p 'Querying ACME challenge record'
       result = res.query_no_validation_or_recursion( "_acme-challenge." + domain, "TXT" )
       p result
       propagated = result.answer.any? do |answer|
         answer.rdata[0] == challenge.record_content
       end
       unless propagated
-        p "Not yet propagated, sleeping before checking again"
+        p 'Not yet propagated, sleeping before checking again'
         sleep(1)
       end
     end until propagated
@@ -120,40 +123,44 @@ def wait_for_challenge_propagation( domain, challenge )
 end
 
 def wait_for_challenge_validation( challenge )
-  p "Requesting validation of challenge"
+  p 'Requesting validation of challenge'
   challenge.request_validation
 
   while challenge.status == 'pending'
-    p "Sleeping because challenge validation is pending"
+    p 'Sleeping because challenge validation is pending'
     sleep(1)
-    p "Checking again"
+    p 'Checking again'
     challenge.reload
   end
 end
 
 def get_cert( order, domains, domain_key )
   path = "./certs/#{domains[0]}/"
-  crt_file = path + "cert.pem"
-  p "Creating CSR object"
-  csr = Acme::Client::CertificateRequest.new(private_key: domain_key, names: domains, subject: { common_name: "#{domains[0]}" })
-  p "Finalize cert order"
+  crt_file = "#{path}/cert.pem"
+  p 'Creating CSR object'
+  csr = Acme::Client::CertificateRequest.new(
+    private_key: domain_key,
+    names: domains,
+    subject: { common_name: "#{domains[0]}" }
+  )
+  p 'Finalize cert order'
   order.finalize(csr: csr)
   while order.status == 'processing'
-    p "Sleep while order is processing"
+    p 'Sleep while order is processing'
     sleep(1)
-    p "Rechecking order status"
+    p 'Rechecking order status'
     order.reload
   end
   cert = order.certificate
 
-  p "Writing cert"
+  p 'Writing cert'
   cert_file = File.new( path + Time.now.to_i.to_s + ".crt", 'w' )
   cert_file.write( cert )
-  if File.symlink?( File.dirname( cert_file ) + "/current.crt" ) then
+  if File.symlink?( File.dirname( cert_file ) + "/current.crt" )
     File.unlink( File.dirname( cert_file ) + "/current.crt" )
     File.symlink( File.basename( cert_file ), File.dirname( cert_file ) + "/current.crt" )
   else
-    raise Exception
+    raise StandardError
   end
   return cert
 end
@@ -173,17 +180,17 @@ config['certs'].each_pair do |cert_name, cert_opts|
 
   private_key = read_account_key( account['keyfile'] )
 
-  p "Creating client object for communication with CA"
+  p 'Creating client object for communication with CA'
   client = Acme::Client.new( private_key: private_key, directory: acme_directory_url )
 
   client.new_account(contact: "mailto:#{email}", terms_of_service_agreed: true)
 
   p "Creating order object for cert #{cert_name}"
   order = client.new_order(identifiers: cert_opts['domain_names'] )
-  if order.status != "ready" then
-    p "Order is not ready, we need to authorize first"
+  if order.status != 'ready'
+    p 'Order is not ready, we need to authorize first'
 
-    p "Iterating over required authorizations"
+    p 'Iterating over required authorizations'
     order.authorizations.each do |auth|
       p "Processing authorization for #{auth.domain}"
       p "Finding challenge type for #{auth.domain}"
@@ -192,11 +199,8 @@ config['certs'].each_pair do |cert_name, cert_opts|
       wait_for_challenge_propagation( auth.domain, challenge )
       wait_for_challenge_validation( challenge )
     end
-
-    # deploy_dns01_challenge_token( cert_opts['domain_names'][0], challenge.record_content, cert_opts['challenge']['primary_ns'], config )
-
   else
-    p "Order is ready, we don’t need to authorize"
+    p 'Order is ready, we don’t need to authorize'
   end
   domain_key = read_cert_key( cert_opts['domain_names'][0] )
author	Hendrik Jäger <gitcommit@henk.geekmail.org>	2024-02-01 16:02:58 +0100
committer	Hendrik Jäger <gitcommit@henk.geekmail.org>	2024-02-01 16:02:58 +0100
commit	14b4edf199e865cc50f03544be3c11925d50460d (patch)
tree	50ae8044c3b5323bd160cac4029676ced5363094 /macir.rb
parent	07495d9f32df050861343f62c5d89365dca762de (diff)