]> Raphaël G. Git Repositories - acme/blob - acmeconf
Rapsys Git / acme / blob
? search:


bfab64efe25611d27975ac25ecdffe3d258fc42d
[acme] / acmeconf
1 #! /usr/bin/perl
2
3 # This program is free software: you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation, either version 3 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 #
16 # Copyright (C) 2016 - 2017 Raphaël Gertz <acme@rapsys.eu>
17
18 # Best practice
19 use strict;
20 use warnings;
21
22 # Load required modules
23 use JSON;
24 use Tie::IxHash;
25
26 # Load POSIX
27 use POSIX qw(EXIT_SUCCESS EXIT_FAILURE);
28
29 # Init redhat
30 my @redhat = ();
31
32 # Init debian
33 my @debian = ();
34
35 # Init root
36 my %root = ();
37 tie(%root, 'Tie::IxHash', thumbprint => '/etc/acme/thumbprint', term => 'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf', pending => '/tmp/acme.pending', certificates => []);
38
39 # Init prod
40 my $prod = 0;
41
42 # Strip and enable prod
43 @ARGV = map { if ($_ eq '-p') { $prod = 1; (); } else { $_; } } @ARGV;
44
45 # Strip and enable debug
46 for (my $i = 0; $i <= $#ARGV; $i++) {
47 # Match redhat types
48 if ($ARGV[$i] =~ /^(?:(\-r|\-\-redhat)(?:=([^-][a-zA-Z0-9_\.,-]+))?)$/) {
49 if (defined($2)) {
50 push(@redhat, [split(',', $2)]);
51 # Extract next parameter
52 } elsif(defined($ARGV[$i+1]) && $ARGV[$i+1] =~ /^([^-][a-zA-Z0-9_\.,-]+)$/) {
53 push(@redhat, [split(',', $1)]);
54 $i++;
55 # Set default
56 } else {
57 push(@redhat, ['www.example.com','example.com','...']);
58 }
59 # Match debian types
60 } elsif ($ARGV[$i] =~ /^(?:(\-d|\-\-debian)(?:=([^-][a-zA-Z0-9_\.,-]+))?)$/) {
61 if (defined($2)) {
62 push(@debian, [split(',', $2)]);
63 # Extract next parameter
64 } elsif(defined($ARGV[$i+1]) && $ARGV[$i+1] =~ /^([^-][a-zA-Z0-9_\.,-]+)$/) {
65 push(@debian, [split(',', $1)]);
66 $i++;
67 # Set default
68 } else {
69 push(@debian, ['www.example.com','example.com','...']);
70 }
71 # Match term
72 } elsif ($ARGV[$i] =~ /^(?:(\-t|\-\-term)(?:=(https:\/\/letsencrypt\.org\/documents\/[a-zA-Z0-9\._-]+\.pdf))?)$/) {
73 if (defined($2)) {
74 $root{term} = $2;
75 splice(@ARGV, $i, 1);
76 $i--;
77 # Extract next parameter
78 } elsif(defined($ARGV[$i+1]) && $ARGV[$i+1] =~ /^(https:\/\/letsencrypt\.org\/documents\/[a-zA-Z0-9\._-]+\.pdf)$/) {
79 $root{term} = $1;
80 splice(@ARGV, $i, 2);
81 $i--;
82 # Set default
83 } else {
84 print 'Term parameter without valid link'."\n";
85 exit EXIT_FAILURE;
86 }
87 }
88 }
89
90 # Show usage
91 if (scalar(@redhat) < 1 && scalar(@debian) < 1) {
92 print "Usage: $0 [(-d|--debian)[=example.com[,...]] [(-r|--redhat)[=example.com[,...]]] [(-t|--term)[=https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf]] [...] > /etc/acme/config\n";
93 exit EXIT_FAILURE;
94 }
95
96 # Append redhat style examples
97 for my $key (@redhat) {
98 my $domain = shift @{$key};
99 my @domains = $key;
100 tie(%{$root{certificates}[$#{$root{certificates}}+1]}, 'Tie::IxHash', (
101 # Public cert
102 #XXX: required
103 cert => '/etc/pki/tls/certs/'.$domain.'.pem',
104 # Private key
105 #XXX: required
106 key => '/etc/pki/tls/private/'.$domain.'.pem',
107 # Private account key
108 #XXX: required
109 account => '/etc/acme/account.pem',
110 # Mail address
111 #XXX: required
112 mail => 'webmaster@'.$domain,
113 # Root domain
114 #XXX: required
115 domain => $domain,
116 # Domain list
117 #XXX: required
118 domains => @domains,
119 # Production certificate
120 #XXX: optional
121 #XXX: set to 1 for production
122 prod => $prod
123 ));
124 }
125
126 # Append debian style examples
127 for my $key (@debian) {
128 my $domain = shift @{$key};
129 my @domains = $key;
130 tie(%{$root{certificates}[$#{$root{certificates}}+1]}, 'Tie::IxHash', (
131 # Public cert
132 #XXX: required
133 cert => '/etc/ssl/certs/'.$domain.'.crt',
134 # Private key
135 #XXX: required
136 key => '/etc/ssl/private/'.$domain.'.key',
137 # Private account key
138 #XXX: required
139 account => '/etc/acme/account.pem',
140 # Mail address
141 #XXX: required
142 mail => 'webmaster@'.$domain,
143 # Root domain
144 #XXX: required
145 domain => $domain,
146 # Domain list
147 #XXX: required
148 domains => @domains,
149 # Production certificate
150 #XXX: optional
151 #XXX: set to 1 for production
152 prod => $prod
153 ));
154 }
155
156 # Display configuration template
157 print to_json(\%root, {pretty => 1});
158
159 # Exit with success
160 exit EXIT_SUCCESS;
Letsencrypt perl client