+# This file is part of Acmepl
+#
+# Acmepl is is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+# Copyright (C) 2016 - 2017 Raphaël Gertz <acmepl@rapsys.eu>
+
# acme package
package acme;
# Symbol export
use Exporter;
our @ISA = qw(Exporter);
+our @EXPORT_OK = qw(DS CERT_DIR KEY_DIR REQUEST_CSR ACCOUNT_KEY SERVER_KEY SERVER_CRT CONFIG);
# Load dependancies
use Carp qw(carp confess);
use Date::Parse qw(str2time);
-use DateTime;
use Digest::SHA qw(sha256_base64);
use Email::Valid;
use File::Path qw(make_path);
use File::Slurp qw(read_file write_file);
use File::Temp; # qw( :seekable );
use IPC::System::Simple qw(capturex);
-use JSON qw(encode_json decode_json);
+use JSON qw(from_json to_json);
use LWP;
use MIME::Base64 qw(encode_base64url encode_base64);
use Net::Domain::TLD;
-use Tie::IxHash;
use POSIX qw(EXIT_FAILURE);
+use Tie::IxHash;
# Documentation links
#XXX: see https://letsencrypt.github.io/acme-spec/ (probably based on https://ietf-wg-acme.github.io/acme/)
ACME_CERT => 'https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem',
ACME_DIR => 'https://acme-staging.api.letsencrypt.org/directory',
ACME_PROD_DIR => 'https://acme-v01.api.letsencrypt.org/directory',
- ACME_TERMS => 'https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf',
+ ACME_TERMS => 'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf',
# Version
- VERSION => 'v0.4',
+ VERSION => 'v0.6',
# Config
CONFIG => '/etc/acmepl/config'
# Store thumbprint
#XXX: convert base64 to base64 url
- $self->{account}{thumbprint} = (sha256_base64(encode_json($self->{account}{jwk}{jwk})) =~ s/=+\z//r) =~ tr[+/][-_]r;
+ $self->{account}{thumbprint} = (sha256_base64(to_json($self->{account}{jwk}{jwk})) =~ s/=+\z//r) =~ tr[+/][-_]r;
}
# Generate certificate request
$self->{nonce} = $res->headers->{'replay-nonce'};
# Merge uris in self content
- %$self = (%$self, %{decode_json($res->content)});
+ %$self = (%$self, %{from_json($res->content)});
}
# Post request
my ($self, $uri, $payload) = @_;
# Protected field
- my $protected = encode_base64url(encode_json({nonce => $self->{nonce}}));
+ my $protected = encode_base64url(to_json({nonce => $self->{nonce}}));
# Payload field
- $payload = encode_base64url(encode_json($payload));
+ $payload = encode_base64url(to_json($payload));
# Sign temp file
my $stf = File::Temp->new();
my $req = HTTP::Request->new(POST => $uri);
# Set new-reg request content
- $req->content(encode_json({
+ $req->content(to_json({
header => $self->{account}{jwk},
protected => $protected,
payload => $payload,
# Load config if available
my $config = undef;
if (
- #XXX: use eval to workaround a fatal in decode_json
+ #XXX: use eval to workaround a fatal in from_json
defined eval {
# Check that file exists
-f CONFIG &&
# Read it
($config = read_file(CONFIG)) &&
# Decode it
- ($config = decode_json($config)) &&
+ ($config = from_json($config)) &&
# Check defined
$config->{thumbprint}
}
# Load auth request content or post a new one
#TODO: add more check on cache file ???
if (
- #XXX: use eval to workaround a fatal in decode_json
+ #XXX: use eval to workaround a fatal in from_json
! defined eval {
# Check that file exists
-f $file &&
# Read it
($content = read_file($file)) &&
# Decode it
- ($content = decode_json($content)) &&
- # Check expiration
- (DateTime->from_epoch(epoch => str2time($content->{expires})) >= DateTime->now()->add(hours => 1))
- }
+ ($content = from_json($content))
+ # Check expiration
+ } || (str2time($content->{expires}) <= time()+3600)
) {
# Post new-authz request
my $res = $self->_post($self->{'new-authz'}, {resource => 'new-authz', identifier => {type => 'dns', value => $_}, existing => 'accept'});
}
# Decode content
- $content = decode_json($res->content);
+ $content = from_json($res->content);
# Check domain
unless (defined $content->{identifier}{value} && $content->{identifier}{value} eq $_) {
}
# Write to file
- write_file($file, encode_json($content));
+ write_file($file, to_json($content));
}
# Add challenge
}
# Extract content
- my $content = decode_json($res->content);
+ my $content = from_json($res->content);
# Save if valid
if ($content->{status} eq 'valid') {
}
# Extract content
- my $content = decode_json($res->content);
+ my $content = from_json($res->content);
# Save status
if ($content->{status} ne 'pending') {
# Load config if available
my $config = undef;
if (
- #XXX: use eval to workaround a fatal in decode_json
+ #XXX: use eval to workaround a fatal in from_json
defined eval {
# Check that file exists
-f CONFIG &&
# Read it
($config = read_file(CONFIG)) &&
# Decode it
- ($config = decode_json($config)) &&
+ ($config = from_json($config)) &&
# Check defined
$config->{thumbprint}
}
# my $res = $self->_post($self->{challenges}{$_}{http_uri}, {resource => 'authz', status => 'deactivated'});
# # Handle error
# unless ($res->is_success) {
- # print Dumper($res);
# confess 'POST '.$self->{challenges}{$_}{http_uri}.' failed: '.$res->status_line;
# }
#} map { $self->{challenges}{$_}{status} eq 'valid' ? $_ : () } keys %{$self->{challenges}};
Rapsys Git / acme / blobdiff