-#! /usr/bin/perl
-
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-# Copyright (C) 2016 - 2017 Raphaël Gertz <acme@rapsys.eu>
-
-# Best practice
-use strict;
-use warnings;
-
-# Fix use of acl
-use filetest qw(access);
-
-# Load dependancies
-use File::stat qw(stat);
-use File::Slurp qw(read_file);
-use JSON qw(decode_json);
-use Acme;
-
-# Load POSIX
-use POSIX qw(EXIT_SUCCESS EXIT_FAILURE);
-
-# Init debug
-my $debug = 0;
-
-# Init config
-my $config = undef;
-
-# Init config file name
-my $configFilename = '/etc/acme/config';
-
-# Init domains
-my @domains = ();
-
-# Strip and enable debug
-@ARGV = map { if ($_ eq '-d') { $debug = 1; (); } else { $_; } } @ARGV;
-
-# Strip and enable debug
-for (my $i = 0; $i <= $#ARGV; $i++) {
- # Match redhat types
- if ($ARGV[$i] =~ /^(?:(\-c|\-\-config)(?:=(.+))?)$/) {
- if (defined($2) && -f $2) {
- $configFilename = $2;
- splice(@ARGV, $i, 1);
- $i--;
- # Extract next parameter
- } elsif(defined($ARGV[$i+1]) && $ARGV[$i+1] =~ /^(.+)$/ && -f $1) {
- $configFilename = $1;
- splice(@ARGV, $i, 2);
- $i--;
- # Set default
- } else {
- print 'Config parameter without valid file name'."\n";
- exit EXIT_FAILURE;
- }
- }
-}
-
-# Load config
-unless (
- #XXX: use eval to workaround a fatal in decode_json
- eval {
- # Check file
- (-f $configFilename) &&
- # Read it
- ($config = read_file($configFilename)) &&
- # Decode it
- ($config = decode_json($config)) &&
- # Check hash validity
- defined($config->{certificates}) &&
- # Check not empty
- scalar($config->{certificates}) &&
- # Check hash validity
- defined($config->{thumbprint}) &&
- # Check certificates array
- ! scalar map {unless(defined($_->{cert}) && defined($_->{key}) && defined($_->{mail}) && defined($_->{domain}) && defined($_->{domains})) {1;} else {();}} @{$config->{certificates}}
- }
-) {
- print 'Config file '.$configFilename.' is not readable or invalid'."\n";
- exit EXIT_FAILURE;
-}
-
-# Deal with specified domains
-if (scalar(@ARGV) > 0) {
- # Check that domains are present in config
- foreach my $domain (@ARGV) {
- my $found = undef;
- foreach my $certificate (@{$config->{certificates}}) {
- if ($certificate->{domain} eq $domain) {
- push(@domains, $certificate);
- $found = 1;
- }
- }
- unless($found) {
- print 'Domain '.$domain.' not found in config file '.$configFilename."\n";
- exit EXIT_FAILURE;
- }
- }
-# Without it
-} else {
- # Populate domains array with available ones
- foreach my $certificate (@{$config->{certificates}}) {
- push(@domains, $certificate);
- }
-}
-
-# Show usage
-if (scalar(@domains) < 1) {
- print "Usage: $0 [-(c|-config)[=/etc/acme/config]] [example.com] [...]\n";
- exit EXIT_FAILURE;
-}
-
-# Deal with each domain
-foreach my $domain (@domains) {
- # Skip certificate without 60 days
- if (-f $domain->{cert} && stat($domain->{cert})->mtime >= (time() - 60*24*3600)) {
- next;
- }
-
- # Create new object
- my $acme = Acme->new($debug, $domain, {thumbprint => $config->{thumbprint}, pending => $config->{pending}, term => $config->{term}});
-
- # Prepare environement
- $acme->prepare();
-
- # Generate required keys
- $acme->genKeys();
-
- # Generate csr
- $acme->genCsr();
-
- # Directory
- $acme->directory();
-
- # Register
- $acme->register();
-
- # Authorize
- $acme->authorize();
-
- # Issue
- $acme->issue();
-}
-
-# Exit with success
-exit EXIT_SUCCESS;
Rapsys Git / acme / commitdiff