initial commit from appmail

2025-12-01 05:43:04 +00:00 · 2017-04-19 13:07:25 +01:00
--- a/app/models/track_certificate.rb
+++ b/app/models/track_certificate.rb
@@ -0,0 +1,95 @@
+# == Schema Information
+#
+# Table name: track_certificates
+#
+#  id                  :integer          not null, primary key
+#  domain              :string(255)
+#  certificate         :text(65535)
+#  intermediaries      :text(65535)
+#  key                 :text(65535)
+#  expires_at          :datetime
+#  renew_after         :datetime
+#  verification_path   :string(255)
+#  verification_string :string(255)
+#  created_at          :datetime         not null
+#  updated_at          :datetime         not null
+#
+# Indexes
+#
+#  index_track_certificates_on_domain  (domain)
+#
+
+class TrackCertificate < ApplicationRecord
+
+  validates :domain, :presence => true, :uniqueness => true
+
+  default_value :key, -> { OpenSSL::PKey::RSA.new(2048).to_s }
+
+  scope :active, -> { where("certificate IS NOT NULL AND expires_at > ?", Time.now) }
+
+  def active?
+    certificate.present?
+  end
+
+  def get
+    verify && issue
+  end
+
+  def verify
+    authorization = Postal::LetsEncrypt.client.authorize(:domain => self.domain)
+    challenge = authorization.http01
+    self.verification_path = challenge.filename
+    self.verification_string = challenge.file_content
+    self.save!
+    challenge.request_verification
+    checks = 0
+    until challenge.verify_status != "pending"
+      checks += 1
+      return false if checks > 30
+      sleep 1
+    end
+
+    unless challenge.verify_status == "valid"
+      return false
+    end
+
+    return true
+  rescue Acme::Client::Error => e
+    @retries = 0
+    if e.is_a?(Acme::Client::Error::BadNonce) && @retries < 5
+      @retries += 1
+      sleep 1
+      verify
+    else
+      return false
+    end
+  end
+
+  def issue
+    csr = OpenSSL::X509::Request.new
+    csr.subject = OpenSSL::X509::Name.new([['CN', self.domain, OpenSSL::ASN1::UTF8STRING]])
+    private_key = OpenSSL::PKey::RSA.new(self.key)
+    csr.public_key = private_key.public_key
+    csr.sign(private_key, OpenSSL::Digest::SHA256.new)
+    https_cert = Postal::LetsEncrypt.client.new_certificate(csr)
+    self.certificate = https_cert.to_pem
+    self.intermediaries = https_cert.chain_to_pem
+    self.expires_at = https_cert.x509.not_after
+    self.renew_after = (self.expires_at - 1.month) + rand(10).days
+    self.save!
+    return true
+  end
+
+  def certificate_object
+    @certificate_object ||= OpenSSL::X509::Certificate.new(self.certificate)
+  end
+
+  def intermediaries_array
+    @intermediaries_array ||= self.intermediaries.to_s.scan(/-----BEGIN CERTIFICATE-----.+?-----END CERTIFICATE-----/m).map{|c| OpenSSL::X509::Certificate.new(c)}
+  end
+
+  def key_object
+    @key_object ||= OpenSSL::PKey::RSA.new(self.key)
+  end
+
+end