private_key results from the CPAN

private_key
App-Acmeman
view release on metacpan or search on metacpan
	    } elsif ($hours == 24) {
		$in = "in one day";
	    } else {
		$in = "today";
	    }
	    debug(2, "$crt expires on $expiry, $in");
	    if ($now + $self->cf->get(qw(core time-delta)) < $ts) {
		return 0;
	    } else {
		debug(2, "will renew $crt (expires on $expiry, $in)");
	    }
	} else {
	    debug(2, "will renew $crt");
	}
    }
    return 1;
}

sub debug_to_loglevel {
    my $self = shift;
    my @lev = ('err', 'info', 'debug');
    my $v = $self->cf->core->verbose;
    return $lev[$v > $#lev ? $#lev : $v];
}

my @challenge_files;

END {
    if (@challenge_files) {
	debug(3, "removing challenge files");
	my $n = unlink @challenge_files;
	unless ($n == @challenge_files) {
	    error("some challenge files were not removed",
		  prefix => 'warning');
	}
    }
}

sub save_challenge {
    my ($self,$challenge) = @_;
    my $file = File::Spec->catfile($self->cf->get(qw(core rootdir)), $challenge->get_path);
    if (open(my $fh, '>', $file)) {
	print $fh $self->acme->make_key_authorization($challenge);
	close $fh;
	debug(3, "wrote challenge file $file");
	push @challenge_files, $file;
    } else {
	error("can't open $file for writing: $!");
	die;
    }
}   

sub account_key {
    my $self = shift;

    unless ($self->{_account_key}) {
	my $keyfile = $self->cf->get('account', 'key');
	if (-r $keyfile) {
	    if (open(my $fh, '<', $keyfile)) {
		local $/ = undef;
		$self->{_account_key} = Crypt::OpenSSL::RSA->new_private_key(<$fh>);
		close $fh;
	    } else {
		error("can't open $keyfile for reading: $!");
	    }
	} else {
	    $self->{_account_key} = Crypt::OpenSSL::RSA->generate_key($self->cf->get('core', 'key-size'));
	}
    }
    return $self->{_account_key};
}

sub account_key_id {
    my $self = shift;
    
    my $idfile = $self->cf->get('account', 'id');
    if (my $val = shift) {
	$self->{_account_key_id} = $val;
	$self->prep_dir($idfile);
	if (open(my $fh, '>', $idfile)) {
	    print $fh $val;
	    close $fh;
	} else {
	    error("can't open $idfile for writing: $!");
	}
    } elsif (!$self->{_account_key_id}) {
	if (-r $idfile) {
	    if (open(my $fh, '<', $idfile)) {
		chomp($self->{_account_key_id} = <$fh>);
		close $fh;
		debug(3, "using key_id $self->{_account_key_id}");
	    } else {
		error("can't open $idfile for reading: $!");
	    }
	}
    }
    return $self->{_account_key_id};
}

sub acme {
    my $self = shift;
    unless ($self->{_acme}) {
	my $acme = Net::ACME2::LetsEncrypt->new(
	    environment => $self->acme_host,
	    key => $self->account_key->get_private_key_string(),
	    key_id => $self->account_key_id
        );
	$self->{_acme} = $acme;

	unless ($acme->key_id()) {
	    # Create new account
	    debug(3, "creating account");
	    my $terms_url = $acme->get_terms_of_service();
	    $acme->create_account(termsOfServiceAgreed => 1);
	    debug(3, "saving account credentials");
	    $self->account_key_id($acme->key_id());
	    my $keyfile = $self->cf->get('account', 'key');
	    if (open(my $fh, '>', $keyfile)) {
	        print $fh $self->account_key->get_private_key_string();
	        close $fh;
	    } else {
		error("can't open $keyfile for writing: $!");
	    }
	}
    }
    return $self->{_acme};
}

sub register_domain_certificate {
    my ($self,$domain) = @_;
    
    my $key_size = $self->cf->get('domain', $domain, 'key-size')
	              || $self->cf->get('core', 'key-size');

    if ($self->cf->core->verbose > 0) {
	my $crt = $domain->certificate_file;
	my $alt = join(',', $domain->alt);
	if (-f $crt) {
	    debug(1, "renewing $crt: CN=$domain, alternatives=$alt, key_size=$key_size");
	} else {
	    debug(1, "issuing $crt: CN=$domain, alternatives=$alt, key_size=$key_size");
	}
    }

    return 1 if $self->dry_run_option;

    my $acme = $self->acme;
	
    # Create order
    my $order = $acme->create_order(
                  identifiers => [
                     map { { type => 'dns', value => $_ } } $domain->names
                  ]
    );
    debug(3, "$domain: created order");

    foreach my $authz (map { $acme->get_authorization($_) } $order->authorizations()) {
    
	my ($challenge) = grep { $_->type() eq 'http-01' } $authz->challenges();
	if (!$challenge) {
	    error("$domain: no challenge of acceptable type received");
	    return 0;
	}

	debug(3, "$domain: serving challenge");
	$self->save_challenge($challenge);
	$acme->accept_challenge($challenge);

	my $ret;
	while (($ret = $acme->poll_authorization($authz)) eq 'pending') {
	    sleep 1
	}
	if ($ret ne 'valid') {
	    my $text = "authorization $ret";
	    if (my ($ch) = grep { $_->type() eq 'http-01' } $authz->challenges()) {
		if (my $err = $ch->error()) {
		    $text .= ': ' . $err->to_string;
		}
	    }
view all matches for this distribution
view release on metacpan - search on metacpan
( run in 0.927 second using v1.00-cache-2.02-grep-82fe00e-cpan-dad7e4baca0 )