Module: Bullion

Defined in:

lib/bullion.rb,
lib/bullion/service.rb,
lib/bullion/version.rb,
lib/bullion/acme/error.rb,
lib/bullion/helpers/ssl.rb,
lib/bullion/services/ca.rb,
lib/bullion/helpers/acme.rb,
lib/bullion/models/nonce.rb,
lib/bullion/models/order.rb,
lib/bullion/services/ping.rb,
lib/bullion/models/account.rb,
lib/bullion/helpers/service.rb,
lib/bullion/challenge_client.rb,
lib/bullion/models/challenge.rb,
lib/bullion/models/certificate.rb,
lib/bullion/models/authorization.rb,
lib/bullion/challenge_clients/dns.rb,
lib/bullion/challenge_clients/http.rb,
lib/bullion/rspec/challenge_clients/dns.rb,
lib/bullion/rspec/challenge_clients/http.rb

Overview

The top-level module for Bullion

Defined Under Namespace

Modules: Acme, ChallengeClients, Helpers, Models, RSpec, Services Classes: ChallengeClient, ConfigError, Error, Service

Constant Summary

LOGGER =

Logger.new($stdout)

CA_DIR =

Config through environment variables

File.expand_path ENV.fetch("CA_DIR", "tmp")

CA_SECRET =

ENV.fetch("CA_SECRET", "SomeS3cret")

CA_KEY_PATH =

ENV.fetch("CA_KEY_PATH") { File.join(CA_DIR, "tls.key") }

CA_CERT_PATH =

ENV.fetch("CA_CERT_PATH") { File.join(CA_DIR, "tls.crt") }

CA_DOMAINS =

ENV.fetch("CA_DOMAINS", "example.com").split(",")

CERT_VALIDITY_DURATION =

90 days cert expiration

Integer(
  ENV.fetch("CERT_VALIDITY_DURATION", 60 * 60 * 24 * 30 * 3)
)

DB_CONNECTION_SETTINGS =

ENV.fetch("DATABASE_URL") do
  {
    adapter: "mysql2",
    database: ENV.fetch("DB_NAME", "bullion"),
    encoding: ENV.fetch("DB_ENCODING", "utf8mb4"),
    pool: Integer(ENV.fetch("MAX_THREADS", 32)),
    username: ENV.fetch("DB_USERNAME", "root"),
    password: ENV.fetch("DB_PASSWORD", nil),
    host: ENV.fetch("DB_HOST", "localhost")
  }
end

NAMESERVERS =

ENV.fetch("DNS01_NAMESERVERS", "").split(",")

MetricsRegistry =

Prometheus::Client.registry

DNS_CHALLENGE_CLIENT =

Bullion::ChallengeClients::DNS

HTTP_CHALLENGE_CLIENT =

Bullion::ChallengeClients::HTTP

VERSION =

[
  0, # major
  4, # minor
  1 # patch
].join(".")

Class Method Summary

• .ca_cert ⇒ Object
• .ca_key ⇒ Object
• .rotate_keys! ⇒ Object
• .validate_config! ⇒ Object

  Ensures configuration settings are valid.

Class Method Details

.ca_cert ⇒ Object

# File 'lib/bullion.rb', line 65

def self.ca_cert
  @ca_cert ||= OpenSSL::X509::Certificate.new(File.read(CA_CERT_PATH))
end

.ca_key ⇒ Object

# File 'lib/bullion.rb', line 61

def self.ca_key
  @ca_key ||= OpenSSL::PKey::RSA.new(File.read(CA_KEY_PATH), CA_SECRET)
end

.rotate_keys! ⇒ Object

# File 'lib/bullion.rb', line 69

def self.rotate_keys!
  @ca_key = nil
  @ca_cert = nil
  ca_key
  ca_cert
  true
end

.validate_config! ⇒ Object

Ensures configuration settings are valid

Raises:

• (ConfigError)

See Also:

• https://support.apple.com/en-us/HT211025

# File 'lib/bullion.rb', line 79

def self.validate_config!
  raise ConfigError, "Invalid Key Passphrase" unless CA_SECRET.is_a?(String)
  raise ConfigError, "Invalid Key Path: #{CA_KEY_PATH}" unless File.readable?(CA_KEY_PATH)
  raise ConfigError, "Invalid Cert Path: #{CA_CERT_PATH}" unless File.readable?(CA_CERT_PATH)
  raise ConfigError, "Cert Validity Too Long" if 60 * 60 * 24 * 397 < CERT_VALIDITY_DURATION
  raise ConfigError, "Cert Validity Too Short" if 60 * 60 * 24 * 2 > CERT_VALIDITY_DURATION
end