debian-mirror-gitlab/lib/gitlab/lets_encrypt/client.rb

# frozen_string_literal: true

module Gitlab
  module LetsEncrypt
    class Client
      include Gitlab::Utils::StrongMemoize

      PRODUCTION_DIRECTORY_URL = 'https://acme-v02.api.letsencrypt.org/directory'
      STAGING_DIRECTORY_URL = 'https://acme-staging-v02.api.letsencrypt.org/directory'

      def new_order(domain_name)
        ensure_account

        acme_order = acme_client.new_order(identifiers: [domain_name])

        ::Gitlab::LetsEncrypt::Order.new(acme_order)
      end

      def load_order(url)
        ensure_account

        # rubocop: disable CodeReuse/ActiveRecord
        ::Gitlab::LetsEncrypt::Order.new(acme_client.order(url: url))
        # rubocop: enable CodeReuse/ActiveRecord
      end

      def load_challenge(url)
        ensure_account

        ::Gitlab::LetsEncrypt::Challenge.new(acme_client.challenge(url: url))
      end

      def terms_of_service_url
        acme_client.terms_of_service
      end

      private

      def acme_client
        @acme_client ||= ::Acme::Client.new(private_key: private_key, directory: acme_api_directory_url)
      end

      def private_key
        strong_memoize(:private_key) do
          private_key_string = Gitlab::CurrentSettings.lets_encrypt_private_key
          private_key_string ||= generate_private_key
          OpenSSL::PKey.read(private_key_string) if private_key_string
        end
      end

      def admin_email
        Gitlab::CurrentSettings.lets_encrypt_notification_email
      end

      def contact
        "mailto:#{admin_email}"
      end

      def ensure_account
        raise 'Acme integration is disabled' unless ::Gitlab::LetsEncrypt.enabled?

        @acme_account ||= acme_client.new_account(contact: contact, terms_of_service_agreed: true)
      end

      def acme_api_directory_url
        if Rails.env.production?
          PRODUCTION_DIRECTORY_URL
        else
          STAGING_DIRECTORY_URL
        end
      end

      def generate_private_key
        return if Gitlab::Database.read_only?

        application_settings = Gitlab::CurrentSettings.current_application_settings
        application_settings.with_lock do
          unless application_settings.lets_encrypt_private_key
            application_settings.update(lets_encrypt_private_key: OpenSSL::PKey::RSA.new(4096).to_pem)
          end

          application_settings.lets_encrypt_private_key
        end
      end
    end
  end
end
New upstream version 12.0.8 2019-09-04 21:01:54 +05:30			`# frozen_string_literal: true`

			`module Gitlab`
			`module LetsEncrypt`
			`class Client`
			`include Gitlab::Utils::StrongMemoize`

			`PRODUCTION_DIRECTORY_URL = 'https://acme-v02.api.letsencrypt.org/directory'`
			`STAGING_DIRECTORY_URL = 'https://acme-staging-v02.api.letsencrypt.org/directory'`

			`def new_order(domain_name)`
			`ensure_account`

			`acme_order = acme_client.new_order(identifiers: [domain_name])`

			`::Gitlab::LetsEncrypt::Order.new(acme_order)`
			`end`

			`def load_order(url)`
			`ensure_account`

			`# rubocop: disable CodeReuse/ActiveRecord`
			`::Gitlab::LetsEncrypt::Order.new(acme_client.order(url: url))`
			`# rubocop: enable CodeReuse/ActiveRecord`
			`end`

			`def load_challenge(url)`
			`ensure_account`

			`::Gitlab::LetsEncrypt::Challenge.new(acme_client.challenge(url: url))`
			`end`

			`def terms_of_service_url`
			`acme_client.terms_of_service`
			`end`

			`private`

			`def acme_client`
			`@acme_client \|\|= ::Acme::Client.new(private_key: private_key, directory: acme_api_directory_url)`
			`end`

			`def private_key`
			`strong_memoize(:private_key) do`
			`private_key_string = Gitlab::CurrentSettings.lets_encrypt_private_key`
			`private_key_string \|\|= generate_private_key`
			`OpenSSL::PKey.read(private_key_string) if private_key_string`
			`end`
			`end`

			`def admin_email`
			`Gitlab::CurrentSettings.lets_encrypt_notification_email`
			`end`

			`def contact`
			`"mailto:#{admin_email}"`
			`end`

			`def ensure_account`
New upstream version 12.1.11 2019-09-30 21:07:59 +05:30			`raise 'Acme integration is disabled' unless ::Gitlab::LetsEncrypt.enabled?`
New upstream version 12.0.8 2019-09-04 21:01:54 +05:30
			`@acme_account \|\|= acme_client.new_account(contact: contact, terms_of_service_agreed: true)`
			`end`

			`def acme_api_directory_url`
			`if Rails.env.production?`
			`PRODUCTION_DIRECTORY_URL`
			`else`
			`STAGING_DIRECTORY_URL`
			`end`
			`end`

			`def generate_private_key`
			`return if Gitlab::Database.read_only?`

			`application_settings = Gitlab::CurrentSettings.current_application_settings`
			`application_settings.with_lock do`
			`unless application_settings.lets_encrypt_private_key`
			`application_settings.update(lets_encrypt_private_key: OpenSSL::PKey::RSA.new(4096).to_pem)`
			`end`

			`application_settings.lets_encrypt_private_key`
			`end`
			`end`
			`end`
			`end`
			`end`