52 lines
1.6 KiB
Ruby
52 lines
1.6 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
module PagesDomains
|
|
class ObtainLetsEncryptCertificateService
|
|
# time for processing validation requests for acme challenges
|
|
# 5-15 seconds is usually enough
|
|
CHALLENGE_PROCESSING_DELAY = 1.minute.freeze
|
|
|
|
# time LetsEncrypt ACME server needs to generate the certificate
|
|
# no particular SLA, usually takes 10-15 seconds
|
|
CERTIFICATE_PROCESSING_DELAY = 1.minute.freeze
|
|
|
|
attr_reader :pages_domain
|
|
|
|
def initialize(pages_domain)
|
|
@pages_domain = pages_domain
|
|
end
|
|
|
|
def execute
|
|
pages_domain.acme_orders.expired.delete_all
|
|
acme_order = pages_domain.acme_orders.first
|
|
|
|
unless acme_order
|
|
::PagesDomains::CreateAcmeOrderService.new(pages_domain).execute
|
|
PagesDomainSslRenewalWorker.perform_in(CHALLENGE_PROCESSING_DELAY, pages_domain.id)
|
|
return
|
|
end
|
|
|
|
api_order = ::Gitlab::LetsEncrypt::Client.new.load_order(acme_order.url)
|
|
|
|
# https://tools.ietf.org/html/rfc8555#section-7.1.6 - statuses diagram
|
|
case api_order.status
|
|
when 'ready'
|
|
api_order.request_certificate(private_key: acme_order.private_key, domain: pages_domain.domain)
|
|
PagesDomainSslRenewalWorker.perform_in(CERTIFICATE_PROCESSING_DELAY, pages_domain.id)
|
|
when 'valid'
|
|
save_certificate(acme_order.private_key, api_order)
|
|
acme_order.destroy!
|
|
# when 'invalid'
|
|
# TODO: implement error handling
|
|
end
|
|
end
|
|
|
|
private
|
|
|
|
def save_certificate(private_key, api_order)
|
|
certificate = api_order.certificate
|
|
pages_domain.update!(gitlab_provided_key: private_key, gitlab_provided_certificate: certificate)
|
|
end
|
|
end
|
|
end
|