class KingslyCertbot::IpSecCertAdapter
Attributes
cert_backup_dir[R]
cert_private_dir[R]
certs_dir[R]
Public Class Methods
new(cert_bundle, root = '/')
click to toggle source
# File lib/kingsly_certbot/ip_sec_cert_adapter.rb, line 7 def initialize(cert_bundle, root = '/') raise 'passed parameter not of type CertBundle' if cert_bundle.class != KingslyCertbot::CertBundle @cert_bundle = cert_bundle root = root.end_with?('/') ? root : "#{root}/" @cert_backup_dir = "#{root}etc/ipsec.d/backup" @cert_private_dir = "#{root}etc/ipsec.d/private" @certs_dir = "#{root}etc/ipsec.d/certs" end
Public Instance Methods
restart_service()
click to toggle source
# File lib/kingsly_certbot/ip_sec_cert_adapter.rb, line 51 def restart_service result = Kernel.system('systemctl stop strongswan.service; sleep 10; systemctl start strongswan.service; sleep 10') $logger.error('ipsec restart command failed') unless result result end
update_assets()
click to toggle source
# File lib/kingsly_certbot/ip_sec_cert_adapter.rb, line 17 def update_assets cert_filename = "#{@cert_bundle.subdomain}.#{@cert_bundle.tld}.pem" private_key_filepath = "#{cert_private_dir}/#{cert_filename}" cert_filepath = "#{certs_dir}/#{cert_filename}" if File.exist?(private_key_filepath) && File.exist?(cert_filepath) existing_private_key_content = File.read(private_key_filepath) existing_cert_content = File.read(cert_filepath) if existing_private_key_content == @cert_bundle.private_key && existing_cert_content == @cert_bundle.full_chain $logger.info('New certificate file is same as old cert file, skipping updating certificates') return false else time = Time.now.strftime('%Y%m%d_%H%M%S') backup_dir = "#{cert_backup_dir}/#{time}" $logger.info("Taking backup of existing certificates to #{backup_dir}") FileUtils.mkdir_p(backup_dir) FileUtils.mv(private_key_filepath, "#{backup_dir}/#{cert_filename}.private", force: true) FileUtils.mv(cert_filepath, "#{backup_dir}/#{cert_filename}.certs", force: true) end end FileUtils.mkdir_p(cert_private_dir) unless Dir.exist?(cert_private_dir) File.open(private_key_filepath, 'w') do |f| f.write(@cert_bundle.private_key) end FileUtils.mkdir_p(certs_dir) unless Dir.exist?(certs_dir) File.open(cert_filepath, 'w') do |f| f.write(@cert_bundle.full_chain) end return true end