module Tunnelss::ConfigureWithPow def configure_with_pow build_or_update_certificate end def pow_present? File.exists? pow_dir end private def build_or_update_certificate unless File.exists?(dir) build_dir build_ca build_certificate else unless ca_exists? build_ca build_certificate else build_certificate if pow_domains_changed? end end end def build_dir Dir.mkdir(dir) end def ca_exists? File.exists?(ca_dir) and File.exists?("#{ca_dir}/key.pem") and File.exists?("#{ca_dir}/cert.pem") end def build_ca FileUtils.rm_rf(ca_dir) if File.exists?(ca_dir) Dir.mkdir(ca_dir) puts "Creating SSL keypair for signing *.dev certificate" system "openssl req -newkey rsa:2048 -batch -x509 -nodes -subj \"/C=US/O=Developer Certificate/CN=*.dev Domain CA\" -keyout #{ca_dir}/key.pem -out #{ca_dir}/cert.pem -days 9999 &> /dev/null" puts "Adding certificate to login keychain as trusted." system "security add-trusted-cert -d -r trustRoot -k #{ENV['HOME']}/Library/Keychains/login.keychain #{ca_dir}/cert.pem" puts "================================================================================" puts "To use the certificate without a warning in Firefox you must add the\n\"#{ca_dir}/cert.pem\" certificate to your Firefox root certificates." puts "================================================================================" end def build_certificate prepare_openssl_config puts "Generating new *.dev certificate" system "openssl req -newkey rsa:2048 -batch -nodes -subj \"/C=US/O=Developer Certificate/CN=*.dev\" -keyout #{dir}/key.pem -out #{dir}/csr.pem -days 9999 &> /dev/null" puts "Signing *.dev certificate" system "openssl ca -config #{ca_dir}/openssl.cnf -policy policy_anything -batch -days 9999 -out #{dir}/cert.pem -infiles #{dir}/csr.pem &> /dev/null" # Build cert chain system "cat #{dir}/cert.pem > #{dir}/server.crt" system "cat #{ca_dir}/cert.pem >> #{dir}/server.crt" write_pow_domains_to_cache puts "Generated certificate for your Pow .dev domains." true end def prepare_openssl_config Dir.mkdir("#{ca_dir}/newcerts") unless File.exists?("#{ca_dir}/newcerts") system "touch #{ca_dir}/index.txt" serial = File.exists?("#{ca_dir}/serial") ? File.read("#{ca_dir}/serial").to_i + 1 : 1 File.open("#{ca_dir}/serial", 'w') {|f| f.puts ("%02d" % serial).to_s} build_openssl_config_file end def build_openssl_config_file openssl_conf = File.read(File.expand_path('../../../generators/openssl.cnf', __FILE__)) openssl_conf.gsub!('--CA_DIR--', ca_dir) openssl_conf.gsub!('--DOMAINS--', pow_domains_str) File.open("#{ca_dir}/openssl.cnf", "w") {|f| f.puts openssl_conf} end def dir "#{ENV['HOME']}/.tunnelss" end def ca_dir "#{dir}/ca" end def pow_domains_changed? read_pow_domains_from_cache != pow_domains.join(',') end def read_pow_domains_from_cache File.exists?(pow_domains_cache_file) ? File.read(pow_domains_cache_file).strip : '' end def write_pow_domains_to_cache File.open(pow_domains_cache_file, 'w') {|f| f.puts pow_domains.join(',')} end def pow_domains_cache_file "#{dir}/pow_domains" end def pow_domains @pow_domains ||= Dir["#{pow_dir}/*"].collect {|f| File.basename(f)} end def pow_domains_str pow_domains.map {|d| "DNS:#{d}.dev,DNS:*.#{d}.dev"}.join(',') end def pow_dir "#{ENV['HOME']}/.pow" end end