WIPpages-letsencrypt-poc

7 files changed, 94 insertions, 1 deletions

diff --git a/app/services/pages_domains/create_acme_order_service.rb b/app/services/pages_domains/create_acme_order_service.rb
index 5ef72a4c81d..060ac94509e 100644
--- a/app/services/pages_domains/create_acme_order_service.rb
+++ b/app/services/pages_domains/create_acme_order_service.rb
@@ -15,10 +15,12 @@ module PagesDomains
       authorization = order.authorizations.first
       challenge = authorization.http
 
+      private_key = OpenSSL::PKey::RSA.new(4096)
       acme_order = pages_domain.acme_orders.create!(
         url: order.url,
         finalize_url: order.finalize_url,
         expires: order.expires,
+        private_key: private_key,
 
         challenge_token: challenge.token,
         challenge_file_content: challenge.file_content
diff --git a/db/migrate/20190320102348_create_pages_domains_acme_orders.rb b/db/migrate/20190320102348_create_pages_domains_acme_orders.rb
index 9d85af862e3..d1cf93d5277 100644
--- a/db/migrate/20190320102348_create_pages_domains_acme_orders.rb
+++ b/db/migrate/20190320102348_create_pages_domains_acme_orders.rb
@@ -19,6 +19,7 @@ class CreatePagesDomainsAcmeOrders < ActiveRecord::Migration[5.0]
       t.string :challenge_token, null: false
       t.text :challenge_file_content, null: false
 
+      t.text :private_key, null: false
       t.timestamps_with_timezone null: false
     end
   end
diff --git a/lib/gitlab/acme_client.rb b/lib/gitlab/acme_client.rb
index 5a2967a0368..9908e1947de 100644
--- a/lib/gitlab/acme_client.rb
+++ b/lib/gitlab/acme_client.rb
@@ -63,7 +63,7 @@ module Gitlab
       end
 
       def directory
-        if Rails.env.production?
+        if Rails.env.production? || true
           PRODUCTION_DIRECTORY_URL
         else
           STAGING_DIRECTORY_URL
diff --git a/spec/factories/application_settings.rb b/spec/factories/application_settings.rb
index 00c063c49f8..d2840e9915c 100644
--- a/spec/factories/application_settings.rb
+++ b/spec/factories/application_settings.rb
@@ -1,5 +1,12 @@
 FactoryBot.define do
   factory :application_setting do
     default_projects_limit 42
+
+    trait :with_notification_admin_email do
+      admin_notification_email { 'vshushlin@gitlab.com' }
+    end
+
+    trait :with_acme_integration_set do
+    end
   end
 end
diff --git a/spec/lib/gitlab/acme_client_spec.rb b/spec/lib/gitlab/acme_client_spec.rb
new file mode 100644
index 00000000000..971b6677448
--- /dev/null
+++ b/spec/lib/gitlab/acme_client_spec.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Gitlab::AcmeClient do
+  include AcmeHelpers
+
+  before do
+    stub_directory
+  end
+
+  describe '#create' do
+    subject { described_class.create }
+
+    context 'when admin email is set' do
+      let!(:application_setting) { create(:application_setting, admin_notification_email: 'admin@example.com') }
+
+      context 'when account is not yet created' do
+        it do
+          subject
+        end
+      end
+
+      context 'when account is already created' do
+        it 'returns Acme client' do
+          expect(subject).to be_a(Acme::Client)
+        end
+      end
+    end
+
+    context 'when admin email is not set' do
+      it 'raises an exeption' do
+        expect { subject }.to raise_error('Acme integration is disabled')
+      end
+    end
+  end
+end
diff --git a/spec/services/pages_domains/create_acme_challenge_service_spec.rb b/spec/services/pages_domains/create_acme_challenge_service_spec.rb
new file mode 100644
index 00000000000..fd56d848ff1
--- /dev/null
+++ b/spec/services/pages_domains/create_acme_challenge_service_spec.rb
@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe PagesDomains::CreateAcmeChallengeService do
+  let!(:application_setting) { create(:application_setting, admin_notification_email: 'admin@example.com') }
+  let(:pages_domain) { create(:pages_domain) }
+
+  it 'creates acme challenge' do
+    WebMock.allow_net_connect!
+    expect do
+      described_class.new(pages_domain).execute
+    end.to change { PagesDomainAcmeChallenge.count }.by(1)
+  end
+end
diff --git a/spec/support/helpers/acme_helpers.rb b/spec/support/helpers/acme_helpers.rb
new file mode 100644
index 00000000000..f097618cd3b
--- /dev/null
+++ b/spec/support/helpers/acme_helpers.rb
@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module AcmeHelpers
+  DIRECTORY = 'https://acme-staging-v02.api.letsencrypt.org/directory'
+  NEW_NONCE_URL = 'https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce'
+
+  def stub_directory
+    response = <<-EOF
+{
+  "eQ3fEKjOSxE": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
+  "keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
+  "meta": {
+    "caaIdentities": [
+      "letsencrypt.org"
+    ],
+    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
+    "website": "https://letsencrypt.org/docs/staging-environment/"
+  },
+  "newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
+  "newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
+  "newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
+  "revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
+}
+EOF
+    stub_request(:get, Gitlab::AcmeClient::STAGING_DIRECTORY_URL)
+      .to_return(status: 200, body: response, headers: {})
+
+    stub_request(:head, NEW_NONCE_URL)
+      .to_return(status: 200, body: "", headers: {})
+  end
+end