acme-client 0.2.3 → 0.2.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +1 -1
- data/lib/acme-client.rb +1 -0
- data/lib/acme/client/certificate.rb +1 -1
- data/lib/acme/client/resources/authorization.rb +3 -1
- data/lib/acme/client/resources/challenges.rb +1 -0
- data/lib/acme/client/resources/challenges/tls_sni01.rb +25 -0
- data/lib/acme/client/self_sign_certificate.rb +50 -0
- data/lib/acme/client/version.rb +1 -1
- metadata +4 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e2bfc1b30ebefbb87d572378e91ac4d9e47552de
|
|
4
|
+
data.tar.gz: 51bedd0f2e79328154c044f98c354b0bb2db4860
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 03c36be67fa43961e1c61ce1ae9abaf0922042e4281240901b520f69bc38961e7690b7301cc95dc9be6962d9e23057f46fba3d154e56c33993f9abb767c29a14
|
|
7
|
+
data.tar.gz: fb2079a8eb3c28772b01655e211a82391ee76f68ecc41cc41f95b7b800dc04aec3c6d4f9f36f8574a7d53b7bd78edf7b908a81296065bf0f29d289500a6e5bab
|
data/README.md
CHANGED
data/lib/acme-client.rb
CHANGED
|
@@ -1,8 +1,9 @@
|
|
|
1
1
|
class Acme::Client::Resources::Authorization
|
|
2
2
|
HTTP01 = Acme::Client::Resources::Challenges::HTTP01
|
|
3
3
|
DNS01 = Acme::Client::Resources::Challenges::DNS01
|
|
4
|
+
TLSSNI01 = Acme::Client::Resources::Challenges::TLSSNI01
|
|
4
5
|
|
|
5
|
-
attr_reader :domain, :status, :http01, :dns01
|
|
6
|
+
attr_reader :domain, :status, :http01, :dns01, :tls_sni01
|
|
6
7
|
|
|
7
8
|
def initialize(client, response)
|
|
8
9
|
@client = client
|
|
@@ -17,6 +18,7 @@ class Acme::Client::Resources::Authorization
|
|
|
17
18
|
case attributes.fetch('type')
|
|
18
19
|
when 'http-01' then @http01 = HTTP01.new(@client, attributes)
|
|
19
20
|
when 'dns-01' then @dns01 = DNS01.new(@client, attributes)
|
|
21
|
+
when 'tls-sni-01' then @tls_sni01 = TLSSNI01.new(@client, attributes)
|
|
20
22
|
else
|
|
21
23
|
# no supported
|
|
22
24
|
end
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
class Acme::Client::Resources::Challenges::TLSSNI01 < Acme::Client::Resources::Challenges::Base
|
|
2
|
+
def hostname
|
|
3
|
+
digest = crypto.digest.hexdigest(authorization_key)
|
|
4
|
+
"#{digest[0..31]}.#{digest[32..64]}.acme.invalid"
|
|
5
|
+
end
|
|
6
|
+
|
|
7
|
+
def certificate
|
|
8
|
+
self_sign_certificate.certificate
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def private_key
|
|
12
|
+
self_sign_certificate.private_key
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def request_verification
|
|
16
|
+
response = client.connection.post(@uri, { resource: 'challenge', type: 'tls-sni-01', keyAuthorization: authorization_key })
|
|
17
|
+
response.success?
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
private
|
|
21
|
+
|
|
22
|
+
def self_sign_certificate
|
|
23
|
+
@self_sign_certificate ||= Acme::Client::SelfSignCertificate.new(subject_alt_names: [hostname])
|
|
24
|
+
end
|
|
25
|
+
end
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
class Acme::Client::SelfSignCertificate
|
|
2
|
+
attr_reader :private_key, :subject_alt_names, :not_before, :not_after
|
|
3
|
+
|
|
4
|
+
extend Forwardable
|
|
5
|
+
def_delegators :certificate, :to_pem, :to_der
|
|
6
|
+
|
|
7
|
+
def initialize(subject_alt_names:, not_before: default_not_before, not_after: default_not_after, private_key: generate_private_key)
|
|
8
|
+
@private_key = private_key
|
|
9
|
+
@subject_alt_names = subject_alt_names
|
|
10
|
+
@not_before = not_before
|
|
11
|
+
@not_after = not_after
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def certificate
|
|
15
|
+
@certificate ||= begin
|
|
16
|
+
certificate = OpenSSL::X509::Certificate.new
|
|
17
|
+
certificate.not_before = not_before
|
|
18
|
+
certificate.not_after = not_after
|
|
19
|
+
certificate.public_key = private_key.public_key
|
|
20
|
+
|
|
21
|
+
extension_factory = OpenSSL::X509::ExtensionFactory.new
|
|
22
|
+
extension_factory.subject_certificate = certificate
|
|
23
|
+
extension_factory.issuer_certificate = certificate
|
|
24
|
+
|
|
25
|
+
subject_alt_name_entry = subject_alt_names.map { |d| "DNS: #{d}" }.join(',')
|
|
26
|
+
subject_alt_name_extension = extension_factory.create_extension('subjectAltName', subject_alt_name_entry)
|
|
27
|
+
certificate.add_extension(subject_alt_name_extension)
|
|
28
|
+
|
|
29
|
+
certificate.sign(private_key, digest)
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
private
|
|
34
|
+
|
|
35
|
+
def generate_private_key
|
|
36
|
+
OpenSSL::PKey::RSA.new(2048)
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
def default_not_before
|
|
40
|
+
Time.now + 3600
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
def default_not_after
|
|
44
|
+
Time.now + 30 * 24 * 3600
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
def digest
|
|
48
|
+
OpenSSL::Digest::SHA256.new
|
|
49
|
+
end
|
|
50
|
+
end
|
data/lib/acme/client/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: acme-client
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Charles Barbier
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-12-
|
|
11
|
+
date: 2015-12-22 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -174,7 +174,9 @@ files:
|
|
|
174
174
|
- lib/acme/client/resources/challenges/base.rb
|
|
175
175
|
- lib/acme/client/resources/challenges/dns01.rb
|
|
176
176
|
- lib/acme/client/resources/challenges/http01.rb
|
|
177
|
+
- lib/acme/client/resources/challenges/tls_sni01.rb
|
|
177
178
|
- lib/acme/client/resources/registration.rb
|
|
179
|
+
- lib/acme/client/self_sign_certificate.rb
|
|
178
180
|
- lib/acme/client/version.rb
|
|
179
181
|
homepage: http://github.com/unixcharles/acme-client
|
|
180
182
|
licenses:
|