acme-client 0.3.7 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: caadecc954e9a67dfb321eeb5017112660d24110
-  data.tar.gz: 7788f6340a7266cfc652583ec1b3f70a8ddb672d
+  metadata.gz: 23f849edb70a3c4e33466410c19df3293242ec75
+  data.tar.gz: c610d9cabc6d2520b51654f3f140d2d12b8ecabe
 SHA512:
-  metadata.gz: bb70e95c5e5acc0faba72c687bc257f03b4ca0411b2ab30d206c79b08ce73974a473c01ca6d48734f6b69eb4bef2efdf314b82b033c36c9465cfbef2a73d1155
-  data.tar.gz: 971890ea5f70b48d68a29ef5f447d6641e9eab60a51785f6db7c26e52e5dc3f39fd4aa23aa25c8481dd0279a1fb05af9d6f78a44f64775187ec4ab77e5162bf0
+  metadata.gz: 4002d98a374002c504d3a6fdf4566b69dcb6eaf7bb298a111562a8911a2ccf3f10ba510795efbf41b03cf51b0a88c51fb900c30b22b914c66fe3c84ef729aff7
+  data.tar.gz: 7495152d76edaa3c3248518a14af07b103e8b4d3b5e22ca83ba1ca71aa93c7f6617a7c6925457e0994b1b10ca6c4807bfe3b5253c868bb512a317ab1b19a4e9b

data/acme-client.gemspec

@@ -24,5 +24,4 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'webmock', '~> 1.21', '>= 1.21.0'
 
   spec.add_runtime_dependency 'faraday', '~> 0.9', '>= 0.9.1'
-  spec.add_runtime_dependency 'json-jwt', '~> 1.2', '>= 1.2.3'
 end

data/lib/acme/client.rb

@@ -1,9 +1,11 @@
+# frozen_string_literal: true
+
 require 'faraday'
 require 'json'
-require 'json/jwt'
 require 'openssl'
 require 'digest'
 require 'forwardable'
+require 'base64'
 
 module Acme; end
 class Acme::Client; end

data/lib/acme/client/crypto.rb

@@ -6,26 +6,91 @@ class Acme::Client::Crypto
   end
 
   def generate_signed_jws(header:, payload:)
-    jwt = JSON::JWT.new(payload || {})
-    jwt.header.merge!(header || {})
-    jwt.header[:jwk] = jwk
-    jws = jwt.sign(private_key, :RS256)
-    jws.to_json(syntax: :flattened)
+    header = { typ: 'JWT', alg: jws_alg, jwk: jwk }.merge(header)
+
+    encoded_header = urlsafe_base64(header.to_json)
+    encoded_payload = urlsafe_base64(payload.to_json)
+    signature_data = "#{encoded_header}.#{encoded_payload}"
+
+    signature = private_key.sign digest, signature_data
+    encoded_signature = urlsafe_base64(signature)
+
+    {
+      protected: encoded_header,
+      payload: encoded_payload,
+      signature: encoded_signature
+    }.to_json
   end
 
   def thumbprint
-    jwk.thumbprint
+    urlsafe_base64 digest.digest(jwk.to_json)
   end
 
   def digest
     OpenSSL::Digest::SHA256.new
   end
 
+  def urlsafe_base64(data)
+    Base64.urlsafe_encode64(data).sub(/[\s=]*\z/, '')
+  end
+
   private
 
+  def jws_alg
+    { 'RSA' => 'RS256', 'EC' => 'ES256' }.fetch(jwk[:kty])
+  end
+
   def jwk
-    @jwk ||= JSON::JWK.new(public_key)
+    @jwk ||= case private_key
+             when OpenSSL::PKey::RSA
+               rsa_jwk
+             when OpenSSL::PKey::EC
+               ec_jwk
+             else
+               raise ArgumentError, "Can't handle #{private_key} as private key, only OpenSSL::PKey::RSA and OpenSSL::PKey::EC"
+    end
+  end
+
+  def rsa_jwk
+    {
+      e: urlsafe_base64(public_key.e.to_s(2)),
+      kty: 'RSA',
+      n: urlsafe_base64(public_key.n.to_s(2))
+    }
+  end
+
+  def ec_jwk
+    {
+      crv: curve_name,
+      kty: 'EC',
+      x: urlsafe_base64(coordinates[:x].to_s(2)),
+      y: urlsafe_base64(coordinates[:y].to_s(2))
+    }
+  end
+
+  def curve_name
+    {
+      'prime256v1' => 'P-256',
+      'secp384r1' => 'P-384',
+      'secp521r1' => 'P-521'
+    }.fetch(private_key.group.curve_name) { raise ArgumentError, 'Unknown EC curve' }
+  end
+
+  # rubocop:disable Metrics/AbcSize
+  def coordinates
+    @coordinates ||= begin
+      hex = public_key.to_bn.to_s(16)
+      data_len = hex.length - 2
+      hex_x = hex[2, data_len / 2]
+      hex_y = hex[2 + data_len / 2, data_len / 2]
+
+      {
+        x: OpenSSL::BN.new([hex_x].pack('H*'), 2),
+        y: OpenSSL::BN.new([hex_y].pack('H*'), 2)
+      }
+    end
   end
+  # rubocop:enable Metrics/AbcSize
 
   def public_key
     @public_key ||= private_key.public_key

data/lib/acme/client/faraday_middleware.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class Acme::Client::FaradayMiddleware < Faraday::Middleware
   attr_reader :env, :response, :client
 
@@ -50,8 +52,8 @@ class Acme::Client::FaradayMiddleware < Faraday::Middleware
   end
 
   def error_class
-    if error_name.present? && Acme::Client::Error.const_defined?(error_name)
-      "Acme::Client::Error::#{error_name}".constantize
+    if error_name && !error_name.empty? && Acme::Client::Error.const_defined?(error_name)
+      Object.const_get("Acme::Client::Error::#{error_name}")
     else
       Acme::Client::Error
     end
@@ -62,7 +64,7 @@ class Acme::Client::FaradayMiddleware < Faraday::Middleware
       return unless env.body.is_a?(Hash)
       return unless env.body.key?('type')
 
-      env.body['type'].gsub('urn:acme:error:', '').classify
+      env.body['type'].gsub('urn:acme:error:', '').split(/[_-]/).map(&:capitalize).join
     end
   end
 

data/lib/acme/client/resources/challenges/dns01.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class Acme::Client::Resources::Challenges::DNS01 < Acme::Client::Resources::Challenges::Base
   CHALLENGE_TYPE = 'dns-01'.freeze
   RECORD_NAME = '_acme-challenge'.freeze
@@ -12,6 +14,6 @@ class Acme::Client::Resources::Challenges::DNS01 < Acme::Client::Resources::Chal
   end
 
   def record_content
-    Base64.urlsafe_encode64(crypto.digest.digest(authorization_key)).sub(/[\s=]*\z/, '')
+    crypto.urlsafe_base64(crypto.digest.digest(authorization_key))
   end
 end

data/lib/acme/client/resources/challenges/http01.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class Acme::Client::Resources::Challenges::HTTP01 < Acme::Client::Resources::Challenges::Base
   CHALLENGE_TYPE = 'http-01'.freeze
   CONTENT_TYPE = 'text/plain'.freeze

data/lib/acme/client/resources/challenges/tls_sni01.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class Acme::Client::Resources::Challenges::TLSSNI01 < Acme::Client::Resources::Challenges::Base
   CHALLENGE_TYPE = 'tls-sni-01'.freeze
 

data/lib/acme/client/version.rb

@@ -1,5 +1,7 @@
+# frozen_string_literal: true
+
 module Acme
   class Client
-    VERSION = '0.3.7'.freeze
+    VERSION = '0.4.0'.freeze
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: acme-client
 version: !ruby/object:Gem::Version
-  version: 0.3.7
+  version: 0.4.0
 platform: ruby
 authors:
 - Charles Barbier
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-07-27 00:00:00.000000000 Z
+date: 2016-08-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -124,26 +124,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 0.9.1
-- !ruby/object:Gem::Dependency
-  name: json-jwt
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.2'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.2.3
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.2'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.2.3
 description: 
 email:
 - unixcharles@gmail.com