acme-client 1.0.0 → 2.0.0

data/lib/acme/client/resources/challenges/dns01.rb

@@ -15,6 +15,6 @@ class Acme::Client::Resources::Challenges::DNS01 < Acme::Client::Resources::Chal
   end
 
   def record_content
-    Acme::Client::Util.urlsafe_base64(DIGEST.digest(authorization_key))
+    Acme::Client::Util.urlsafe_base64(DIGEST.digest(key_authorization))
   end
 end

data/lib/acme/client/resources/challenges/http01.rb

@@ -9,7 +9,7 @@ class Acme::Client::Resources::Challenges::HTTP01 < Acme::Client::Resources::Cha
   end
 
   def file_content
-    authorization_key
+    key_authorization
   end
 
   def filename

data/lib/acme/client/resources/directory.rb

@@ -0,0 +1,75 @@
+# frozen_string_literal: true
+
+class Acme::Client::Resources::Directory
+  DIRECTORY_RESOURCES = {
+    new_nonce: 'newNonce',
+    new_account: 'newAccount',
+    new_order: 'newOrder',
+    new_authz: 'newAuthz',
+    revoke_certificate: 'revokeCert',
+    key_change: 'keyChange'
+  }
+
+  DIRECTORY_META = {
+    terms_of_service: 'termsOfService',
+    website: 'website',
+    caa_identities: 'caaIdentities',
+    external_account_required: 'externalAccountRequired'
+  }
+
+  def initialize(url, connection_options)
+    @url, @connection_options = url, connection_options
+  end
+
+  def endpoint_for(key)
+    directory.fetch(key) do |missing_key|
+      raise Acme::Client::Error::UnsupportedOperation,
+        "Directory at #{@url} does not include `#{missing_key}`"
+    end
+  end
+
+  def terms_of_service
+    meta[DIRECTORY_META[:terms_of_service]]
+  end
+
+  def website
+    meta[DIRECTORY_META[:website]]
+  end
+
+  def caa_identities
+    meta[DIRECTORY_META[:caa_identities]]
+  end
+
+  def external_account_required
+    meta[DIRECTORY_META[:external_account_required]]
+  end
+
+  def meta
+    directory[:meta]
+  end
+
+  private
+
+  def directory
+    @directory ||= load_directory
+  end
+
+  def load_directory
+    body = fetch_directory
+    result = {}
+    result[:meta] = body.delete('meta')
+    DIRECTORY_RESOURCES.each do |key, entry|
+      result[key] = URI(body[entry]) if body[entry]
+    end
+    result
+  rescue JSON::ParserError => exception
+    raise InvalidDirectory, "Invalid directory url\n#{@directory} did not return a valid directory\n#{exception.inspect}"
+  end
+
+  def fetch_directory
+    connection = Faraday.new(url: @directory, **@connection_options)
+    connection.headers[:user_agent] = Acme::Client::USER_AGENT
+    response = connection.get(@url)
+    JSON.parse(response.body)
+  end
+end

data/lib/acme/client/resources/order.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+class Acme::Client::Resources::Order
+  attr_reader :url, :status, :contact, :finalize_url, :identifiers, :authorization_urls, :expires, :certificate_url
+
+  def initialize(client, **arguments)
+    @client = client
+    assign_attributes(arguments)
+  end
+
+  def reload
+    assign_attributes **@client.order(url: url).to_h
+    true
+  end
+
+  def authorizations
+    @authorization_urls.map do |authorization_url|
+      @client.authorization(url: authorization_url)
+    end
+  end
+
+  def finalize(csr:)
+    assign_attributes **@client.finalize(url: finalize_url, csr: csr).to_h
+    true
+  end
+
+  def certificate
+    if certificate_url
+      @client.certificate(url: certificate_url)
+    else
+      raise Acme::Client::Error::CertificateNotReady, 'No certificate_url to collect the order'
+    end
+  end
+
+  def to_h
+    {
+      url: url,
+      status: status,
+      expires: expires,
+      finalize_url: finalize_url,
+      authorization_urls: authorization_urls,
+      identifiers: identifiers,
+      certificate_url: certificate_url
+    }
+  end
+
+  private
+
+  def assign_attributes(url:, status:, expires:, finalize_url:, authorization_urls:, identifiers:, certificate_url: nil)
+    @url = url
+    @status = status
+    @expires = expires
+    @finalize_url = finalize_url
+    @authorization_urls = authorization_urls
+    @identifiers = identifiers
+    @certificate_url = certificate_url
+  end
+end

data/lib/acme/client/version.rb

@@ -2,6 +2,6 @@
 
 module Acme
   class Client
-    VERSION = '1.0.0'.freeze
+    VERSION = '2.0.0'.freeze
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: acme-client
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 2.0.0
 platform: ruby
 authors:
 - Charles Barbier
@@ -146,7 +146,6 @@ files:
 - bin/setup
 - lib/acme-client.rb
 - lib/acme/client.rb
-- lib/acme/client/certificate.rb
 - lib/acme/client/certificate_request.rb
 - lib/acme/client/certificate_request/ec_key_patch.rb
 - lib/acme/client/error.rb
@@ -156,13 +155,14 @@ files:
 - lib/acme/client/jwk/ecdsa.rb
 - lib/acme/client/jwk/rsa.rb
 - lib/acme/client/resources.rb
+- lib/acme/client/resources/account.rb
 - lib/acme/client/resources/authorization.rb
 - lib/acme/client/resources/challenges.rb
 - lib/acme/client/resources/challenges/base.rb
 - lib/acme/client/resources/challenges/dns01.rb
 - lib/acme/client/resources/challenges/http01.rb
-- lib/acme/client/resources/challenges/tls_sni01.rb
-- lib/acme/client/resources/registration.rb
+- lib/acme/client/resources/directory.rb
+- lib/acme/client/resources/order.rb
 - lib/acme/client/self_sign_certificate.rb
 - lib/acme/client/util.rb
 - lib/acme/client/version.rb
@@ -186,7 +186,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.2
+rubygems_version: 2.7.6
 signing_key: 
 specification_version: 4
 summary: Client for the ACME protocol.

data/lib/acme/client/certificate.rb

@@ -1,30 +0,0 @@
-class Acme::Client::Certificate
-  extend Forwardable
-
-  attr_reader :x509, :x509_chain, :request, :private_key, :url
-
-  def_delegators :x509, :to_pem, :to_der
-
-  def initialize(certificate, url, chain, request)
-    @x509 = certificate
-    @url = url
-    @x509_chain = chain
-    @request = request
-  end
-
-  def chain_to_pem
-    x509_chain.map(&:to_pem).join
-  end
-
-  def x509_fullchain
-    [x509, *x509_chain]
-  end
-
-  def fullchain_to_pem
-    x509_fullchain.map(&:to_pem).join
-  end
-
-  def common_name
-    x509.subject.to_a.find { |name, _, _| name == 'CN' }[1]
-  end
-end

data/lib/acme/client/resources/challenges/tls_sni01.rb

@@ -1,25 +0,0 @@
-# frozen_string_literal: true
-
-class Acme::Client::Resources::Challenges::TLSSNI01 < Acme::Client::Resources::Challenges::Base
-  CHALLENGE_TYPE = 'tls-sni-01'.freeze
-  DIGEST = OpenSSL::Digest::SHA256
-
-  def hostname
-    digest = DIGEST.hexdigest(authorization_key)
-    "#{digest[0..31]}.#{digest[32..64]}.acme.invalid"
-  end
-
-  def certificate
-    self_sign_certificate.certificate
-  end
-
-  def private_key
-    self_sign_certificate.private_key
-  end
-
-  private
-
-  def self_sign_certificate
-    @self_sign_certificate ||= Acme::Client::SelfSignCertificate.new(subject_alt_names: [hostname])
-  end
-end

data/lib/acme/client/resources/registration.rb

@@ -1,37 +0,0 @@
-class Acme::Client::Resources::Registration
-  attr_reader :id, :key, :contact, :uri, :next_uri, :recover_uri, :term_of_service_uri
-
-  def initialize(client, response)
-    @client = client
-    @uri = response.headers['location']
-    assign_links(response.headers['Link'])
-    assign_attributes(response.body)
-  end
-
-  def get_terms
-    return unless @term_of_service_uri
-
-    @client.connection.get(@term_of_service_uri).body
-  end
-
-  def agree_terms
-    return true unless @term_of_service_uri
-
-    response = @client.connection.post(@uri, resource: 'reg', agreement: @term_of_service_uri)
-    response.success?
-  end
-
-  private
-
-  def assign_links(links)
-    @next_uri = links['next']
-    @recover_uri = links['recover']
-    @term_of_service_uri = links['terms-of-service']
-  end
-
-  def assign_attributes(body)
-    @id = body['id']
-    @key = body['key']
-    @contact = body['contact']
-  end
-end