acme-client 2.0.11 → 2.0.13

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/test.yml +2 -2
  3. data/CHANGELOG.md +9 -0
  4. data/README.md +9 -2
  5. data/acme-client.gemspec +1 -1
  6. data/lib/acme/client/jwk/hmac.rb +30 -0
  7. data/lib/acme/client/jwk.rb +1 -0
  8. data/lib/acme/client/version.rb +1 -1
  9. data/lib/acme/client.rb +14 -2
  10. metadata +12 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3ff7c41acdce5ad9f39a371998b37466d8affe4cb3de5e856d44d36e512180ea
4
- data.tar.gz: cb9fda5e72bf22dc93659a238b05dd419652584238a024658ebde04aaefc9e80
3
+ metadata.gz: 6f1ddedbabab0a9c650d03b7d9ee3852957df27f939ca7cd5d40afb3b8e28007
4
+ data.tar.gz: 8c8fef020ae33d330964d783bd8469ded84b3a3251bd4bdb843c13977aa061e1
5
5
  SHA512:
6
- metadata.gz: eea011baa47710043bab4f22e6556d6ece49ae1a87005e30ec25a41d1abeb93bf6a049ecadf742d706c6ebef7c6ece862704aadd96c252e8c6d801bf814c221a
7
- data.tar.gz: 77a75476bd154d46349acee637aad44e08ef911a676e0da5de9267b5f1cc1b845cd2d8030511fd25e2ee31354cdb269f4151a6c1ae36816ff75908864effa6d6
6
+ metadata.gz: eb71c795a68697c419f47f1ca6ae4e8e1b3ff74d6b1df9c9d8c59fd5153eb2a4d26e9613b225990b8296193c7b0b86ec1db06877c7f46def97ab44d186f72905
7
+ data.tar.gz: 5804bd0b338e86fdd782687b3191b5c37e77ac18d3e7da75d02452b82a641289e793f8ebe0a1b4659ecde7109d816e3801baac2ac71c906637ef79d73c19f105
data/.github/workflows/test.yml CHANGED
@@ -11,8 +11,8 @@ jobs:
11
11
  runs-on: ubuntu-latest
12
12
  strategy:
13
13
  matrix:
14
- ruby-version: ['2.6', '2.7', '3.0', truffleruby-head]
15
- faraday-version: ['~> 1.7', '~> 2.0']
14
+ ruby-version: ['2.7', '3.0', '3.1', '3.2']
15
+ faraday-version: ['~> 1.10', '~> 2.7']
16
16
  env:
17
17
  FARADAY_VERSION: ${{ matrix.faraday-version }}
18
18
  steps:
data/CHANGELOG.md CHANGED
@@ -1,3 +1,12 @@
1
+ ## `2.0.12`
2
+
3
+ * Add support for External Account Binding
4
+
5
+ ## `2.0.12`
6
+
7
+ * Update test matrix to current Ruby versions (2.7 to 3.2)
8
+ * Support for Faraday retry 2.x
9
+
1
10
  ## `2.0.11`
2
11
 
3
12
  * Add support for error code `AlreadyRevoked` and `BadPublicKey`
data/README.md CHANGED
@@ -1,7 +1,5 @@
1
1
  # Acme::Client
2
2
 
3
- [![Build Status](https://travis-ci.org/unixcharles/acme-client.svg?branch=master)](https://travis-ci.org/unixcharles/acme-client)
4
-
5
3
  `acme-client` is a client implementation of the ACMEv2 / [RFC 8555](https://tools.ietf.org/html/rfc8555) protocol in Ruby.
6
4
 
7
5
  You can find the ACME reference implementations of the [server](https://github.com/letsencrypt/boulder) in Go and the [client](https://github.com/certbot/certbot) in Python.
@@ -108,6 +106,15 @@ client.kid
108
106
  => "https://acme-staging-v02.api.letsencrypt.org/acme/acct/000000"
109
107
  ```
110
108
 
109
+ ## External Account Binding support
110
+
111
+ You can use External Account Binding by providing a `external_account_binding` with a `kid` and `hmac_key`.
112
+
113
+ ```ruby
114
+ client = Acme::Client.new(private_key: private_key, directory: 'https://acme.zerossl.com/v2/DV90')
115
+ account = client.new_account(contact: 'mailto:info@example.com', terms_of_service_agreed: true, external_account_binding: { kid: "your kid", hmac_key: "your hmac key"})
116
+ ```
117
+
111
118
  ## Obtaining a certificate
112
119
  ### Ordering a certificate
113
120
 
data/acme-client.gemspec CHANGED
@@ -24,5 +24,5 @@ Gem::Specification.new do |spec|
24
24
  spec.add_development_dependency 'webrick'
25
25
 
26
26
  spec.add_runtime_dependency 'faraday', '>= 1.0', '< 3.0.0'
27
- spec.add_runtime_dependency 'faraday-retry', '~> 1.0'
27
+ spec.add_runtime_dependency 'faraday-retry', '>= 1.0', '< 3.0.0'
28
28
  end
data/lib/acme/client/jwk/hmac.rb ADDED
@@ -0,0 +1,30 @@
1
+ # frozen_string_literal: true
2
+
3
+ class Acme::Client::JWK::HMAC < Acme::Client::JWK::Base
4
+ # Instantiate a new HMAC JWS.
5
+ #
6
+ # key - A string.
7
+ #
8
+ # Returns nothing.
9
+ def initialize(key)
10
+ @key = key
11
+ end
12
+
13
+ # Sign a message with the private key.
14
+ #
15
+ # message - A String message to sign.
16
+ #
17
+ # Returns a String signature.
18
+ def sign(message)
19
+ OpenSSL::HMAC.digest('SHA256', @key, message)
20
+ end
21
+
22
+ # The name of the algorithm as needed for the `alg` member of a JWS object.
23
+ #
24
+ # Returns a String.
25
+ def jwa_alg
26
+ # https://tools.ietf.org/html/rfc7518#section-3.1
27
+ # HMAC using SHA-256
28
+ 'HS256'
29
+ end
30
+ end
data/lib/acme/client/jwk.rb CHANGED
@@ -19,3 +19,4 @@ end
19
19
  require 'acme/client/jwk/base'
20
20
  require 'acme/client/jwk/rsa'
21
21
  require 'acme/client/jwk/ecdsa'
22
+ require 'acme/client/jwk/hmac'
data/lib/acme/client/version.rb CHANGED
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Acme
4
4
  class Client
5
- VERSION = '2.0.11'.freeze
5
+ VERSION = '2.0.13'.freeze
6
6
  end
7
7
  end
data/lib/acme/client.rb CHANGED
@@ -50,7 +50,8 @@ class Acme::Client
50
50
 
51
51
  attr_reader :jwk, :nonces
52
52
 
53
- def new_account(contact:, terms_of_service_agreed: nil)
53
+ def new_account(contact:, terms_of_service_agreed: nil, external_account_binding: nil)
54
+ new_account_endpoint = endpoint_for(:new_account)
54
55
  payload = {
55
56
  contact: Array(contact)
56
57
  }
@@ -59,7 +60,18 @@ class Acme::Client
59
60
  payload[:termsOfServiceAgreed] = terms_of_service_agreed
60
61
  end
61
62
 
62
- response = post(endpoint_for(:new_account), payload: payload, mode: :jws)
63
+ if external_account_binding
64
+ kid, hmac_key = external_account_binding.values_at(:kid, :hmac_key)
65
+ if kid.nil? || hmac_key.nil?
66
+ raise ArgumentError, 'must specify kid and hmac_key key for external_account_binding'
67
+ end
68
+
69
+ hmac = Acme::Client::JWK::HMAC.new(Base64.urlsafe_decode64(hmac_key))
70
+ external_account_payload = hmac.jws(header: { kid: kid, url: new_account_endpoint }, payload: @jwk)
71
+ payload[:externalAccountBinding] = JSON.parse(external_account_payload)
72
+ end
73
+
74
+ response = post(new_account_endpoint, payload: payload, mode: :jws)
63
75
  @kid = response.headers.fetch(:location)
64
76
 
65
77
  if response.body.nil? || response.body.empty?
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: acme-client
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.11
4
+ version: 2.0.13
5
5
  platform: ruby
6
6
  authors:
7
7
  - Charles Barbier
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-06-01 00:00:00.000000000 Z
11
+ date: 2023-02-01 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -118,16 +118,22 @@ dependencies:
118
118
  name: faraday-retry
119
119
  requirement: !ruby/object:Gem::Requirement
120
120
  requirements:
121
- - - "~>"
121
+ - - ">="
122
122
  - !ruby/object:Gem::Version
123
123
  version: '1.0'
124
+ - - "<"
125
+ - !ruby/object:Gem::Version
126
+ version: 3.0.0
124
127
  type: :runtime
125
128
  prerelease: false
126
129
  version_requirements: !ruby/object:Gem::Requirement
127
130
  requirements:
128
- - - "~>"
131
+ - - ">="
129
132
  - !ruby/object:Gem::Version
130
133
  version: '1.0'
134
+ - - "<"
135
+ - !ruby/object:Gem::Version
136
+ version: 3.0.0
131
137
  description:
132
138
  email:
133
139
  - unixcharles@gmail.com
@@ -159,6 +165,7 @@ files:
159
165
  - lib/acme/client/jwk.rb
160
166
  - lib/acme/client/jwk/base.rb
161
167
  - lib/acme/client/jwk/ecdsa.rb
168
+ - lib/acme/client/jwk/hmac.rb
162
169
  - lib/acme/client/jwk/rsa.rb
163
170
  - lib/acme/client/resources.rb
164
171
  - lib/acme/client/resources/account.rb
@@ -192,7 +199,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
192
199
  - !ruby/object:Gem::Version
193
200
  version: '0'
194
201
  requirements: []
195
- rubygems_version: 3.2.20
202
+ rubygems_version: 3.4.1
196
203
  signing_key:
197
204
  specification_version: 4
198
205
  summary: Client for the ACME protocol.