acme-client 2.0.11 → 2.0.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/test.yml +2 -2
- data/CHANGELOG.md +9 -0
- data/README.md +9 -2
- data/acme-client.gemspec +1 -1
- data/lib/acme/client/jwk/hmac.rb +30 -0
- data/lib/acme/client/jwk.rb +1 -0
- data/lib/acme/client/version.rb +1 -1
- data/lib/acme/client.rb +14 -2
- metadata +12 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6f1ddedbabab0a9c650d03b7d9ee3852957df27f939ca7cd5d40afb3b8e28007
|
|
4
|
+
data.tar.gz: 8c8fef020ae33d330964d783bd8469ded84b3a3251bd4bdb843c13977aa061e1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: eb71c795a68697c419f47f1ca6ae4e8e1b3ff74d6b1df9c9d8c59fd5153eb2a4d26e9613b225990b8296193c7b0b86ec1db06877c7f46def97ab44d186f72905
|
|
7
|
+
data.tar.gz: 5804bd0b338e86fdd782687b3191b5c37e77ac18d3e7da75d02452b82a641289e793f8ebe0a1b4659ecde7109d816e3801baac2ac71c906637ef79d73c19f105
|
data/.github/workflows/test.yml
CHANGED
|
@@ -11,8 +11,8 @@ jobs:
|
|
|
11
11
|
runs-on: ubuntu-latest
|
|
12
12
|
strategy:
|
|
13
13
|
matrix:
|
|
14
|
-
ruby-version: ['2.
|
|
15
|
-
faraday-version: ['~> 1.
|
|
14
|
+
ruby-version: ['2.7', '3.0', '3.1', '3.2']
|
|
15
|
+
faraday-version: ['~> 1.10', '~> 2.7']
|
|
16
16
|
env:
|
|
17
17
|
FARADAY_VERSION: ${{ matrix.faraday-version }}
|
|
18
18
|
steps:
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,12 @@
|
|
|
1
|
+
## `2.0.12`
|
|
2
|
+
|
|
3
|
+
* Add support for External Account Binding
|
|
4
|
+
|
|
5
|
+
## `2.0.12`
|
|
6
|
+
|
|
7
|
+
* Update test matrix to current Ruby versions (2.7 to 3.2)
|
|
8
|
+
* Support for Faraday retry 2.x
|
|
9
|
+
|
|
1
10
|
## `2.0.11`
|
|
2
11
|
|
|
3
12
|
* Add support for error code `AlreadyRevoked` and `BadPublicKey`
|
data/README.md
CHANGED
|
@@ -1,7 +1,5 @@
|
|
|
1
1
|
# Acme::Client
|
|
2
2
|
|
|
3
|
-
[](https://travis-ci.org/unixcharles/acme-client)
|
|
4
|
-
|
|
5
3
|
`acme-client` is a client implementation of the ACMEv2 / [RFC 8555](https://tools.ietf.org/html/rfc8555) protocol in Ruby.
|
|
6
4
|
|
|
7
5
|
You can find the ACME reference implementations of the [server](https://github.com/letsencrypt/boulder) in Go and the [client](https://github.com/certbot/certbot) in Python.
|
|
@@ -108,6 +106,15 @@ client.kid
|
|
|
108
106
|
=> "https://acme-staging-v02.api.letsencrypt.org/acme/acct/000000"
|
|
109
107
|
```
|
|
110
108
|
|
|
109
|
+
## External Account Binding support
|
|
110
|
+
|
|
111
|
+
You can use External Account Binding by providing a `external_account_binding` with a `kid` and `hmac_key`.
|
|
112
|
+
|
|
113
|
+
```ruby
|
|
114
|
+
client = Acme::Client.new(private_key: private_key, directory: 'https://acme.zerossl.com/v2/DV90')
|
|
115
|
+
account = client.new_account(contact: 'mailto:info@example.com', terms_of_service_agreed: true, external_account_binding: { kid: "your kid", hmac_key: "your hmac key"})
|
|
116
|
+
```
|
|
117
|
+
|
|
111
118
|
## Obtaining a certificate
|
|
112
119
|
### Ordering a certificate
|
|
113
120
|
|
data/acme-client.gemspec
CHANGED
|
@@ -24,5 +24,5 @@ Gem::Specification.new do |spec|
|
|
|
24
24
|
spec.add_development_dependency 'webrick'
|
|
25
25
|
|
|
26
26
|
spec.add_runtime_dependency 'faraday', '>= 1.0', '< 3.0.0'
|
|
27
|
-
spec.add_runtime_dependency 'faraday-retry', '
|
|
27
|
+
spec.add_runtime_dependency 'faraday-retry', '>= 1.0', '< 3.0.0'
|
|
28
28
|
end
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
class Acme::Client::JWK::HMAC < Acme::Client::JWK::Base
|
|
4
|
+
# Instantiate a new HMAC JWS.
|
|
5
|
+
#
|
|
6
|
+
# key - A string.
|
|
7
|
+
#
|
|
8
|
+
# Returns nothing.
|
|
9
|
+
def initialize(key)
|
|
10
|
+
@key = key
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
# Sign a message with the private key.
|
|
14
|
+
#
|
|
15
|
+
# message - A String message to sign.
|
|
16
|
+
#
|
|
17
|
+
# Returns a String signature.
|
|
18
|
+
def sign(message)
|
|
19
|
+
OpenSSL::HMAC.digest('SHA256', @key, message)
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
# The name of the algorithm as needed for the `alg` member of a JWS object.
|
|
23
|
+
#
|
|
24
|
+
# Returns a String.
|
|
25
|
+
def jwa_alg
|
|
26
|
+
# https://tools.ietf.org/html/rfc7518#section-3.1
|
|
27
|
+
# HMAC using SHA-256
|
|
28
|
+
'HS256'
|
|
29
|
+
end
|
|
30
|
+
end
|
data/lib/acme/client/jwk.rb
CHANGED
data/lib/acme/client/version.rb
CHANGED
data/lib/acme/client.rb
CHANGED
|
@@ -50,7 +50,8 @@ class Acme::Client
|
|
|
50
50
|
|
|
51
51
|
attr_reader :jwk, :nonces
|
|
52
52
|
|
|
53
|
-
def new_account(contact:, terms_of_service_agreed: nil)
|
|
53
|
+
def new_account(contact:, terms_of_service_agreed: nil, external_account_binding: nil)
|
|
54
|
+
new_account_endpoint = endpoint_for(:new_account)
|
|
54
55
|
payload = {
|
|
55
56
|
contact: Array(contact)
|
|
56
57
|
}
|
|
@@ -59,7 +60,18 @@ class Acme::Client
|
|
|
59
60
|
payload[:termsOfServiceAgreed] = terms_of_service_agreed
|
|
60
61
|
end
|
|
61
62
|
|
|
62
|
-
|
|
63
|
+
if external_account_binding
|
|
64
|
+
kid, hmac_key = external_account_binding.values_at(:kid, :hmac_key)
|
|
65
|
+
if kid.nil? || hmac_key.nil?
|
|
66
|
+
raise ArgumentError, 'must specify kid and hmac_key key for external_account_binding'
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
hmac = Acme::Client::JWK::HMAC.new(Base64.urlsafe_decode64(hmac_key))
|
|
70
|
+
external_account_payload = hmac.jws(header: { kid: kid, url: new_account_endpoint }, payload: @jwk)
|
|
71
|
+
payload[:externalAccountBinding] = JSON.parse(external_account_payload)
|
|
72
|
+
end
|
|
73
|
+
|
|
74
|
+
response = post(new_account_endpoint, payload: payload, mode: :jws)
|
|
63
75
|
@kid = response.headers.fetch(:location)
|
|
64
76
|
|
|
65
77
|
if response.body.nil? || response.body.empty?
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: acme-client
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.0.
|
|
4
|
+
version: 2.0.13
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Charles Barbier
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2023-02-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -118,16 +118,22 @@ dependencies:
|
|
|
118
118
|
name: faraday-retry
|
|
119
119
|
requirement: !ruby/object:Gem::Requirement
|
|
120
120
|
requirements:
|
|
121
|
-
- - "
|
|
121
|
+
- - ">="
|
|
122
122
|
- !ruby/object:Gem::Version
|
|
123
123
|
version: '1.0'
|
|
124
|
+
- - "<"
|
|
125
|
+
- !ruby/object:Gem::Version
|
|
126
|
+
version: 3.0.0
|
|
124
127
|
type: :runtime
|
|
125
128
|
prerelease: false
|
|
126
129
|
version_requirements: !ruby/object:Gem::Requirement
|
|
127
130
|
requirements:
|
|
128
|
-
- - "
|
|
131
|
+
- - ">="
|
|
129
132
|
- !ruby/object:Gem::Version
|
|
130
133
|
version: '1.0'
|
|
134
|
+
- - "<"
|
|
135
|
+
- !ruby/object:Gem::Version
|
|
136
|
+
version: 3.0.0
|
|
131
137
|
description:
|
|
132
138
|
email:
|
|
133
139
|
- unixcharles@gmail.com
|
|
@@ -159,6 +165,7 @@ files:
|
|
|
159
165
|
- lib/acme/client/jwk.rb
|
|
160
166
|
- lib/acme/client/jwk/base.rb
|
|
161
167
|
- lib/acme/client/jwk/ecdsa.rb
|
|
168
|
+
- lib/acme/client/jwk/hmac.rb
|
|
162
169
|
- lib/acme/client/jwk/rsa.rb
|
|
163
170
|
- lib/acme/client/resources.rb
|
|
164
171
|
- lib/acme/client/resources/account.rb
|
|
@@ -192,7 +199,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
192
199
|
- !ruby/object:Gem::Version
|
|
193
200
|
version: '0'
|
|
194
201
|
requirements: []
|
|
195
|
-
rubygems_version: 3.
|
|
202
|
+
rubygems_version: 3.4.1
|
|
196
203
|
signing_key:
|
|
197
204
|
specification_version: 4
|
|
198
205
|
summary: Client for the ACME protocol.
|