acme-client 2.0.11 → 2.0.13
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/test.yml +2 -2
- data/CHANGELOG.md +9 -0
- data/README.md +9 -2
- data/acme-client.gemspec +1 -1
- data/lib/acme/client/jwk/hmac.rb +30 -0
- data/lib/acme/client/jwk.rb +1 -0
- data/lib/acme/client/version.rb +1 -1
- data/lib/acme/client.rb +14 -2
- metadata +12 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6f1ddedbabab0a9c650d03b7d9ee3852957df27f939ca7cd5d40afb3b8e28007
|
4
|
+
data.tar.gz: 8c8fef020ae33d330964d783bd8469ded84b3a3251bd4bdb843c13977aa061e1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: eb71c795a68697c419f47f1ca6ae4e8e1b3ff74d6b1df9c9d8c59fd5153eb2a4d26e9613b225990b8296193c7b0b86ec1db06877c7f46def97ab44d186f72905
|
7
|
+
data.tar.gz: 5804bd0b338e86fdd782687b3191b5c37e77ac18d3e7da75d02452b82a641289e793f8ebe0a1b4659ecde7109d816e3801baac2ac71c906637ef79d73c19f105
|
data/.github/workflows/test.yml
CHANGED
@@ -11,8 +11,8 @@ jobs:
|
|
11
11
|
runs-on: ubuntu-latest
|
12
12
|
strategy:
|
13
13
|
matrix:
|
14
|
-
ruby-version: ['2.
|
15
|
-
faraday-version: ['~> 1.
|
14
|
+
ruby-version: ['2.7', '3.0', '3.1', '3.2']
|
15
|
+
faraday-version: ['~> 1.10', '~> 2.7']
|
16
16
|
env:
|
17
17
|
FARADAY_VERSION: ${{ matrix.faraday-version }}
|
18
18
|
steps:
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,12 @@
|
|
1
|
+
## `2.0.12`
|
2
|
+
|
3
|
+
* Add support for External Account Binding
|
4
|
+
|
5
|
+
## `2.0.12`
|
6
|
+
|
7
|
+
* Update test matrix to current Ruby versions (2.7 to 3.2)
|
8
|
+
* Support for Faraday retry 2.x
|
9
|
+
|
1
10
|
## `2.0.11`
|
2
11
|
|
3
12
|
* Add support for error code `AlreadyRevoked` and `BadPublicKey`
|
data/README.md
CHANGED
@@ -1,7 +1,5 @@
|
|
1
1
|
# Acme::Client
|
2
2
|
|
3
|
-
[![Build Status](https://travis-ci.org/unixcharles/acme-client.svg?branch=master)](https://travis-ci.org/unixcharles/acme-client)
|
4
|
-
|
5
3
|
`acme-client` is a client implementation of the ACMEv2 / [RFC 8555](https://tools.ietf.org/html/rfc8555) protocol in Ruby.
|
6
4
|
|
7
5
|
You can find the ACME reference implementations of the [server](https://github.com/letsencrypt/boulder) in Go and the [client](https://github.com/certbot/certbot) in Python.
|
@@ -108,6 +106,15 @@ client.kid
|
|
108
106
|
=> "https://acme-staging-v02.api.letsencrypt.org/acme/acct/000000"
|
109
107
|
```
|
110
108
|
|
109
|
+
## External Account Binding support
|
110
|
+
|
111
|
+
You can use External Account Binding by providing a `external_account_binding` with a `kid` and `hmac_key`.
|
112
|
+
|
113
|
+
```ruby
|
114
|
+
client = Acme::Client.new(private_key: private_key, directory: 'https://acme.zerossl.com/v2/DV90')
|
115
|
+
account = client.new_account(contact: 'mailto:info@example.com', terms_of_service_agreed: true, external_account_binding: { kid: "your kid", hmac_key: "your hmac key"})
|
116
|
+
```
|
117
|
+
|
111
118
|
## Obtaining a certificate
|
112
119
|
### Ordering a certificate
|
113
120
|
|
data/acme-client.gemspec
CHANGED
@@ -24,5 +24,5 @@ Gem::Specification.new do |spec|
|
|
24
24
|
spec.add_development_dependency 'webrick'
|
25
25
|
|
26
26
|
spec.add_runtime_dependency 'faraday', '>= 1.0', '< 3.0.0'
|
27
|
-
spec.add_runtime_dependency 'faraday-retry', '
|
27
|
+
spec.add_runtime_dependency 'faraday-retry', '>= 1.0', '< 3.0.0'
|
28
28
|
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
class Acme::Client::JWK::HMAC < Acme::Client::JWK::Base
|
4
|
+
# Instantiate a new HMAC JWS.
|
5
|
+
#
|
6
|
+
# key - A string.
|
7
|
+
#
|
8
|
+
# Returns nothing.
|
9
|
+
def initialize(key)
|
10
|
+
@key = key
|
11
|
+
end
|
12
|
+
|
13
|
+
# Sign a message with the private key.
|
14
|
+
#
|
15
|
+
# message - A String message to sign.
|
16
|
+
#
|
17
|
+
# Returns a String signature.
|
18
|
+
def sign(message)
|
19
|
+
OpenSSL::HMAC.digest('SHA256', @key, message)
|
20
|
+
end
|
21
|
+
|
22
|
+
# The name of the algorithm as needed for the `alg` member of a JWS object.
|
23
|
+
#
|
24
|
+
# Returns a String.
|
25
|
+
def jwa_alg
|
26
|
+
# https://tools.ietf.org/html/rfc7518#section-3.1
|
27
|
+
# HMAC using SHA-256
|
28
|
+
'HS256'
|
29
|
+
end
|
30
|
+
end
|
data/lib/acme/client/jwk.rb
CHANGED
data/lib/acme/client/version.rb
CHANGED
data/lib/acme/client.rb
CHANGED
@@ -50,7 +50,8 @@ class Acme::Client
|
|
50
50
|
|
51
51
|
attr_reader :jwk, :nonces
|
52
52
|
|
53
|
-
def new_account(contact:, terms_of_service_agreed: nil)
|
53
|
+
def new_account(contact:, terms_of_service_agreed: nil, external_account_binding: nil)
|
54
|
+
new_account_endpoint = endpoint_for(:new_account)
|
54
55
|
payload = {
|
55
56
|
contact: Array(contact)
|
56
57
|
}
|
@@ -59,7 +60,18 @@ class Acme::Client
|
|
59
60
|
payload[:termsOfServiceAgreed] = terms_of_service_agreed
|
60
61
|
end
|
61
62
|
|
62
|
-
|
63
|
+
if external_account_binding
|
64
|
+
kid, hmac_key = external_account_binding.values_at(:kid, :hmac_key)
|
65
|
+
if kid.nil? || hmac_key.nil?
|
66
|
+
raise ArgumentError, 'must specify kid and hmac_key key for external_account_binding'
|
67
|
+
end
|
68
|
+
|
69
|
+
hmac = Acme::Client::JWK::HMAC.new(Base64.urlsafe_decode64(hmac_key))
|
70
|
+
external_account_payload = hmac.jws(header: { kid: kid, url: new_account_endpoint }, payload: @jwk)
|
71
|
+
payload[:externalAccountBinding] = JSON.parse(external_account_payload)
|
72
|
+
end
|
73
|
+
|
74
|
+
response = post(new_account_endpoint, payload: payload, mode: :jws)
|
63
75
|
@kid = response.headers.fetch(:location)
|
64
76
|
|
65
77
|
if response.body.nil? || response.body.empty?
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: acme-client
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.
|
4
|
+
version: 2.0.13
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Charles Barbier
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-02-01 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -118,16 +118,22 @@ dependencies:
|
|
118
118
|
name: faraday-retry
|
119
119
|
requirement: !ruby/object:Gem::Requirement
|
120
120
|
requirements:
|
121
|
-
- - "
|
121
|
+
- - ">="
|
122
122
|
- !ruby/object:Gem::Version
|
123
123
|
version: '1.0'
|
124
|
+
- - "<"
|
125
|
+
- !ruby/object:Gem::Version
|
126
|
+
version: 3.0.0
|
124
127
|
type: :runtime
|
125
128
|
prerelease: false
|
126
129
|
version_requirements: !ruby/object:Gem::Requirement
|
127
130
|
requirements:
|
128
|
-
- - "
|
131
|
+
- - ">="
|
129
132
|
- !ruby/object:Gem::Version
|
130
133
|
version: '1.0'
|
134
|
+
- - "<"
|
135
|
+
- !ruby/object:Gem::Version
|
136
|
+
version: 3.0.0
|
131
137
|
description:
|
132
138
|
email:
|
133
139
|
- unixcharles@gmail.com
|
@@ -159,6 +165,7 @@ files:
|
|
159
165
|
- lib/acme/client/jwk.rb
|
160
166
|
- lib/acme/client/jwk/base.rb
|
161
167
|
- lib/acme/client/jwk/ecdsa.rb
|
168
|
+
- lib/acme/client/jwk/hmac.rb
|
162
169
|
- lib/acme/client/jwk/rsa.rb
|
163
170
|
- lib/acme/client/resources.rb
|
164
171
|
- lib/acme/client/resources/account.rb
|
@@ -192,7 +199,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
192
199
|
- !ruby/object:Gem::Version
|
193
200
|
version: '0'
|
194
201
|
requirements: []
|
195
|
-
rubygems_version: 3.
|
202
|
+
rubygems_version: 3.4.1
|
196
203
|
signing_key:
|
197
204
|
specification_version: 4
|
198
205
|
summary: Client for the ACME protocol.
|