RubyGems - acme-client - Versions diffs - 2.0.12 → 2.0.13 - Mend

acme-client 2.0.12 → 2.0.13

Files changed (8) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 409e7fad9385308a4e8127d743897dd27683dfd8c711ea7e252624b0ea5599b5
-  data.tar.gz: 0df61205e809a7a2075cc26618023a5958b4820391408f217f7b34a79eb51391
+  metadata.gz: 6f1ddedbabab0a9c650d03b7d9ee3852957df27f939ca7cd5d40afb3b8e28007
+  data.tar.gz: 8c8fef020ae33d330964d783bd8469ded84b3a3251bd4bdb843c13977aa061e1
 SHA512:
-  metadata.gz: 90caf54c02324bfd5a9e2f41a293956d2fa940208a8cf26aafc26aa19fbd0810e21284c73b408b5a03b97ee41476fa1e424199cf89d07dfe79460f878b118392
-  data.tar.gz: 9d8465df2b32462b17aed637db02a86abdd84d8236c68bd46525aa34473f2583ebd8562a7fb94c4dcca498427a7e0f0de249f30a72162bea661cca7abbd91557
+  metadata.gz: eb71c795a68697c419f47f1ca6ae4e8e1b3ff74d6b1df9c9d8c59fd5153eb2a4d26e9613b225990b8296193c7b0b86ec1db06877c7f46def97ab44d186f72905
+  data.tar.gz: 5804bd0b338e86fdd782687b3191b5c37e77ac18d3e7da75d02452b82a641289e793f8ebe0a1b4659ecde7109d816e3801baac2ac71c906637ef79d73c19f105

data/CHANGELOG.md CHANGED Viewed

@@ -1,4 +1,8 @@
-## `2.0.11`
+## `2.0.12`
+* Add support for External Account Binding
+## `2.0.12`
 * Update test matrix to current Ruby versions (2.7 to 3.2)
 * Support for Faraday retry 2.x

data/README.md CHANGED Viewed

@@ -106,6 +106,15 @@ client.kid
 => "https://acme-staging-v02.api.letsencrypt.org/acme/acct/000000"
 ```
+## External Account Binding support
+You can use External Account Binding by providing a `external_account_binding` with a `kid` and `hmac_key`.
+```ruby
+client = Acme::Client.new(private_key: private_key, directory: 'https://acme.zerossl.com/v2/DV90')
+account = client.new_account(contact: 'mailto:info@example.com', terms_of_service_agreed: true, external_account_binding: { kid: "your kid", hmac_key: "your hmac key"})
+```
 ## Obtaining a certificate
 ### Ordering a certificate

data/lib/acme/client/jwk/hmac.rb ADDED Viewed

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+class Acme::Client::JWK::HMAC < Acme::Client::JWK::Base
+  # Instantiate a new HMAC JWS.
+  #
+  # key - A string.
+  #
+  # Returns nothing.
+  def initialize(key)
+    @key = key
+  end
+  # Sign a message with the private key.
+  #
+  # message - A String message to sign.
+  #
+  # Returns a String signature.
+  def sign(message)
+    OpenSSL::HMAC.digest('SHA256', @key, message)
+  end
+  # The name of the algorithm as needed for the `alg` member of a JWS object.
+  #
+  # Returns a String.
+  def jwa_alg
+    # https://tools.ietf.org/html/rfc7518#section-3.1
+    # HMAC using SHA-256
+    'HS256'
+  end
+end

data/lib/acme/client/jwk.rb CHANGED Viewed

@@ -19,3 +19,4 @@ end
 require 'acme/client/jwk/base'
 require 'acme/client/jwk/rsa'
 require 'acme/client/jwk/ecdsa'
+require 'acme/client/jwk/hmac'

data/lib/acme/client/version.rb CHANGED Viewed

@@ -2,6 +2,6 @@
 module Acme
   class Client
-    VERSION = '2.0.12'.freeze
+    VERSION = '2.0.13'.freeze
   end
 end

data/lib/acme/client.rb CHANGED Viewed

@@ -50,7 +50,8 @@ class Acme::Client
   attr_reader :jwk, :nonces
-  def new_account(contact:, terms_of_service_agreed: nil)
+  def new_account(contact:, terms_of_service_agreed: nil, external_account_binding: nil)
+    new_account_endpoint = endpoint_for(:new_account)
     payload = {
       contact: Array(contact)
     }
@@ -59,7 +60,18 @@ class Acme::Client
       payload[:termsOfServiceAgreed] = terms_of_service_agreed
     end
-    response = post(endpoint_for(:new_account), payload: payload, mode: :jws)
+    if external_account_binding
+      kid, hmac_key = external_account_binding.values_at(:kid, :hmac_key)
+      if kid.nil? || hmac_key.nil?
+        raise ArgumentError, 'must specify kid and hmac_key key for external_account_binding'
+      end
+      hmac = Acme::Client::JWK::HMAC.new(Base64.urlsafe_decode64(hmac_key))
+      external_account_payload = hmac.jws(header: { kid: kid, url: new_account_endpoint }, payload: @jwk)
+      payload[:externalAccountBinding] = JSON.parse(external_account_payload)
+    end
+    response = post(new_account_endpoint, payload: payload, mode: :jws)
     @kid = response.headers.fetch(:location)
     if response.body.nil? || response.body.empty?

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: acme-client
 version: !ruby/object:Gem::Version
-  version: 2.0.12
+  version: 2.0.13
 platform: ruby
 authors:
 - Charles Barbier
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-01-31 00:00:00.000000000 Z
+date: 2023-02-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -165,6 +165,7 @@ files:
 - lib/acme/client/jwk.rb
 - lib/acme/client/jwk/base.rb
 - lib/acme/client/jwk/ecdsa.rb
+- lib/acme/client/jwk/hmac.rb
 - lib/acme/client/jwk/rsa.rb
 - lib/acme/client/resources.rb
 - lib/acme/client/resources/account.rb