acme-client 2.0.12 → 2.0.13
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -1
- data/README.md +9 -0
- data/lib/acme/client/jwk/hmac.rb +30 -0
- data/lib/acme/client/jwk.rb +1 -0
- data/lib/acme/client/version.rb +1 -1
- data/lib/acme/client.rb +14 -2
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6f1ddedbabab0a9c650d03b7d9ee3852957df27f939ca7cd5d40afb3b8e28007
|
4
|
+
data.tar.gz: 8c8fef020ae33d330964d783bd8469ded84b3a3251bd4bdb843c13977aa061e1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: eb71c795a68697c419f47f1ca6ae4e8e1b3ff74d6b1df9c9d8c59fd5153eb2a4d26e9613b225990b8296193c7b0b86ec1db06877c7f46def97ab44d186f72905
|
7
|
+
data.tar.gz: 5804bd0b338e86fdd782687b3191b5c37e77ac18d3e7da75d02452b82a641289e793f8ebe0a1b4659ecde7109d816e3801baac2ac71c906637ef79d73c19f105
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
@@ -106,6 +106,15 @@ client.kid
|
|
106
106
|
=> "https://acme-staging-v02.api.letsencrypt.org/acme/acct/000000"
|
107
107
|
```
|
108
108
|
|
109
|
+
## External Account Binding support
|
110
|
+
|
111
|
+
You can use External Account Binding by providing a `external_account_binding` with a `kid` and `hmac_key`.
|
112
|
+
|
113
|
+
```ruby
|
114
|
+
client = Acme::Client.new(private_key: private_key, directory: 'https://acme.zerossl.com/v2/DV90')
|
115
|
+
account = client.new_account(contact: 'mailto:info@example.com', terms_of_service_agreed: true, external_account_binding: { kid: "your kid", hmac_key: "your hmac key"})
|
116
|
+
```
|
117
|
+
|
109
118
|
## Obtaining a certificate
|
110
119
|
### Ordering a certificate
|
111
120
|
|
@@ -0,0 +1,30 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
class Acme::Client::JWK::HMAC < Acme::Client::JWK::Base
|
4
|
+
# Instantiate a new HMAC JWS.
|
5
|
+
#
|
6
|
+
# key - A string.
|
7
|
+
#
|
8
|
+
# Returns nothing.
|
9
|
+
def initialize(key)
|
10
|
+
@key = key
|
11
|
+
end
|
12
|
+
|
13
|
+
# Sign a message with the private key.
|
14
|
+
#
|
15
|
+
# message - A String message to sign.
|
16
|
+
#
|
17
|
+
# Returns a String signature.
|
18
|
+
def sign(message)
|
19
|
+
OpenSSL::HMAC.digest('SHA256', @key, message)
|
20
|
+
end
|
21
|
+
|
22
|
+
# The name of the algorithm as needed for the `alg` member of a JWS object.
|
23
|
+
#
|
24
|
+
# Returns a String.
|
25
|
+
def jwa_alg
|
26
|
+
# https://tools.ietf.org/html/rfc7518#section-3.1
|
27
|
+
# HMAC using SHA-256
|
28
|
+
'HS256'
|
29
|
+
end
|
30
|
+
end
|
data/lib/acme/client/jwk.rb
CHANGED
data/lib/acme/client/version.rb
CHANGED
data/lib/acme/client.rb
CHANGED
@@ -50,7 +50,8 @@ class Acme::Client
|
|
50
50
|
|
51
51
|
attr_reader :jwk, :nonces
|
52
52
|
|
53
|
-
def new_account(contact:, terms_of_service_agreed: nil)
|
53
|
+
def new_account(contact:, terms_of_service_agreed: nil, external_account_binding: nil)
|
54
|
+
new_account_endpoint = endpoint_for(:new_account)
|
54
55
|
payload = {
|
55
56
|
contact: Array(contact)
|
56
57
|
}
|
@@ -59,7 +60,18 @@ class Acme::Client
|
|
59
60
|
payload[:termsOfServiceAgreed] = terms_of_service_agreed
|
60
61
|
end
|
61
62
|
|
62
|
-
|
63
|
+
if external_account_binding
|
64
|
+
kid, hmac_key = external_account_binding.values_at(:kid, :hmac_key)
|
65
|
+
if kid.nil? || hmac_key.nil?
|
66
|
+
raise ArgumentError, 'must specify kid and hmac_key key for external_account_binding'
|
67
|
+
end
|
68
|
+
|
69
|
+
hmac = Acme::Client::JWK::HMAC.new(Base64.urlsafe_decode64(hmac_key))
|
70
|
+
external_account_payload = hmac.jws(header: { kid: kid, url: new_account_endpoint }, payload: @jwk)
|
71
|
+
payload[:externalAccountBinding] = JSON.parse(external_account_payload)
|
72
|
+
end
|
73
|
+
|
74
|
+
response = post(new_account_endpoint, payload: payload, mode: :jws)
|
63
75
|
@kid = response.headers.fetch(:location)
|
64
76
|
|
65
77
|
if response.body.nil? || response.body.empty?
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: acme-client
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.
|
4
|
+
version: 2.0.13
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Charles Barbier
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-01
|
11
|
+
date: 2023-02-01 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -165,6 +165,7 @@ files:
|
|
165
165
|
- lib/acme/client/jwk.rb
|
166
166
|
- lib/acme/client/jwk/base.rb
|
167
167
|
- lib/acme/client/jwk/ecdsa.rb
|
168
|
+
- lib/acme/client/jwk/hmac.rb
|
168
169
|
- lib/acme/client/jwk/rsa.rb
|
169
170
|
- lib/acme/client/resources.rb
|
170
171
|
- lib/acme/client/resources/account.rb
|