acme-client 2.0.13 → 2.0.15

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6f1ddedbabab0a9c650d03b7d9ee3852957df27f939ca7cd5d40afb3b8e28007
-  data.tar.gz: 8c8fef020ae33d330964d783bd8469ded84b3a3251bd4bdb843c13977aa061e1
+  metadata.gz: a634fb4c9a908ebb94e2ace402f7a66f510df3e0b6307b78c2e06eeabdb0e497
+  data.tar.gz: eb4bbbcc6f4ad0dd055fcb2a7897e408b862251c7e63c3b9c711f175fd21e727
 SHA512:
-  metadata.gz: eb71c795a68697c419f47f1ca6ae4e8e1b3ff74d6b1df9c9d8c59fd5153eb2a4d26e9613b225990b8296193c7b0b86ec1db06877c7f46def97ab44d186f72905
-  data.tar.gz: 5804bd0b338e86fdd782687b3191b5c37e77ac18d3e7da75d02452b82a641289e793f8ebe0a1b4659ecde7109d816e3801baac2ac71c906637ef79d73c19f105
+  metadata.gz: abd5644a5d5b6edfaf9e04a9d5fb382efcdbfcde55ce2327ecb21400ec827512fc4dd38fdfcbe67e239d4ce2b848a5677c6406220b8740ad37291e608290c9e2
+  data.tar.gz: 0f7f4d87df7011f99b2b36064ff13ced4c7d9b2e86ad8dccbb1c52374da9a57044433c7c7a7571a820a678e735d4eb3e1bb9e4d96f3c6c69f183151aeb012d7d

data/CHANGELOG.md

@@ -1,4 +1,13 @@
-## `2.0.12`
+## `2.0.15`
+
+* Also pass connection_options to Faraday for Client#get_nonce
+
+
+## `2.0.14`
+
+* Fix Faraday HTTP exceptions leaking out, always raise `Acme::Client::Error` instead
+
+## `2.0.13`
 
 * Add support for External Account Binding
 

data/README.md

@@ -244,7 +244,7 @@ To change the key used for an account you can call `#account_key_change` with th
 ```ruby
 require 'openssl'
 new_private_key = OpenSSL::PKey::RSA.new(4096)
-client.account_key_change(private_key: new_private_key)
+client.account_key_change(new_private_key: new_private_key)
 ```
 
 ## Requirements

data/acme-client.gemspec

@@ -11,7 +11,7 @@ Gem::Specification.new do |spec|
   spec.homepage      = 'http://github.com/unixcharles/acme-client'
   spec.license       = 'MIT'
 
-  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) || f.start_with?('.') }
   spec.require_paths = ['lib']
 
   spec.required_ruby_version = '>= 2.3.0'

data/lib/acme/client/http_client.rb

@@ -0,0 +1,162 @@
+# frozen_string_literal: true
+
+module Acme::Client::HTTPClient
+  # Creates and returns a new HTTP client, with default settings.
+  #
+  # @param  url [URI:HTTPS]
+  # @param  options [Hash]
+  # @return [Faraday::Connection]
+  def self.new_connection(url:, options: {})
+    Faraday.new(url, options) do |configuration|
+      configuration.use Acme::Client::HTTPClient::ErrorMiddleware
+
+      yield(configuration) if block_given?
+
+      configuration.headers[:user_agent] = Acme::Client::USER_AGENT
+      configuration.adapter Faraday.default_adapter
+    end
+  end
+
+  # Creates and returns a new HTTP client designed for the Acme-protocol, with default settings.
+  #
+  # @param  url [URI:HTTPS]
+  # @param  client [Acme::Client]
+  # @param  mode [Symbol]
+  # @param  options [Hash]
+  # @param  bad_nonce_retry [Integer]
+  # @return [Faraday::Connection]
+  def self.new_acme_connection(url:, client:, mode:, options: {}, bad_nonce_retry: 0)
+    new_connection(url: url, options: options) do |configuration|
+      if bad_nonce_retry > 0
+        configuration.request(:retry,
+          max: bad_nonce_retry,
+          methods: Faraday::Connection::METHODS,
+          exceptions: [Acme::Client::Error::BadNonce])
+      end
+
+      configuration.use Acme::Client::HTTPClient::AcmeMiddleware, client: client, mode: mode
+
+      yield(configuration) if block_given?
+    end
+  end
+
+  # ErrorMiddleware ensures the HTTP Client would not raise exceptions outside the Acme namespace.
+  #
+  # Exceptions are rescued and re-packaged as Acme exceptions.
+  class ErrorMiddleware < Faraday::Middleware
+    # Implements the Rack-alike Faraday::Middleware interface.
+    def call(env)
+      @app.call(env)
+    rescue Faraday::TimeoutError, Faraday::ConnectionFailed
+      raise Acme::Client::Error::Timeout
+    end
+  end
+
+  # AcmeMiddleware implements the Acme-protocol requirements for JWK requests.
+  class AcmeMiddleware < Faraday::Middleware
+    attr_reader :env, :response, :client
+
+    CONTENT_TYPE = 'application/jose+json'
+
+    def initialize(app, options)
+      super(app)
+      @client = options.fetch(:client)
+      @mode = options.fetch(:mode)
+    end
+
+    def call(env)
+      @env = env
+      @env[:request_headers]['Content-Type'] = CONTENT_TYPE
+
+      if @env.method != :get
+        @env.body = client.jwk.jws(header: jws_header, payload: env.body)
+      end
+
+      @app.call(env).on_complete { |response_env| on_complete(response_env) }
+    end
+
+    def on_complete(env)
+      @env = env
+
+      raise_on_not_found!
+      store_nonce
+      env.body = decode_body
+      env.response_headers['Link'] = decode_link_headers
+
+      return if env.success?
+
+      raise_on_error!
+    end
+
+    private
+
+    def jws_header
+      headers = { nonce: pop_nonce, url: env.url.to_s }
+      headers[:kid] = client.kid if @mode == :kid
+      headers
+    end
+
+    def raise_on_not_found!
+      raise Acme::Client::Error::NotFound, env.url.to_s if env.status == 404
+    end
+
+    def raise_on_error!
+      raise error_class, error_message
+    end
+
+    def error_message
+      if env.body.is_a? Hash
+        env.body['detail']
+      else
+        "Error message: #{env.body}"
+      end
+    end
+
+    def error_class
+      Acme::Client::Error::ACME_ERRORS.fetch(error_name, Acme::Client::Error)
+    end
+
+    def error_name
+      return unless env.body.is_a?(Hash)
+      return unless env.body.key?('type')
+      env.body['type']
+    end
+
+    def decode_body
+      content_type = env.response_headers['Content-Type'].to_s
+
+      if content_type.start_with?('application/json', 'application/problem+json')
+        JSON.load(env.body)
+      else
+        env.body
+      end
+    end
+
+    def decode_link_headers
+      return unless env.response_headers.key?('Link')
+      link_header = env.response_headers['Link']
+      Acme::Client::Util.decode_link_headers(link_header)
+    end
+
+    def store_nonce
+      nonce = env.response_headers['replay-nonce']
+      nonces << nonce if nonce
+    end
+
+    def pop_nonce
+      if nonces.empty?
+        get_nonce
+      end
+
+      nonces.pop
+    end
+
+    def get_nonce
+      client.get_nonce
+    end
+
+    def nonces
+      client.nonces
+    end
+  end
+end

data/lib/acme/client/resources/directory.rb

@@ -68,13 +68,8 @@ class Acme::Client::Resources::Directory
   end
 
   def fetch_directory
-    connection = Faraday.new(url: @directory, **@connection_options) do |configuration|
-      configuration.use Acme::Client::FaradayMiddleware, client: nil, mode: nil
-
-      configuration.adapter Faraday.default_adapter
-    end
-    connection.headers[:user_agent] = Acme::Client::USER_AGENT
-    response = connection.get(@url)
+    http_client = Acme::Client::HTTPClient.new_acme_connection(url: @directory, options: @connection_options, client: nil, mode: nil)
+    response = http_client.get(@url)
     response.body
   end
 end

data/lib/acme/client/util.rb

@@ -1,4 +1,6 @@
 module Acme::Client::Util
+  extend self
+
   def urlsafe_base64(data)
     Base64.urlsafe_encode64(data).sub(/[\s=]*\z/, '')
   end
@@ -30,6 +32,4 @@ module Acme::Client::Util
       raise ArgumentError, 'priv must be EC or RSA'
     end
   end
-
-  extend self
 end

data/lib/acme/client/version.rb

@@ -2,6 +2,6 @@
 
 module Acme
   class Client
-    VERSION = '2.0.13'.freeze
+    VERSION = '2.0.15'.freeze
   end
 end

data/lib/acme/client.rb

@@ -14,10 +14,10 @@ module Acme; end
 class Acme::Client; end
 
 require 'acme/client/version'
+require 'acme/client/http_client'
 require 'acme/client/certificate_request'
 require 'acme/client/self_sign_certificate'
 require 'acme/client/resources'
-require 'acme/client/faraday_middleware'
 require 'acme/client/jwk'
 require 'acme/client/error'
 require 'acme/client/util'
@@ -223,8 +223,8 @@ class Acme::Client
   end
 
   def get_nonce
-    connection = new_connection(endpoint: endpoint_for(:new_nonce))
-    response = connection.head(nil, nil, 'User-Agent' => USER_AGENT)
+    http_client = Acme::Client::HTTPClient.new_connection(url: endpoint_for(:new_nonce), options: @connection_options)
+    response = http_client.head(nil, nil)
     nonces << response.headers['replay-nonce']
     true
   end
@@ -332,28 +332,12 @@ class Acme::Client
   def connection_for(url:, mode:)
     uri = URI(url)
     endpoint = "#{uri.scheme}://#{uri.hostname}:#{uri.port}"
+
     @connections ||= {}
     @connections[mode] ||= {}
-    @connections[mode][endpoint] ||= new_acme_connection(endpoint: endpoint, mode: mode)
-  end
-
-  def new_acme_connection(endpoint:, mode:)
-    new_connection(endpoint: endpoint) do |configuration|
-      configuration.use Acme::Client::FaradayMiddleware, client: self, mode: mode
-    end
-  end
-
-  def new_connection(endpoint:)
-    Faraday.new(endpoint, **@connection_options) do |configuration|
-      if @bad_nonce_retry > 0
-        configuration.request(:retry,
-          max: @bad_nonce_retry,
-          methods: Faraday::Connection::METHODS,
-          exceptions: [Acme::Client::Error::BadNonce])
-      end
-      yield(configuration) if block_given?
-      configuration.adapter Faraday.default_adapter
-    end
+    @connections[mode][endpoint] ||= Acme::Client::HTTPClient.new_acme_connection(
+      url: URI(endpoint), mode: mode, client: self, options: @connection_options, bad_nonce_retry: @bad_nonce_retry
+    )
   end
 
   def fetch_chain(response, limit = 10)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: acme-client
 version: !ruby/object:Gem::Version
-  version: 2.0.13
+  version: 2.0.15
 platform: ruby
 authors:
 - Charles Barbier
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-02-01 00:00:00.000000000 Z
+date: 2023-10-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -141,11 +141,6 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".github/workflows/rubocop.yml"
-- ".github/workflows/test.yml"
-- ".gitignore"
-- ".rspec"
-- ".rubocop.yml"
 - CHANGELOG.md
 - Gemfile
 - LICENSE.txt
@@ -161,7 +156,7 @@ files:
 - lib/acme/client/certificate_request/ec_key_patch.rb
 - lib/acme/client/chain_identifier.rb
 - lib/acme/client/error.rb
-- lib/acme/client/faraday_middleware.rb
+- lib/acme/client/http_client.rb
 - lib/acme/client/jwk.rb
 - lib/acme/client/jwk/base.rb
 - lib/acme/client/jwk/ecdsa.rb
@@ -199,7 +194,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.1
+rubygems_version: 3.4.13
 signing_key:
 specification_version: 4
 summary: Client for the ACME protocol.

data/.github/workflows/rubocop.yml

@@ -1,23 +0,0 @@
-name: Lint
-
-on:
-  push:
-    branches: [ master ]
-  pull_request:
-    branches: [ master ]
-
-jobs:
-  rubocop:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        ruby-version: ['3.0']
-    steps:
-    - uses: actions/checkout@v2
-    - name: Set up Ruby
-      uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: ${{ matrix.ruby-version }}
-        bundler-cache: true # runs 'bundle install' and caches installed gems automatically
-    - name: Run tests
-      run: bundle exec rake rubocop

data/.github/workflows/test.yml

@@ -1,26 +0,0 @@
-name: CI
-
-on:
-  push:
-    branches: [ master ]
-  pull_request:
-    branches: [ master ]
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        ruby-version: ['2.7', '3.0', '3.1', '3.2']
-        faraday-version: ['~> 1.10', '~> 2.7']
-    env:
-      FARADAY_VERSION: ${{ matrix.faraday-version }}
-    steps:
-    - uses: actions/checkout@v2
-    - name: Set up Ruby
-      uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: ${{ matrix.ruby-version }}
-        bundler-cache: true # runs 'bundle install' and caches installed gems automatically
-    - name: Run tests
-      run: bundle exec rake spec

data/.gitignore

@@ -1,12 +0,0 @@
-/.bundle/
-/.yardoc
-/Gemfile.lock
-/_yardoc/
-/coverage/
-/doc/
-/pkg/
-/spec/reports/
-/tmp/
-/vendor/bundle
-/.idea/
-.tool-versions

data/.rspec

@@ -1,3 +0,0 @@
---format documentation
---color
---order rand

data/.rubocop.yml

@@ -1,134 +0,0 @@
-AllCops:
-  TargetRubyVersion: 2.1
-  Exclude:
-    - 'bin/*'
-    - 'vendor/**/*'
-
-Rails:
-  Enabled: false
-
-Layout/AlignParameters:
-  EnforcedStyle: with_fixed_indentation
-
-Layout/ElseAlignment:
-  Enabled: false
-
-Layout/FirstParameterIndentation:
-  EnforcedStyle: consistent
-
-Layout/IndentationWidth:
-  Enabled: false
-
-Layout/MultilineOperationIndentation:
-  Enabled: false
-
-Layout/SpaceInsideBlockBraces:
-  Enabled: false
-
-Lint/AmbiguousOperator:
-  Enabled: false
-
-Lint/AssignmentInCondition:
-  Enabled: false
-
-Lint/EndAlignment:
-  Enabled: false
-
-Lint/UnusedMethodArgument:
-  AllowUnusedKeywordArguments: true
-
-Metrics/AbcSize:
-  Enabled: false
-
-Metrics/BlockLength:
-  Enabled: false
-
-Metrics/ClassLength:
-  Enabled: false
-
-Metrics/CyclomaticComplexity:
-  Enabled: false
-
-Metrics/LineLength:
-  Max: 140
-
-Metrics/MethodLength:
-  Max: 15
-  Enabled: false
-
-Metrics/ParameterLists:
-  Max: 5
-  CountKeywordArgs: false
-
-Metrics/PerceivedComplexity:
-  Enabled: false
-
-Security/JSONLoad:
-  Enabled: false
-
-Style/AccessorMethodName:
-  Enabled: false
-
-Style/Alias:
-  Enabled: false
-
-Style/BlockDelimiters:
-  EnforcedStyle: semantic
-
-Style/ClassAndModuleChildren:
-  Enabled: false
-
-Style/Documentation:
-  Enabled: false
-
-Style/DoubleNegation:
-  Enabled: false
-
-Style/FileName:
-  Exclude:
-    - 'lib/acme-client.rb'
-
-Style/GlobalVars:
-  Enabled: false
-
-Style/GuardClause:
-  Enabled: false
-
-Style/IfUnlessModifier:
-  Enabled: false
-
-Style/Lambda:
-  Enabled: false
-
-Style/ModuleFunction:
-  Enabled: false
-
-Style/MultilineBlockChain:
-  Enabled: false
-
-Style/MultipleComparison:
-  Enabled: false
-
-Style/MutableConstant:
-  Enabled: false
-
-Style/ParallelAssignment:
-  Enabled: false
-
-Style/PercentLiteralDelimiters:
-  Enabled: false
-
-Style/SignalException:
-  EnforcedStyle: only_raise
-
-Style/SymbolArray:
-  Enabled: false
-
-Style/StringLiterals:
-  Enabled: single_quotes
-
-Style/TrailingCommaInArguments:
-  Enabled: false
-
-Style/TrivialAccessors:
-  AllowPredicates: true

data/lib/acme/client/faraday_middleware.rb

@@ -1,111 +0,0 @@
-# frozen_string_literal: true
-
-class Acme::Client::FaradayMiddleware < Faraday::Middleware
-  attr_reader :env, :response, :client
-
-  CONTENT_TYPE = 'application/jose+json'
-
-  def initialize(app, options)
-    super(app)
-    @client = options.fetch(:client)
-    @mode = options.fetch(:mode)
-  end
-
-  def call(env)
-    @env = env
-    @env[:request_headers]['User-Agent'] = Acme::Client::USER_AGENT
-    @env[:request_headers]['Content-Type'] = CONTENT_TYPE
-
-    if @env.method != :get
-      @env.body = client.jwk.jws(header: jws_header, payload: env.body)
-    end
-
-    @app.call(env).on_complete { |response_env| on_complete(response_env) }
-  rescue Faraday::TimeoutError, Faraday::ConnectionFailed
-    raise Acme::Client::Error::Timeout
-  end
-
-  def on_complete(env)
-    @env = env
-
-    raise_on_not_found!
-    store_nonce
-    env.body = decode_body
-    env.response_headers['Link'] = decode_link_headers
-
-    return if env.success?
-
-    raise_on_error!
-  end
-
-  private
-
-  def jws_header
-    headers = { nonce: pop_nonce, url: env.url.to_s }
-    headers[:kid] = client.kid if @mode == :kid
-    headers
-  end
-
-  def raise_on_not_found!
-    raise Acme::Client::Error::NotFound, env.url.to_s if env.status == 404
-  end
-
-  def raise_on_error!
-    raise error_class, error_message
-  end
-
-  def error_message
-    if env.body.is_a? Hash
-      env.body['detail']
-    else
-      "Error message: #{env.body}"
-    end
-  end
-
-  def error_class
-    Acme::Client::Error::ACME_ERRORS.fetch(error_name, Acme::Client::Error)
-  end
-
-  def error_name
-    return unless env.body.is_a?(Hash)
-    return unless env.body.key?('type')
-    env.body['type']
-  end
-
-  def decode_body
-    content_type = env.response_headers['Content-Type'].to_s
-
-    if content_type.start_with?('application/json', 'application/problem+json')
-      JSON.load(env.body)
-    else
-      env.body
-    end
-  end
-
-  def decode_link_headers
-    return unless env.response_headers.key?('Link')
-    link_header = env.response_headers['Link']
-    Acme::Client::Util.decode_link_headers(link_header)
-  end
-
-  def store_nonce
-    nonce = env.response_headers['replay-nonce']
-    nonces << nonce if nonce
-  end
-
-  def pop_nonce
-    if nonces.empty?
-      get_nonce
-    end
-
-    nonces.pop
-  end
-
-  def get_nonce
-    client.get_nonce
-  end
-
-  def nonces
-    client.nonces
-  end
-end