acme-client 2.0.13 → 2.0.15
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -1
- data/README.md +1 -1
- data/acme-client.gemspec +1 -1
- data/lib/acme/client/http_client.rb +162 -0
- data/lib/acme/client/resources/directory.rb +2 -7
- data/lib/acme/client/util.rb +2 -2
- data/lib/acme/client/version.rb +1 -1
- data/lib/acme/client.rb +7 -23
- metadata +4 -9
- data/.github/workflows/rubocop.yml +0 -23
- data/.github/workflows/test.yml +0 -26
- data/.gitignore +0 -12
- data/.rspec +0 -3
- data/.rubocop.yml +0 -134
- data/lib/acme/client/faraday_middleware.rb +0 -111
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a634fb4c9a908ebb94e2ace402f7a66f510df3e0b6307b78c2e06eeabdb0e497
|
4
|
+
data.tar.gz: eb4bbbcc6f4ad0dd055fcb2a7897e408b862251c7e63c3b9c711f175fd21e727
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: abd5644a5d5b6edfaf9e04a9d5fb382efcdbfcde55ce2327ecb21400ec827512fc4dd38fdfcbe67e239d4ce2b848a5677c6406220b8740ad37291e608290c9e2
|
7
|
+
data.tar.gz: 0f7f4d87df7011f99b2b36064ff13ced4c7d9b2e86ad8dccbb1c52374da9a57044433c7c7a7571a820a678e735d4eb3e1bb9e4d96f3c6c69f183151aeb012d7d
|
data/CHANGELOG.md
CHANGED
@@ -1,4 +1,13 @@
|
|
1
|
-
## `2.0.
|
1
|
+
## `2.0.15`
|
2
|
+
|
3
|
+
* Also pass connection_options to Faraday for Client#get_nonce
|
4
|
+
|
5
|
+
|
6
|
+
## `2.0.14`
|
7
|
+
|
8
|
+
* Fix Faraday HTTP exceptions leaking out, always raise `Acme::Client::Error` instead
|
9
|
+
|
10
|
+
## `2.0.13`
|
2
11
|
|
3
12
|
* Add support for External Account Binding
|
4
13
|
|
data/README.md
CHANGED
@@ -244,7 +244,7 @@ To change the key used for an account you can call `#account_key_change` with th
|
|
244
244
|
```ruby
|
245
245
|
require 'openssl'
|
246
246
|
new_private_key = OpenSSL::PKey::RSA.new(4096)
|
247
|
-
client.account_key_change(
|
247
|
+
client.account_key_change(new_private_key: new_private_key)
|
248
248
|
```
|
249
249
|
|
250
250
|
## Requirements
|
data/acme-client.gemspec
CHANGED
@@ -11,7 +11,7 @@ Gem::Specification.new do |spec|
|
|
11
11
|
spec.homepage = 'http://github.com/unixcharles/acme-client'
|
12
12
|
spec.license = 'MIT'
|
13
13
|
|
14
|
-
spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
14
|
+
spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) || f.start_with?('.') }
|
15
15
|
spec.require_paths = ['lib']
|
16
16
|
|
17
17
|
spec.required_ruby_version = '>= 2.3.0'
|
@@ -0,0 +1,162 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Acme::Client::HTTPClient
|
4
|
+
# Creates and returns a new HTTP client, with default settings.
|
5
|
+
#
|
6
|
+
# @param url [URI:HTTPS]
|
7
|
+
# @param options [Hash]
|
8
|
+
# @return [Faraday::Connection]
|
9
|
+
def self.new_connection(url:, options: {})
|
10
|
+
Faraday.new(url, options) do |configuration|
|
11
|
+
configuration.use Acme::Client::HTTPClient::ErrorMiddleware
|
12
|
+
|
13
|
+
yield(configuration) if block_given?
|
14
|
+
|
15
|
+
configuration.headers[:user_agent] = Acme::Client::USER_AGENT
|
16
|
+
configuration.adapter Faraday.default_adapter
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
# Creates and returns a new HTTP client designed for the Acme-protocol, with default settings.
|
21
|
+
#
|
22
|
+
# @param url [URI:HTTPS]
|
23
|
+
# @param client [Acme::Client]
|
24
|
+
# @param mode [Symbol]
|
25
|
+
# @param options [Hash]
|
26
|
+
# @param bad_nonce_retry [Integer]
|
27
|
+
# @return [Faraday::Connection]
|
28
|
+
def self.new_acme_connection(url:, client:, mode:, options: {}, bad_nonce_retry: 0)
|
29
|
+
new_connection(url: url, options: options) do |configuration|
|
30
|
+
if bad_nonce_retry > 0
|
31
|
+
configuration.request(:retry,
|
32
|
+
max: bad_nonce_retry,
|
33
|
+
methods: Faraday::Connection::METHODS,
|
34
|
+
exceptions: [Acme::Client::Error::BadNonce])
|
35
|
+
end
|
36
|
+
|
37
|
+
configuration.use Acme::Client::HTTPClient::AcmeMiddleware, client: client, mode: mode
|
38
|
+
|
39
|
+
yield(configuration) if block_given?
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
# ErrorMiddleware ensures the HTTP Client would not raise exceptions outside the Acme namespace.
|
44
|
+
#
|
45
|
+
# Exceptions are rescued and re-packaged as Acme exceptions.
|
46
|
+
class ErrorMiddleware < Faraday::Middleware
|
47
|
+
# Implements the Rack-alike Faraday::Middleware interface.
|
48
|
+
def call(env)
|
49
|
+
@app.call(env)
|
50
|
+
rescue Faraday::TimeoutError, Faraday::ConnectionFailed
|
51
|
+
raise Acme::Client::Error::Timeout
|
52
|
+
end
|
53
|
+
end
|
54
|
+
|
55
|
+
# AcmeMiddleware implements the Acme-protocol requirements for JWK requests.
|
56
|
+
class AcmeMiddleware < Faraday::Middleware
|
57
|
+
attr_reader :env, :response, :client
|
58
|
+
|
59
|
+
CONTENT_TYPE = 'application/jose+json'
|
60
|
+
|
61
|
+
def initialize(app, options)
|
62
|
+
super(app)
|
63
|
+
@client = options.fetch(:client)
|
64
|
+
@mode = options.fetch(:mode)
|
65
|
+
end
|
66
|
+
|
67
|
+
def call(env)
|
68
|
+
@env = env
|
69
|
+
@env[:request_headers]['Content-Type'] = CONTENT_TYPE
|
70
|
+
|
71
|
+
if @env.method != :get
|
72
|
+
@env.body = client.jwk.jws(header: jws_header, payload: env.body)
|
73
|
+
end
|
74
|
+
|
75
|
+
@app.call(env).on_complete { |response_env| on_complete(response_env) }
|
76
|
+
end
|
77
|
+
|
78
|
+
def on_complete(env)
|
79
|
+
@env = env
|
80
|
+
|
81
|
+
raise_on_not_found!
|
82
|
+
store_nonce
|
83
|
+
env.body = decode_body
|
84
|
+
env.response_headers['Link'] = decode_link_headers
|
85
|
+
|
86
|
+
return if env.success?
|
87
|
+
|
88
|
+
raise_on_error!
|
89
|
+
end
|
90
|
+
|
91
|
+
private
|
92
|
+
|
93
|
+
def jws_header
|
94
|
+
headers = { nonce: pop_nonce, url: env.url.to_s }
|
95
|
+
headers[:kid] = client.kid if @mode == :kid
|
96
|
+
headers
|
97
|
+
end
|
98
|
+
|
99
|
+
def raise_on_not_found!
|
100
|
+
raise Acme::Client::Error::NotFound, env.url.to_s if env.status == 404
|
101
|
+
end
|
102
|
+
|
103
|
+
def raise_on_error!
|
104
|
+
raise error_class, error_message
|
105
|
+
end
|
106
|
+
|
107
|
+
def error_message
|
108
|
+
if env.body.is_a? Hash
|
109
|
+
env.body['detail']
|
110
|
+
else
|
111
|
+
"Error message: #{env.body}"
|
112
|
+
end
|
113
|
+
end
|
114
|
+
|
115
|
+
def error_class
|
116
|
+
Acme::Client::Error::ACME_ERRORS.fetch(error_name, Acme::Client::Error)
|
117
|
+
end
|
118
|
+
|
119
|
+
def error_name
|
120
|
+
return unless env.body.is_a?(Hash)
|
121
|
+
return unless env.body.key?('type')
|
122
|
+
env.body['type']
|
123
|
+
end
|
124
|
+
|
125
|
+
def decode_body
|
126
|
+
content_type = env.response_headers['Content-Type'].to_s
|
127
|
+
|
128
|
+
if content_type.start_with?('application/json', 'application/problem+json')
|
129
|
+
JSON.load(env.body)
|
130
|
+
else
|
131
|
+
env.body
|
132
|
+
end
|
133
|
+
end
|
134
|
+
|
135
|
+
def decode_link_headers
|
136
|
+
return unless env.response_headers.key?('Link')
|
137
|
+
link_header = env.response_headers['Link']
|
138
|
+
Acme::Client::Util.decode_link_headers(link_header)
|
139
|
+
end
|
140
|
+
|
141
|
+
def store_nonce
|
142
|
+
nonce = env.response_headers['replay-nonce']
|
143
|
+
nonces << nonce if nonce
|
144
|
+
end
|
145
|
+
|
146
|
+
def pop_nonce
|
147
|
+
if nonces.empty?
|
148
|
+
get_nonce
|
149
|
+
end
|
150
|
+
|
151
|
+
nonces.pop
|
152
|
+
end
|
153
|
+
|
154
|
+
def get_nonce
|
155
|
+
client.get_nonce
|
156
|
+
end
|
157
|
+
|
158
|
+
def nonces
|
159
|
+
client.nonces
|
160
|
+
end
|
161
|
+
end
|
162
|
+
end
|
@@ -68,13 +68,8 @@ class Acme::Client::Resources::Directory
|
|
68
68
|
end
|
69
69
|
|
70
70
|
def fetch_directory
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
configuration.adapter Faraday.default_adapter
|
75
|
-
end
|
76
|
-
connection.headers[:user_agent] = Acme::Client::USER_AGENT
|
77
|
-
response = connection.get(@url)
|
71
|
+
http_client = Acme::Client::HTTPClient.new_acme_connection(url: @directory, options: @connection_options, client: nil, mode: nil)
|
72
|
+
response = http_client.get(@url)
|
78
73
|
response.body
|
79
74
|
end
|
80
75
|
end
|
data/lib/acme/client/util.rb
CHANGED
@@ -1,4 +1,6 @@
|
|
1
1
|
module Acme::Client::Util
|
2
|
+
extend self
|
3
|
+
|
2
4
|
def urlsafe_base64(data)
|
3
5
|
Base64.urlsafe_encode64(data).sub(/[\s=]*\z/, '')
|
4
6
|
end
|
@@ -30,6 +32,4 @@ module Acme::Client::Util
|
|
30
32
|
raise ArgumentError, 'priv must be EC or RSA'
|
31
33
|
end
|
32
34
|
end
|
33
|
-
|
34
|
-
extend self
|
35
35
|
end
|
data/lib/acme/client/version.rb
CHANGED
data/lib/acme/client.rb
CHANGED
@@ -14,10 +14,10 @@ module Acme; end
|
|
14
14
|
class Acme::Client; end
|
15
15
|
|
16
16
|
require 'acme/client/version'
|
17
|
+
require 'acme/client/http_client'
|
17
18
|
require 'acme/client/certificate_request'
|
18
19
|
require 'acme/client/self_sign_certificate'
|
19
20
|
require 'acme/client/resources'
|
20
|
-
require 'acme/client/faraday_middleware'
|
21
21
|
require 'acme/client/jwk'
|
22
22
|
require 'acme/client/error'
|
23
23
|
require 'acme/client/util'
|
@@ -223,8 +223,8 @@ class Acme::Client
|
|
223
223
|
end
|
224
224
|
|
225
225
|
def get_nonce
|
226
|
-
|
227
|
-
response =
|
226
|
+
http_client = Acme::Client::HTTPClient.new_connection(url: endpoint_for(:new_nonce), options: @connection_options)
|
227
|
+
response = http_client.head(nil, nil)
|
228
228
|
nonces << response.headers['replay-nonce']
|
229
229
|
true
|
230
230
|
end
|
@@ -332,28 +332,12 @@ class Acme::Client
|
|
332
332
|
def connection_for(url:, mode:)
|
333
333
|
uri = URI(url)
|
334
334
|
endpoint = "#{uri.scheme}://#{uri.hostname}:#{uri.port}"
|
335
|
+
|
335
336
|
@connections ||= {}
|
336
337
|
@connections[mode] ||= {}
|
337
|
-
@connections[mode][endpoint] ||= new_acme_connection(
|
338
|
-
|
339
|
-
|
340
|
-
def new_acme_connection(endpoint:, mode:)
|
341
|
-
new_connection(endpoint: endpoint) do |configuration|
|
342
|
-
configuration.use Acme::Client::FaradayMiddleware, client: self, mode: mode
|
343
|
-
end
|
344
|
-
end
|
345
|
-
|
346
|
-
def new_connection(endpoint:)
|
347
|
-
Faraday.new(endpoint, **@connection_options) do |configuration|
|
348
|
-
if @bad_nonce_retry > 0
|
349
|
-
configuration.request(:retry,
|
350
|
-
max: @bad_nonce_retry,
|
351
|
-
methods: Faraday::Connection::METHODS,
|
352
|
-
exceptions: [Acme::Client::Error::BadNonce])
|
353
|
-
end
|
354
|
-
yield(configuration) if block_given?
|
355
|
-
configuration.adapter Faraday.default_adapter
|
356
|
-
end
|
338
|
+
@connections[mode][endpoint] ||= Acme::Client::HTTPClient.new_acme_connection(
|
339
|
+
url: URI(endpoint), mode: mode, client: self, options: @connection_options, bad_nonce_retry: @bad_nonce_retry
|
340
|
+
)
|
357
341
|
end
|
358
342
|
|
359
343
|
def fetch_chain(response, limit = 10)
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: acme-client
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.
|
4
|
+
version: 2.0.15
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Charles Barbier
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-
|
11
|
+
date: 2023-10-06 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -141,11 +141,6 @@ executables: []
|
|
141
141
|
extensions: []
|
142
142
|
extra_rdoc_files: []
|
143
143
|
files:
|
144
|
-
- ".github/workflows/rubocop.yml"
|
145
|
-
- ".github/workflows/test.yml"
|
146
|
-
- ".gitignore"
|
147
|
-
- ".rspec"
|
148
|
-
- ".rubocop.yml"
|
149
144
|
- CHANGELOG.md
|
150
145
|
- Gemfile
|
151
146
|
- LICENSE.txt
|
@@ -161,7 +156,7 @@ files:
|
|
161
156
|
- lib/acme/client/certificate_request/ec_key_patch.rb
|
162
157
|
- lib/acme/client/chain_identifier.rb
|
163
158
|
- lib/acme/client/error.rb
|
164
|
-
- lib/acme/client/
|
159
|
+
- lib/acme/client/http_client.rb
|
165
160
|
- lib/acme/client/jwk.rb
|
166
161
|
- lib/acme/client/jwk/base.rb
|
167
162
|
- lib/acme/client/jwk/ecdsa.rb
|
@@ -199,7 +194,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
199
194
|
- !ruby/object:Gem::Version
|
200
195
|
version: '0'
|
201
196
|
requirements: []
|
202
|
-
rubygems_version: 3.4.
|
197
|
+
rubygems_version: 3.4.13
|
203
198
|
signing_key:
|
204
199
|
specification_version: 4
|
205
200
|
summary: Client for the ACME protocol.
|
@@ -1,23 +0,0 @@
|
|
1
|
-
name: Lint
|
2
|
-
|
3
|
-
on:
|
4
|
-
push:
|
5
|
-
branches: [ master ]
|
6
|
-
pull_request:
|
7
|
-
branches: [ master ]
|
8
|
-
|
9
|
-
jobs:
|
10
|
-
rubocop:
|
11
|
-
runs-on: ubuntu-latest
|
12
|
-
strategy:
|
13
|
-
matrix:
|
14
|
-
ruby-version: ['3.0']
|
15
|
-
steps:
|
16
|
-
- uses: actions/checkout@v2
|
17
|
-
- name: Set up Ruby
|
18
|
-
uses: ruby/setup-ruby@v1
|
19
|
-
with:
|
20
|
-
ruby-version: ${{ matrix.ruby-version }}
|
21
|
-
bundler-cache: true # runs 'bundle install' and caches installed gems automatically
|
22
|
-
- name: Run tests
|
23
|
-
run: bundle exec rake rubocop
|
data/.github/workflows/test.yml
DELETED
@@ -1,26 +0,0 @@
|
|
1
|
-
name: CI
|
2
|
-
|
3
|
-
on:
|
4
|
-
push:
|
5
|
-
branches: [ master ]
|
6
|
-
pull_request:
|
7
|
-
branches: [ master ]
|
8
|
-
|
9
|
-
jobs:
|
10
|
-
test:
|
11
|
-
runs-on: ubuntu-latest
|
12
|
-
strategy:
|
13
|
-
matrix:
|
14
|
-
ruby-version: ['2.7', '3.0', '3.1', '3.2']
|
15
|
-
faraday-version: ['~> 1.10', '~> 2.7']
|
16
|
-
env:
|
17
|
-
FARADAY_VERSION: ${{ matrix.faraday-version }}
|
18
|
-
steps:
|
19
|
-
- uses: actions/checkout@v2
|
20
|
-
- name: Set up Ruby
|
21
|
-
uses: ruby/setup-ruby@v1
|
22
|
-
with:
|
23
|
-
ruby-version: ${{ matrix.ruby-version }}
|
24
|
-
bundler-cache: true # runs 'bundle install' and caches installed gems automatically
|
25
|
-
- name: Run tests
|
26
|
-
run: bundle exec rake spec
|
data/.gitignore
DELETED
data/.rspec
DELETED
data/.rubocop.yml
DELETED
@@ -1,134 +0,0 @@
|
|
1
|
-
AllCops:
|
2
|
-
TargetRubyVersion: 2.1
|
3
|
-
Exclude:
|
4
|
-
- 'bin/*'
|
5
|
-
- 'vendor/**/*'
|
6
|
-
|
7
|
-
Rails:
|
8
|
-
Enabled: false
|
9
|
-
|
10
|
-
Layout/AlignParameters:
|
11
|
-
EnforcedStyle: with_fixed_indentation
|
12
|
-
|
13
|
-
Layout/ElseAlignment:
|
14
|
-
Enabled: false
|
15
|
-
|
16
|
-
Layout/FirstParameterIndentation:
|
17
|
-
EnforcedStyle: consistent
|
18
|
-
|
19
|
-
Layout/IndentationWidth:
|
20
|
-
Enabled: false
|
21
|
-
|
22
|
-
Layout/MultilineOperationIndentation:
|
23
|
-
Enabled: false
|
24
|
-
|
25
|
-
Layout/SpaceInsideBlockBraces:
|
26
|
-
Enabled: false
|
27
|
-
|
28
|
-
Lint/AmbiguousOperator:
|
29
|
-
Enabled: false
|
30
|
-
|
31
|
-
Lint/AssignmentInCondition:
|
32
|
-
Enabled: false
|
33
|
-
|
34
|
-
Lint/EndAlignment:
|
35
|
-
Enabled: false
|
36
|
-
|
37
|
-
Lint/UnusedMethodArgument:
|
38
|
-
AllowUnusedKeywordArguments: true
|
39
|
-
|
40
|
-
Metrics/AbcSize:
|
41
|
-
Enabled: false
|
42
|
-
|
43
|
-
Metrics/BlockLength:
|
44
|
-
Enabled: false
|
45
|
-
|
46
|
-
Metrics/ClassLength:
|
47
|
-
Enabled: false
|
48
|
-
|
49
|
-
Metrics/CyclomaticComplexity:
|
50
|
-
Enabled: false
|
51
|
-
|
52
|
-
Metrics/LineLength:
|
53
|
-
Max: 140
|
54
|
-
|
55
|
-
Metrics/MethodLength:
|
56
|
-
Max: 15
|
57
|
-
Enabled: false
|
58
|
-
|
59
|
-
Metrics/ParameterLists:
|
60
|
-
Max: 5
|
61
|
-
CountKeywordArgs: false
|
62
|
-
|
63
|
-
Metrics/PerceivedComplexity:
|
64
|
-
Enabled: false
|
65
|
-
|
66
|
-
Security/JSONLoad:
|
67
|
-
Enabled: false
|
68
|
-
|
69
|
-
Style/AccessorMethodName:
|
70
|
-
Enabled: false
|
71
|
-
|
72
|
-
Style/Alias:
|
73
|
-
Enabled: false
|
74
|
-
|
75
|
-
Style/BlockDelimiters:
|
76
|
-
EnforcedStyle: semantic
|
77
|
-
|
78
|
-
Style/ClassAndModuleChildren:
|
79
|
-
Enabled: false
|
80
|
-
|
81
|
-
Style/Documentation:
|
82
|
-
Enabled: false
|
83
|
-
|
84
|
-
Style/DoubleNegation:
|
85
|
-
Enabled: false
|
86
|
-
|
87
|
-
Style/FileName:
|
88
|
-
Exclude:
|
89
|
-
- 'lib/acme-client.rb'
|
90
|
-
|
91
|
-
Style/GlobalVars:
|
92
|
-
Enabled: false
|
93
|
-
|
94
|
-
Style/GuardClause:
|
95
|
-
Enabled: false
|
96
|
-
|
97
|
-
Style/IfUnlessModifier:
|
98
|
-
Enabled: false
|
99
|
-
|
100
|
-
Style/Lambda:
|
101
|
-
Enabled: false
|
102
|
-
|
103
|
-
Style/ModuleFunction:
|
104
|
-
Enabled: false
|
105
|
-
|
106
|
-
Style/MultilineBlockChain:
|
107
|
-
Enabled: false
|
108
|
-
|
109
|
-
Style/MultipleComparison:
|
110
|
-
Enabled: false
|
111
|
-
|
112
|
-
Style/MutableConstant:
|
113
|
-
Enabled: false
|
114
|
-
|
115
|
-
Style/ParallelAssignment:
|
116
|
-
Enabled: false
|
117
|
-
|
118
|
-
Style/PercentLiteralDelimiters:
|
119
|
-
Enabled: false
|
120
|
-
|
121
|
-
Style/SignalException:
|
122
|
-
EnforcedStyle: only_raise
|
123
|
-
|
124
|
-
Style/SymbolArray:
|
125
|
-
Enabled: false
|
126
|
-
|
127
|
-
Style/StringLiterals:
|
128
|
-
Enabled: single_quotes
|
129
|
-
|
130
|
-
Style/TrailingCommaInArguments:
|
131
|
-
Enabled: false
|
132
|
-
|
133
|
-
Style/TrivialAccessors:
|
134
|
-
AllowPredicates: true
|
@@ -1,111 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
class Acme::Client::FaradayMiddleware < Faraday::Middleware
|
4
|
-
attr_reader :env, :response, :client
|
5
|
-
|
6
|
-
CONTENT_TYPE = 'application/jose+json'
|
7
|
-
|
8
|
-
def initialize(app, options)
|
9
|
-
super(app)
|
10
|
-
@client = options.fetch(:client)
|
11
|
-
@mode = options.fetch(:mode)
|
12
|
-
end
|
13
|
-
|
14
|
-
def call(env)
|
15
|
-
@env = env
|
16
|
-
@env[:request_headers]['User-Agent'] = Acme::Client::USER_AGENT
|
17
|
-
@env[:request_headers]['Content-Type'] = CONTENT_TYPE
|
18
|
-
|
19
|
-
if @env.method != :get
|
20
|
-
@env.body = client.jwk.jws(header: jws_header, payload: env.body)
|
21
|
-
end
|
22
|
-
|
23
|
-
@app.call(env).on_complete { |response_env| on_complete(response_env) }
|
24
|
-
rescue Faraday::TimeoutError, Faraday::ConnectionFailed
|
25
|
-
raise Acme::Client::Error::Timeout
|
26
|
-
end
|
27
|
-
|
28
|
-
def on_complete(env)
|
29
|
-
@env = env
|
30
|
-
|
31
|
-
raise_on_not_found!
|
32
|
-
store_nonce
|
33
|
-
env.body = decode_body
|
34
|
-
env.response_headers['Link'] = decode_link_headers
|
35
|
-
|
36
|
-
return if env.success?
|
37
|
-
|
38
|
-
raise_on_error!
|
39
|
-
end
|
40
|
-
|
41
|
-
private
|
42
|
-
|
43
|
-
def jws_header
|
44
|
-
headers = { nonce: pop_nonce, url: env.url.to_s }
|
45
|
-
headers[:kid] = client.kid if @mode == :kid
|
46
|
-
headers
|
47
|
-
end
|
48
|
-
|
49
|
-
def raise_on_not_found!
|
50
|
-
raise Acme::Client::Error::NotFound, env.url.to_s if env.status == 404
|
51
|
-
end
|
52
|
-
|
53
|
-
def raise_on_error!
|
54
|
-
raise error_class, error_message
|
55
|
-
end
|
56
|
-
|
57
|
-
def error_message
|
58
|
-
if env.body.is_a? Hash
|
59
|
-
env.body['detail']
|
60
|
-
else
|
61
|
-
"Error message: #{env.body}"
|
62
|
-
end
|
63
|
-
end
|
64
|
-
|
65
|
-
def error_class
|
66
|
-
Acme::Client::Error::ACME_ERRORS.fetch(error_name, Acme::Client::Error)
|
67
|
-
end
|
68
|
-
|
69
|
-
def error_name
|
70
|
-
return unless env.body.is_a?(Hash)
|
71
|
-
return unless env.body.key?('type')
|
72
|
-
env.body['type']
|
73
|
-
end
|
74
|
-
|
75
|
-
def decode_body
|
76
|
-
content_type = env.response_headers['Content-Type'].to_s
|
77
|
-
|
78
|
-
if content_type.start_with?('application/json', 'application/problem+json')
|
79
|
-
JSON.load(env.body)
|
80
|
-
else
|
81
|
-
env.body
|
82
|
-
end
|
83
|
-
end
|
84
|
-
|
85
|
-
def decode_link_headers
|
86
|
-
return unless env.response_headers.key?('Link')
|
87
|
-
link_header = env.response_headers['Link']
|
88
|
-
Acme::Client::Util.decode_link_headers(link_header)
|
89
|
-
end
|
90
|
-
|
91
|
-
def store_nonce
|
92
|
-
nonce = env.response_headers['replay-nonce']
|
93
|
-
nonces << nonce if nonce
|
94
|
-
end
|
95
|
-
|
96
|
-
def pop_nonce
|
97
|
-
if nonces.empty?
|
98
|
-
get_nonce
|
99
|
-
end
|
100
|
-
|
101
|
-
nonces.pop
|
102
|
-
end
|
103
|
-
|
104
|
-
def get_nonce
|
105
|
-
client.get_nonce
|
106
|
-
end
|
107
|
-
|
108
|
-
def nonces
|
109
|
-
client.nonces
|
110
|
-
end
|
111
|
-
end
|