acme-client 2.0.14 → 2.0.17

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6238349e171138af08de444bf08268ab3bebab0c4d0497bee91d9d4a30d397ab
-  data.tar.gz: 9928049d9997c284cec6d75e12bf6b5f07150459775d8f852adbc09b7c923178
+  metadata.gz: 417bc7e66063768660e078a24866ac390792f42c861742054ee4d6269297bb3d
+  data.tar.gz: 29d839f6c57f17ca85dcce3bad8b505bf9bc75a7ae4ea5baca55c341b29cf238
 SHA512:
-  metadata.gz: 8543f742ee8fe3822c8c989a7e5f8b1f75473f01a36d7a2218c44b43ebec55fa538beabc4545c4798a7b35005ad1fddbd0ed59dbae6942413812fae9ce625f92
-  data.tar.gz: 77cd41773aa293bcb65ebdb9489c500a06b144e0efb2dc5af23baa8dec8c36c1af32fd9f1c97eb77e40eb4a521a9c904448d5765f64dcbe56a67f4907225aaf3
+  metadata.gz: b769d1192fcbf7468cea7637a79398d19a1561da94e34e1e08c15108dba6923b2f2c4d38c2a6404699111b42455c97217eec46ba5fbb66c6a0e0661230743b0b
+  data.tar.gz: aa3deacd0ad900db154efaf3d6e231faf2b8f8ac01e9a02cfafb4b17f7993e13c8bad00321545b4a042e49ba68540b4be874ca5024828ac0299edf7c47d7c246

data/CHANGELOG.md

@@ -1,3 +1,17 @@
+## `2.0.17`
+
+* Fix bug where depending on call order `jws` get generated with the wrong `kid`
+
+## `2.0.16`
+
+* Refactor Directory
+* Fix an issue where the client would crash when ACME provider return nonce for directory endpoint
+
+## `2.0.15`
+
+* Also pass connection_options to Faraday for Client#get_nonce
+
+
 ## `2.0.14`
 
 * Fix Faraday HTTP exceptions leaking out, always raise `Acme::Client::Error` instead

data/Gemfile

@@ -8,6 +8,5 @@ end
 
 group :development, :test do
   gem 'pry'
-  gem 'rubocop', '~> 0.49.0'
   gem 'ruby-prof', require: false
 end

data/README.md

@@ -1,13 +1,11 @@
 # Acme::Client
 
-`acme-client` is a client implementation of the ACMEv2 / [RFC 8555](https://tools.ietf.org/html/rfc8555) protocol in Ruby.
+`acme-client` is a client implementation of the ACME / [RFC 8555](https://tools.ietf.org/html/rfc8555) protocol in Ruby.
 
 You can find the ACME reference implementations of the [server](https://github.com/letsencrypt/boulder) in Go and the [client](https://github.com/certbot/certbot) in Python.
 
 ACME is part of the [Letsencrypt](https://letsencrypt.org/) project, which goal is to provide free SSL/TLS certificates with automation of the acquiring and renewal process.
 
-You can find ACMEv1 compatible client in the [acme-v1](https://github.com/unixcharles/acme-client/tree/acme-v1) branch.
-
 ## Installation
 
 Via RubyGems:
@@ -207,8 +205,7 @@ order.certificate # => PEM-formatted certificate
 
 ### Ordering an alternative certificate
 
-Let's Encrypt is [transitioning](https://letsencrypt.org/2019/04/15/transitioning-to-isrg-root.html) to use a new intermediate certificate. Starting January 11, 2021 new certificates will be signed by their own intermediate. To ease the transition on clients Let's Encrypt will continue signing an alternative version of the certificate using the old, cross-signed intermediate until September 29, 2021. In order to utilize an alternative certificate the `Order#certificate` method accepts a `force_chain` keyword argument, which takes the issuer name of the intermediate certificate.
-For example, to download the cross-signed certificate after January 11, 2021, call `Order#certificate` as follows:
+The provider may provide alternate certificate with different certificate chain. You can specify the required chain and the client will automatically download alternate certificate and match the chain by name.
 
 ```ruby
 begin
@@ -249,7 +246,7 @@ client.account_key_change(new_private_key: new_private_key)
 
 ## Requirements
 
-Ruby >= 2.1
+Ruby >= 3.0
 
 ## Development
 

data/Rakefile

@@ -3,7 +3,4 @@ require 'bundler/gem_tasks'
 require 'rspec/core/rake_task'
 RSpec::Core::RakeTask.new(:spec)
 
-require 'rubocop/rake_task'
-RuboCop::RakeTask.new
-
-task default: [:spec, :rubocop]
+task default: [:spec]

data/acme-client.gemspec

@@ -11,17 +11,16 @@ Gem::Specification.new do |spec|
   spec.homepage      = 'http://github.com/unixcharles/acme-client'
   spec.license       = 'MIT'
 
-  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) || f.start_with?('.') }
   spec.require_paths = ['lib']
 
   spec.required_ruby_version = '>= 2.3.0'
 
-  spec.add_development_dependency 'bundler', '>= 1.17.3'
   spec.add_development_dependency 'rake', '~> 13.0'
   spec.add_development_dependency 'rspec', '~> 3.9'
   spec.add_development_dependency 'vcr', '~> 2.9'
   spec.add_development_dependency 'webmock', '~> 3.8'
-  spec.add_development_dependency 'webrick'
+  spec.add_development_dependency 'webrick', '~> 1.7'
 
   spec.add_runtime_dependency 'faraday', '>= 1.0', '< 3.0.0'
   spec.add_runtime_dependency 'faraday-retry', '>= 1.0', '< 3.0.0'

data/bin/generate_keystash

@@ -0,0 +1,9 @@
+#!/usr/bin/env ruby
+
+require 'bundler/setup'
+require 'acme-client'
+
+require File.join(File.dirname(__FILE__), '../spec/support/ssl_helper')
+
+
+SSLHelper::KEYSTASH.generate_keystash!(size: 200)

data/lib/acme/client/resources/authorization.rb

@@ -56,7 +56,7 @@ class Acme::Client::Resources::Authorization
       type: attributes.fetch('type'),
       status: attributes.fetch('status'),
       url: attributes.fetch('url'),
-      token: attributes.fetch('token'),
+      token: attributes.fetch('token', nil),
       error: attributes['error']
     }
     Acme::Client::Resources::Challenges.new(@client, **arguments)

data/lib/acme/client/resources/directory.rb

@@ -17,12 +17,13 @@ class Acme::Client::Resources::Directory
     external_account_required: 'externalAccountRequired'
   }
 
-  def initialize(url, connection_options)
-    @url, @connection_options = url, connection_options
+  def initialize(client, **arguments)
+    @client = client
+    assign_attributes(**arguments)
   end
 
   def endpoint_for(key)
-    directory.fetch(key) do |missing_key|
+    @directory.fetch(key) do |missing_key|
       raise Acme::Client::Error::UnsupportedOperation,
         "Directory at #{@url} does not include `#{missing_key}`"
     end
@@ -45,31 +46,16 @@ class Acme::Client::Resources::Directory
   end
 
   def meta
-    directory[:meta]
+    @directory[:meta]
   end
 
   private
 
-  def directory
-    @directory ||= load_directory
-  end
-
-  def load_directory
-    body = fetch_directory
-    result = {}
-    result[:meta] = body.delete('meta')
+  def assign_attributes(directory:)
+    @directory = {}
+    @directory[:meta] = directory.delete('meta')
     DIRECTORY_RESOURCES.each do |key, entry|
-      result[key] = URI(body[entry]) if body[entry]
+      @directory[key] = URI(directory[entry]) if directory[entry]
     end
-    result
-  rescue JSON::ParserError => exception
-    raise Acme::Client::Error::InvalidDirectory,
-      "Invalid directory url\n#{@directory} did not return a valid directory\n#{exception.inspect}"
-  end
-
-  def fetch_directory
-    http_client = Acme::Client::HTTPClient.new_acme_connection(url: @directory, options: @connection_options, client: nil, mode: nil)
-    response = http_client.get(@url)
-    response.body
   end
 end

data/lib/acme/client/version.rb

@@ -2,6 +2,6 @@
 
 module Acme
   class Client
-    VERSION = '2.0.14'.freeze
+    VERSION = '2.0.17'.freeze
   end
 end

data/lib/acme/client.rb

@@ -44,7 +44,7 @@ class Acme::Client
 
     @kid, @connection_options = kid, connection_options
     @bad_nonce_retry = bad_nonce_retry
-    @directory = Acme::Client::Resources::Directory.new(URI(directory), @connection_options)
+    @directory_url = URI(directory)
     @nonces ||= []
   end
 
@@ -223,34 +223,50 @@ class Acme::Client
   end
 
   def get_nonce
-    http_client = Acme::Client::HTTPClient.new_connection(url: endpoint_for(:new_nonce))
+    http_client = Acme::Client::HTTPClient.new_connection(url: endpoint_for(:new_nonce), options: @connection_options)
     response = http_client.head(nil, nil)
     nonces << response.headers['replay-nonce']
     true
   end
 
+  def directory
+    @directory ||= load_directory
+  end
+
   def meta
-    @directory.meta
+    directory.meta
   end
 
   def terms_of_service
-    @directory.terms_of_service
+    directory.terms_of_service
   end
 
   def website
-    @directory.website
+    directory.website
   end
 
   def caa_identities
-    @directory.caa_identities
+    directory.caa_identities
   end
 
   def external_account_required
-    @directory.external_account_required
+    directory.external_account_required
   end
 
   private
 
+  def load_directory
+    Acme::Client::Resources::Directory.new(self, directory: fetch_directory)
+  end
+
+  def fetch_directory
+    response = get(@directory_url)
+    response.body
+  rescue JSON::ParserError => exception
+    raise Acme::Client::Error::InvalidDirectory,
+      "Invalid directory url\n#{@directory_url} did not return a valid directory\n#{exception.inspect}"
+  end
+
   def prepare_order_identifiers(identifiers)
     if identifiers.is_a?(Hash)
       [identifiers]
@@ -316,7 +332,7 @@ class Acme::Client
     connection.post(url, nil)
   end
 
-  def get(url, mode: :kid)
+  def get(url, mode: :get)
     connection = connection_for(url: url, mode: mode)
     connection.get(url)
   end
@@ -340,17 +356,7 @@ class Acme::Client
     )
   end
 
-  def fetch_chain(response, limit = 10)
-    links = response.headers['link']
-    if limit.zero? || links.nil? || links['up'].nil?
-      []
-    else
-      issuer = get(links['up'])
-      [OpenSSL::X509::Certificate.new(issuer.body), *fetch_chain(issuer, limit - 1)]
-    end
-  end
-
   def endpoint_for(key)
-    @directory.endpoint_for(key)
+    directory.endpoint_for(key)
   end
 end

metadata

@@ -1,29 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: acme-client
 version: !ruby/object:Gem::Version
-  version: 2.0.14
+  version: 2.0.17
 platform: ruby
 authors:
 - Charles Barbier
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-06-16 00:00:00.000000000 Z
+date: 2024-02-13 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: bundler
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.17.3
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.17.3
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -84,16 +70,16 @@ dependencies:
   name: webrick
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.7'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.7'
 - !ruby/object:Gem::Dependency
   name: faraday
   requirement: !ruby/object:Gem::Requirement
@@ -134,18 +120,13 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: 3.0.0
-description: 
+description:
 email:
 - unixcharles@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".github/workflows/rubocop.yml"
-- ".github/workflows/test.yml"
-- ".gitignore"
-- ".rspec"
-- ".rubocop.yml"
 - CHANGELOG.md
 - Gemfile
 - LICENSE.txt
@@ -153,6 +134,7 @@ files:
 - Rakefile
 - acme-client.gemspec
 - bin/console
+- bin/generate_keystash
 - bin/release
 - bin/setup
 - lib/acme-client.rb
@@ -184,7 +166,7 @@ homepage: http://github.com/unixcharles/acme-client
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -199,8 +181,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3.1
-signing_key: 
+rubygems_version: 3.4.20
+signing_key:
 specification_version: 4
 summary: Client for the ACME protocol.
 test_files: []

data/.github/workflows/rubocop.yml

@@ -1,23 +0,0 @@
-name: Lint
-
-on:
-  push:
-    branches: [ master ]
-  pull_request:
-    branches: [ master ]
-
-jobs:
-  rubocop:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        ruby-version: ['3.0']
-    steps:
-    - uses: actions/checkout@v2
-    - name: Set up Ruby
-      uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: ${{ matrix.ruby-version }}
-        bundler-cache: true # runs 'bundle install' and caches installed gems automatically
-    - name: Run tests
-      run: bundle exec rake rubocop

data/.github/workflows/test.yml

@@ -1,26 +0,0 @@
-name: CI
-
-on:
-  push:
-    branches: [ master ]
-  pull_request:
-    branches: [ master ]
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        ruby-version: ['2.7', '3.0', '3.1', '3.2']
-        faraday-version: ['~> 1.10', '~> 2.7']
-    env:
-      FARADAY_VERSION: ${{ matrix.faraday-version }}
-    steps:
-    - uses: actions/checkout@v2
-    - name: Set up Ruby
-      uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: ${{ matrix.ruby-version }}
-        bundler-cache: true # runs 'bundle install' and caches installed gems automatically
-    - name: Run tests
-      run: bundle exec rake spec

data/.gitignore

@@ -1,12 +0,0 @@
-/.bundle/
-/.yardoc
-/Gemfile.lock
-/_yardoc/
-/coverage/
-/doc/
-/pkg/
-/spec/reports/
-/tmp/
-/vendor/bundle
-/.idea/
-.tool-versions

data/.rspec

@@ -1,3 +0,0 @@
---format documentation
---color
---order rand

data/.rubocop.yml

@@ -1,134 +0,0 @@
-AllCops:
-  TargetRubyVersion: 2.1
-  Exclude:
-    - 'bin/*'
-    - 'vendor/**/*'
-
-Rails:
-  Enabled: false
-
-Layout/AlignParameters:
-  EnforcedStyle: with_fixed_indentation
-
-Layout/ElseAlignment:
-  Enabled: false
-
-Layout/FirstParameterIndentation:
-  EnforcedStyle: consistent
-
-Layout/IndentationWidth:
-  Enabled: false
-
-Layout/MultilineOperationIndentation:
-  Enabled: false
-
-Layout/SpaceInsideBlockBraces:
-  Enabled: false
-
-Lint/AmbiguousOperator:
-  Enabled: false
-
-Lint/AssignmentInCondition:
-  Enabled: false
-
-Lint/EndAlignment:
-  Enabled: false
-
-Lint/UnusedMethodArgument:
-  AllowUnusedKeywordArguments: true
-
-Metrics/AbcSize:
-  Enabled: false
-
-Metrics/BlockLength:
-  Enabled: false
-
-Metrics/ClassLength:
-  Enabled: false
-
-Metrics/CyclomaticComplexity:
-  Enabled: false
-
-Metrics/LineLength:
-  Max: 140
-
-Metrics/MethodLength:
-  Max: 15
-  Enabled: false
-
-Metrics/ParameterLists:
-  Max: 5
-  CountKeywordArgs: false
-
-Metrics/PerceivedComplexity:
-  Enabled: false
-
-Security/JSONLoad:
-  Enabled: false
-
-Style/AccessorMethodName:
-  Enabled: false
-
-Style/Alias:
-  Enabled: false
-
-Style/BlockDelimiters:
-  EnforcedStyle: semantic
-
-Style/ClassAndModuleChildren:
-  Enabled: false
-
-Style/Documentation:
-  Enabled: false
-
-Style/DoubleNegation:
-  Enabled: false
-
-Style/FileName:
-  Exclude:
-    - 'lib/acme-client.rb'
-
-Style/GlobalVars:
-  Enabled: false
-
-Style/GuardClause:
-  Enabled: false
-
-Style/IfUnlessModifier:
-  Enabled: false
-
-Style/Lambda:
-  Enabled: false
-
-Style/ModuleFunction:
-  Enabled: false
-
-Style/MultilineBlockChain:
-  Enabled: false
-
-Style/MultipleComparison:
-  Enabled: false
-
-Style/MutableConstant:
-  Enabled: false
-
-Style/ParallelAssignment:
-  Enabled: false
-
-Style/PercentLiteralDelimiters:
-  Enabled: false
-
-Style/SignalException:
-  EnforcedStyle: only_raise
-
-Style/SymbolArray:
-  Enabled: false
-
-Style/StringLiterals:
-  Enabled: single_quotes
-
-Style/TrailingCommaInArguments:
-  Enabled: false
-
-Style/TrivialAccessors:
-  AllowPredicates: true