acme-client 2.0.15 → 2.0.17
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -0
- data/Gemfile +0 -1
- data/README.md +3 -6
- data/Rakefile +1 -4
- data/acme-client.gemspec +1 -2
- data/bin/generate_keystash +9 -0
- data/lib/acme/client/resources/authorization.rb +1 -1
- data/lib/acme/client/resources/directory.rb +9 -23
- data/lib/acme/client/version.rb +1 -1
- data/lib/acme/client.rb +24 -18
- metadata +8 -21
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 417bc7e66063768660e078a24866ac390792f42c861742054ee4d6269297bb3d
|
|
4
|
+
data.tar.gz: 29d839f6c57f17ca85dcce3bad8b505bf9bc75a7ae4ea5baca55c341b29cf238
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b769d1192fcbf7468cea7637a79398d19a1561da94e34e1e08c15108dba6923b2f2c4d38c2a6404699111b42455c97217eec46ba5fbb66c6a0e0661230743b0b
|
|
7
|
+
data.tar.gz: aa3deacd0ad900db154efaf3d6e231faf2b8f8ac01e9a02cfafb4b17f7993e13c8bad00321545b4a042e49ba68540b4be874ca5024828ac0299edf7c47d7c246
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,12 @@
|
|
|
1
|
+
## `2.0.17`
|
|
2
|
+
|
|
3
|
+
* Fix bug where depending on call order `jws` get generated with the wrong `kid`
|
|
4
|
+
|
|
5
|
+
## `2.0.16`
|
|
6
|
+
|
|
7
|
+
* Refactor Directory
|
|
8
|
+
* Fix an issue where the client would crash when ACME provider return nonce for directory endpoint
|
|
9
|
+
|
|
1
10
|
## `2.0.15`
|
|
2
11
|
|
|
3
12
|
* Also pass connection_options to Faraday for Client#get_nonce
|
data/Gemfile
CHANGED
data/README.md
CHANGED
|
@@ -1,13 +1,11 @@
|
|
|
1
1
|
# Acme::Client
|
|
2
2
|
|
|
3
|
-
`acme-client` is a client implementation of the
|
|
3
|
+
`acme-client` is a client implementation of the ACME / [RFC 8555](https://tools.ietf.org/html/rfc8555) protocol in Ruby.
|
|
4
4
|
|
|
5
5
|
You can find the ACME reference implementations of the [server](https://github.com/letsencrypt/boulder) in Go and the [client](https://github.com/certbot/certbot) in Python.
|
|
6
6
|
|
|
7
7
|
ACME is part of the [Letsencrypt](https://letsencrypt.org/) project, which goal is to provide free SSL/TLS certificates with automation of the acquiring and renewal process.
|
|
8
8
|
|
|
9
|
-
You can find ACMEv1 compatible client in the [acme-v1](https://github.com/unixcharles/acme-client/tree/acme-v1) branch.
|
|
10
|
-
|
|
11
9
|
## Installation
|
|
12
10
|
|
|
13
11
|
Via RubyGems:
|
|
@@ -207,8 +205,7 @@ order.certificate # => PEM-formatted certificate
|
|
|
207
205
|
|
|
208
206
|
### Ordering an alternative certificate
|
|
209
207
|
|
|
210
|
-
|
|
211
|
-
For example, to download the cross-signed certificate after January 11, 2021, call `Order#certificate` as follows:
|
|
208
|
+
The provider may provide alternate certificate with different certificate chain. You can specify the required chain and the client will automatically download alternate certificate and match the chain by name.
|
|
212
209
|
|
|
213
210
|
```ruby
|
|
214
211
|
begin
|
|
@@ -249,7 +246,7 @@ client.account_key_change(new_private_key: new_private_key)
|
|
|
249
246
|
|
|
250
247
|
## Requirements
|
|
251
248
|
|
|
252
|
-
Ruby >=
|
|
249
|
+
Ruby >= 3.0
|
|
253
250
|
|
|
254
251
|
## Development
|
|
255
252
|
|
data/Rakefile
CHANGED
data/acme-client.gemspec
CHANGED
|
@@ -16,12 +16,11 @@ Gem::Specification.new do |spec|
|
|
|
16
16
|
|
|
17
17
|
spec.required_ruby_version = '>= 2.3.0'
|
|
18
18
|
|
|
19
|
-
spec.add_development_dependency 'bundler', '>= 1.17.3'
|
|
20
19
|
spec.add_development_dependency 'rake', '~> 13.0'
|
|
21
20
|
spec.add_development_dependency 'rspec', '~> 3.9'
|
|
22
21
|
spec.add_development_dependency 'vcr', '~> 2.9'
|
|
23
22
|
spec.add_development_dependency 'webmock', '~> 3.8'
|
|
24
|
-
spec.add_development_dependency 'webrick'
|
|
23
|
+
spec.add_development_dependency 'webrick', '~> 1.7'
|
|
25
24
|
|
|
26
25
|
spec.add_runtime_dependency 'faraday', '>= 1.0', '< 3.0.0'
|
|
27
26
|
spec.add_runtime_dependency 'faraday-retry', '>= 1.0', '< 3.0.0'
|
|
@@ -56,7 +56,7 @@ class Acme::Client::Resources::Authorization
|
|
|
56
56
|
type: attributes.fetch('type'),
|
|
57
57
|
status: attributes.fetch('status'),
|
|
58
58
|
url: attributes.fetch('url'),
|
|
59
|
-
token: attributes.fetch('token'),
|
|
59
|
+
token: attributes.fetch('token', nil),
|
|
60
60
|
error: attributes['error']
|
|
61
61
|
}
|
|
62
62
|
Acme::Client::Resources::Challenges.new(@client, **arguments)
|
|
@@ -17,12 +17,13 @@ class Acme::Client::Resources::Directory
|
|
|
17
17
|
external_account_required: 'externalAccountRequired'
|
|
18
18
|
}
|
|
19
19
|
|
|
20
|
-
def initialize(
|
|
21
|
-
@
|
|
20
|
+
def initialize(client, **arguments)
|
|
21
|
+
@client = client
|
|
22
|
+
assign_attributes(**arguments)
|
|
22
23
|
end
|
|
23
24
|
|
|
24
25
|
def endpoint_for(key)
|
|
25
|
-
directory.fetch(key) do |missing_key|
|
|
26
|
+
@directory.fetch(key) do |missing_key|
|
|
26
27
|
raise Acme::Client::Error::UnsupportedOperation,
|
|
27
28
|
"Directory at #{@url} does not include `#{missing_key}`"
|
|
28
29
|
end
|
|
@@ -45,31 +46,16 @@ class Acme::Client::Resources::Directory
|
|
|
45
46
|
end
|
|
46
47
|
|
|
47
48
|
def meta
|
|
48
|
-
directory[:meta]
|
|
49
|
+
@directory[:meta]
|
|
49
50
|
end
|
|
50
51
|
|
|
51
52
|
private
|
|
52
53
|
|
|
53
|
-
def directory
|
|
54
|
-
@directory
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
def load_directory
|
|
58
|
-
body = fetch_directory
|
|
59
|
-
result = {}
|
|
60
|
-
result[:meta] = body.delete('meta')
|
|
54
|
+
def assign_attributes(directory:)
|
|
55
|
+
@directory = {}
|
|
56
|
+
@directory[:meta] = directory.delete('meta')
|
|
61
57
|
DIRECTORY_RESOURCES.each do |key, entry|
|
|
62
|
-
|
|
58
|
+
@directory[key] = URI(directory[entry]) if directory[entry]
|
|
63
59
|
end
|
|
64
|
-
result
|
|
65
|
-
rescue JSON::ParserError => exception
|
|
66
|
-
raise Acme::Client::Error::InvalidDirectory,
|
|
67
|
-
"Invalid directory url\n#{@directory} did not return a valid directory\n#{exception.inspect}"
|
|
68
|
-
end
|
|
69
|
-
|
|
70
|
-
def fetch_directory
|
|
71
|
-
http_client = Acme::Client::HTTPClient.new_acme_connection(url: @directory, options: @connection_options, client: nil, mode: nil)
|
|
72
|
-
response = http_client.get(@url)
|
|
73
|
-
response.body
|
|
74
60
|
end
|
|
75
61
|
end
|
data/lib/acme/client/version.rb
CHANGED
data/lib/acme/client.rb
CHANGED
|
@@ -44,7 +44,7 @@ class Acme::Client
|
|
|
44
44
|
|
|
45
45
|
@kid, @connection_options = kid, connection_options
|
|
46
46
|
@bad_nonce_retry = bad_nonce_retry
|
|
47
|
-
@
|
|
47
|
+
@directory_url = URI(directory)
|
|
48
48
|
@nonces ||= []
|
|
49
49
|
end
|
|
50
50
|
|
|
@@ -229,28 +229,44 @@ class Acme::Client
|
|
|
229
229
|
true
|
|
230
230
|
end
|
|
231
231
|
|
|
232
|
+
def directory
|
|
233
|
+
@directory ||= load_directory
|
|
234
|
+
end
|
|
235
|
+
|
|
232
236
|
def meta
|
|
233
|
-
|
|
237
|
+
directory.meta
|
|
234
238
|
end
|
|
235
239
|
|
|
236
240
|
def terms_of_service
|
|
237
|
-
|
|
241
|
+
directory.terms_of_service
|
|
238
242
|
end
|
|
239
243
|
|
|
240
244
|
def website
|
|
241
|
-
|
|
245
|
+
directory.website
|
|
242
246
|
end
|
|
243
247
|
|
|
244
248
|
def caa_identities
|
|
245
|
-
|
|
249
|
+
directory.caa_identities
|
|
246
250
|
end
|
|
247
251
|
|
|
248
252
|
def external_account_required
|
|
249
|
-
|
|
253
|
+
directory.external_account_required
|
|
250
254
|
end
|
|
251
255
|
|
|
252
256
|
private
|
|
253
257
|
|
|
258
|
+
def load_directory
|
|
259
|
+
Acme::Client::Resources::Directory.new(self, directory: fetch_directory)
|
|
260
|
+
end
|
|
261
|
+
|
|
262
|
+
def fetch_directory
|
|
263
|
+
response = get(@directory_url)
|
|
264
|
+
response.body
|
|
265
|
+
rescue JSON::ParserError => exception
|
|
266
|
+
raise Acme::Client::Error::InvalidDirectory,
|
|
267
|
+
"Invalid directory url\n#{@directory_url} did not return a valid directory\n#{exception.inspect}"
|
|
268
|
+
end
|
|
269
|
+
|
|
254
270
|
def prepare_order_identifiers(identifiers)
|
|
255
271
|
if identifiers.is_a?(Hash)
|
|
256
272
|
[identifiers]
|
|
@@ -316,7 +332,7 @@ class Acme::Client
|
|
|
316
332
|
connection.post(url, nil)
|
|
317
333
|
end
|
|
318
334
|
|
|
319
|
-
def get(url, mode: :
|
|
335
|
+
def get(url, mode: :get)
|
|
320
336
|
connection = connection_for(url: url, mode: mode)
|
|
321
337
|
connection.get(url)
|
|
322
338
|
end
|
|
@@ -340,17 +356,7 @@ class Acme::Client
|
|
|
340
356
|
)
|
|
341
357
|
end
|
|
342
358
|
|
|
343
|
-
def fetch_chain(response, limit = 10)
|
|
344
|
-
links = response.headers['link']
|
|
345
|
-
if limit.zero? || links.nil? || links['up'].nil?
|
|
346
|
-
[]
|
|
347
|
-
else
|
|
348
|
-
issuer = get(links['up'])
|
|
349
|
-
[OpenSSL::X509::Certificate.new(issuer.body), *fetch_chain(issuer, limit - 1)]
|
|
350
|
-
end
|
|
351
|
-
end
|
|
352
|
-
|
|
353
359
|
def endpoint_for(key)
|
|
354
|
-
|
|
360
|
+
directory.endpoint_for(key)
|
|
355
361
|
end
|
|
356
362
|
end
|
metadata
CHANGED
|
@@ -1,29 +1,15 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: acme-client
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.0.
|
|
4
|
+
version: 2.0.17
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Charles Barbier
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2024-02-13 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
|
-
- !ruby/object:Gem::Dependency
|
|
14
|
-
name: bundler
|
|
15
|
-
requirement: !ruby/object:Gem::Requirement
|
|
16
|
-
requirements:
|
|
17
|
-
- - ">="
|
|
18
|
-
- !ruby/object:Gem::Version
|
|
19
|
-
version: 1.17.3
|
|
20
|
-
type: :development
|
|
21
|
-
prerelease: false
|
|
22
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
23
|
-
requirements:
|
|
24
|
-
- - ">="
|
|
25
|
-
- !ruby/object:Gem::Version
|
|
26
|
-
version: 1.17.3
|
|
27
13
|
- !ruby/object:Gem::Dependency
|
|
28
14
|
name: rake
|
|
29
15
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -84,16 +70,16 @@ dependencies:
|
|
|
84
70
|
name: webrick
|
|
85
71
|
requirement: !ruby/object:Gem::Requirement
|
|
86
72
|
requirements:
|
|
87
|
-
- - "
|
|
73
|
+
- - "~>"
|
|
88
74
|
- !ruby/object:Gem::Version
|
|
89
|
-
version: '
|
|
75
|
+
version: '1.7'
|
|
90
76
|
type: :development
|
|
91
77
|
prerelease: false
|
|
92
78
|
version_requirements: !ruby/object:Gem::Requirement
|
|
93
79
|
requirements:
|
|
94
|
-
- - "
|
|
80
|
+
- - "~>"
|
|
95
81
|
- !ruby/object:Gem::Version
|
|
96
|
-
version: '
|
|
82
|
+
version: '1.7'
|
|
97
83
|
- !ruby/object:Gem::Dependency
|
|
98
84
|
name: faraday
|
|
99
85
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -148,6 +134,7 @@ files:
|
|
|
148
134
|
- Rakefile
|
|
149
135
|
- acme-client.gemspec
|
|
150
136
|
- bin/console
|
|
137
|
+
- bin/generate_keystash
|
|
151
138
|
- bin/release
|
|
152
139
|
- bin/setup
|
|
153
140
|
- lib/acme-client.rb
|
|
@@ -194,7 +181,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
194
181
|
- !ruby/object:Gem::Version
|
|
195
182
|
version: '0'
|
|
196
183
|
requirements: []
|
|
197
|
-
rubygems_version: 3.4.
|
|
184
|
+
rubygems_version: 3.4.20
|
|
198
185
|
signing_key:
|
|
199
186
|
specification_version: 4
|
|
200
187
|
summary: Client for the ACME protocol.
|