acme-client 2.0.16 → 2.0.18

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f26a6196b6e5f7bfe464c6d5e3068f29a295c914aaa2af7a086b949cfb00e132
-  data.tar.gz: 20ae05784979ec85c880736ded0915de4ad07a743262eb203a089e7fd7fbf79c
+  metadata.gz: 88c2953c9fcfd9a7f7825b4c69b2cf0ff86befb504914e6f78b03f6fdaab052b
+  data.tar.gz: bddedcd46dc0b2d1224a7d409916668aa31bfad3c6576a0d09376257c654f434
 SHA512:
-  metadata.gz: 1c89f451807ab8f10529c3feabc4d96d961bddfc915eeaa2cc76d9f4ed31b9e6376e80327f82ce0daafa7df2d74e5585403b354cb53d1942b1e5bf0db9c4c0d0
-  data.tar.gz: 21970923591d7133201257ad95e456b429eb3d906bd12d1fcd17a0305ba2edce0e16d0bdd8edfbb03764d8d35b2a845f08a0f5e6e116385735d6e081b7d094e2
+  metadata.gz: 999d2d254b29f3fdefe3af90333091c5a034d5aa3b3c3274bfe1c7787fe9c14723bf288ba0d7e4dce5fa3aad3352ecd0ef49bd60c93f4b51ab7e5d51017a9a1e
+  data.tar.gz: 0d16f423760bd8f714ce94de1767201dd8c842ae3fca2ec8d93c7364ea15c61f24f9c66c4175e2d7091cf263467caeb4a5e049f996c92173d64269ba5c11629b

data/CHANGELOG.md

@@ -1,3 +1,11 @@
+## `2.0.18`
+
+* Fix an issue public key encoding. `OpenSSL::BN` cause keys with leading zero to fail.
+
+## `2.0.17`
+
+* Fix bug where depending on call order `jws` get generated with the wrong `kid`
+
 ## `2.0.16`
 
 * Refactor Directory

data/Gemfile

@@ -8,6 +8,5 @@ end
 
 group :development, :test do
   gem 'pry'
-  gem 'rubocop', '~> 0.49.0'
   gem 'ruby-prof', require: false
 end

data/README.md

@@ -1,13 +1,11 @@
 # Acme::Client
 
-`acme-client` is a client implementation of the ACMEv2 / [RFC 8555](https://tools.ietf.org/html/rfc8555) protocol in Ruby.
+`acme-client` is a client implementation of the ACME / [RFC 8555](https://tools.ietf.org/html/rfc8555) protocol in Ruby.
 
 You can find the ACME reference implementations of the [server](https://github.com/letsencrypt/boulder) in Go and the [client](https://github.com/certbot/certbot) in Python.
 
 ACME is part of the [Letsencrypt](https://letsencrypt.org/) project, which goal is to provide free SSL/TLS certificates with automation of the acquiring and renewal process.
 
-You can find ACMEv1 compatible client in the [acme-v1](https://github.com/unixcharles/acme-client/tree/acme-v1) branch.
-
 ## Installation
 
 Via RubyGems:
@@ -207,8 +205,7 @@ order.certificate # => PEM-formatted certificate
 
 ### Ordering an alternative certificate
 
-Let's Encrypt is [transitioning](https://letsencrypt.org/2019/04/15/transitioning-to-isrg-root.html) to use a new intermediate certificate. Starting January 11, 2021 new certificates will be signed by their own intermediate. To ease the transition on clients Let's Encrypt will continue signing an alternative version of the certificate using the old, cross-signed intermediate until September 29, 2021. In order to utilize an alternative certificate the `Order#certificate` method accepts a `force_chain` keyword argument, which takes the issuer name of the intermediate certificate.
-For example, to download the cross-signed certificate after January 11, 2021, call `Order#certificate` as follows:
+The provider may provide alternate certificate with different certificate chain. You can specify the required chain and the client will automatically download alternate certificate and match the chain by name.
 
 ```ruby
 begin
@@ -249,7 +246,7 @@ client.account_key_change(new_private_key: new_private_key)
 
 ## Requirements
 
-Ruby >= 2.1
+Ruby >= 3.0
 
 ## Development
 

data/Rakefile

@@ -3,7 +3,4 @@ require 'bundler/gem_tasks'
 require 'rspec/core/rake_task'
 RSpec::Core::RakeTask.new(:spec)
 
-require 'rubocop/rake_task'
-RuboCop::RakeTask.new
-
-task default: [:spec, :rubocop]
+task default: [:spec]

data/acme-client.gemspec

@@ -16,12 +16,11 @@ Gem::Specification.new do |spec|
 
   spec.required_ruby_version = '>= 2.3.0'
 
-  spec.add_development_dependency 'bundler', '>= 1.17.3'
   spec.add_development_dependency 'rake', '~> 13.0'
   spec.add_development_dependency 'rspec', '~> 3.9'
   spec.add_development_dependency 'vcr', '~> 2.9'
   spec.add_development_dependency 'webmock', '~> 3.8'
-  spec.add_development_dependency 'webrick'
+  spec.add_development_dependency 'webrick', '~> 1.7'
 
   spec.add_runtime_dependency 'faraday', '>= 1.0', '< 3.0.0'
   spec.add_runtime_dependency 'faraday-retry', '>= 1.0', '< 3.0.0'

data/bin/generate_keystash

@@ -0,0 +1,9 @@
+#!/usr/bin/env ruby
+
+require 'bundler/setup'
+require 'acme-client'
+
+require File.join(File.dirname(__FILE__), '../spec/support/ssl_helper')
+
+
+SSLHelper::KEYSTASH.generate_keystash!(size: 200)

data/lib/acme/client/jwk/ecdsa.rb

@@ -50,8 +50,8 @@ class Acme::Client::JWK::ECDSA < Acme::Client::JWK::Base
     {
       crv: @curve_params[:jwa_crv],
       kty: 'EC',
-      x: Acme::Client::Util.urlsafe_base64(coordinates[:x].to_s(2)),
-      y: Acme::Client::Util.urlsafe_base64(coordinates[:y].to_s(2))
+      x: Acme::Client::Util.urlsafe_base64(coordinates[:x]),
+      y: Acme::Client::Util.urlsafe_base64(coordinates[:y])
     }
   end
 
@@ -92,8 +92,8 @@ class Acme::Client::JWK::ECDSA < Acme::Client::JWK::Base
       hex_y = hex[2 + data_len / 2, data_len / 2]
 
       {
-        x: OpenSSL::BN.new([hex_x].pack('H*'), 2),
-        y: OpenSSL::BN.new([hex_y].pack('H*'), 2)
+        x: [hex_x].pack('H*'),
+        y: [hex_y].pack('H*')
       }
     end
   end

data/lib/acme/client/resources/authorization.rb

@@ -56,7 +56,7 @@ class Acme::Client::Resources::Authorization
       type: attributes.fetch('type'),
       status: attributes.fetch('status'),
       url: attributes.fetch('url'),
-      token: attributes.fetch('token'),
+      token: attributes.fetch('token', nil),
       error: attributes['error']
     }
     Acme::Client::Resources::Challenges.new(@client, **arguments)

data/lib/acme/client/version.rb

@@ -2,6 +2,6 @@
 
 module Acme
   class Client
-    VERSION = '2.0.16'.freeze
+    VERSION = '2.0.18'.freeze
   end
 end

data/lib/acme/client.rb

@@ -332,7 +332,7 @@ class Acme::Client
     connection.post(url, nil)
   end
 
-  def get(url, mode: :kid)
+  def get(url, mode: :get)
     connection = connection_for(url: url, mode: mode)
     connection.get(url)
   end
@@ -356,16 +356,6 @@ class Acme::Client
     )
   end
 
-  def fetch_chain(response, limit = 10)
-    links = response.headers['link']
-    if limit.zero? || links.nil? || links['up'].nil?
-      []
-    else
-      issuer = get(links['up'])
-      [OpenSSL::X509::Certificate.new(issuer.body), *fetch_chain(issuer, limit - 1)]
-    end
-  end
-
   def endpoint_for(key)
     directory.endpoint_for(key)
   end

metadata

@@ -1,29 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: acme-client
 version: !ruby/object:Gem::Version
-  version: 2.0.16
+  version: 2.0.18
 platform: ruby
 authors:
 - Charles Barbier
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-01-16 00:00:00.000000000 Z
+date: 2024-06-14 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: bundler
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.17.3
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.17.3
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -84,16 +70,16 @@ dependencies:
   name: webrick
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.7'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.7'
 - !ruby/object:Gem::Dependency
   name: faraday
   requirement: !ruby/object:Gem::Requirement
@@ -148,6 +134,7 @@ files:
 - Rakefile
 - acme-client.gemspec
 - bin/console
+- bin/generate_keystash
 - bin/release
 - bin/setup
 - lib/acme-client.rb