acme-client 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +22 -15
- data/lib/acme/client.rb +6 -0
- data/lib/acme/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 16bb88e5400d61017d3265c400d093f074f141e4
|
|
4
|
+
data.tar.gz: 9bb02691a2abbe5ea25915eb6f42a82a61be8ac0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 068117a5dd211c110cc009ff1642b9fffdf78b6d54f3891f3a296a1af2940ee9217e76bf002f1a49a056672a02e58b63bc880710c8b3555a76953b18af85aaa7
|
|
7
|
+
data.tar.gz: e234b3e0037ebb1428896cd235d7edb882adc2fabd382fe97d86b232dbf3dbcaa93c28be78efc8069673f59cc3f6938e713e4eb10fc280a24416b84b28ed78e9
|
data/README.md
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
`acme-client` is a client implementation of the [ACME](https://letsencrypt.github.io/acme-spec) protocol in Ruby.
|
|
4
4
|
|
|
5
|
-
You can find the server reference implementation for ACME server
|
|
5
|
+
You can find the server reference implementation for ACME server [here](github.com/letsencrypt/boulder) and also the a reference [client](github.com/letsencrypt/letsencrypt) in python.
|
|
6
6
|
|
|
7
7
|
ACME is part of the [Letsencrypt](https://letsencrypt.org/) project, that are working hard at encrypting all the things.
|
|
8
8
|
|
|
@@ -18,48 +18,55 @@ endpoint = 'http://letsencrypt.com/'
|
|
|
18
18
|
# Initialize the client
|
|
19
19
|
client = Acme::Client.new(private_key: private_key, endpoint: endpoint)
|
|
20
20
|
|
|
21
|
-
# If the private key is not known to the server we need to register for the first time.
|
|
21
|
+
# If the private key is not known to the server, we need to register it for the first time.
|
|
22
22
|
registration = client.register(contact: 'mailto:unixcharles@gmail.com')
|
|
23
23
|
|
|
24
|
-
# You'll need to agree the term (that's up the to the server to require it or not but boulder does by default)
|
|
24
|
+
# You'll may need to agree to the term (that's up the to the server to require it or not but boulder does by default)
|
|
25
25
|
registration.agree_terms
|
|
26
26
|
|
|
27
27
|
# Let's try to optain a certificate for yourdomain.com
|
|
28
|
+
|
|
29
|
+
# We need to prove that we control the domain using one of the challanges method.
|
|
28
30
|
authorization = client.authorize(domain: 'yourdomain.com')
|
|
29
31
|
|
|
30
|
-
#
|
|
32
|
+
# For now the only challenge method supprted by the client is simple_http.
|
|
31
33
|
simple_http = authorization.simple_http
|
|
32
34
|
|
|
33
35
|
# The SimpleHTTP method will require you to response to an HTTP request.
|
|
34
36
|
|
|
35
|
-
# You can
|
|
37
|
+
# You can retrieve the expected path for the file.
|
|
36
38
|
simple_http.filename # => ".well-known/acme-challenge/:some_token"
|
|
37
39
|
|
|
38
|
-
# You can
|
|
40
|
+
# You can generate the body of the expected response.
|
|
39
41
|
simple_http.file_content # => 'string of JWS signed json'
|
|
40
42
|
|
|
41
|
-
# You can send no Content-Type at all but if you send one it has to be 'application/jose+json'
|
|
43
|
+
# You can send no Content-Type at all but if you send one it has to be 'application/jose+json'.
|
|
42
44
|
simple_http.content_type
|
|
43
45
|
|
|
44
46
|
# Once you are ready to serve the confirmation request you can proceed.
|
|
45
47
|
simple_http.request_verification # => true
|
|
46
48
|
simple_http.verify_status # => 'pending'
|
|
47
49
|
|
|
48
|
-
# Wait a bit for the server to make the request, or really just blink, should be fast.
|
|
50
|
+
# Wait a bit for the server to make the request, or really just blink, it should be fast.
|
|
49
51
|
sleep(1)
|
|
50
52
|
|
|
51
|
-
simple_http.verify_status # => '
|
|
53
|
+
simple_http.verify_status # => 'valid'
|
|
54
|
+
|
|
55
|
+
# We're going to need a CSR, lets do this real quick with Ruby+OpenSSL.
|
|
56
|
+
csr = OpenSSL::X509::Request.new
|
|
57
|
+
|
|
58
|
+
# We need a private key for the certificate, not the same as the account key.
|
|
59
|
+
certificate_private_key = OpenSSL::PKey::RSA.new(2048)
|
|
52
60
|
|
|
53
|
-
# We
|
|
54
|
-
|
|
55
|
-
request.subject = OpenSSL::X509::Name.new([
|
|
61
|
+
# We just going to add the domain but normally you might want to provide more information.
|
|
62
|
+
csr.subject = OpenSSL::X509::Name.new([
|
|
56
63
|
['CN', common_name, OpenSSL::ASN1::UTF8STRING]
|
|
57
64
|
])
|
|
58
65
|
|
|
59
|
-
|
|
60
|
-
|
|
66
|
+
csr.public_key = certificate_private_key.public_key
|
|
67
|
+
csr.sign(private_key, OpenSSL::Digest::SHA256.new)
|
|
61
68
|
|
|
62
|
-
#
|
|
69
|
+
# We can now request a certificate
|
|
63
70
|
client.new_certificate(csr) # => #<OpenSSL::X509::Certificate ....>
|
|
64
71
|
```
|
|
65
72
|
|
data/lib/acme/client.rb
CHANGED
|
@@ -1,5 +1,11 @@
|
|
|
1
1
|
class Acme::Client
|
|
2
2
|
DEFAULT_ENDPOINT = 'http://127.0.0.1:4000'
|
|
3
|
+
DIRECTORY_DEFAULT = {
|
|
4
|
+
'new-authz' => '/acme/new-authz',
|
|
5
|
+
'new-cert' => '/acme/new-cert',
|
|
6
|
+
'new-reg' => '/acme/new-reg',
|
|
7
|
+
'revoke-cert' => '/acme/revoke-cert'
|
|
8
|
+
}
|
|
3
9
|
|
|
4
10
|
def initialize(endpoint: DEFAULT_ENDPOINT, directory_uri: nil, private_key:)
|
|
5
11
|
@endpoint, @private_key, @directory_uri = endpoint, private_key, directory_uri
|
data/lib/acme/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: acme-client
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Charles Barbier
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-
|
|
11
|
+
date: 2015-09-09 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|