acme-client 0.2.3 → 0.2.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +1 -1
- data/lib/acme-client.rb +1 -0
- data/lib/acme/client/certificate.rb +1 -1
- data/lib/acme/client/resources/authorization.rb +3 -1
- data/lib/acme/client/resources/challenges.rb +1 -0
- data/lib/acme/client/resources/challenges/tls_sni01.rb +25 -0
- data/lib/acme/client/self_sign_certificate.rb +50 -0
- data/lib/acme/client/version.rb +1 -1
- metadata +4 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e2bfc1b30ebefbb87d572378e91ac4d9e47552de
|
|
4
|
+
data.tar.gz: 51bedd0f2e79328154c044f98c354b0bb2db4860
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 03c36be67fa43961e1c61ce1ae9abaf0922042e4281240901b520f69bc38961e7690b7301cc95dc9be6962d9e23057f46fba3d154e56c33993f9abb767c29a14
|
|
7
|
+
data.tar.gz: fb2079a8eb3c28772b01655e211a82391ee76f68ecc41cc41f95b7b800dc04aec3c6d4f9f36f8574a7d53b7bd78edf7b908a81296065bf0f29d289500a6e5bab
|
data/README.md
CHANGED
data/lib/acme-client.rb
CHANGED
|
@@ -1,8 +1,9 @@
|
|
|
1
1
|
class Acme::Client::Resources::Authorization
|
|
2
2
|
HTTP01 = Acme::Client::Resources::Challenges::HTTP01
|
|
3
3
|
DNS01 = Acme::Client::Resources::Challenges::DNS01
|
|
4
|
+
TLSSNI01 = Acme::Client::Resources::Challenges::TLSSNI01
|
|
4
5
|
|
|
5
|
-
attr_reader :domain, :status, :http01, :dns01
|
|
6
|
+
attr_reader :domain, :status, :http01, :dns01, :tls_sni01
|
|
6
7
|
|
|
7
8
|
def initialize(client, response)
|
|
8
9
|
@client = client
|
|
@@ -17,6 +18,7 @@ class Acme::Client::Resources::Authorization
|
|
|
17
18
|
case attributes.fetch('type')
|
|
18
19
|
when 'http-01' then @http01 = HTTP01.new(@client, attributes)
|
|
19
20
|
when 'dns-01' then @dns01 = DNS01.new(@client, attributes)
|
|
21
|
+
when 'tls-sni-01' then @tls_sni01 = TLSSNI01.new(@client, attributes)
|
|
20
22
|
else
|
|
21
23
|
# no supported
|
|
22
24
|
end
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
class Acme::Client::Resources::Challenges::TLSSNI01 < Acme::Client::Resources::Challenges::Base
|
|
2
|
+
def hostname
|
|
3
|
+
digest = crypto.digest.hexdigest(authorization_key)
|
|
4
|
+
"#{digest[0..31]}.#{digest[32..64]}.acme.invalid"
|
|
5
|
+
end
|
|
6
|
+
|
|
7
|
+
def certificate
|
|
8
|
+
self_sign_certificate.certificate
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def private_key
|
|
12
|
+
self_sign_certificate.private_key
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def request_verification
|
|
16
|
+
response = client.connection.post(@uri, { resource: 'challenge', type: 'tls-sni-01', keyAuthorization: authorization_key })
|
|
17
|
+
response.success?
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
private
|
|
21
|
+
|
|
22
|
+
def self_sign_certificate
|
|
23
|
+
@self_sign_certificate ||= Acme::Client::SelfSignCertificate.new(subject_alt_names: [hostname])
|
|
24
|
+
end
|
|
25
|
+
end
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
class Acme::Client::SelfSignCertificate
|
|
2
|
+
attr_reader :private_key, :subject_alt_names, :not_before, :not_after
|
|
3
|
+
|
|
4
|
+
extend Forwardable
|
|
5
|
+
def_delegators :certificate, :to_pem, :to_der
|
|
6
|
+
|
|
7
|
+
def initialize(subject_alt_names:, not_before: default_not_before, not_after: default_not_after, private_key: generate_private_key)
|
|
8
|
+
@private_key = private_key
|
|
9
|
+
@subject_alt_names = subject_alt_names
|
|
10
|
+
@not_before = not_before
|
|
11
|
+
@not_after = not_after
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def certificate
|
|
15
|
+
@certificate ||= begin
|
|
16
|
+
certificate = OpenSSL::X509::Certificate.new
|
|
17
|
+
certificate.not_before = not_before
|
|
18
|
+
certificate.not_after = not_after
|
|
19
|
+
certificate.public_key = private_key.public_key
|
|
20
|
+
|
|
21
|
+
extension_factory = OpenSSL::X509::ExtensionFactory.new
|
|
22
|
+
extension_factory.subject_certificate = certificate
|
|
23
|
+
extension_factory.issuer_certificate = certificate
|
|
24
|
+
|
|
25
|
+
subject_alt_name_entry = subject_alt_names.map { |d| "DNS: #{d}" }.join(',')
|
|
26
|
+
subject_alt_name_extension = extension_factory.create_extension('subjectAltName', subject_alt_name_entry)
|
|
27
|
+
certificate.add_extension(subject_alt_name_extension)
|
|
28
|
+
|
|
29
|
+
certificate.sign(private_key, digest)
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
private
|
|
34
|
+
|
|
35
|
+
def generate_private_key
|
|
36
|
+
OpenSSL::PKey::RSA.new(2048)
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
def default_not_before
|
|
40
|
+
Time.now + 3600
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
def default_not_after
|
|
44
|
+
Time.now + 30 * 24 * 3600
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
def digest
|
|
48
|
+
OpenSSL::Digest::SHA256.new
|
|
49
|
+
end
|
|
50
|
+
end
|
data/lib/acme/client/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: acme-client
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Charles Barbier
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-12-
|
|
11
|
+
date: 2015-12-22 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -174,7 +174,9 @@ files:
|
|
|
174
174
|
- lib/acme/client/resources/challenges/base.rb
|
|
175
175
|
- lib/acme/client/resources/challenges/dns01.rb
|
|
176
176
|
- lib/acme/client/resources/challenges/http01.rb
|
|
177
|
+
- lib/acme/client/resources/challenges/tls_sni01.rb
|
|
177
178
|
- lib/acme/client/resources/registration.rb
|
|
179
|
+
- lib/acme/client/self_sign_certificate.rb
|
|
178
180
|
- lib/acme/client/version.rb
|
|
179
181
|
homepage: http://github.com/unixcharles/acme-client
|
|
180
182
|
licenses:
|