acme-client 0.4.1 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4adff8940d4acfa29ba2f6992f927ec475f26957
-  data.tar.gz: 50b37e6582a2cf0ffa1501ce8c31a4ff0589a367
+  metadata.gz: 1014fe983481bd49d8eaf71c0f0a746dc0a4ec4b
+  data.tar.gz: eb1fe3e04e23b00110454ad06f55c40542fa6254
 SHA512:
-  metadata.gz: f5ea7f5637190bb8f22b933ac6f7fb589a9db950e5b2c392bcfa1e109c7d12b33ebc24fd22bca746173d70c8971a3ef927b3626c67d82506cf4a5c7d902fadea
-  data.tar.gz: 71b5a3660e16344cca2e707a8ead61025b293e470a662c0d13991bf42e72def23b761b04254450ea24b7208fbfd4d362f1c930eceeb1dd0361a003b4586d8b51
+  metadata.gz: ce433ff66f5a5a837d997dbeb5f157e15fe43456ac238c24480f3064353f419f130d62153294f582e2651efc9ff037429ddc6a4f9630e46ee2ecbfbe16dfc90e
+  data.tar.gz: df0392f58d11037c3158e8c783afd5cc55d1a0f85baa5d195dfff1974424bfdb3a8112145349cffef3c4d957b622a3486fcce9ea93ca514d4c5d45d1280fcf7d

data/README.md

@@ -1,17 +1,18 @@
 # Acme::Client
+
 [![Build Status](https://travis-ci.org/unixcharles/acme-client.svg?branch=master)](https://travis-ci.org/unixcharles/acme-client)
 
 `acme-client` is a client implementation of the [ACME](https://letsencrypt.github.io/acme-spec) protocol in Ruby.
 
 You can find the ACME reference implementations of the [server](https://github.com/letsencrypt/boulder) in Go and the [client](https://github.com/letsencrypt/letsencrypt) in Python.
 
-ACME is part of the [Letsencrypt](https://letsencrypt.org/) project, which goal is to provide free SSL/TLS certificates with  automation of the acquiring and renewal process.
+ACME is part of the [Letsencrypt](https://letsencrypt.org/) project, which goal is to provide free SSL/TLS certificates with automation of the acquiring and renewal process.
 
 ## Installation
 
-Via Rubygems:
+Via RubyGems:
 
-	$ gem install acme-client
+    $ gem install acme-client
 
 Or add it to a Gemfile:
 
@@ -54,6 +55,14 @@ Before you are able to obtain certificates for your domain, you have to prove th
 ```ruby
 authorization = client.authorize(domain: 'example.org')
 
+# If authorization.status returns 'valid' here you can already get a certificate
+# and _must not_ try to solve another challenge.
+authorization.status # => 'pending'
+
+# You can can store the authorization's URI to fully recover it and
+# any associated challenges via Acme::Client#fetch_authorization.
+authorization.uri # => '...'
+
 # This example is using the http-01 challenge type. Other challenges are dns-01 or tls-sni-01.
 challenge = authorization.http01
 
@@ -90,12 +99,21 @@ challenge = client.challenge_from_hash(JSON.parse(File.read('challenge')))
 
 # Once you are ready to serve the confirmation request you can proceed.
 challenge.request_verification # => true
-challenge.verify_status # => 'pending'
+challenge.authorization.verify_status # => 'pending'
 
 # Wait a bit for the server to make the request, or just blink. It should be fast.
 sleep(1)
 
-challenge.verify_status # => 'valid'
+# Rely on authorization.verify_status more than on challenge.verify_status,
+# if the former is 'valid' you can already issue a certificate and the status of
+# the challenge is not relevant and in fact may never change from pending.
+challenge.authorization.verify_status # => 'valid'
+challenge.error # => nil
+
+# If authorization.verify_status is 'invalid', you can get at the error
+# message only through the failed challenge.
+authorization.verify_status # => 'invalid'
+authorization.http01.error # => {"type" => "...", "detail" => "..."}
 ```
 
 ### Obtain a certificate
@@ -130,7 +148,6 @@ File.write("fullchain.pem", certificate.fullchain_to_pem)
 # Not implemented
 
 - Recovery methods are not implemented.
-- proofOfPossession-01 is not implemented.
 
 # Requirements
 
@@ -139,7 +156,7 @@ Ruby >= 2.1
 ## Development
 
 All the tests use VCR to mock the interaction with the server but if you
-need to record new interation against the server simply clone boulder and
+need to record new interaction against the server simply clone boulder and
 run it normally with `./start.py`.
 
 ## Pull request?

data/lib/acme/client.rb

@@ -35,7 +35,7 @@ class Acme::Client
     load_directory!
   end
 
-  attr_reader :private_key, :nonces, :operation_endpoints
+  attr_reader :private_key, :nonces, :endpoint, :directory_uri, :operation_endpoints
 
   def register(contact:)
     payload = {
@@ -56,7 +56,12 @@ class Acme::Client
     }
 
     response = connection.post(@operation_endpoints.fetch('new-authz'), payload)
-    ::Acme::Client::Resources::Authorization.new(self, response)
+    ::Acme::Client::Resources::Authorization.new(self, response.headers['Location'], response)
+  end
+
+  def fetch_authorization(uri)
+    response = connection.get(uri)
+    ::Acme::Client::Resources::Authorization.new(self, uri, response)
   end
 
   def new_certificate(csr)
@@ -88,24 +93,6 @@ class Acme::Client
     end
   end
 
-  def challenge_from_hash(arguments)
-    attributes = arguments.to_h
-    %w(type uri token).each do |key|
-      raise ArgumentError, "missing key: #{key}" unless attributes.key?(key)
-    end
-
-    case attributes.fetch('type')
-    when 'http-01'
-      Acme::Client::Resources::Challenges::HTTP01.new(self, attributes)
-    when 'dns-01'
-      Acme::Client::Resources::Challenges::DNS01.new(self, attributes)
-    when 'tls-sni-01'
-      Acme::Client::Resources::Challenges::TLSSNI01.new(self, attributes)
-    else
-      raise 'Unsupported resource type'
-    end
-  end
-
   private
 
   def fetch_chain(response, limit = 10)

data/lib/acme/client/resources/authorization.rb

@@ -3,30 +3,42 @@ class Acme::Client::Resources::Authorization
   DNS01 = Acme::Client::Resources::Challenges::DNS01
   TLSSNI01 = Acme::Client::Resources::Challenges::TLSSNI01
 
-  attr_reader :domain, :status, :expires, :http01, :dns01, :tls_sni01
+  attr_reader :client, :uri, :domain, :status, :expires, :http01, :dns01, :tls_sni01
 
-  def initialize(client, response)
+  def initialize(client, uri, response)
     @client = client
-    assign_challenges(response.body['challenges'])
+    @uri = uri
     assign_attributes(response.body)
   end
 
-  private
+  def verify_status
+    response = @client.connection.get(@uri)
 
-  def assign_challenges(challenges)
-    challenges.each do |attributes|
-      case attributes.fetch('type')
-      when 'http-01' then @http01 = HTTP01.new(@client, attributes)
-      when 'dns-01' then @dns01 = DNS01.new(@client, attributes)
-      when 'tls-sni-01' then @tls_sni01 = TLSSNI01.new(@client, attributes)
-        # else no-op
-      end
-    end
+    assign_attributes(response.body)
+    status
   end
 
+  private
+
   def assign_attributes(body)
     @expires = Time.iso8601(body['expires']) if body.key? 'expires'
     @domain = body['identifier']['value']
     @status = body['status']
+    assign_challenges(body['challenges'])
+  end
+
+  def assign_challenges(challenges)
+    challenges.each do |attributes|
+      challenge = case attributes.fetch('type')
+                  when 'http-01'
+                    @http01 ||= HTTP01.new(self)
+                  when 'dns-01'
+                    @dns01 ||= DNS01.new(self)
+                  when 'tls-sni-01'
+                    @tls_sni01 ||= TLSSNI01.new(self)
+      end
+
+      challenge.assign_attributes(attributes) if challenge
+    end
   end
 end

data/lib/acme/client/resources/challenges/base.rb

@@ -1,26 +1,30 @@
 class Acme::Client::Resources::Challenges::Base
-  attr_reader :client, :status, :uri, :token, :error
+  attr_reader :authorization, :status, :uri, :token, :error
 
-  def initialize(client, attributes)
-    @client = client
-    assign_attributes(attributes)
+  def initialize(authorization)
+    @authorization = authorization
+  end
+
+  def client
+    authorization.client
   end
 
   def verify_status
-    response = @client.connection.get(@uri)
+    authorization.verify_status
 
-    assign_attributes(response.body)
-    @error = response.body['error']
     status
   end
 
   def request_verification
-    response = @client.connection.post(@uri, resource: 'challenge', type: challenge_type, keyAuthorization: authorization_key)
+    response = client.connection.post(@uri, resource: 'challenge', type: challenge_type, keyAuthorization: authorization_key)
     response.success?
   end
 
-  def to_h
-    { 'token' => token, 'uri' => uri, 'type' => challenge_type }
+  def assign_attributes(attributes)
+    @status = attributes.fetch('status', 'pending')
+    @uri = attributes.fetch('uri')
+    @token = attributes.fetch('token')
+    @error = attributes['error']
   end
 
   private
@@ -33,13 +37,7 @@ class Acme::Client::Resources::Challenges::Base
     "#{token}.#{crypto.thumbprint}"
   end
 
-  def assign_attributes(attributes)
-    @status = attributes.fetch('status', 'pending')
-    @uri = attributes.fetch('uri')
-    @token = attributes.fetch('token')
-  end
-
   def crypto
-    @crypto ||= Acme::Client::Crypto.new(@client.private_key)
+    @crypto ||= Acme::Client::Crypto.new(client.private_key)
   end
 end

data/lib/acme/client/version.rb

@@ -2,6 +2,6 @@
 
 module Acme
   class Client
-    VERSION = '0.4.1'.freeze
+    VERSION = '0.5.0'.freeze
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: acme-client
 version: !ruby/object:Gem::Version
-  version: 0.4.1
+  version: 0.5.0
 platform: ruby
 authors:
 - Charles Barbier
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-08-17 00:00:00.000000000 Z
+date: 2016-11-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler