acme-client 2.0.13 → 2.0.14

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6f1ddedbabab0a9c650d03b7d9ee3852957df27f939ca7cd5d40afb3b8e28007
-  data.tar.gz: 8c8fef020ae33d330964d783bd8469ded84b3a3251bd4bdb843c13977aa061e1
+  metadata.gz: 6238349e171138af08de444bf08268ab3bebab0c4d0497bee91d9d4a30d397ab
+  data.tar.gz: 9928049d9997c284cec6d75e12bf6b5f07150459775d8f852adbc09b7c923178
 SHA512:
-  metadata.gz: eb71c795a68697c419f47f1ca6ae4e8e1b3ff74d6b1df9c9d8c59fd5153eb2a4d26e9613b225990b8296193c7b0b86ec1db06877c7f46def97ab44d186f72905
-  data.tar.gz: 5804bd0b338e86fdd782687b3191b5c37e77ac18d3e7da75d02452b82a641289e793f8ebe0a1b4659ecde7109d816e3801baac2ac71c906637ef79d73c19f105
+  metadata.gz: 8543f742ee8fe3822c8c989a7e5f8b1f75473f01a36d7a2218c44b43ebec55fa538beabc4545c4798a7b35005ad1fddbd0ed59dbae6942413812fae9ce625f92
+  data.tar.gz: 77cd41773aa293bcb65ebdb9489c500a06b144e0efb2dc5af23baa8dec8c36c1af32fd9f1c97eb77e40eb4a521a9c904448d5765f64dcbe56a67f4907225aaf3

data/CHANGELOG.md

@@ -1,4 +1,8 @@
-## `2.0.12`
+## `2.0.14`
+
+* Fix Faraday HTTP exceptions leaking out, always raise `Acme::Client::Error` instead
+
+## `2.0.13`
 
 * Add support for External Account Binding
 

data/README.md

@@ -244,7 +244,7 @@ To change the key used for an account you can call `#account_key_change` with th
 ```ruby
 require 'openssl'
 new_private_key = OpenSSL::PKey::RSA.new(4096)
-client.account_key_change(private_key: new_private_key)
+client.account_key_change(new_private_key: new_private_key)
 ```
 
 ## Requirements

data/lib/acme/client/http_client.rb

@@ -0,0 +1,162 @@
+# frozen_string_literal: true
+
+module Acme::Client::HTTPClient
+  # Creates and returns a new HTTP client, with default settings.
+  #
+  # @param  url [URI:HTTPS]
+  # @param  options [Hash]
+  # @return [Faraday::Connection]
+  def self.new_connection(url:, options: {})
+    Faraday.new(url, options) do |configuration|
+      configuration.use Acme::Client::HTTPClient::ErrorMiddleware
+
+      yield(configuration) if block_given?
+
+      configuration.headers[:user_agent] = Acme::Client::USER_AGENT
+      configuration.adapter Faraday.default_adapter
+    end
+  end
+
+  # Creates and returns a new HTTP client designed for the Acme-protocol, with default settings.
+  #
+  # @param  url [URI:HTTPS]
+  # @param  client [Acme::Client]
+  # @param  mode [Symbol]
+  # @param  options [Hash]
+  # @param  bad_nonce_retry [Integer]
+  # @return [Faraday::Connection]
+  def self.new_acme_connection(url:, client:, mode:, options: {}, bad_nonce_retry: 0)
+    new_connection(url: url, options: options) do |configuration|
+      if bad_nonce_retry > 0
+        configuration.request(:retry,
+          max: bad_nonce_retry,
+          methods: Faraday::Connection::METHODS,
+          exceptions: [Acme::Client::Error::BadNonce])
+      end
+
+      configuration.use Acme::Client::HTTPClient::AcmeMiddleware, client: client, mode: mode
+
+      yield(configuration) if block_given?
+    end
+  end
+
+  # ErrorMiddleware ensures the HTTP Client would not raise exceptions outside the Acme namespace.
+  #
+  # Exceptions are rescued and re-packaged as Acme exceptions.
+  class ErrorMiddleware < Faraday::Middleware
+    # Implements the Rack-alike Faraday::Middleware interface.
+    def call(env)
+      @app.call(env)
+    rescue Faraday::TimeoutError, Faraday::ConnectionFailed
+      raise Acme::Client::Error::Timeout
+    end
+  end
+
+  # AcmeMiddleware implements the Acme-protocol requirements for JWK requests.
+  class AcmeMiddleware < Faraday::Middleware
+    attr_reader :env, :response, :client
+
+    CONTENT_TYPE = 'application/jose+json'
+
+    def initialize(app, options)
+      super(app)
+      @client = options.fetch(:client)
+      @mode = options.fetch(:mode)
+    end
+
+    def call(env)
+      @env = env
+      @env[:request_headers]['Content-Type'] = CONTENT_TYPE
+
+      if @env.method != :get
+        @env.body = client.jwk.jws(header: jws_header, payload: env.body)
+      end
+
+      @app.call(env).on_complete { |response_env| on_complete(response_env) }
+    end
+
+    def on_complete(env)
+      @env = env
+
+      raise_on_not_found!
+      store_nonce
+      env.body = decode_body
+      env.response_headers['Link'] = decode_link_headers
+
+      return if env.success?
+
+      raise_on_error!
+    end
+
+    private
+
+    def jws_header
+      headers = { nonce: pop_nonce, url: env.url.to_s }
+      headers[:kid] = client.kid if @mode == :kid
+      headers
+    end
+
+    def raise_on_not_found!
+      raise Acme::Client::Error::NotFound, env.url.to_s if env.status == 404
+    end
+
+    def raise_on_error!
+      raise error_class, error_message
+    end
+
+    def error_message
+      if env.body.is_a? Hash
+        env.body['detail']
+      else
+        "Error message: #{env.body}"
+      end
+    end
+
+    def error_class
+      Acme::Client::Error::ACME_ERRORS.fetch(error_name, Acme::Client::Error)
+    end
+
+    def error_name
+      return unless env.body.is_a?(Hash)
+      return unless env.body.key?('type')
+      env.body['type']
+    end
+
+    def decode_body
+      content_type = env.response_headers['Content-Type'].to_s
+
+      if content_type.start_with?('application/json', 'application/problem+json')
+        JSON.load(env.body)
+      else
+        env.body
+      end
+    end
+
+    def decode_link_headers
+      return unless env.response_headers.key?('Link')
+      link_header = env.response_headers['Link']
+      Acme::Client::Util.decode_link_headers(link_header)
+    end
+
+    def store_nonce
+      nonce = env.response_headers['replay-nonce']
+      nonces << nonce if nonce
+    end
+
+    def pop_nonce
+      if nonces.empty?
+        get_nonce
+      end
+
+      nonces.pop
+    end
+
+    def get_nonce
+      client.get_nonce
+    end
+
+    def nonces
+      client.nonces
+    end
+  end
+end

data/lib/acme/client/resources/directory.rb

@@ -68,13 +68,8 @@ class Acme::Client::Resources::Directory
   end
 
   def fetch_directory
-    connection = Faraday.new(url: @directory, **@connection_options) do |configuration|
-      configuration.use Acme::Client::FaradayMiddleware, client: nil, mode: nil
-
-      configuration.adapter Faraday.default_adapter
-    end
-    connection.headers[:user_agent] = Acme::Client::USER_AGENT
-    response = connection.get(@url)
+    http_client = Acme::Client::HTTPClient.new_acme_connection(url: @directory, options: @connection_options, client: nil, mode: nil)
+    response = http_client.get(@url)
     response.body
   end
 end

data/lib/acme/client/util.rb

@@ -1,4 +1,6 @@
 module Acme::Client::Util
+  extend self
+
   def urlsafe_base64(data)
     Base64.urlsafe_encode64(data).sub(/[\s=]*\z/, '')
   end
@@ -30,6 +32,4 @@ module Acme::Client::Util
       raise ArgumentError, 'priv must be EC or RSA'
     end
   end
-
-  extend self
 end

data/lib/acme/client/version.rb

@@ -2,6 +2,6 @@
 
 module Acme
   class Client
-    VERSION = '2.0.13'.freeze
+    VERSION = '2.0.14'.freeze
   end
 end

data/lib/acme/client.rb

@@ -14,10 +14,10 @@ module Acme; end
 class Acme::Client; end
 
 require 'acme/client/version'
+require 'acme/client/http_client'
 require 'acme/client/certificate_request'
 require 'acme/client/self_sign_certificate'
 require 'acme/client/resources'
-require 'acme/client/faraday_middleware'
 require 'acme/client/jwk'
 require 'acme/client/error'
 require 'acme/client/util'
@@ -223,8 +223,8 @@ class Acme::Client
   end
 
   def get_nonce
-    connection = new_connection(endpoint: endpoint_for(:new_nonce))
-    response = connection.head(nil, nil, 'User-Agent' => USER_AGENT)
+    http_client = Acme::Client::HTTPClient.new_connection(url: endpoint_for(:new_nonce))
+    response = http_client.head(nil, nil)
     nonces << response.headers['replay-nonce']
     true
   end
@@ -332,28 +332,12 @@ class Acme::Client
   def connection_for(url:, mode:)
     uri = URI(url)
     endpoint = "#{uri.scheme}://#{uri.hostname}:#{uri.port}"
+
     @connections ||= {}
     @connections[mode] ||= {}
-    @connections[mode][endpoint] ||= new_acme_connection(endpoint: endpoint, mode: mode)
-  end
-
-  def new_acme_connection(endpoint:, mode:)
-    new_connection(endpoint: endpoint) do |configuration|
-      configuration.use Acme::Client::FaradayMiddleware, client: self, mode: mode
-    end
-  end
-
-  def new_connection(endpoint:)
-    Faraday.new(endpoint, **@connection_options) do |configuration|
-      if @bad_nonce_retry > 0
-        configuration.request(:retry,
-          max: @bad_nonce_retry,
-          methods: Faraday::Connection::METHODS,
-          exceptions: [Acme::Client::Error::BadNonce])
-      end
-      yield(configuration) if block_given?
-      configuration.adapter Faraday.default_adapter
-    end
+    @connections[mode][endpoint] ||= Acme::Client::HTTPClient.new_acme_connection(
+      url: URI(endpoint), mode: mode, client: self, options: @connection_options, bad_nonce_retry: @bad_nonce_retry
+    )
   end
 
   def fetch_chain(response, limit = 10)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: acme-client
 version: !ruby/object:Gem::Version
-  version: 2.0.13
+  version: 2.0.14
 platform: ruby
 authors:
 - Charles Barbier
-autorequire:
+autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-02-01 00:00:00.000000000 Z
+date: 2023-06-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -134,7 +134,7 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: 3.0.0
-description:
+description: 
 email:
 - unixcharles@gmail.com
 executables: []
@@ -161,7 +161,7 @@ files:
 - lib/acme/client/certificate_request/ec_key_patch.rb
 - lib/acme/client/chain_identifier.rb
 - lib/acme/client/error.rb
-- lib/acme/client/faraday_middleware.rb
+- lib/acme/client/http_client.rb
 - lib/acme/client/jwk.rb
 - lib/acme/client/jwk/base.rb
 - lib/acme/client/jwk/ecdsa.rb
@@ -184,7 +184,7 @@ homepage: http://github.com/unixcharles/acme-client
 licenses:
 - MIT
 metadata: {}
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -199,8 +199,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.1
-signing_key:
+rubygems_version: 3.0.3.1
+signing_key: 
 specification_version: 4
 summary: Client for the ACME protocol.
 test_files: []

data/lib/acme/client/faraday_middleware.rb

@@ -1,111 +0,0 @@
-# frozen_string_literal: true
-
-class Acme::Client::FaradayMiddleware < Faraday::Middleware
-  attr_reader :env, :response, :client
-
-  CONTENT_TYPE = 'application/jose+json'
-
-  def initialize(app, options)
-    super(app)
-    @client = options.fetch(:client)
-    @mode = options.fetch(:mode)
-  end
-
-  def call(env)
-    @env = env
-    @env[:request_headers]['User-Agent'] = Acme::Client::USER_AGENT
-    @env[:request_headers]['Content-Type'] = CONTENT_TYPE
-
-    if @env.method != :get
-      @env.body = client.jwk.jws(header: jws_header, payload: env.body)
-    end
-
-    @app.call(env).on_complete { |response_env| on_complete(response_env) }
-  rescue Faraday::TimeoutError, Faraday::ConnectionFailed
-    raise Acme::Client::Error::Timeout
-  end
-
-  def on_complete(env)
-    @env = env
-
-    raise_on_not_found!
-    store_nonce
-    env.body = decode_body
-    env.response_headers['Link'] = decode_link_headers
-
-    return if env.success?
-
-    raise_on_error!
-  end
-
-  private
-
-  def jws_header
-    headers = { nonce: pop_nonce, url: env.url.to_s }
-    headers[:kid] = client.kid if @mode == :kid
-    headers
-  end
-
-  def raise_on_not_found!
-    raise Acme::Client::Error::NotFound, env.url.to_s if env.status == 404
-  end
-
-  def raise_on_error!
-    raise error_class, error_message
-  end
-
-  def error_message
-    if env.body.is_a? Hash
-      env.body['detail']
-    else
-      "Error message: #{env.body}"
-    end
-  end
-
-  def error_class
-    Acme::Client::Error::ACME_ERRORS.fetch(error_name, Acme::Client::Error)
-  end
-
-  def error_name
-    return unless env.body.is_a?(Hash)
-    return unless env.body.key?('type')
-    env.body['type']
-  end
-
-  def decode_body
-    content_type = env.response_headers['Content-Type'].to_s
-
-    if content_type.start_with?('application/json', 'application/problem+json')
-      JSON.load(env.body)
-    else
-      env.body
-    end
-  end
-
-  def decode_link_headers
-    return unless env.response_headers.key?('Link')
-    link_header = env.response_headers['Link']
-    Acme::Client::Util.decode_link_headers(link_header)
-  end
-
-  def store_nonce
-    nonce = env.response_headers['replay-nonce']
-    nonces << nonce if nonce
-  end
-
-  def pop_nonce
-    if nonces.empty?
-      get_nonce
-    end
-
-    nonces.pop
-  end
-
-  def get_nonce
-    client.get_nonce
-  end
-
-  def nonces
-    client.nonces
-  end
-end