acme-client 2.0.30 → 2.0.31

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b171e2e960f5e2b99d3718c5ee2b526809dfafa34ee44ec7e406f7280e53ac70
-  data.tar.gz: 9a14e407059ea9097db344dee1d5d415a91f3b04bd721ac09c11bb8e994f978b
+  metadata.gz: 55d60fbf24893ea26c59535b2ffe6041916e678d4bbea5982666c5f9eb0f2bae
+  data.tar.gz: b62818cd2dc3ca8b9676e7ec355dfcec40eaf90b3f9b7abc26b2dddea0cc4473
 SHA512:
-  metadata.gz: 1a27ca20db9535f84a5319e5a208079a59988c7144c27c1fc4bc91a338c180394dbc5182cee2a1488a741588616b15ceeccc71f611be02ded09ce96f6efdcff4
-  data.tar.gz: 56515299bd2f31ea6a1bb2e486137277ff14dc97fde3d29dfda850fadf10bfe7f01fe1cfcb8184b885409366ffbe772794353759c7386f4b3c3edefc4a41a14f
+  metadata.gz: b3311579f5f990f433e2ede868ce5baf6ce910eb38b19889107436a0dea91f7d96c36619e6039e0e4b4382402e8bc81dce939fee0f915c850b068b80ced67c1d
+  data.tar.gz: 45b7de2260bad0703cfa5f865a33e5367789cde176e0a906224fc7e7ad29ba5eeb9f756ce79b29719460c03264c26c5808702737be912d2f5df9cce38003b2f9

data/CHANGELOG.md

@@ -1,3 +1,10 @@
+## `2.0.31`
+
+* Expose Retry-After header on all
+* ARI improvement
+* Expose full error message on Error#acme_error_body
+* Expose error subproblems (RFC7807) on Error#subproblems
+
 ## `2.0.30`
 
 * Add a default message to RateLimited error

data/acme-client.gemspec

@@ -18,7 +18,8 @@ Gem::Specification.new do |spec|
 
   spec.add_development_dependency 'rake', '~> 13.0'
   spec.add_development_dependency 'rspec', '~> 3.9'
-  spec.add_development_dependency 'vcr', '~> 2.9'
+  spec.add_development_dependency 'vcr', '~> 6.0'
+  spec.add_development_dependency 'bigdecimal'
   spec.add_development_dependency 'webmock', '~> 3.8'
   spec.add_development_dependency 'webrick', '~> 1.7'
 

data/lib/acme/client/error/rate_limited.rb

@@ -1,10 +1,15 @@
 class Acme::Client::Error::RateLimited < Acme::Client::Error::ServerError
-  attr_reader :retry_after
-
   DEFAULT_MESSAGE = 'Error message: urn:ietf:params:acme:error:rateLimited'
+  DEFAULT_RETRY_SECONDS = 10
 
-  def initialize(message = DEFAULT_MESSAGE, retry_after = 10)
-    super(message)
-    @retry_after = retry_after.nil? ? 10 : retry_after.to_i
+  def initialize(message = DEFAULT_MESSAGE, retry_after = nil, acme_error_body: nil, subproblems: nil)
+    retry_after_time = case retry_after
+                       when Time then retry_after
+                       when nil then Time.now + DEFAULT_RETRY_SECONDS
+                       else Acme::Client::Util.parse_retry_after(retry_after) || Time.now + DEFAULT_RETRY_SECONDS
+                       end
+    int_retry_after = retry_after.nil? ? DEFAULT_RETRY_SECONDS : [(retry_after_time - Time.now).ceil, 0].max
+    super(message, retry_after: int_retry_after, acme_error_body: acme_error_body, subproblems: subproblems)
+    @retry_after_time = retry_after_time
   end
 end

data/lib/acme/client/error.rb

@@ -1,4 +1,36 @@
 class Acme::Client::Error < StandardError
+  attr_reader :retry_after, :retry_after_time, :subproblems, :acme_error_body
+
+  Subproblem = Struct.new(:type, :detail, :identifier, keyword_init: true) do
+    def to_h
+      { type: type, detail: detail, identifier: identifier }
+    end
+  end
+
+  def initialize(message = nil, retry_after: nil, acme_error_body: nil, subproblems: nil)
+    super(message)
+    @retry_after_time = Acme::Client::Util.parse_retry_after(retry_after)
+    @retry_after = @retry_after_time ? [(@retry_after_time - Time.now).ceil, 0].max : nil
+    @acme_error_body = acme_error_body
+    @subproblems = parse_subproblems(subproblems)
+  end
+
+  private
+
+  def parse_subproblems(raw)
+    return [] if raw.nil? || !raw.is_a?(Array)
+
+    raw.map do |sp|
+      Subproblem.new(
+        type: sp['type'],
+        detail: sp['detail'],
+        identifier: sp['identifier']
+      )
+    end
+  end
+
+  public
+
   class Timeout < Acme::Client::Error; end
 
   class ClientError < Acme::Client::Error; end
@@ -9,7 +41,7 @@ class Acme::Client::Error < StandardError
   class CertificateNotReady < ClientError; end
   class ForcedChainNotFound < ClientError; end
   class OrderNotReady < ClientError; end
-  class OrderNotReloadable < ClientError; end
+  class OrderUrlNil < ClientError; end
 
   class ServerError < Acme::Client::Error; end
   class AlreadyReplaced < ServerError; end

data/lib/acme/client/http_client.rb

@@ -101,10 +101,13 @@ module Acme::Client::HTTPClient
     end
 
     def raise_on_error!
+      retry_after = env.response_headers['retry-after']
+      body = env.body.is_a?(Hash) ? env.body : nil
+      subproblems = error_subproblems
       if error_class == Acme::Client::Error::RateLimited
-        raise error_class.new(error_message, env.response_headers['Retry-After'])
+        raise error_class.new(error_message, retry_after, acme_error_body: body, subproblems: subproblems)
       end
-      raise error_class, error_message
+      raise error_class.new(error_message, retry_after: retry_after, acme_error_body: body, subproblems: subproblems)
     end
 
     def error_message
@@ -125,6 +128,11 @@ module Acme::Client::HTTPClient
       env.body['type']
     end
 
+    def error_subproblems
+      return unless env.body.is_a?(Hash)
+      env.body['subproblems']
+    end
+
     def decode_body
       content_type = env.response_headers['Content-Type'].to_s
 

data/lib/acme/client/resources/authorization.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 class Acme::Client::Resources::Authorization
-  attr_reader :url, :identifier, :domain, :expires, :status, :wildcard
+  attr_reader :url, :identifier, :domain, :expires, :status, :wildcard, :retry_after, :retry_after_time
 
   def initialize(client, **arguments)
     @client = client
@@ -52,7 +52,8 @@ class Acme::Client::Resources::Authorization
       status: status,
       expires: expires,
       challenges: @challenges,
-      wildcard: wildcard
+      wildcard: wildcard,
+      retry_after: retry_after
     }
   end
 
@@ -69,7 +70,7 @@ class Acme::Client::Resources::Authorization
     Acme::Client::Resources::Challenges.new(@client, **arguments)
   end
 
-  def assign_attributes(url:, status:, expires:, challenges:, identifier:, wildcard: false)
+  def assign_attributes(url:, status:, expires:, challenges:, identifier:, wildcard: false, retry_after: nil)
     @url = url
     @identifier = identifier
     @domain = identifier.fetch('value')
@@ -77,5 +78,7 @@ class Acme::Client::Resources::Authorization
     @expires = expires
     @challenges = challenges
     @wildcard = wildcard
+    @retry_after = retry_after
+    @retry_after_time = Acme::Client::Util.parse_retry_after(retry_after)
   end
 end

data/lib/acme/client/resources/challenges/base.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 class Acme::Client::Resources::Challenges::Base
-  attr_reader :status, :url, :token, :error, :validated
+  attr_reader :status, :url, :token, :error, :validated, :retry_after, :retry_after_time
 
   def initialize(client, **arguments)
     @client = client
@@ -28,8 +28,17 @@ class Acme::Client::Resources::Challenges::Base
     true
   end
 
+  def typed_error
+    return nil unless error
+
+    error_type = error['type']
+    error_detail = error['detail'] || 'Unknown error'
+    error_class = Acme::Client::Error::ACME_ERRORS.fetch(error_type, Acme::Client::Error)
+    error_class.new(error_detail)
+  end
+
   def to_h
-    { status: status, url: url, token: token, error: error, validated: validated }
+    { status: status, url: url, token: token, error: error, validated: validated, retry_after: retry_after }
   end
 
   private
@@ -40,11 +49,13 @@ class Acme::Client::Resources::Challenges::Base
     ).to_h
   end
 
-  def assign_attributes(status:, url:, token:, error: nil, validated: nil)
+  def assign_attributes(status:, url:, token:, error: nil, validated: nil, retry_after: nil)
     @status = status
     @url = url
     @token = token
     @error = error
     @validated = validated
+    @retry_after = retry_after
+    @retry_after_time = Acme::Client::Util.parse_retry_after(retry_after)
   end
 end

data/lib/acme/client/resources/order.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 class Acme::Client::Resources::Order
-  attr_reader :url, :status, :contact, :finalize_url, :identifiers, :authorization_urls, :expires, :certificate_url, :profile
+  attr_reader :url, :status, :contact, :finalize_url, :identifiers, :authorization_urls, :expires, :certificate_url, :profile, :replaces, :retry_after, :retry_after_time
 
   def initialize(client, **arguments)
     @client = client
@@ -9,9 +9,7 @@ class Acme::Client::Resources::Order
   end
 
   def reload
-    if url.nil?
-      raise Acme::Client::Error::OrderNotReloadable, 'Finalized orders are not reloadable for this CA'
-    end
+    raise Acme::Client::Error::OrderUrlNil, 'Cannot reload order with nil url.' if url.nil?
 
     assign_attributes(**@client.order(url: url).to_h)
     true
@@ -36,6 +34,18 @@ class Acme::Client::Resources::Order
     end
   end
 
+  def renew(replaces: nil, **arguments)
+    replaces ||= renewal_info.ari_id
+
+    @client.new_order(replaces: replaces, **to_h.slice(:identifiers, :profile).merge(arguments))
+  end
+
+  def renewal_info(certificate: nil, ari_id: nil)
+    certificate ||= self.certificate if ari_id.nil?
+
+    @client.renewal_info(certificate:, ari_id:)
+  end
+
   def to_h
     {
       url: url,
@@ -45,14 +55,16 @@ class Acme::Client::Resources::Order
       authorization_urls: authorization_urls,
       identifiers: identifiers,
       certificate_url: certificate_url,
-      profile: profile
+      profile: profile,
+      replaces: replaces,
+      retry_after: retry_after
     }
   end
 
   private
 
-  def assign_attributes(url: nil, status:, expires:, finalize_url:, authorization_urls:, identifiers:, certificate_url: nil, profile: nil) # rubocop:disable Layout/LineLength,Metrics/ParameterLists
-    @url = url
+  def assign_attributes(url: nil, status:, expires:, finalize_url:, authorization_urls:, identifiers:, certificate_url: nil, profile: nil, replaces: nil, retry_after: nil) # rubocop:disable Layout/LineLength,Metrics/ParameterLists
+    @url = url unless url.nil?
     @status = status
     @expires = expires
     @finalize_url = finalize_url
@@ -60,5 +72,8 @@ class Acme::Client::Resources::Order
     @identifiers = identifiers
     @certificate_url = certificate_url
     @profile = profile
+    @replaces = replaces
+    @retry_after = retry_after
+    @retry_after_time = Acme::Client::Util.parse_retry_after(retry_after)
   end
 end

data/lib/acme/client/resources/renewal_info.rb

@@ -1,13 +1,17 @@
 # frozen_string_literal: true
 
 class Acme::Client::Resources::RenewalInfo
-  attr_reader :suggested_window, :explanation_url, :retry_after
+  attr_reader :ari_id, :suggested_window, :explanation_url, :retry_after, :retry_after_time
 
   def initialize(client, **arguments)
     @client = client
     assign_attributes(**arguments)
   end
 
+  def reload
+    assign_attributes(**@client.renewal_info(ari_id: ari_id).to_h)
+  end
+
   def suggested_window_start
     suggested_window&.fetch('start', nil)
   end
@@ -31,6 +35,7 @@ class Acme::Client::Resources::RenewalInfo
 
   def to_h
     {
+      ari_id: ari_id,
       suggested_window: suggested_window,
       explanation_url: explanation_url,
       retry_after: retry_after
@@ -39,9 +44,11 @@ class Acme::Client::Resources::RenewalInfo
 
   private
 
-  def assign_attributes(suggested_window:, explanation_url: nil, retry_after: nil)
+  def assign_attributes(ari_id:, suggested_window:, explanation_url: nil, retry_after: nil)
+    @ari_id = ari_id
     @suggested_window = suggested_window
     @explanation_url = explanation_url
     @retry_after = retry_after
+    @retry_after_time = Acme::Client::Util.parse_retry_after(retry_after)
   end
 end

data/lib/acme/client/util.rb

@@ -1,6 +1,24 @@
+require 'time'
+
 module Acme::Client::Util
   extend self
 
+  # Parses a Retry-After header value into a Time.
+  # RFC 7231 §7.1.3: the value is either delay-seconds or an HTTP-date.
+  # Returns a Time, or nil if the value is nil or unparseable.
+  def parse_retry_after(value)
+    return nil if value.nil?
+
+    value = value.to_s
+    Integer(value, 10).then { |seconds| Time.now + seconds }
+  rescue ArgumentError, RangeError
+    begin
+      Time.httpdate(value)
+    rescue ArgumentError
+      nil
+    end
+  end
+
   def urlsafe_base64(data)
     Base64.urlsafe_encode64(data).sub(/[\s=]*\z/, '')
   end

data/lib/acme/client/version.rb

@@ -2,6 +2,6 @@
 
 module Acme
   class Client
-    VERSION = '2.0.30'.freeze
+    VERSION = '2.0.31'.freeze
   end
 end

data/lib/acme/client.rb

@@ -225,13 +225,18 @@ class Acme::Client
     response.success?
   end
 
-  def renewal_info(certificate:)
-    cert_id = Acme::Client::Util.ari_certificate_identifier(certificate)
-    renewal_info_url = URI.join(endpoint_for(:renewal_info).to_s + '/', cert_id).to_s
+  def renewal_info(certificate: nil, ari_id: nil)
+    if certificate.nil? && ari_id.nil?
+      raise ArgumentError, 'must specify certificate or ari_id'
+    end
+
+    ari_id ||= Acme::Client::Util.ari_certificate_identifier(certificate)
+
+    renewal_info_url = URI.join(endpoint_for(:renewal_info).to_s + '/', ari_id).to_s
 
     response = get(renewal_info_url)
     attributes = attributes_from_renewal_info_response(response)
-    Acme::Client::Resources::RenewalInfo.new(self, **attributes)
+    Acme::Client::Resources::RenewalInfo.new(self, ari_id: ari_id, **attributes)
   end
 
   def get_nonce
@@ -316,19 +321,25 @@ class Acme::Client
       [:authorization_urls, 'authorizations'],
       [:certificate_url, 'certificate'],
       :identifiers,
-      :profile
+      :profile,
+      :replaces
     )
 
     attributes[:url] = response.headers[:location] if response.headers[:location]
+    attributes[:retry_after] = response.headers['retry-after'] if response.headers['retry-after']
     attributes
   end
 
   def attributes_from_authorization_response(response)
-    extract_attributes(response.body, :identifier, :status, :expires, :challenges, :wildcard)
+    attributes = extract_attributes(response.body, :identifier, :status, :expires, :challenges, :wildcard)
+    attributes[:retry_after] = response.headers['retry-after'] if response.headers['retry-after']
+    attributes
   end
 
   def attributes_from_challenge_response(response)
-    extract_attributes(response.body, :status, :url, :token, :type, :error, :validated)
+    attributes = extract_attributes(response.body, :status, :url, :token, :type, :error, :validated)
+    attributes[:retry_after] = response.headers['retry-after'] if response.headers['retry-after']
+    attributes
   end
 
   def attributes_from_renewal_info_response(response)

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: acme-client
 version: !ruby/object:Gem::Version
-  version: 2.0.30
+  version: 2.0.31
 platform: ruby
 authors:
 - Charles Barbier
 bindir: bin
 cert_chain: []
-date: 2025-12-16 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -43,14 +43,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.9'
+        version: '6.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.9'
+        version: '6.0'
+- !ruby/object:Gem::Dependency
+  name: bigdecimal
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement
@@ -195,7 +209,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.6
+rubygems_version: 3.6.9
 specification_version: 4
 summary: Client for the ACME protocol.
 test_files: []