bullion 0.6.1 → 0.7.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +46 -43
- data/lib/bullion/challenge_client.rb +4 -0
- data/lib/bullion/models/challenge.rb +8 -1
- data/lib/bullion/services/ca.rb +2 -0
- data/lib/bullion/version.rb +2 -2
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 36ed2c3c1d482d903b483d03c4295a9ad784763f34becf488e55775b2d248594
|
|
4
|
+
data.tar.gz: dea3a389dd9aa344d8f2e570af7913e00be67d5ec47bc5e6eb6f31f5dce4e356
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ced33b6e567f3e9fd3529e08172b7f7e40a64042868f75589cbeda8db5a20067ff8e7851be257e2d1b9c8ae9ffd6c017a4e275671a8b50fc52732e5c0e1493d9
|
|
7
|
+
data.tar.gz: e6c3371fbb984eccb6e32ccc5d719372f3faf313ac0ed3f938eb7d6f339b2a88d8fa2a4be8231a820f24c61dcfb4ef3dcf3c877c53805e29ace1fa69b30d766f
|
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
bullion (0.
|
|
4
|
+
bullion (0.7.0)
|
|
5
5
|
dry-configurable (~> 1.1)
|
|
6
6
|
httparty (~> 0.21)
|
|
7
7
|
json (~> 2.6)
|
|
@@ -18,16 +18,16 @@ PATH
|
|
|
18
18
|
GEM
|
|
19
19
|
remote: https://rubygems.org/
|
|
20
20
|
specs:
|
|
21
|
-
acme-client (2.0.
|
|
21
|
+
acme-client (2.0.16)
|
|
22
22
|
faraday (>= 1.0, < 3.0.0)
|
|
23
23
|
faraday-retry (>= 1.0, < 3.0.0)
|
|
24
|
-
activemodel (7.1.
|
|
25
|
-
activesupport (= 7.1.
|
|
26
|
-
activerecord (7.1.
|
|
27
|
-
activemodel (= 7.1.
|
|
28
|
-
activesupport (= 7.1.
|
|
24
|
+
activemodel (7.1.3)
|
|
25
|
+
activesupport (= 7.1.3)
|
|
26
|
+
activerecord (7.1.3)
|
|
27
|
+
activemodel (= 7.1.3)
|
|
28
|
+
activesupport (= 7.1.3)
|
|
29
29
|
timeout (>= 0.4.0)
|
|
30
|
-
activesupport (7.1.
|
|
30
|
+
activesupport (7.1.3)
|
|
31
31
|
base64
|
|
32
32
|
bigdecimal
|
|
33
33
|
concurrent-ruby (~> 1.0, >= 1.0.2)
|
|
@@ -41,9 +41,9 @@ GEM
|
|
|
41
41
|
backport (1.2.0)
|
|
42
42
|
base64 (0.2.0)
|
|
43
43
|
benchmark (0.3.0)
|
|
44
|
-
bigdecimal (3.1.
|
|
44
|
+
bigdecimal (3.1.6)
|
|
45
45
|
byebug (11.1.3)
|
|
46
|
-
concurrent-ruby (1.2.
|
|
46
|
+
concurrent-ruby (1.2.3)
|
|
47
47
|
connection_pool (2.4.1)
|
|
48
48
|
diff-lcs (1.5.0)
|
|
49
49
|
docile (1.4.0)
|
|
@@ -56,11 +56,10 @@ GEM
|
|
|
56
56
|
concurrent-ruby (~> 1.0)
|
|
57
57
|
zeitwerk (~> 2.6)
|
|
58
58
|
e2mmap (0.1.0)
|
|
59
|
-
faraday (2.
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
faraday-net_http (3.0.2)
|
|
59
|
+
faraday (2.9.0)
|
|
60
|
+
faraday-net_http (>= 2.0, < 3.2)
|
|
61
|
+
faraday-net_http (3.1.0)
|
|
62
|
+
net-http
|
|
64
63
|
faraday-retry (2.2.0)
|
|
65
64
|
faraday (~> 2.0)
|
|
66
65
|
httparty (0.21.0)
|
|
@@ -69,7 +68,7 @@ GEM
|
|
|
69
68
|
i18n (1.14.1)
|
|
70
69
|
concurrent-ruby (~> 1.0)
|
|
71
70
|
jaro_winkler (1.5.6)
|
|
72
|
-
json (2.
|
|
71
|
+
json (2.7.1)
|
|
73
72
|
jwt (2.7.1)
|
|
74
73
|
kramdown (2.4.0)
|
|
75
74
|
rexml
|
|
@@ -78,39 +77,42 @@ GEM
|
|
|
78
77
|
language_server-protocol (3.17.0.3)
|
|
79
78
|
mini_mime (1.1.5)
|
|
80
79
|
mini_portile2 (2.8.5)
|
|
81
|
-
minitest (5.
|
|
80
|
+
minitest (5.21.2)
|
|
82
81
|
multi_json (1.15.0)
|
|
83
82
|
multi_xml (0.6.0)
|
|
84
83
|
mustermann (3.0.0)
|
|
85
84
|
ruby2_keywords (~> 0.0.1)
|
|
86
85
|
mutex_m (0.2.0)
|
|
87
86
|
mysql2 (0.5.5)
|
|
88
|
-
|
|
89
|
-
|
|
87
|
+
net-http (0.4.1)
|
|
88
|
+
uri
|
|
89
|
+
nio4r (2.7.0)
|
|
90
|
+
nokogiri (1.16.0)
|
|
90
91
|
mini_portile2 (~> 2.8.2)
|
|
91
92
|
racc (~> 1.4)
|
|
92
|
-
nokogiri (1.
|
|
93
|
+
nokogiri (1.16.0-arm64-darwin)
|
|
93
94
|
racc (~> 1.4)
|
|
94
|
-
nokogiri (1.
|
|
95
|
+
nokogiri (1.16.0-x86_64-linux)
|
|
95
96
|
racc (~> 1.4)
|
|
96
97
|
openssl (3.2.0)
|
|
97
|
-
parallel (1.
|
|
98
|
-
parser (3.
|
|
98
|
+
parallel (1.24.0)
|
|
99
|
+
parser (3.3.0.5)
|
|
99
100
|
ast (~> 2.4.1)
|
|
100
101
|
racc
|
|
101
102
|
prometheus-client (4.2.2)
|
|
102
|
-
puma (6.4.
|
|
103
|
+
puma (6.4.2)
|
|
103
104
|
nio4r (~> 2.0)
|
|
104
105
|
racc (1.7.3)
|
|
105
106
|
rack (2.2.8)
|
|
106
|
-
rack-protection (3.
|
|
107
|
+
rack-protection (3.2.0)
|
|
108
|
+
base64 (>= 0.1.0)
|
|
107
109
|
rack (~> 2.2, >= 2.2.4)
|
|
108
110
|
rack-test (2.1.0)
|
|
109
111
|
rack (>= 1.3)
|
|
110
112
|
rainbow (3.1.1)
|
|
111
113
|
rake (13.1.0)
|
|
112
114
|
rbs (2.8.4)
|
|
113
|
-
regexp_parser (2.
|
|
115
|
+
regexp_parser (2.9.0)
|
|
114
116
|
reverse_markdown (2.1.1)
|
|
115
117
|
nokogiri
|
|
116
118
|
rexml (3.2.6)
|
|
@@ -127,26 +129,26 @@ GEM
|
|
|
127
129
|
diff-lcs (>= 1.2.0, < 2.0)
|
|
128
130
|
rspec-support (~> 3.12.0)
|
|
129
131
|
rspec-support (3.12.1)
|
|
130
|
-
rubocop (1.
|
|
132
|
+
rubocop (1.60.2)
|
|
131
133
|
json (~> 2.3)
|
|
132
134
|
language_server-protocol (>= 3.17.0)
|
|
133
135
|
parallel (~> 1.10)
|
|
134
|
-
parser (>= 3.
|
|
136
|
+
parser (>= 3.3.0.2)
|
|
135
137
|
rainbow (>= 2.2.2, < 4.0)
|
|
136
138
|
regexp_parser (>= 1.8, < 3.0)
|
|
137
139
|
rexml (>= 3.2.5, < 4.0)
|
|
138
|
-
rubocop-ast (>= 1.
|
|
140
|
+
rubocop-ast (>= 1.30.0, < 2.0)
|
|
139
141
|
ruby-progressbar (~> 1.7)
|
|
140
142
|
unicode-display_width (>= 2.4.0, < 3.0)
|
|
141
143
|
rubocop-ast (1.30.0)
|
|
142
144
|
parser (>= 3.2.1.0)
|
|
143
|
-
rubocop-capybara (2.
|
|
145
|
+
rubocop-capybara (2.20.0)
|
|
146
|
+
rubocop (~> 1.41)
|
|
147
|
+
rubocop-factory_bot (2.25.1)
|
|
144
148
|
rubocop (~> 1.41)
|
|
145
|
-
rubocop-factory_bot (2.24.0)
|
|
146
|
-
rubocop (~> 1.33)
|
|
147
149
|
rubocop-rake (0.6.0)
|
|
148
150
|
rubocop (~> 1.0)
|
|
149
|
-
rubocop-rspec (2.
|
|
151
|
+
rubocop-rspec (2.26.1)
|
|
150
152
|
rubocop (~> 1.40)
|
|
151
153
|
rubocop-capybara (~> 2.17)
|
|
152
154
|
rubocop-factory_bot (~> 2.22)
|
|
@@ -161,21 +163,21 @@ GEM
|
|
|
161
163
|
simplecov (~> 0.19)
|
|
162
164
|
simplecov-html (0.12.3)
|
|
163
165
|
simplecov_json_formatter (0.1.4)
|
|
164
|
-
sinatra (3.
|
|
166
|
+
sinatra (3.2.0)
|
|
165
167
|
mustermann (~> 3.0)
|
|
166
168
|
rack (~> 2.2, >= 2.2.4)
|
|
167
|
-
rack-protection (= 3.
|
|
169
|
+
rack-protection (= 3.2.0)
|
|
168
170
|
tilt (~> 2.0)
|
|
169
171
|
sinatra-activerecord (2.0.27)
|
|
170
172
|
activerecord (>= 4.1)
|
|
171
173
|
sinatra (>= 1.0)
|
|
172
|
-
sinatra-contrib (3.
|
|
173
|
-
multi_json
|
|
174
|
+
sinatra-contrib (3.2.0)
|
|
175
|
+
multi_json (>= 0.0.2)
|
|
174
176
|
mustermann (~> 3.0)
|
|
175
|
-
rack-protection (= 3.
|
|
176
|
-
sinatra (= 3.
|
|
177
|
+
rack-protection (= 3.2.0)
|
|
178
|
+
sinatra (= 3.2.0)
|
|
177
179
|
tilt (~> 2.0)
|
|
178
|
-
solargraph (0.
|
|
180
|
+
solargraph (0.50.0)
|
|
179
181
|
backport (~> 1.2)
|
|
180
182
|
benchmark
|
|
181
183
|
bundler (~> 2.0)
|
|
@@ -191,16 +193,17 @@ GEM
|
|
|
191
193
|
thor (~> 1.0)
|
|
192
194
|
tilt (~> 2.0)
|
|
193
195
|
yard (~> 0.9, >= 0.9.24)
|
|
194
|
-
sqlite3 (1.
|
|
196
|
+
sqlite3 (1.7.1)
|
|
195
197
|
mini_portile2 (~> 2.8.0)
|
|
196
|
-
sqlite3 (1.
|
|
197
|
-
sqlite3 (1.
|
|
198
|
+
sqlite3 (1.7.1-arm64-darwin)
|
|
199
|
+
sqlite3 (1.7.1-x86_64-linux)
|
|
198
200
|
thor (1.3.0)
|
|
199
201
|
tilt (2.3.0)
|
|
200
202
|
timeout (0.4.1)
|
|
201
203
|
tzinfo (2.0.6)
|
|
202
204
|
concurrent-ruby (~> 1.0)
|
|
203
205
|
unicode-display_width (2.5.0)
|
|
206
|
+
uri (0.13.0)
|
|
204
207
|
yard (0.9.34)
|
|
205
208
|
zeitwerk (2.6.12)
|
|
206
209
|
|
|
@@ -22,6 +22,8 @@ module Bullion
|
|
|
22
22
|
tries = 0
|
|
23
23
|
success = false
|
|
24
24
|
|
|
25
|
+
challenge.update!(status: "processing")
|
|
26
|
+
|
|
25
27
|
benchtime = Benchmark.realtime do
|
|
26
28
|
until success || tries >= retries
|
|
27
29
|
tries += 1
|
|
@@ -39,6 +41,8 @@ module Bullion
|
|
|
39
41
|
unless success
|
|
40
42
|
LOGGER.info "Failed to validate #{type} #{identifier}"
|
|
41
43
|
challenge.status = "invalid"
|
|
44
|
+
challenge.authorization.update!(status: "invalid")
|
|
45
|
+
challenge.authorization.order.update!(status: "invalid")
|
|
42
46
|
end
|
|
43
47
|
|
|
44
48
|
challenge.save
|
|
@@ -24,7 +24,7 @@ module Bullion
|
|
|
24
24
|
|
|
25
25
|
def thumbprint
|
|
26
26
|
cipher = OpenSSL::Digest.new("SHA256")
|
|
27
|
-
digest = cipher.digest(
|
|
27
|
+
digest = cipher.digest(lexicographically_ordered_public_key.to_json)
|
|
28
28
|
Base64.urlsafe_encode64(digest).sub(/[\s=]*\z/, "")
|
|
29
29
|
end
|
|
30
30
|
|
|
@@ -38,6 +38,13 @@ module Bullion
|
|
|
38
38
|
|
|
39
39
|
challenge_class.new(self)
|
|
40
40
|
end
|
|
41
|
+
|
|
42
|
+
private
|
|
43
|
+
|
|
44
|
+
def lexicographically_ordered_public_key
|
|
45
|
+
jwk = authorization.order.account.public_key
|
|
46
|
+
[["e", jwk["e"]], ["kty", jwk["kty"]], ["n", jwk["n"]]].to_h
|
|
47
|
+
end
|
|
41
48
|
end
|
|
42
49
|
end
|
|
43
50
|
end
|
data/lib/bullion/services/ca.rb
CHANGED
|
@@ -345,6 +345,8 @@ module Bullion
|
|
|
345
345
|
# Oddly enough, cert-manager uses a GET request for retrieving Challenge info
|
|
346
346
|
challenge.client.attempt unless @json_body && @json_body[:payload] == ""
|
|
347
347
|
|
|
348
|
+
challenge.reload
|
|
349
|
+
|
|
348
350
|
data = {
|
|
349
351
|
type: challenge.acme_type,
|
|
350
352
|
status: challenge.status,
|
data/lib/bullion/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: bullion
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.7.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jonathan Gnagy
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-01-
|
|
11
|
+
date: 2024-01-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dry-configurable
|