Class: Acme::Client
- Inherits:
-
Object
show all
- Defined in:
- lib/acme/client.rb,
lib/acme/client.rb,
lib/acme/client/version.rb
Defined Under Namespace
Modules: JWK, Resources, Util
Classes: CertificateRequest, Error, FaradayMiddleware, SelfSignCertificate
Constant Summary
collapse
- DEFAULT_DIRECTORY =
'http://127.0.0.1:4000/directory'.freeze
- USER_AGENT =
"Acme::Client v#{Acme::Client::VERSION} (#{repo_url})".freeze
- CONTENT_TYPES =
{
pem: 'application/pem-certificate-chain'
}
- VERSION =
'2.0.1'.freeze
Instance Attribute Summary collapse
Instance Method Summary
collapse
-
#account ⇒ Object
-
#account_deactivate ⇒ Object
-
#account_update(contact: nil, terms_of_service_agreed: nil) ⇒ Object
-
#authorization(url:) ⇒ Object
-
#caa_identities ⇒ Object
-
#certificate(url:) ⇒ Object
-
#challenge(url:) ⇒ Object
-
#deactivate_authorization(url:) ⇒ Object
-
#external_account_required ⇒ Object
-
#finalize(url:, csr:) ⇒ Object
-
#get_nonce ⇒ Object
-
#initialize(jwk: nil, kid: nil, private_key: nil, directory: DEFAULT_DIRECTORY, connection_options: {}) ⇒ Client
constructor
A new instance of Client.
-
#kid ⇒ Object
-
#meta ⇒ Object
-
#new_account(contact:, terms_of_service_agreed: nil) ⇒ Object
-
#new_order(identifiers:, not_before: nil, not_after: nil) ⇒ Object
-
#order(url:) ⇒ Object
-
#request_challenge_validation(url:, key_authorization:) ⇒ Object
-
#revoke(certificate:, reason: nil) ⇒ Object
-
#terms_of_service ⇒ Object
-
#website ⇒ Object
Constructor Details
#initialize(jwk: nil, kid: nil, private_key: nil, directory: DEFAULT_DIRECTORY, connection_options: {}) ⇒ Client
Returns a new instance of Client.
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
# File 'lib/acme/client.rb', line 32
def initialize(jwk: nil, kid: nil, private_key: nil, directory: DEFAULT_DIRECTORY, connection_options: {})
if jwk.nil? && private_key.nil?
raise ArgumentError, 'must specify jwk or private_key'
end
@jwk = if jwk
jwk
else
Acme::Client::JWK.from_private_key(private_key)
end
@kid, @connection_options = kid, connection_options
@directory = Acme::Client::Resources::Directory.new(URI(directory), @connection_options)
@nonces ||= []
end
|
Instance Attribute Details
#jwk ⇒ Object
Returns the value of attribute jwk.
48
49
50
|
# File 'lib/acme/client.rb', line 48
def jwk
@jwk
end
|
#nonces ⇒ Object
Returns the value of attribute nonces.
48
49
50
|
# File 'lib/acme/client.rb', line 48
def nonces
@nonces
end
|
Instance Method Details
#account ⇒ Object
86
87
88
89
90
91
92
93
94
95
|
# File 'lib/acme/client.rb', line 86
def account
@kid ||= begin
response = post(endpoint_for(:new_account), payload: { onlyReturnExisting: true }, mode: :jwk)
response..fetch(:location)
end
response = post(@kid)
arguments = attributes_from_account_response(response)
Acme::Client::Resources::Account.new(self, url: @kid, **arguments)
end
|
#account_deactivate ⇒ Object
80
81
82
83
84
|
# File 'lib/acme/client.rb', line 80
def account_deactivate
response = post(kid, payload: { status: 'deactivated' })
arguments = attributes_from_account_response(response)
Acme::Client::Resources::Account.new(self, url: kid, **arguments)
end
|
#account_update(contact: nil, terms_of_service_agreed: nil) ⇒ Object
70
71
72
73
74
75
76
77
78
|
# File 'lib/acme/client.rb', line 70
def account_update(contact: nil, terms_of_service_agreed: nil)
payload = {}
payload[:contact] = Array(contact) if contact
payload[:termsOfServiceAgreed] = terms_of_service_agreed if terms_of_service_agreed
response = post(kid, payload: payload)
arguments = attributes_from_account_response(response)
Acme::Client::Resources::Account.new(self, url: kid, **arguments)
end
|
#authorization(url:) ⇒ Object
140
141
142
143
144
|
# File 'lib/acme/client.rb', line 140
def authorization(url:)
response = get(url)
arguments = attributes_from_authorization_response(response)
Acme::Client::Resources::Authorization.new(self, url: url, **arguments)
end
|
#caa_identities ⇒ Object
197
198
199
|
# File 'lib/acme/client.rb', line 197
def caa_identities
@directory.caa_identities
end
|
#certificate(url:) ⇒ Object
135
136
137
138
|
# File 'lib/acme/client.rb', line 135
def certificate(url:)
response = download(url, format: :pem)
response.body
end
|
#challenge(url:) ⇒ Object
152
153
154
155
156
|
# File 'lib/acme/client.rb', line 152
def challenge(url:)
response = get(url)
arguments = attributes_from_challenge_response(response)
Acme::Client::Resources::Challenges.new(self, **arguments)
end
|
#deactivate_authorization(url:) ⇒ Object
146
147
148
149
150
|
# File 'lib/acme/client.rb', line 146
def deactivate_authorization(url:)
response = post(url, payload: { status: 'deactivated' })
arguments = attributes_from_authorization_response(response)
Acme::Client::Resources::Authorization.new(self, url: url, **arguments)
end
|
#external_account_required ⇒ Object
201
202
203
|
# File 'lib/acme/client.rb', line 201
def external_account_required
@directory.external_account_required
end
|
#finalize(url:, csr:) ⇒ Object
124
125
126
127
128
129
130
131
132
133
|
# File 'lib/acme/client.rb', line 124
def finalize(url:, csr:)
unless csr.respond_to?(:to_der)
raise ArgumentError, 'csr must respond to `#to_der`'
end
base64_der_csr = Acme::Client::Util.urlsafe_base64(csr.to_der)
response = post(url, payload: { csr: base64_der_csr })
arguments = attributes_from_order_response(response)
Acme::Client::Resources::Order.new(self, **arguments)
end
|
#get_nonce ⇒ Object
179
180
181
182
183
|
# File 'lib/acme/client.rb', line 179
def get_nonce
response = Faraday.head(endpoint_for(:new_nonce), nil, 'User-Agent' => USER_AGENT)
nonces << response.['replay-nonce']
true
end
|
#kid ⇒ Object
97
98
99
|
# File 'lib/acme/client.rb', line 97
def kid
@kid ||= account.kid
end
|
185
186
187
|
# File 'lib/acme/client.rb', line 185
def meta
@directory.meta
end
|
#new_account(contact:, terms_of_service_agreed: nil) ⇒ Object
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
# File 'lib/acme/client.rb', line 50
def new_account(contact:, terms_of_service_agreed: nil)
payload = {
contact: Array(contact)
}
if terms_of_service_agreed
payload[:termsOfServiceAgreed] = terms_of_service_agreed
end
response = post(endpoint_for(:new_account), payload: payload, mode: :jws)
@kid = response..fetch(:location)
if response.body.nil? || response.body.empty?
account
else
arguments = attributes_from_account_response(response)
Acme::Client::Resources::Account.new(self, url: @kid, **arguments)
end
end
|
#new_order(identifiers:, not_before: nil, not_after: nil) ⇒ Object
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
|
# File 'lib/acme/client.rb', line 101
def new_order(identifiers:, not_before: nil, not_after: nil)
payload = {}
payload['identifiers'] = if identifiers.is_a?(Hash)
identifiers
else
Array(identifiers).map do |identifier|
{ type: 'dns', value: identifier }
end
end
payload['notBefore'] = not_before if not_before
payload['notAfter'] = not_after if not_after
response = post(endpoint_for(:new_order), payload: payload)
arguments = attributes_from_order_response(response)
Acme::Client::Resources::Order.new(self, **arguments)
end
|
#order(url:) ⇒ Object
118
119
120
121
122
|
# File 'lib/acme/client.rb', line 118
def order(url:)
response = get(url)
arguments = attributes_from_order_response(response)
Acme::Client::Resources::Order.new(self, **arguments.merge(url: url))
end
|
#request_challenge_validation(url:, key_authorization:) ⇒ Object
158
159
160
161
162
|
# File 'lib/acme/client.rb', line 158
def request_challenge_validation(url:, key_authorization:)
response = post(url, payload: { keyAuthorization: key_authorization })
arguments = attributes_from_challenge_response(response)
Acme::Client::Resources::Challenges.new(self, **arguments)
end
|
#revoke(certificate:, reason: nil) ⇒ Object
164
165
166
167
168
169
170
171
172
173
174
175
176
177
|
# File 'lib/acme/client.rb', line 164
def revoke(certificate:, reason: nil)
der_certificate = if certificate.respond_to?(:to_der)
certificate.to_der
else
OpenSSL::X509::Certificate.new(certificate).to_der
end
base64_der_certificate = Acme::Client::Util.urlsafe_base64(der_certificate)
payload = { certificate: base64_der_certificate }
payload[:reason] = reason unless reason.nil?
response = post(endpoint_for(:revoke_certificate), payload: payload)
response.success?
end
|
#terms_of_service ⇒ Object
189
190
191
|
# File 'lib/acme/client.rb', line 189
def terms_of_service
@directory.terms_of_service
end
|
#website ⇒ Object
193
194
195
|
# File 'lib/acme/client.rb', line 193
def website
@directory.website
end
|