Class: Acme::Client
- Inherits:
-
Object
show all
- Defined in:
- lib/acme/client.rb,
lib/acme/client.rb,
lib/acme/client/version.rb
Defined Under Namespace
Modules: JWK, Resources, Util
Classes: CertificateRequest, Error, FaradayMiddleware, SelfSignCertificate
Constant Summary
collapse
- DEFAULT_DIRECTORY =
'http://127.0.0.1:4000/directory'.freeze
- USER_AGENT =
"Acme::Client v#{Acme::Client::VERSION} (#{repo_url})".freeze
- CONTENT_TYPES =
{
pem: 'application/pem-certificate-chain'
}
- VERSION =
'2.0.5'.freeze
Instance Attribute Summary collapse
Instance Method Summary
collapse
-
#account ⇒ Object
-
#account_deactivate ⇒ Object
-
#account_update(contact: nil, terms_of_service_agreed: nil) ⇒ Object
-
#authorization(url:) ⇒ Object
-
#caa_identities ⇒ Object
-
#certificate(url:) ⇒ Object
-
#challenge(url:) ⇒ Object
-
#deactivate_authorization(url:) ⇒ Object
-
#external_account_required ⇒ Object
-
#finalize(url:, csr:) ⇒ Object
-
#get_nonce ⇒ Object
-
#initialize(jwk: nil, kid: nil, private_key: nil, directory: DEFAULT_DIRECTORY, connection_options: {}, bad_nonce_retry: 0) ⇒ Client
constructor
A new instance of Client.
-
#kid ⇒ Object
-
#meta ⇒ Object
-
#new_account(contact:, terms_of_service_agreed: nil) ⇒ Object
-
#new_order(identifiers:, not_before: nil, not_after: nil) ⇒ Object
-
#order(url:) ⇒ Object
-
#request_challenge_validation(url:, key_authorization: nil) ⇒ Object
-
#revoke(certificate:, reason: nil) ⇒ Object
-
#terms_of_service ⇒ Object
-
#website ⇒ Object
Constructor Details
#initialize(jwk: nil, kid: nil, private_key: nil, directory: DEFAULT_DIRECTORY, connection_options: {}, bad_nonce_retry: 0) ⇒ Client
Returns a new instance of Client.
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
# File 'lib/acme/client.rb', line 32
def initialize(jwk: nil, kid: nil, private_key: nil, directory: DEFAULT_DIRECTORY, connection_options: {}, bad_nonce_retry: 0)
if jwk.nil? && private_key.nil?
raise ArgumentError, 'must specify jwk or private_key'
end
@jwk = if jwk
jwk
else
Acme::Client::JWK.from_private_key(private_key)
end
@kid, @connection_options = kid, connection_options
@bad_nonce_retry = bad_nonce_retry
@directory = Acme::Client::Resources::Directory.new(URI(directory), @connection_options)
@nonces ||= []
end
|
Instance Attribute Details
#jwk ⇒ Object
Returns the value of attribute jwk.
49
50
51
|
# File 'lib/acme/client.rb', line 49
def jwk
@jwk
end
|
#nonces ⇒ Object
Returns the value of attribute nonces.
49
50
51
|
# File 'lib/acme/client.rb', line 49
def nonces
@nonces
end
|
Instance Method Details
#account ⇒ Object
87
88
89
90
91
92
93
94
95
96
|
# File 'lib/acme/client.rb', line 87
def account
@kid ||= begin
response = post(endpoint_for(:new_account), payload: { onlyReturnExisting: true }, mode: :jwk)
response..fetch(:location)
end
response = post_as_get(@kid)
arguments = attributes_from_account_response(response)
Acme::Client::Resources::Account.new(self, url: @kid, **arguments)
end
|
#account_deactivate ⇒ Object
81
82
83
84
85
|
# File 'lib/acme/client.rb', line 81
def account_deactivate
response = post(kid, payload: { status: 'deactivated' })
arguments = attributes_from_account_response(response)
Acme::Client::Resources::Account.new(self, url: kid, **arguments)
end
|
#account_update(contact: nil, terms_of_service_agreed: nil) ⇒ Object
71
72
73
74
75
76
77
78
79
|
# File 'lib/acme/client.rb', line 71
def account_update(contact: nil, terms_of_service_agreed: nil)
payload = {}
payload[:contact] = Array(contact) if contact
payload[:termsOfServiceAgreed] = terms_of_service_agreed if terms_of_service_agreed
response = post(kid, payload: payload)
arguments = attributes_from_account_response(response)
Acme::Client::Resources::Account.new(self, url: kid, **arguments)
end
|
#authorization(url:) ⇒ Object
135
136
137
138
139
|
# File 'lib/acme/client.rb', line 135
def authorization(url:)
response = post_as_get(url)
arguments = attributes_from_authorization_response(response)
Acme::Client::Resources::Authorization.new(self, url: url, **arguments)
end
|
#caa_identities ⇒ Object
193
194
195
|
# File 'lib/acme/client.rb', line 193
def caa_identities
@directory.caa_identities
end
|
#certificate(url:) ⇒ Object
130
131
132
133
|
# File 'lib/acme/client.rb', line 130
def certificate(url:)
response = download(url, format: :pem)
response.body
end
|
#challenge(url:) ⇒ Object
147
148
149
150
151
|
# File 'lib/acme/client.rb', line 147
def challenge(url:)
response = post_as_get(url)
arguments = attributes_from_challenge_response(response)
Acme::Client::Resources::Challenges.new(self, **arguments)
end
|
#deactivate_authorization(url:) ⇒ Object
141
142
143
144
145
|
# File 'lib/acme/client.rb', line 141
def deactivate_authorization(url:)
response = post(url, payload: { status: 'deactivated' })
arguments = attributes_from_authorization_response(response)
Acme::Client::Resources::Authorization.new(self, url: url, **arguments)
end
|
#external_account_required ⇒ Object
197
198
199
|
# File 'lib/acme/client.rb', line 197
def external_account_required
@directory.external_account_required
end
|
#finalize(url:, csr:) ⇒ Object
119
120
121
122
123
124
125
126
127
128
|
# File 'lib/acme/client.rb', line 119
def finalize(url:, csr:)
unless csr.respond_to?(:to_der)
raise ArgumentError, 'csr must respond to `#to_der`'
end
base64_der_csr = Acme::Client::Util.urlsafe_base64(csr.to_der)
response = post(url, payload: { csr: base64_der_csr })
arguments = attributes_from_order_response(response)
Acme::Client::Resources::Order.new(self, **arguments)
end
|
#get_nonce ⇒ Object
174
175
176
177
178
179
|
# File 'lib/acme/client.rb', line 174
def get_nonce
connection = new_connection(endpoint: endpoint_for(:new_nonce))
response = connection.head(nil, nil, 'User-Agent' => USER_AGENT)
nonces << response.['replay-nonce']
true
end
|
#kid ⇒ Object
98
99
100
|
# File 'lib/acme/client.rb', line 98
def kid
@kid ||= account.kid
end
|
181
182
183
|
# File 'lib/acme/client.rb', line 181
def meta
@directory.meta
end
|
#new_account(contact:, terms_of_service_agreed: nil) ⇒ Object
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
# File 'lib/acme/client.rb', line 51
def new_account(contact:, terms_of_service_agreed: nil)
payload = {
contact: Array(contact)
}
if terms_of_service_agreed
payload[:termsOfServiceAgreed] = terms_of_service_agreed
end
response = post(endpoint_for(:new_account), payload: payload, mode: :jws)
@kid = response..fetch(:location)
if response.body.nil? || response.body.empty?
account
else
arguments = attributes_from_account_response(response)
Acme::Client::Resources::Account.new(self, url: @kid, **arguments)
end
end
|
#new_order(identifiers:, not_before: nil, not_after: nil) ⇒ Object
102
103
104
105
106
107
108
109
110
111
|
# File 'lib/acme/client.rb', line 102
def new_order(identifiers:, not_before: nil, not_after: nil)
payload = {}
payload['identifiers'] = prepare_order_identifiers(identifiers)
payload['notBefore'] = not_before if not_before
payload['notAfter'] = not_after if not_after
response = post(endpoint_for(:new_order), payload: payload)
arguments = attributes_from_order_response(response)
Acme::Client::Resources::Order.new(self, **arguments)
end
|
#order(url:) ⇒ Object
113
114
115
116
117
|
# File 'lib/acme/client.rb', line 113
def order(url:)
response = post_as_get(url)
arguments = attributes_from_order_response(response)
Acme::Client::Resources::Order.new(self, **arguments.merge(url: url))
end
|
#request_challenge_validation(url:, key_authorization: nil) ⇒ Object
153
154
155
156
157
|
# File 'lib/acme/client.rb', line 153
def request_challenge_validation(url:, key_authorization: nil)
response = post(url, payload: {})
arguments = attributes_from_challenge_response(response)
Acme::Client::Resources::Challenges.new(self, **arguments)
end
|
#revoke(certificate:, reason: nil) ⇒ Object
159
160
161
162
163
164
165
166
167
168
169
170
171
172
|
# File 'lib/acme/client.rb', line 159
def revoke(certificate:, reason: nil)
der_certificate = if certificate.respond_to?(:to_der)
certificate.to_der
else
OpenSSL::X509::Certificate.new(certificate).to_der
end
base64_der_certificate = Acme::Client::Util.urlsafe_base64(der_certificate)
payload = { certificate: base64_der_certificate }
payload[:reason] = reason unless reason.nil?
response = post(endpoint_for(:revoke_certificate), payload: payload)
response.success?
end
|
#terms_of_service ⇒ Object
185
186
187
|
# File 'lib/acme/client.rb', line 185
def terms_of_service
@directory.terms_of_service
end
|
#website ⇒ Object
189
190
191
|
# File 'lib/acme/client.rb', line 189
def website
@directory.website
end
|