Class: Acme::Client
- Inherits:
-
Object
show all
- Defined in:
- lib/acme/client.rb,
lib/acme/client.rb,
lib/acme/client/version.rb,
lib/acme/client/chain_identifier.rb
Defined Under Namespace
Modules: JWK, Resources, Util
Classes: CertificateRequest, ChainIdentifier, Error, FaradayMiddleware, SelfSignCertificate
Constant Summary
collapse
- DEFAULT_DIRECTORY =
'http://127.0.0.1:4000/directory'.freeze
- USER_AGENT =
"Acme::Client v#{Acme::Client::VERSION} (#{repo_url})".freeze
- CONTENT_TYPES =
{
pem: 'application/pem-certificate-chain'
}
- VERSION =
'2.0.7'.freeze
Instance Attribute Summary collapse
Instance Method Summary
collapse
-
#account ⇒ Object
-
#account_deactivate ⇒ Object
-
#account_update(contact: nil, terms_of_service_agreed: nil) ⇒ Object
-
#authorization(url:) ⇒ Object
-
#caa_identities ⇒ Object
-
#certificate(url:, force_chain: nil) ⇒ Object
-
#challenge(url:) ⇒ Object
-
#deactivate_authorization(url:) ⇒ Object
-
#external_account_required ⇒ Object
-
#finalize(url:, csr:) ⇒ Object
-
#get_nonce ⇒ Object
-
#initialize(jwk: nil, kid: nil, private_key: nil, directory: DEFAULT_DIRECTORY, connection_options: {}, bad_nonce_retry: 0) ⇒ Client
constructor
A new instance of Client.
-
#kid ⇒ Object
-
#meta ⇒ Object
-
#new_account(contact:, terms_of_service_agreed: nil) ⇒ Object
-
#new_order(identifiers:, not_before: nil, not_after: nil) ⇒ Object
-
#order(url:) ⇒ Object
-
#request_challenge_validation(url:, key_authorization: nil) ⇒ Object
-
#revoke(certificate:, reason: nil) ⇒ Object
-
#terms_of_service ⇒ Object
-
#website ⇒ Object
Constructor Details
#initialize(jwk: nil, kid: nil, private_key: nil, directory: DEFAULT_DIRECTORY, connection_options: {}, bad_nonce_retry: 0) ⇒ Client
Returns a new instance of Client.
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
# File 'lib/acme/client.rb', line 33
def initialize(jwk: nil, kid: nil, private_key: nil, directory: DEFAULT_DIRECTORY, connection_options: {}, bad_nonce_retry: 0)
if jwk.nil? && private_key.nil?
raise ArgumentError, 'must specify jwk or private_key'
end
@jwk = if jwk
jwk
else
Acme::Client::JWK.from_private_key(private_key)
end
@kid, @connection_options = kid, connection_options
@bad_nonce_retry = bad_nonce_retry
@directory = Acme::Client::Resources::Directory.new(URI(directory), @connection_options)
@nonces ||= []
end
|
Instance Attribute Details
#jwk ⇒ Object
Returns the value of attribute jwk.
50
51
52
|
# File 'lib/acme/client.rb', line 50
def jwk
@jwk
end
|
#nonces ⇒ Object
Returns the value of attribute nonces.
50
51
52
|
# File 'lib/acme/client.rb', line 50
def nonces
@nonces
end
|
Instance Method Details
#account ⇒ Object
88
89
90
91
92
93
94
95
96
97
|
# File 'lib/acme/client.rb', line 88
def account
@kid ||= begin
response = post(endpoint_for(:new_account), payload: { onlyReturnExisting: true }, mode: :jwk)
response..fetch(:location)
end
response = post_as_get(@kid)
arguments = attributes_from_account_response(response)
Acme::Client::Resources::Account.new(self, url: @kid, **arguments)
end
|
#account_deactivate ⇒ Object
82
83
84
85
86
|
# File 'lib/acme/client.rb', line 82
def account_deactivate
response = post(kid, payload: { status: 'deactivated' })
arguments = attributes_from_account_response(response)
Acme::Client::Resources::Account.new(self, url: kid, **arguments)
end
|
#account_update(contact: nil, terms_of_service_agreed: nil) ⇒ Object
72
73
74
75
76
77
78
79
80
|
# File 'lib/acme/client.rb', line 72
def account_update(contact: nil, terms_of_service_agreed: nil)
payload = {}
payload[:contact] = Array(contact) if contact
payload[:termsOfServiceAgreed] = terms_of_service_agreed if terms_of_service_agreed
response = post(kid, payload: payload)
arguments = attributes_from_account_response(response)
Acme::Client::Resources::Account.new(self, url: kid, **arguments)
end
|
#authorization(url:) ⇒ Object
151
152
153
154
155
|
# File 'lib/acme/client.rb', line 151
def authorization(url:)
response = post_as_get(url)
arguments = attributes_from_authorization_response(response)
Acme::Client::Resources::Authorization.new(self, url: url, **arguments)
end
|
#caa_identities ⇒ Object
209
210
211
|
# File 'lib/acme/client.rb', line 209
def caa_identities
@directory.caa_identities
end
|
#certificate(url:, force_chain: nil) ⇒ Object
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
|
# File 'lib/acme/client.rb', line 131
def certificate(url:, force_chain: nil)
response = download(url, format: :pem)
pem = response.body
return pem if force_chain.nil?
return pem if ChainIdentifier.new(pem).match_name?(force_chain)
alternative_urls = Array(response..dig('link', 'alternate'))
alternative_urls.each do |alternate_url|
response = download(alternate_url, format: :pem)
pem = response.body
if ChainIdentifier.new(pem).match_name?(force_chain)
return pem
end
end
raise Acme::Client::Error::ForcedChainNotFound, "Could not find any matching chain for `#{force_chain}`"
end
|
#challenge(url:) ⇒ Object
163
164
165
166
167
|
# File 'lib/acme/client.rb', line 163
def challenge(url:)
response = post_as_get(url)
arguments = attributes_from_challenge_response(response)
Acme::Client::Resources::Challenges.new(self, **arguments)
end
|
#deactivate_authorization(url:) ⇒ Object
157
158
159
160
161
|
# File 'lib/acme/client.rb', line 157
def deactivate_authorization(url:)
response = post(url, payload: { status: 'deactivated' })
arguments = attributes_from_authorization_response(response)
Acme::Client::Resources::Authorization.new(self, url: url, **arguments)
end
|
#external_account_required ⇒ Object
213
214
215
|
# File 'lib/acme/client.rb', line 213
def external_account_required
@directory.external_account_required
end
|
#finalize(url:, csr:) ⇒ Object
120
121
122
123
124
125
126
127
128
129
|
# File 'lib/acme/client.rb', line 120
def finalize(url:, csr:)
unless csr.respond_to?(:to_der)
raise ArgumentError, 'csr must respond to `#to_der`'
end
base64_der_csr = Acme::Client::Util.urlsafe_base64(csr.to_der)
response = post(url, payload: { csr: base64_der_csr })
arguments = attributes_from_order_response(response)
Acme::Client::Resources::Order.new(self, **arguments)
end
|
#get_nonce ⇒ Object
190
191
192
193
194
195
|
# File 'lib/acme/client.rb', line 190
def get_nonce
connection = new_connection(endpoint: endpoint_for(:new_nonce))
response = connection.head(nil, nil, 'User-Agent' => USER_AGENT)
nonces << response.['replay-nonce']
true
end
|
#kid ⇒ Object
99
100
101
|
# File 'lib/acme/client.rb', line 99
def kid
@kid ||= account.kid
end
|
197
198
199
|
# File 'lib/acme/client.rb', line 197
def meta
@directory.meta
end
|
#new_account(contact:, terms_of_service_agreed: nil) ⇒ Object
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
# File 'lib/acme/client.rb', line 52
def new_account(contact:, terms_of_service_agreed: nil)
payload = {
contact: Array(contact)
}
if terms_of_service_agreed
payload[:termsOfServiceAgreed] = terms_of_service_agreed
end
response = post(endpoint_for(:new_account), payload: payload, mode: :jws)
@kid = response..fetch(:location)
if response.body.nil? || response.body.empty?
account
else
arguments = attributes_from_account_response(response)
Acme::Client::Resources::Account.new(self, url: @kid, **arguments)
end
end
|
#new_order(identifiers:, not_before: nil, not_after: nil) ⇒ Object
103
104
105
106
107
108
109
110
111
112
|
# File 'lib/acme/client.rb', line 103
def new_order(identifiers:, not_before: nil, not_after: nil)
payload = {}
payload['identifiers'] = prepare_order_identifiers(identifiers)
payload['notBefore'] = not_before if not_before
payload['notAfter'] = not_after if not_after
response = post(endpoint_for(:new_order), payload: payload)
arguments = attributes_from_order_response(response)
Acme::Client::Resources::Order.new(self, **arguments)
end
|
#order(url:) ⇒ Object
114
115
116
117
118
|
# File 'lib/acme/client.rb', line 114
def order(url:)
response = post_as_get(url)
arguments = attributes_from_order_response(response)
Acme::Client::Resources::Order.new(self, **arguments.merge(url: url))
end
|
#request_challenge_validation(url:, key_authorization: nil) ⇒ Object
169
170
171
172
173
|
# File 'lib/acme/client.rb', line 169
def request_challenge_validation(url:, key_authorization: nil)
response = post(url, payload: {})
arguments = attributes_from_challenge_response(response)
Acme::Client::Resources::Challenges.new(self, **arguments)
end
|
#revoke(certificate:, reason: nil) ⇒ Object
175
176
177
178
179
180
181
182
183
184
185
186
187
188
|
# File 'lib/acme/client.rb', line 175
def revoke(certificate:, reason: nil)
der_certificate = if certificate.respond_to?(:to_der)
certificate.to_der
else
OpenSSL::X509::Certificate.new(certificate).to_der
end
base64_der_certificate = Acme::Client::Util.urlsafe_base64(der_certificate)
payload = { certificate: base64_der_certificate }
payload[:reason] = reason unless reason.nil?
response = post(endpoint_for(:revoke_certificate), payload: payload)
response.success?
end
|
#terms_of_service ⇒ Object
201
202
203
|
# File 'lib/acme/client.rb', line 201
def terms_of_service
@directory.terms_of_service
end
|
#website ⇒ Object
205
206
207
|
# File 'lib/acme/client.rb', line 205
def website
@directory.website
end
|