summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHendrik Jäger <gitcommit@henk.geekmail.org>2024-01-24 13:35:25 +0100
committerHendrik Jäger <gitcommit@henk.geekmail.org>2024-01-24 13:35:25 +0100
commit48b6667d041100b67b0b9cac3ee4d77621afd93b (patch)
treeb3e0108a77ad14fd186bd417857343c2c54e9541
parentc5d20aa75782d60f14bcf218823f1c59d37e00f2 (diff)
cleanup; trying to request new account
-rw-r--r--macir.rb64
1 files changed, 59 insertions, 5 deletions
diff --git a/macir.rb b/macir.rb
index 23c7bcd..e395225 100644
--- a/macir.rb
+++ b/macir.rb
@@ -14,7 +14,24 @@ def request_nonce( uri: )
res['Replay-Nonce']
end
+def request_newAccount( uri:, data: )
+ http = Net::HTTP.new( uri.hostname, 443 )
+ http.use_ssl = true
+ http.set_debug_output($stdout)
+ headers = { 'Content-Type': 'application/jose+json' }
+ http.post( uri.path, data, headers )
+end
+
+
+
ecdsa_key = OpenSSL::PKey::EC.generate('prime256v1')
+params = optional_parameters = { kid: 'foobar', use: 'sig', alg: 'ES256' }
+jwk_key = JWT::JWK.new( ecdsa_key, params )
+puts "private jwk_key"
+puts jwk_key.export( include_private: true )
+puts "public jwk_key"
+puts jwk_key.export
+
acme_directory_uri = URI('https://acme-staging-v02.api.letsencrypt.org/directory')
acme_directory_uri.freeze
@@ -25,24 +42,61 @@ acme_directory = JSON.parse(acme_directory_json)
newAccount_uri = URI( acme_directory['newAccount'] )
newNonce_uri = URI( acme_directory['newNonce'] )
+
nonce = request_nonce( :uri => newNonce_uri )
-p nonce
+puts "nonce"
+puts nonce
+
stub_account_for_new_account = {
contact: [
- "mailto:sysadmin@henk.geekmail.org", "mailto:henk@hnjs.ch"
+ "mailto:sysadmin@henk.geekmail.org"
],
termsOfServiceAgreed: true,
onlyReturnExisting: true
}
stub_account_for_new_account_json = JSON.generate(stub_account_for_new_account)
-stub_account_for_new_account_base64 = Base64.urlsafe_encode64(stub_account_for_new_account_json, padding: false)
-stub_account_for_new_account_signature = JWT.encode( stub_account_for_new_account_base64, ecdsa_key, 'ES256' )
+puts "stub_account_for_new_account_json"
+puts stub_account_for_new_account_json
+# stub_account_for_new_account_base64 = Base64.urlsafe_encode64(stub_account_for_new_account_json, padding: false)
+
protected_request_header = {
alg: 'ES256',
nonce: nonce,
url: newAccount_uri,
- jwk: ecdsa_key.public_key
+ jwk: jwk_key.export
}
+
+protected_request_header_json = JSON.generate( protected_request_header )
+puts "protected_request_header_json"
+puts protected_request_header_json
+# protected_request_header_base64 = Base64.urlsafe_encode64( protected_request_header_json, padding: false )
+
+
+# newAccount_header_with_payload = JSON.generate( {
+# :protected => protected_request_header_base64,
+# :payload => stub_account_for_new_account_base64,
+# }
+ # )
+
+# #signing_key requires jwt somewhat newer than in debian stable (2.5.0)
+stub_account_for_new_account_signature = JWT.encode( stub_account_for_new_account_json, jwk_key.signing_key, 'ES256', protected_request_header )
+puts "stub_account_for_new_account_signature"
+puts stub_account_for_new_account_signature
+
+
+# newAccount_request_body = {
+# :protected => protected_request_header_base64,
+# :payload => stub_account_for_new_account_base64,
+# :signature => stub_account_for_new_account_signature
+# }
+
+
+# newAccount_request_body_json = JSON.generate( newAccount_request_body )
+# puts "newAccount_request_body_json"
+# puts newAccount_request_body_json
+
+# puts request_newAccount( :uri => newAccount_uri, :data => newAccount_request_body_json )
+puts request_newAccount( :uri => newAccount_uri, :data => stub_account_for_new_account_signature )