diff options
| author | Hendrik Jäger <gitcommit@henk.geekmail.org> | 2024-01-25 16:45:03 +0100 |
|---|---|---|
| committer | Hendrik Jäger <gitcommit@henk.geekmail.org> | 2024-01-25 16:45:03 +0100 |
| commit | 757f7ba8827cd8f3cb19c0166fe2a95a66837e72 (patch) | |
| tree | bf8a558f19a4514fb4642b218c7d7bc5720411ab | |
| parent | 48b6667d041100b67b0b9cac3ee4d77621afd93b (diff) | |
jwt troubles
| -rw-r--r-- | macir.rb | 69 |
1 files changed, 45 insertions, 24 deletions
@@ -6,17 +6,27 @@ require 'base64' require 'jwt' +def request_directory( uri: ) + http = Net::HTTP.new( uri.hostname, uri.port ) + http.use_ssl = true + http.verify_mode = OpenSSL::SSL::VERIFY_NONE + http.set_debug_output($stdout) + http.get( uri.path ).body +end + def request_nonce( uri: ) - http = Net::HTTP.new( uri.hostname, 443 ) + http = Net::HTTP.new( uri.hostname, uri.port ) http.use_ssl = true + http.verify_mode = OpenSSL::SSL::VERIFY_NONE http.set_debug_output($stdout) res = http.head( uri.path ) res['Replay-Nonce'] end def request_newAccount( uri:, data: ) - http = Net::HTTP.new( uri.hostname, 443 ) + http = Net::HTTP.new( uri.hostname, uri.port ) http.use_ssl = true + http.verify_mode = OpenSSL::SSL::VERIFY_NONE http.set_debug_output($stdout) headers = { 'Content-Type': 'application/jose+json' } http.post( uri.path, data, headers ) @@ -33,11 +43,14 @@ puts "public jwk_key" puts jwk_key.export -acme_directory_uri = URI('https://acme-staging-v02.api.letsencrypt.org/directory') +# acme_directory_uri = URI('https://acme-staging-v02.api.letsencrypt.org/directory') +acme_directory_uri = URI('https://localhost:14000/dir') acme_directory_uri.freeze -acme_directory_json = Net::HTTP.get(acme_directory_uri) +# acme_directory_json = Net::HTTP.get(acme_directory_uri) +acme_directory_json = request_directory( uri: acme_directory_uri ) acme_directory = JSON.parse(acme_directory_json) +p acme_directory newAccount_uri = URI( acme_directory['newAccount'] ) newNonce_uri = URI( acme_directory['newNonce'] ) @@ -59,7 +72,7 @@ stub_account_for_new_account = { stub_account_for_new_account_json = JSON.generate(stub_account_for_new_account) puts "stub_account_for_new_account_json" puts stub_account_for_new_account_json -# stub_account_for_new_account_base64 = Base64.urlsafe_encode64(stub_account_for_new_account_json, padding: false) +stub_account_for_new_account_base64 = Base64.urlsafe_encode64(stub_account_for_new_account_json, padding: false) protected_request_header = { @@ -71,32 +84,40 @@ protected_request_header = { protected_request_header_json = JSON.generate( protected_request_header ) puts "protected_request_header_json" -puts protected_request_header_json -# protected_request_header_base64 = Base64.urlsafe_encode64( protected_request_header_json, padding: false ) +pp protected_request_header_json +protected_request_header_base64 = Base64.urlsafe_encode64( protected_request_header_json, padding: false ) -# newAccount_header_with_payload = JSON.generate( { -# :protected => protected_request_header_base64, -# :payload => stub_account_for_new_account_base64, -# } - # ) +newAccount_header_with_payload = JSON.generate( + { + :protected => protected_request_header_base64, + :payload => stub_account_for_new_account_base64, + } +) +puts "newAccount_header_with_payload" +puts newAccount_header_with_payload # #signing_key requires jwt somewhat newer than in debian stable (2.5.0) -stub_account_for_new_account_signature = JWT.encode( stub_account_for_new_account_json, jwk_key.signing_key, 'ES256', protected_request_header ) -puts "stub_account_for_new_account_signature" +# stub_account_for_new_account_signature = JWT::Algos::Ecdsa.sign( 'ES256', newAccount_header_with_payload, jwk_key.signing_key ) +# stub_account_for_new_account_signature = ecdsa_key.sign( nil, newAccount_header_with_payload ) +stub_account_for_new_account_signature = JWT.encode( newAccount_header_with_payload, jwk_key.signing_key, 'ES256', protected_request_header ).split('.')[-1] +stub_account_for_new_account_signature_base64 = Base64.urlsafe_encode64( stub_account_for_new_account_signature, padding: false ) +puts "stub_account_for_new_account_signature_base64" puts stub_account_for_new_account_signature +puts stub_account_for_new_account_signature_base64 +puts stub_account_for_new_account_signature.class -# newAccount_request_body = { -# :protected => protected_request_header_base64, -# :payload => stub_account_for_new_account_base64, -# :signature => stub_account_for_new_account_signature -# } +newAccount_request_body = { + :protected => protected_request_header_base64, + :payload => stub_account_for_new_account_base64, + :signature => stub_account_for_new_account_signature +} -# newAccount_request_body_json = JSON.generate( newAccount_request_body ) -# puts "newAccount_request_body_json" -# puts newAccount_request_body_json +newAccount_request_body_json = JSON.generate( newAccount_request_body ) +puts "newAccount_request_body_json" +puts newAccount_request_body_json -# puts request_newAccount( :uri => newAccount_uri, :data => newAccount_request_body_json ) -puts request_newAccount( :uri => newAccount_uri, :data => stub_account_for_new_account_signature ) +puts request_newAccount( :uri => newAccount_uri, :data => newAccount_request_body_json ) +# puts request_newAccount( :uri => newAccount_uri, :data => stub_account_for_new_account_signature ) |