summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHendrik Jäger <gitcommit@henk.geekmail.org>2024-01-23 23:13:43 +0100
committerHendrik Jäger <gitcommit@henk.geekmail.org>2024-01-23 23:13:43 +0100
commitc5d20aa75782d60f14bcf218823f1c59d37e00f2 (patch)
tree7e0e8907e91daef605195e2da6f0979b59f6388c
parenta15d47be69e5b6adea4f542531130fe7ba33c321 (diff)
cleanup; function to get nonce; prepare new account request
-rw-r--r--macir.rb46
1 files changed, 34 insertions, 12 deletions
diff --git a/macir.rb b/macir.rb
index 0bc2382..23c7bcd 100644
--- a/macir.rb
+++ b/macir.rb
@@ -2,25 +2,47 @@
require 'net/http'
require 'json'
+require 'base64'
+require 'jwt'
+
+
+def request_nonce( uri: )
+ http = Net::HTTP.new( uri.hostname, 443 )
+ http.use_ssl = true
+ http.set_debug_output($stdout)
+ res = http.head( uri.path )
+ res['Replay-Nonce']
+end
+
+ecdsa_key = OpenSSL::PKey::EC.generate('prime256v1')
acme_directory_uri = URI('https://acme-staging-v02.api.letsencrypt.org/directory')
acme_directory_uri.freeze
-hostname = acme_directory_uri.hostname
-path = acme_directory_uri.path
-port = acme_directory_uri.port
acme_directory_json = Net::HTTP.get(acme_directory_uri)
acme_directory = JSON.parse(acme_directory_json)
-pp acme_directory
-newAccount_uri = acme_directory['newAccount']
-p newAccount_uri
+newAccount_uri = URI( acme_directory['newAccount'] )
+newNonce_uri = URI( acme_directory['newNonce'] )
+
+nonce = request_nonce( :uri => newNonce_uri )
+p nonce
+stub_account_for_new_account = {
+ contact: [
+ "mailto:sysadmin@henk.geekmail.org", "mailto:henk@hnjs.ch"
+ ],
+ termsOfServiceAgreed: true,
+ onlyReturnExisting: true
+}
-# Net::HTTP.get(hostname, '/index.html')
-# Net::HTTP.start(hostname) do |http|
-# http.get('/todos/1') do |res|
-# p res
-# end
-# end
+stub_account_for_new_account_json = JSON.generate(stub_account_for_new_account)
+stub_account_for_new_account_base64 = Base64.urlsafe_encode64(stub_account_for_new_account_json, padding: false)
+stub_account_for_new_account_signature = JWT.encode( stub_account_for_new_account_base64, ecdsa_key, 'ES256' )
+protected_request_header = {
+ alg: 'ES256',
+ nonce: nonce,
+ url: newAccount_uri,
+ jwk: ecdsa_key.public_key
+}