diff options
author | Hendrik Jäger <gitcommit@henk.geekmail.org> | 2024-01-23 23:13:43 +0100 |
---|---|---|
committer | Hendrik Jäger <gitcommit@henk.geekmail.org> | 2024-01-23 23:13:43 +0100 |
commit | c5d20aa75782d60f14bcf218823f1c59d37e00f2 (patch) | |
tree | 7e0e8907e91daef605195e2da6f0979b59f6388c | |
parent | a15d47be69e5b6adea4f542531130fe7ba33c321 (diff) |
cleanup; function to get nonce; prepare new account request
-rw-r--r-- | macir.rb | 46 |
1 files changed, 34 insertions, 12 deletions
@@ -2,25 +2,47 @@ require 'net/http' require 'json' +require 'base64' +require 'jwt' + + +def request_nonce( uri: ) + http = Net::HTTP.new( uri.hostname, 443 ) + http.use_ssl = true + http.set_debug_output($stdout) + res = http.head( uri.path ) + res['Replay-Nonce'] +end + +ecdsa_key = OpenSSL::PKey::EC.generate('prime256v1') acme_directory_uri = URI('https://acme-staging-v02.api.letsencrypt.org/directory') acme_directory_uri.freeze -hostname = acme_directory_uri.hostname -path = acme_directory_uri.path -port = acme_directory_uri.port acme_directory_json = Net::HTTP.get(acme_directory_uri) acme_directory = JSON.parse(acme_directory_json) -pp acme_directory -newAccount_uri = acme_directory['newAccount'] -p newAccount_uri +newAccount_uri = URI( acme_directory['newAccount'] ) +newNonce_uri = URI( acme_directory['newNonce'] ) + +nonce = request_nonce( :uri => newNonce_uri ) +p nonce +stub_account_for_new_account = { + contact: [ + "mailto:sysadmin@henk.geekmail.org", "mailto:henk@hnjs.ch" + ], + termsOfServiceAgreed: true, + onlyReturnExisting: true +} -# Net::HTTP.get(hostname, '/index.html') -# Net::HTTP.start(hostname) do |http| -# http.get('/todos/1') do |res| -# p res -# end -# end +stub_account_for_new_account_json = JSON.generate(stub_account_for_new_account) +stub_account_for_new_account_base64 = Base64.urlsafe_encode64(stub_account_for_new_account_json, padding: false) +stub_account_for_new_account_signature = JWT.encode( stub_account_for_new_account_base64, ecdsa_key, 'ES256' ) +protected_request_header = { + alg: 'ES256', + nonce: nonce, + url: newAccount_uri, + jwk: ecdsa_key.public_key +} |