diff options
| -rw-r--r-- | macir.rb | 64 |
1 files changed, 59 insertions, 5 deletions
@@ -14,7 +14,24 @@ def request_nonce( uri: ) res['Replay-Nonce'] end +def request_newAccount( uri:, data: ) + http = Net::HTTP.new( uri.hostname, 443 ) + http.use_ssl = true + http.set_debug_output($stdout) + headers = { 'Content-Type': 'application/jose+json' } + http.post( uri.path, data, headers ) +end + + + ecdsa_key = OpenSSL::PKey::EC.generate('prime256v1') +params = optional_parameters = { kid: 'foobar', use: 'sig', alg: 'ES256' } +jwk_key = JWT::JWK.new( ecdsa_key, params ) +puts "private jwk_key" +puts jwk_key.export( include_private: true ) +puts "public jwk_key" +puts jwk_key.export + acme_directory_uri = URI('https://acme-staging-v02.api.letsencrypt.org/directory') acme_directory_uri.freeze @@ -25,24 +42,61 @@ acme_directory = JSON.parse(acme_directory_json) newAccount_uri = URI( acme_directory['newAccount'] ) newNonce_uri = URI( acme_directory['newNonce'] ) + nonce = request_nonce( :uri => newNonce_uri ) -p nonce +puts "nonce" +puts nonce + stub_account_for_new_account = { contact: [ - "mailto:sysadmin@henk.geekmail.org", "mailto:henk@hnjs.ch" + "mailto:sysadmin@henk.geekmail.org" ], termsOfServiceAgreed: true, onlyReturnExisting: true } stub_account_for_new_account_json = JSON.generate(stub_account_for_new_account) -stub_account_for_new_account_base64 = Base64.urlsafe_encode64(stub_account_for_new_account_json, padding: false) -stub_account_for_new_account_signature = JWT.encode( stub_account_for_new_account_base64, ecdsa_key, 'ES256' ) +puts "stub_account_for_new_account_json" +puts stub_account_for_new_account_json +# stub_account_for_new_account_base64 = Base64.urlsafe_encode64(stub_account_for_new_account_json, padding: false) + protected_request_header = { alg: 'ES256', nonce: nonce, url: newAccount_uri, - jwk: ecdsa_key.public_key + jwk: jwk_key.export } + +protected_request_header_json = JSON.generate( protected_request_header ) +puts "protected_request_header_json" +puts protected_request_header_json +# protected_request_header_base64 = Base64.urlsafe_encode64( protected_request_header_json, padding: false ) + + +# newAccount_header_with_payload = JSON.generate( { +# :protected => protected_request_header_base64, +# :payload => stub_account_for_new_account_base64, +# } + # ) + +# #signing_key requires jwt somewhat newer than in debian stable (2.5.0) +stub_account_for_new_account_signature = JWT.encode( stub_account_for_new_account_json, jwk_key.signing_key, 'ES256', protected_request_header ) +puts "stub_account_for_new_account_signature" +puts stub_account_for_new_account_signature + + +# newAccount_request_body = { +# :protected => protected_request_header_base64, +# :payload => stub_account_for_new_account_base64, +# :signature => stub_account_for_new_account_signature +# } + + +# newAccount_request_body_json = JSON.generate( newAccount_request_body ) +# puts "newAccount_request_body_json" +# puts newAccount_request_body_json + +# puts request_newAccount( :uri => newAccount_uri, :data => newAccount_request_body_json ) +puts request_newAccount( :uri => newAccount_uri, :data => stub_account_for_new_account_signature ) |