From 757f7ba8827cd8f3cb19c0166fe2a95a66837e72 Mon Sep 17 00:00:00 2001
From: Hendrik Jäger <gitcommit@henk.geekmail.org>
Date: Thu, 25 Jan 2024 16:45:03 +0100
Subject: jwt troubles

---
 macir.rb | 69 ++++++++++++++++++++++++++++++++++++++++++----------------------
 1 file changed, 45 insertions(+), 24 deletions(-)

diff --git a/macir.rb b/macir.rb
index e395225..b312052 100644
--- a/macir.rb
+++ b/macir.rb
@@ -6,17 +6,27 @@ require 'base64'
 require 'jwt'
 
 
+def request_directory( uri: )
+  http = Net::HTTP.new( uri.hostname, uri.port )
+  http.use_ssl = true
+  http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+  http.set_debug_output($stdout)
+  http.get( uri.path ).body
+end
+
 def request_nonce( uri: )
-  http = Net::HTTP.new( uri.hostname, 443 )
+  http = Net::HTTP.new( uri.hostname, uri.port )
   http.use_ssl = true
+  http.verify_mode = OpenSSL::SSL::VERIFY_NONE
   http.set_debug_output($stdout)
   res = http.head( uri.path )
   res['Replay-Nonce']
 end
 
 def request_newAccount( uri:, data: )
-  http = Net::HTTP.new( uri.hostname, 443 )
+  http = Net::HTTP.new( uri.hostname, uri.port )
   http.use_ssl = true
+  http.verify_mode = OpenSSL::SSL::VERIFY_NONE
   http.set_debug_output($stdout)
   headers = { 'Content-Type': 'application/jose+json' }
   http.post( uri.path, data, headers )
@@ -33,11 +43,14 @@ puts "public jwk_key"
 puts jwk_key.export
 
 
-acme_directory_uri = URI('https://acme-staging-v02.api.letsencrypt.org/directory')
+# acme_directory_uri = URI('https://acme-staging-v02.api.letsencrypt.org/directory')
+acme_directory_uri = URI('https://localhost:14000/dir')
 acme_directory_uri.freeze
 
-acme_directory_json = Net::HTTP.get(acme_directory_uri)
+# acme_directory_json = Net::HTTP.get(acme_directory_uri)
+acme_directory_json = request_directory( uri: acme_directory_uri )
 acme_directory = JSON.parse(acme_directory_json)
+p acme_directory
 
 newAccount_uri = URI( acme_directory['newAccount'] )
 newNonce_uri = URI( acme_directory['newNonce'] )
@@ -59,7 +72,7 @@ stub_account_for_new_account = {
 stub_account_for_new_account_json = JSON.generate(stub_account_for_new_account)
 puts "stub_account_for_new_account_json"
 puts stub_account_for_new_account_json
-# stub_account_for_new_account_base64 = Base64.urlsafe_encode64(stub_account_for_new_account_json, padding: false)
+stub_account_for_new_account_base64 = Base64.urlsafe_encode64(stub_account_for_new_account_json, padding: false)
 
 
 protected_request_header = {
@@ -71,32 +84,40 @@ protected_request_header = {
 
 protected_request_header_json = JSON.generate( protected_request_header )
 puts "protected_request_header_json"
-puts protected_request_header_json
-# protected_request_header_base64 = Base64.urlsafe_encode64( protected_request_header_json, padding: false )
+pp protected_request_header_json
+protected_request_header_base64 = Base64.urlsafe_encode64( protected_request_header_json, padding: false )
 
 
-# newAccount_header_with_payload = JSON.generate( {
-#   :protected => protected_request_header_base64,
-#   :payload => stub_account_for_new_account_base64,
-# }
-                                              # )
+newAccount_header_with_payload = JSON.generate(
+  {
+    :protected => protected_request_header_base64,
+    :payload => stub_account_for_new_account_base64,
+  }
+)
+puts "newAccount_header_with_payload"
+puts newAccount_header_with_payload
 
 # #signing_key requires jwt somewhat newer than in debian stable (2.5.0)
-stub_account_for_new_account_signature = JWT.encode( stub_account_for_new_account_json, jwk_key.signing_key, 'ES256', protected_request_header )
-puts "stub_account_for_new_account_signature"
+# stub_account_for_new_account_signature = JWT::Algos::Ecdsa.sign( 'ES256', newAccount_header_with_payload, jwk_key.signing_key )
+# stub_account_for_new_account_signature = ecdsa_key.sign( nil, newAccount_header_with_payload )
+stub_account_for_new_account_signature = JWT.encode( newAccount_header_with_payload, jwk_key.signing_key, 'ES256', protected_request_header ).split('.')[-1]
+stub_account_for_new_account_signature_base64 = Base64.urlsafe_encode64( stub_account_for_new_account_signature, padding: false )
+puts "stub_account_for_new_account_signature_base64"
 puts stub_account_for_new_account_signature
+puts stub_account_for_new_account_signature_base64
+puts stub_account_for_new_account_signature.class
 
 
-# newAccount_request_body = {
-#   :protected => protected_request_header_base64,
-#   :payload => stub_account_for_new_account_base64,
-#   :signature => stub_account_for_new_account_signature
-# }
+newAccount_request_body = {
+  :protected => protected_request_header_base64,
+  :payload => stub_account_for_new_account_base64,
+  :signature => stub_account_for_new_account_signature
+}
 
 
-# newAccount_request_body_json = JSON.generate( newAccount_request_body )
-# puts "newAccount_request_body_json"
-# puts newAccount_request_body_json
+newAccount_request_body_json = JSON.generate( newAccount_request_body )
+puts "newAccount_request_body_json"
+puts newAccount_request_body_json
 
-# puts request_newAccount( :uri => newAccount_uri, :data => newAccount_request_body_json )
-puts request_newAccount( :uri => newAccount_uri, :data => stub_account_for_new_account_signature )
+puts request_newAccount( :uri => newAccount_uri, :data => newAccount_request_body_json )
+# puts request_newAccount( :uri => newAccount_uri, :data => stub_account_for_new_account_signature )
-- 
cgit v1.2.3