From c5d20aa75782d60f14bcf218823f1c59d37e00f2 Mon Sep 17 00:00:00 2001 From: Hendrik Jäger Date: Tue, 23 Jan 2024 23:13:43 +0100 Subject: cleanup; function to get nonce; prepare new account request --- macir.rb | 46 ++++++++++++++++++++++++++++++++++------------ 1 file changed, 34 insertions(+), 12 deletions(-) diff --git a/macir.rb b/macir.rb index 0bc2382..23c7bcd 100644 --- a/macir.rb +++ b/macir.rb @@ -2,25 +2,47 @@ require 'net/http' require 'json' +require 'base64' +require 'jwt' + + +def request_nonce( uri: ) + http = Net::HTTP.new( uri.hostname, 443 ) + http.use_ssl = true + http.set_debug_output($stdout) + res = http.head( uri.path ) + res['Replay-Nonce'] +end + +ecdsa_key = OpenSSL::PKey::EC.generate('prime256v1') acme_directory_uri = URI('https://acme-staging-v02.api.letsencrypt.org/directory') acme_directory_uri.freeze -hostname = acme_directory_uri.hostname -path = acme_directory_uri.path -port = acme_directory_uri.port acme_directory_json = Net::HTTP.get(acme_directory_uri) acme_directory = JSON.parse(acme_directory_json) -pp acme_directory -newAccount_uri = acme_directory['newAccount'] -p newAccount_uri +newAccount_uri = URI( acme_directory['newAccount'] ) +newNonce_uri = URI( acme_directory['newNonce'] ) + +nonce = request_nonce( :uri => newNonce_uri ) +p nonce +stub_account_for_new_account = { + contact: [ + "mailto:sysadmin@henk.geekmail.org", "mailto:henk@hnjs.ch" + ], + termsOfServiceAgreed: true, + onlyReturnExisting: true +} -# Net::HTTP.get(hostname, '/index.html') -# Net::HTTP.start(hostname) do |http| -# http.get('/todos/1') do |res| -# p res -# end -# end +stub_account_for_new_account_json = JSON.generate(stub_account_for_new_account) +stub_account_for_new_account_base64 = Base64.urlsafe_encode64(stub_account_for_new_account_json, padding: false) +stub_account_for_new_account_signature = JWT.encode( stub_account_for_new_account_base64, ecdsa_key, 'ES256' ) +protected_request_header = { + alg: 'ES256', + nonce: nonce, + url: newAccount_uri, + jwk: ecdsa_key.public_key +} -- cgit v1.2.3