#!/usr/bin/ruby

require 'net/http'
require 'json'
require 'base64'
require 'jwt'


def request_nonce( uri: )
  http = Net::HTTP.new( uri.hostname, 443 )
  http.use_ssl = true
  http.set_debug_output($stdout)
  res = http.head( uri.path )
  res['Replay-Nonce']
end

ecdsa_key = OpenSSL::PKey::EC.generate('prime256v1')

acme_directory_uri = URI('https://acme-staging-v02.api.letsencrypt.org/directory')
acme_directory_uri.freeze

acme_directory_json = Net::HTTP.get(acme_directory_uri)
acme_directory = JSON.parse(acme_directory_json)

newAccount_uri = URI( acme_directory['newAccount'] )
newNonce_uri = URI( acme_directory['newNonce'] )

nonce = request_nonce( :uri => newNonce_uri )
p nonce

stub_account_for_new_account = {
  contact: [
    "mailto:sysadmin@henk.geekmail.org", "mailto:henk@hnjs.ch"
  ],
  termsOfServiceAgreed: true,
  onlyReturnExisting: true
}

stub_account_for_new_account_json = JSON.generate(stub_account_for_new_account)
stub_account_for_new_account_base64 = Base64.urlsafe_encode64(stub_account_for_new_account_json, padding: false)
stub_account_for_new_account_signature = JWT.encode( stub_account_for_new_account_base64, ecdsa_key, 'ES256' )

protected_request_header = {
  alg: 'ES256',
  nonce: nonce,
  url: newAccount_uri,
  jwk: ecdsa_key.public_key
}