blob: 23c7bcd3c8eabe0276f9d60ea1a5980eb4a4e4bc (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
#!/usr/bin/ruby
require 'net/http'
require 'json'
require 'base64'
require 'jwt'
def request_nonce( uri: )
http = Net::HTTP.new( uri.hostname, 443 )
http.use_ssl = true
http.set_debug_output($stdout)
res = http.head( uri.path )
res['Replay-Nonce']
end
ecdsa_key = OpenSSL::PKey::EC.generate('prime256v1')
acme_directory_uri = URI('https://acme-staging-v02.api.letsencrypt.org/directory')
acme_directory_uri.freeze
acme_directory_json = Net::HTTP.get(acme_directory_uri)
acme_directory = JSON.parse(acme_directory_json)
newAccount_uri = URI( acme_directory['newAccount'] )
newNonce_uri = URI( acme_directory['newNonce'] )
nonce = request_nonce( :uri => newNonce_uri )
p nonce
stub_account_for_new_account = {
contact: [
"mailto:sysadmin@henk.geekmail.org", "mailto:henk@hnjs.ch"
],
termsOfServiceAgreed: true,
onlyReturnExisting: true
}
stub_account_for_new_account_json = JSON.generate(stub_account_for_new_account)
stub_account_for_new_account_base64 = Base64.urlsafe_encode64(stub_account_for_new_account_json, padding: false)
stub_account_for_new_account_signature = JWT.encode( stub_account_for_new_account_base64, ecdsa_key, 'ES256' )
protected_request_header = {
alg: 'ES256',
nonce: nonce,
url: newAccount_uri,
jwk: ecdsa_key.public_key
}
|