diff --git a/leap_cli.gemspec b/leap_cli.gemspec
index 8a38893ac16daad4d1d7a8c2b2e9610826e92e2e..96bf0079a57c263914b0f35069fe3951856d23f1 100644
--- a/leap_cli.gemspec
+++ b/leap_cli.gemspec
@@ -52,15 +52,12 @@ spec = Gem::Specification.new do |s|
# network gems
s.add_runtime_dependency('sshkit', '~> 1.11')
- s.add_runtime_dependency('fog-aws', '~> 0.11')
# crypto gems
# s.add_runtime_dependency('gpgme') # << does not build on debian jessie, so now optional.
# also, there is a ruby-gpgme package anyway.
- # acme-client is vendored for now, we need pre-lease version
- # s.add_runtime_dependency('acme-client', '~> 0.4.2')
- s.add_runtime_dependency('faraday', '~> 0.9', '>= 0.9.1') # for acme-client
+ s.add_runtime_dependency('acme-client', '~> 0.6')
# misc gems
s.add_runtime_dependency('ya2yaml', '~> 0.31') # pure ruby yaml, so we can better control output. see https://github.com/afunai/ya2yaml
diff --git a/vendor/acme-client/Gemfile b/vendor/acme-client/Gemfile
deleted file mode 100644
index e0b10dfdba1e051efc85d14a48702244d8c20fc0..0000000000000000000000000000000000000000
--- a/vendor/acme-client/Gemfile
+++ /dev/null
@@ -1,12 +0,0 @@
-source 'https://rubygems.org'
-gemspec
-
-group :development, :test do
- gem 'pry'
- gem 'rubocop', '0.36.0'
- gem 'ruby-prof', require: false
-
- if Gem::Version.new(RUBY_VERSION) <= Gem::Version.new('2.2.2')
- gem 'activesupport', '~> 4.2.6'
- end
-end
diff --git a/vendor/acme-client/LICENSE.txt b/vendor/acme-client/LICENSE.txt
deleted file mode 100644
index 73b96b4863efeee3472fe037367b71706c6660ce..0000000000000000000000000000000000000000
--- a/vendor/acme-client/LICENSE.txt
+++ /dev/null
@@ -1,21 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) 2015 Charles Barbier
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
diff --git a/vendor/acme-client/README.md b/vendor/acme-client/README.md
deleted file mode 100644
index 2047885ac03b98819d6a87187f8231595a728a76..0000000000000000000000000000000000000000
--- a/vendor/acme-client/README.md
+++ /dev/null
@@ -1,168 +0,0 @@
-# Acme::Client
-[](https://travis-ci.org/unixcharles/acme-client)
-
-`acme-client` is a client implementation of the [ACME](https://letsencrypt.github.io/acme-spec) protocol in Ruby.
-
-You can find the ACME reference implementations of the [server](https://github.com/letsencrypt/boulder) in Go and the [client](https://github.com/letsencrypt/letsencrypt) in Python.
-
-ACME is part of the [Letsencrypt](https://letsencrypt.org/) project, which goal is to provide free SSL/TLS certificates with automation of the acquiring and renewal process.
-
-## Installation
-
-Via Rubygems:
-
- $ gem install acme-client
-
-Or add it to a Gemfile:
-
-```ruby
-gem 'acme-client'
-```
-
-## Usage
-
-### Register client
-
-In order to authenticate our client, we have to create an account for it.
-
-```ruby
-# We're going to need a private key.
-require 'openssl'
-private_key = OpenSSL::PKey::RSA.new(4096)
-
-# We need an ACME server to talk to, see github.com/letsencrypt/boulder
-# WARNING: This endpoint is the production endpoint, which is rate limited and will produce valid certificates.
-# You should probably use the staging endpoint for all your experimentation:
-# endpoint = 'https://acme-staging.api.letsencrypt.org/'
-endpoint = 'https://acme-v01.api.letsencrypt.org/'
-
-# Initialize the client
-require 'acme-client'
-client = Acme::Client.new(private_key: private_key, endpoint: endpoint, connection_options: { request: { open_timeout: 5, timeout: 5 } })
-
-# If the private key is not known to the server, we need to register it for the first time.
-registration = client.register(contact: 'mailto:contact@example.com')
-
-# You may need to agree to the terms of service (that's up the to the server to require it or not but boulder does by default)
-registration.agree_terms
-```
-
-### Authorize for domain
-
-Before you are able to obtain certificates for your domain, you have to prove that you are in control of it.
-
-```ruby
-authorization = client.authorize(domain: 'example.org')
-
-# If authorization.status returns 'valid' here you can already get a certificate
-# and _must not_ try to solve another challenge.
-authorization.status # => 'pending'
-
-# You can can store the authorization's URI to fully recover it and
-# any associated challenges via Acme::Client#fetch_authorization.
-authorization.uri # => '...'
-
-# This example is using the http-01 challenge type. Other challenges are dns-01 or tls-sni-01.
-challenge = authorization.http01
-
-# The http-01 method will require you to respond to a HTTP request.
-
-# You can retrieve the challenge token
-challenge.token # => "some_token"
-
-# You can retrieve the expected path for the file.
-challenge.filename # => ".well-known/acme-challenge/:some_token"
-
-# You can generate the body of the expected response.
-challenge.file_content # => 'string token and JWK thumbprint'
-
-# You are not required to send a Content-Type. This method will return the right Content-Type should you decide to include one.
-challenge.content_type
-
-# Save the file. We'll create a public directory to serve it from, and inside it we'll create the challenge file.
-FileUtils.mkdir_p( File.join( 'public', File.dirname( challenge.filename ) ) )
-
-# We'll write the content of the file
-File.write( File.join( 'public', challenge.filename), challenge.file_content )
-
-# Optionally save the challenge for use at another time (eg: by a background job processor)
-File.write('challenge', challenge.to_h.to_json)
-
-# The challenge file can be served with a Ruby webserver.
-# You can run a webserver in another console for that purpose. You may need to forward ports on your router.
-#
-# $ ruby -run -e httpd public -p 8080 --bind-address 0.0.0.0
-
-# Load a saved challenge. This is only required if you need to reuse a saved challenge as outlined above.
-challenge = client.challenge_from_hash(JSON.parse(File.read('challenge')))
-
-# Once you are ready to serve the confirmation request you can proceed.
-challenge.request_verification # => true
-challenge.authorization.verify_status # => 'pending'
-
-# Wait a bit for the server to make the request, or just blink. It should be fast.
-sleep(1)
-
-# Rely on authorization.verify_status more than on challenge.verify_status,
-# if the former is 'valid' you can already issue a certificate and the status of
-# the challenge is not relevant and in fact may never change from pending.
-challenge.authorization.verify_status # => 'valid'
-challenge.error # => nil
-
-# If authorization.verify_status is 'invalid', you can get at the error
-# message only through the failed challenge.
-authorization.verify_status # => 'invalid'
-authorization.http01.error # => {"type" => "...", "detail" => "..."}
-```
-
-### Obtain a certificate
-
-Now that your account is authorized for the domain, you should be able to obtain a certificate for it.
-
-```ruby
-# We're going to need a certificate signing request. If not explicitly
-# specified, the first name listed becomes the common name.
-csr = Acme::Client::CertificateRequest.new(names: %w[example.org www.example.org])
-
-# We can now request a certificate. You can pass anything that returns
-# a valid DER encoded CSR when calling to_der on it. For example an
-# OpenSSL::X509::Request should work too.
-certificate = client.new_certificate(csr) # => #<Acme::Client::Certificate ....>
-
-# Save the certificate and the private key to files
-File.write("privkey.pem", certificate.request.private_key.to_pem)
-File.write("cert.pem", certificate.to_pem)
-File.write("chain.pem", certificate.chain_to_pem)
-File.write("fullchain.pem", certificate.fullchain_to_pem)
-
-# Start a webserver, using your shiny new certificate
-# ruby -r openssl -r webrick -r 'webrick/https' -e "s = WEBrick::HTTPServer.new(
-# :Port => 8443,
-# :DocumentRoot => Dir.pwd,
-# :SSLEnable => true,
-# :SSLPrivateKey => OpenSSL::PKey::RSA.new( File.read('privkey.pem') ),
-# :SSLCertificate => OpenSSL::X509::Certificate.new( File.read('cert.pem') )); trap('INT') { s.shutdown }; s.start"
-```
-
-# Not implemented
-
-- Recovery methods are not implemented.
-
-# Requirements
-
-Ruby >= 2.1
-
-## Development
-
-All the tests use VCR to mock the interaction with the server but if you
-need to record new interation against the server simply clone boulder and
-run it normally with `./start.py`.
-
-## Pull request?
-
-Yes.
-
-## License
-
-[MIT License](http://opensource.org/licenses/MIT)
-
diff --git a/vendor/acme-client/acme-client.gemspec b/vendor/acme-client/acme-client.gemspec
deleted file mode 100644
index b62d60c3f9744c2709aa4c042334ff2900f79dfb..0000000000000000000000000000000000000000
--- a/vendor/acme-client/acme-client.gemspec
+++ /dev/null
@@ -1,27 +0,0 @@
-# coding: utf-8
-lib = File.expand_path('../lib', __FILE__)
-$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'acme/client/version'
-
-Gem::Specification.new do |spec|
- spec.name = 'acme-client'
- spec.version = Acme::Client::VERSION
- spec.authors = ['Charles Barbier']
- spec.email = ['unixcharles@gmail.com']
- spec.summary = 'Client for the ACME protocol.'
- spec.homepage = 'http://github.com/unixcharles/acme-client'
- spec.license = 'MIT'
-
- spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
- spec.require_paths = ['lib']
-
- spec.required_ruby_version = '>= 2.1.0'
-
- spec.add_development_dependency 'bundler', '~> 1.6', '>= 1.6.9'
- spec.add_development_dependency 'rake', '~> 10.0'
- spec.add_development_dependency 'rspec', '~> 3.3', '>= 3.3.0'
- spec.add_development_dependency 'vcr', '~> 2.9', '>= 2.9.3'
- spec.add_development_dependency 'webmock', '~> 1.21', '>= 1.21.0'
-
- spec.add_runtime_dependency 'faraday', '~> 0.9', '>= 0.9.1'
-end
diff --git a/vendor/acme-client/lib/acme-client.rb b/vendor/acme-client/lib/acme-client.rb
deleted file mode 100644
index 7cc7a0a9d1c41b26aff613f95a688b7f43114e3b..0000000000000000000000000000000000000000
--- a/vendor/acme-client/lib/acme-client.rb
+++ /dev/null
@@ -1 +0,0 @@
-require 'acme/client'
diff --git a/vendor/acme-client/lib/acme/client.rb b/vendor/acme-client/lib/acme/client.rb
deleted file mode 100644
index 801479e585de7cce4ddd322216e9b8ed0e19157c..0000000000000000000000000000000000000000
--- a/vendor/acme-client/lib/acme/client.rb
+++ /dev/null
@@ -1,122 +0,0 @@
-# frozen_string_literal: true
-
-require 'faraday'
-require 'json'
-require 'openssl'
-require 'digest'
-require 'forwardable'
-require 'base64'
-require 'time'
-
-module Acme; end
-class Acme::Client; end
-
-require 'acme/client/version'
-require 'acme/client/certificate'
-require 'acme/client/certificate_request'
-require 'acme/client/self_sign_certificate'
-require 'acme/client/crypto'
-require 'acme/client/resources'
-require 'acme/client/faraday_middleware'
-require 'acme/client/error'
-
-class Acme::Client
- DEFAULT_ENDPOINT = 'http://127.0.0.1:4000'.freeze
- DIRECTORY_DEFAULT = {
- 'new-authz' => '/acme/new-authz',
- 'new-cert' => '/acme/new-cert',
- 'new-reg' => '/acme/new-reg',
- 'revoke-cert' => '/acme/revoke-cert'
- }.freeze
-
- def initialize(private_key:, endpoint: DEFAULT_ENDPOINT, directory_uri: nil, connection_options: {})
- @endpoint, @private_key, @directory_uri, @connection_options = endpoint, private_key, directory_uri, connection_options
- @nonces ||= []
- load_directory!
- end
-
- attr_reader :private_key, :nonces, :operation_endpoints
-
- def register(contact:)
- payload = {
- resource: 'new-reg', contact: Array(contact)
- }
-
- response = connection.post(@operation_endpoints.fetch('new-reg'), payload)
- ::Acme::Client::Resources::Registration.new(self, response)
- end
-
- def authorize(domain:)
- payload = {
- resource: 'new-authz',
- identifier: {
- type: 'dns',
- value: domain
- }
- }
-
- response = connection.post(@operation_endpoints.fetch('new-authz'), payload)
- ::Acme::Client::Resources::Authorization.new(self, response.headers['Location'], response)
- end
-
- def fetch_authorization(uri)
- response = connection.get(uri)
- ::Acme::Client::Resources::Authorization.new(self, uri, response)
- end
-
- def new_certificate(csr)
- payload = {
- resource: 'new-cert',
- csr: Base64.urlsafe_encode64(csr.to_der)
- }
-
- response = connection.post(@operation_endpoints.fetch('new-cert'), payload)
- ::Acme::Client::Certificate.new(OpenSSL::X509::Certificate.new(response.body), response.headers['location'], fetch_chain(response), csr)
- end
-
- def revoke_certificate(certificate)
- payload = { resource: 'revoke-cert', certificate: Base64.urlsafe_encode64(certificate.to_der) }
- endpoint = @operation_endpoints.fetch('revoke-cert')
- response = connection.post(endpoint, payload)
- response.success?
- end
-
- def self.revoke_certificate(certificate, *arguments)
- client = new(*arguments)
- client.revoke_certificate(certificate)
- end
-
- def connection
- @connection ||= Faraday.new(@endpoint, **@connection_options) do |configuration|
- configuration.use Acme::Client::FaradayMiddleware, client: self
- configuration.adapter Faraday.default_adapter
- end
- end
-
- private
-
- def fetch_chain(response, limit = 10)
- links = response.headers['link']
- if limit.zero? || links.nil? || links['up'].nil?
- []
- else
- issuer = connection.get(links['up'])
- [OpenSSL::X509::Certificate.new(issuer.body), *fetch_chain(issuer, limit - 1)]
- end
- end
-
- def load_directory!
- @operation_endpoints = if @directory_uri
- response = connection.get(@directory_uri)
- body = response.body
- {
- 'new-reg' => body.fetch('new-reg'),
- 'new-authz' => body.fetch('new-authz'),
- 'new-cert' => body.fetch('new-cert'),
- 'revoke-cert' => body.fetch('revoke-cert'),
- }
- else
- DIRECTORY_DEFAULT
- end
- end
-end
diff --git a/vendor/acme-client/lib/acme/client/certificate.rb b/vendor/acme-client/lib/acme/client/certificate.rb
deleted file mode 100644
index 6c68cc56531199d96162f7f8a01d8e7eb0e19396..0000000000000000000000000000000000000000
--- a/vendor/acme-client/lib/acme/client/certificate.rb
+++ /dev/null
@@ -1,30 +0,0 @@
-class Acme::Client::Certificate
- extend Forwardable
-
- attr_reader :x509, :x509_chain, :request, :private_key, :url
-
- def_delegators :x509, :to_pem, :to_der
-
- def initialize(certificate, url, chain, request)
- @x509 = certificate
- @url = url
- @x509_chain = chain
- @request = request
- end
-
- def chain_to_pem
- x509_chain.map(&:to_pem).join
- end
-
- def x509_fullchain
- [x509, *x509_chain]
- end
-
- def fullchain_to_pem
- x509_fullchain.map(&:to_pem).join
- end
-
- def common_name
- x509.subject.to_a.find { |name, _, _| name == 'CN' }[1]
- end
-end
diff --git a/vendor/acme-client/lib/acme/client/certificate_request.rb b/vendor/acme-client/lib/acme/client/certificate_request.rb
deleted file mode 100644
index 8eae0c62bd7f578026f7776d021c2461ddb086b3..0000000000000000000000000000000000000000
--- a/vendor/acme-client/lib/acme/client/certificate_request.rb
+++ /dev/null
@@ -1,111 +0,0 @@
-class Acme::Client::CertificateRequest
- extend Forwardable
-
- DEFAULT_KEY_LENGTH = 2048
- DEFAULT_DIGEST = OpenSSL::Digest::SHA256
- SUBJECT_KEYS = {
- common_name: 'CN',
- country_name: 'C',
- organization_name: 'O',
- organizational_unit: 'OU',
- state_or_province: 'ST',
- locality_name: 'L'
- }.freeze
-
- SUBJECT_TYPES = {
- 'CN' => OpenSSL::ASN1::UTF8STRING,
- 'C' => OpenSSL::ASN1::UTF8STRING,
- 'O' => OpenSSL::ASN1::UTF8STRING,
- 'OU' => OpenSSL::ASN1::UTF8STRING,
- 'ST' => OpenSSL::ASN1::UTF8STRING,
- 'L' => OpenSSL::ASN1::UTF8STRING
- }.freeze
-
- attr_reader :private_key, :common_name, :names, :subject
-
- def_delegators :csr, :to_pem, :to_der
-
- def initialize(common_name: nil, names: [], private_key: generate_private_key, subject: {}, digest: DEFAULT_DIGEST.new)
- @digest = digest
- @private_key = private_key
- @subject = normalize_subject(subject)
- @common_name = common_name || @subject[SUBJECT_KEYS[:common_name]] || @subject[:common_name]
- @names = names.to_a.dup
- normalize_names
- @subject[SUBJECT_KEYS[:common_name]] ||= @common_name
- validate_subject
- end
-
- def csr
- @csr ||= generate
- end
-
- private
-
- def generate_private_key
- OpenSSL::PKey::RSA.new(DEFAULT_KEY_LENGTH)
- end
-
- def normalize_subject(subject)
- @subject = subject.each_with_object({}) do |(key, value), hash|
- hash[SUBJECT_KEYS.fetch(key, key)] = value.to_s
- end
- end
-
- def normalize_names
- if @common_name
- @names.unshift(@common_name) unless @names.include?(@common_name)
- else
- raise ArgumentError, 'No common name and no list of names given' if @names.empty?
- @common_name = @names.first
- end
- end
-
- def validate_subject
- validate_subject_attributes
- validate_subject_common_name
- end
-
- def validate_subject_attributes
- extra_keys = @subject.keys - SUBJECT_KEYS.keys - SUBJECT_KEYS.values
- return if extra_keys.empty?
- raise ArgumentError, "Unexpected subject attributes given: #{extra_keys.inspect}"
- end
-
- def validate_subject_common_name
- return if @common_name == @subject[SUBJECT_KEYS[:common_name]]
- raise ArgumentError, 'Conflicting common name given in arguments and subject'
- end
-
- def generate
- OpenSSL::X509::Request.new.tap do |csr|
- csr.public_key = @private_key.public_key
- csr.subject = generate_subject
- csr.version = 2
- add_extension(csr)
- csr.sign @private_key, @digest
- end
- end
-
- def generate_subject
- OpenSSL::X509::Name.new(
- @subject.map {|name, value|
- [name, value, SUBJECT_TYPES[name]]
- }
- )
- end
-
- def add_extension(csr)
- return if @names.size <= 1
-
- extension = OpenSSL::X509::ExtensionFactory.new.create_extension(
- 'subjectAltName', @names.map { |name| "DNS:#{name}" }.join(', '), false
- )
- csr.add_attribute(
- OpenSSL::X509::Attribute.new(
- 'extReq',
- OpenSSL::ASN1::Set.new([OpenSSL::ASN1::Sequence.new([extension])])
- )
- )
- end
-end
diff --git a/vendor/acme-client/lib/acme/client/crypto.rb b/vendor/acme-client/lib/acme/client/crypto.rb
deleted file mode 100644
index dfa5cdc935037ad44f23763742e7fe777362e834..0000000000000000000000000000000000000000
--- a/vendor/acme-client/lib/acme/client/crypto.rb
+++ /dev/null
@@ -1,98 +0,0 @@
-class Acme::Client::Crypto
- attr_reader :private_key
-
- def initialize(private_key)
- @private_key = private_key
- end
-
- def generate_signed_jws(header:, payload:)
- header = { typ: 'JWT', alg: jws_alg, jwk: jwk }.merge(header)
-
- encoded_header = urlsafe_base64(header.to_json)
- encoded_payload = urlsafe_base64(payload.to_json)
- signature_data = "#{encoded_header}.#{encoded_payload}"
-
- signature = private_key.sign digest, signature_data
- encoded_signature = urlsafe_base64(signature)
-
- {
- protected: encoded_header,
- payload: encoded_payload,
- signature: encoded_signature
- }.to_json
- end
-
- def thumbprint
- urlsafe_base64 digest.digest(jwk.to_json)
- end
-
- def digest
- OpenSSL::Digest::SHA256.new
- end
-
- def urlsafe_base64(data)
- Base64.urlsafe_encode64(data).sub(/[\s=]*\z/, '')
- end
-
- private
-
- def jws_alg
- { 'RSA' => 'RS256', 'EC' => 'ES256' }.fetch(jwk[:kty])
- end
-
- def jwk
- @jwk ||= case private_key
- when OpenSSL::PKey::RSA
- rsa_jwk
- when OpenSSL::PKey::EC
- ec_jwk
- else
- raise ArgumentError, "Can't handle #{private_key} as private key, only OpenSSL::PKey::RSA and OpenSSL::PKey::EC"
- end
- end
-
- def rsa_jwk
- {
- e: urlsafe_base64(public_key.e.to_s(2)),
- kty: 'RSA',
- n: urlsafe_base64(public_key.n.to_s(2))
- }
- end
-
- def ec_jwk
- {
- crv: curve_name,
- kty: 'EC',
- x: urlsafe_base64(coordinates[:x].to_s(2)),
- y: urlsafe_base64(coordinates[:y].to_s(2))
- }
- end
-
- def curve_name
- {
- 'prime256v1' => 'P-256',
- 'secp384r1' => 'P-384',
- 'secp521r1' => 'P-521'
- }.fetch(private_key.group.curve_name) { raise ArgumentError, 'Unknown EC curve' }
- end
-
- # rubocop:disable Metrics/AbcSize
- def coordinates
- @coordinates ||= begin
- hex = public_key.to_bn.to_s(16)
- data_len = hex.length - 2
- hex_x = hex[2, data_len / 2]
- hex_y = hex[2 + data_len / 2, data_len / 2]
-
- {
- x: OpenSSL::BN.new([hex_x].pack('H*'), 2),
- y: OpenSSL::BN.new([hex_y].pack('H*'), 2)
- }
- end
- end
- # rubocop:enable Metrics/AbcSize
-
- def public_key
- @public_key ||= private_key.public_key
- end
-end
diff --git a/vendor/acme-client/lib/acme/client/error.rb b/vendor/acme-client/lib/acme/client/error.rb
deleted file mode 100644
index 2b356238be33af711108276ee56cb6c980e62433..0000000000000000000000000000000000000000
--- a/vendor/acme-client/lib/acme/client/error.rb
+++ /dev/null
@@ -1,16 +0,0 @@
-class Acme::Client::Error < StandardError
- class NotFound < Acme::Client::Error; end
- class BadCSR < Acme::Client::Error; end
- class BadNonce < Acme::Client::Error; end
- class Connection < Acme::Client::Error; end
- class Dnssec < Acme::Client::Error; end
- class Malformed < Acme::Client::Error; end
- class ServerInternal < Acme::Client::Error; end
- class Acme::Tls < Acme::Client::Error; end
- class Unauthorized < Acme::Client::Error; end
- class UnknownHost < Acme::Client::Error; end
- class Timeout < Acme::Client::Error; end
- class RateLimited < Acme::Client::Error; end
- class RejectedIdentifier < Acme::Client::Error; end
- class UnsupportedIdentifier < Acme::Client::Error; end
-end
diff --git a/vendor/acme-client/lib/acme/client/faraday_middleware.rb b/vendor/acme-client/lib/acme/client/faraday_middleware.rb
deleted file mode 100644
index 21e29c9781ba0016e0cd468e053e145ad1d8cc6d..0000000000000000000000000000000000000000
--- a/vendor/acme-client/lib/acme/client/faraday_middleware.rb
+++ /dev/null
@@ -1,123 +0,0 @@
-# frozen_string_literal: true
-
-class Acme::Client::FaradayMiddleware < Faraday::Middleware
- attr_reader :env, :response, :client
-
- repo_url = 'https://github.com/unixcharles/acme-client'
- USER_AGENT = "Acme::Client v#{Acme::Client::VERSION} (#{repo_url})".freeze
-
- def initialize(app, client:)
- super(app)
- @client = client
- end
-
- def call(env)
- @env = env
- @env[:request_headers]['User-Agent'] = USER_AGENT
- @env.body = crypto.generate_signed_jws(header: { nonce: pop_nonce }, payload: env.body)
- @app.call(env).on_complete { |response_env| on_complete(response_env) }
- rescue Faraday::TimeoutError
- raise Acme::Client::Error::Timeout
- end
-
- def on_complete(env)
- @env = env
-
- raise_on_not_found!
- store_nonce
- env.body = decode_body
- env.response_headers['Link'] = decode_link_headers
-
- return if env.success?
-
- raise_on_error!
- end
-
- private
-
- def raise_on_not_found!
- raise Acme::Client::Error::NotFound, env.url.to_s if env.status == 404
- end
-
- def raise_on_error!
- raise error_class, error_message
- end
-
- def error_message
- if env.body.is_a? Hash
- env.body['detail']
- else
- "Error message: #{env.body}"
- end
- end
-
- def error_class
- if error_name && !error_name.empty? && Acme::Client::Error.const_defined?(error_name)
- Object.const_get("Acme::Client::Error::#{error_name}")
- else
- Acme::Client::Error
- end
- end
-
- def error_name
- @error_name ||= begin
- return unless env.body.is_a?(Hash)
- return unless env.body.key?('type')
-
- env.body['type'].gsub('urn:acme:error:', '').split(/[_-]/).map(&:capitalize).join
- end
- end
-
- def decode_body
- content_type = env.response_headers['Content-Type']
-
- if content_type == 'application/json' || content_type == 'application/problem+json'
- JSON.load(env.body)
- else
- env.body
- end
- end
-
- LINK_MATCH = /<(.*?)>;rel="([\w-]+)"/
-
- def decode_link_headers
- return unless env.response_headers.key?('Link')
- link_header = env.response_headers['Link']
-
- links = link_header.split(', ').map { |entry|
- _, link, name = *entry.match(LINK_MATCH)
- [name, link]
- }
-
- Hash[*links.flatten]
- end
-
- def store_nonce
- nonces << env.response_headers['replay-nonce']
- end
-
- def pop_nonce
- if nonces.empty?
- get_nonce
- else
- nonces.pop
- end
- end
-
- def get_nonce
- response = Faraday.head(env.url, nil, 'User-Agent' => USER_AGENT)
- response.headers['replay-nonce']
- end
-
- def nonces
- client.nonces
- end
-
- def private_key
- client.private_key
- end
-
- def crypto
- @crypto ||= Acme::Client::Crypto.new(private_key)
- end
-end
diff --git a/vendor/acme-client/lib/acme/client/resources.rb b/vendor/acme-client/lib/acme/client/resources.rb
deleted file mode 100644
index ad556889e79810223c627abd619d5b1482ea7e6b..0000000000000000000000000000000000000000
--- a/vendor/acme-client/lib/acme/client/resources.rb
+++ /dev/null
@@ -1,5 +0,0 @@
-module Acme::Client::Resources; end
-
-require 'acme/client/resources/registration'
-require 'acme/client/resources/challenges'
-require 'acme/client/resources/authorization'
diff --git a/vendor/acme-client/lib/acme/client/resources/authorization.rb b/vendor/acme-client/lib/acme/client/resources/authorization.rb
deleted file mode 100644
index 9ca2e76936de4b8638c8203083c19677de38c589..0000000000000000000000000000000000000000
--- a/vendor/acme-client/lib/acme/client/resources/authorization.rb
+++ /dev/null
@@ -1,44 +0,0 @@
-class Acme::Client::Resources::Authorization
- HTTP01 = Acme::Client::Resources::Challenges::HTTP01
- DNS01 = Acme::Client::Resources::Challenges::DNS01
- TLSSNI01 = Acme::Client::Resources::Challenges::TLSSNI01
-
- attr_reader :client, :uri, :domain, :status, :expires, :http01, :dns01, :tls_sni01
-
- def initialize(client, uri, response)
- @client = client
- @uri = uri
- assign_attributes(response.body)
- end
-
- def verify_status
- response = @client.connection.get(@uri)
-
- assign_attributes(response.body)
- status
- end
-
- private
-
- def assign_attributes(body)
- @expires = Time.iso8601(body['expires']) if body.key? 'expires'
- @domain = body['identifier']['value']
- @status = body['status']
- assign_challenges(body['challenges'])
- end
-
- def assign_challenges(challenges)
- challenges.each do |attributes|
- challenge = case attributes.fetch('type')
- when 'http-01'
- @http01 ||= HTTP01.new(self)
- when 'dns-01'
- @dns01 ||= DNS01.new(self)
- when 'tls-sni-01'
- @tls_sni01 ||= TLSSNI01.new(self)
- end
-
- challenge.assign_attributes(attributes) if challenge
- end
- end
-end
diff --git a/vendor/acme-client/lib/acme/client/resources/challenges.rb b/vendor/acme-client/lib/acme/client/resources/challenges.rb
deleted file mode 100644
index ec92d471a89c94f4d72690245ab27d1b826529d3..0000000000000000000000000000000000000000
--- a/vendor/acme-client/lib/acme/client/resources/challenges.rb
+++ /dev/null
@@ -1,6 +0,0 @@
-module Acme::Client::Resources::Challenges; end
-
-require 'acme/client/resources/challenges/base'
-require 'acme/client/resources/challenges/http01'
-require 'acme/client/resources/challenges/dns01'
-require 'acme/client/resources/challenges/tls_sni01'
diff --git a/vendor/acme-client/lib/acme/client/resources/challenges/base.rb b/vendor/acme-client/lib/acme/client/resources/challenges/base.rb
deleted file mode 100644
index c78c74ec5e5ac0fd6af429939f47999485b1fa51..0000000000000000000000000000000000000000
--- a/vendor/acme-client/lib/acme/client/resources/challenges/base.rb
+++ /dev/null
@@ -1,43 +0,0 @@
-class Acme::Client::Resources::Challenges::Base
- attr_reader :authorization, :status, :uri, :token, :error
-
- def initialize(authorization)
- @authorization = authorization
- end
-
- def client
- authorization.client
- end
-
- def verify_status
- authorization.verify_status
-
- status
- end
-
- def request_verification
- response = client.connection.post(@uri, resource: 'challenge', type: challenge_type, keyAuthorization: authorization_key)
- response.success?
- end
-
- def assign_attributes(attributes)
- @status = attributes.fetch('status', 'pending')
- @uri = attributes.fetch('uri')
- @token = attributes.fetch('token')
- @error = attributes['error']
- end
-
- private
-
- def challenge_type
- self.class::CHALLENGE_TYPE
- end
-
- def authorization_key
- "#{token}.#{crypto.thumbprint}"
- end
-
- def crypto
- @crypto ||= Acme::Client::Crypto.new(client.private_key)
- end
-end
diff --git a/vendor/acme-client/lib/acme/client/resources/challenges/dns01.rb b/vendor/acme-client/lib/acme/client/resources/challenges/dns01.rb
deleted file mode 100644
index 543f43861b357a792737809ca518e1516d460f8a..0000000000000000000000000000000000000000
--- a/vendor/acme-client/lib/acme/client/resources/challenges/dns01.rb
+++ /dev/null
@@ -1,19 +0,0 @@
-# frozen_string_literal: true
-
-class Acme::Client::Resources::Challenges::DNS01 < Acme::Client::Resources::Challenges::Base
- CHALLENGE_TYPE = 'dns-01'.freeze
- RECORD_NAME = '_acme-challenge'.freeze
- RECORD_TYPE = 'TXT'.freeze
-
- def record_name
- RECORD_NAME
- end
-
- def record_type
- RECORD_TYPE
- end
-
- def record_content
- crypto.urlsafe_base64(crypto.digest.digest(authorization_key))
- end
-end
diff --git a/vendor/acme-client/lib/acme/client/resources/challenges/http01.rb b/vendor/acme-client/lib/acme/client/resources/challenges/http01.rb
deleted file mode 100644
index 4966091ad72efeb6772ef6afd523706fe3e17385..0000000000000000000000000000000000000000
--- a/vendor/acme-client/lib/acme/client/resources/challenges/http01.rb
+++ /dev/null
@@ -1,18 +0,0 @@
-# frozen_string_literal: true
-
-class Acme::Client::Resources::Challenges::HTTP01 < Acme::Client::Resources::Challenges::Base
- CHALLENGE_TYPE = 'http-01'.freeze
- CONTENT_TYPE = 'text/plain'.freeze
-
- def content_type
- CONTENT_TYPE
- end
-
- def file_content
- authorization_key
- end
-
- def filename
- ".well-known/acme-challenge/#{token}"
- end
-end
diff --git a/vendor/acme-client/lib/acme/client/resources/challenges/tls_sni01.rb b/vendor/acme-client/lib/acme/client/resources/challenges/tls_sni01.rb
deleted file mode 100644
index 8f455f5dbf161583f8a442c6d598ccd16cdc302d..0000000000000000000000000000000000000000
--- a/vendor/acme-client/lib/acme/client/resources/challenges/tls_sni01.rb
+++ /dev/null
@@ -1,24 +0,0 @@
-# frozen_string_literal: true
-
-class Acme::Client::Resources::Challenges::TLSSNI01 < Acme::Client::Resources::Challenges::Base
- CHALLENGE_TYPE = 'tls-sni-01'.freeze
-
- def hostname
- digest = crypto.digest.hexdigest(authorization_key)
- "#{digest[0..31]}.#{digest[32..64]}.acme.invalid"
- end
-
- def certificate
- self_sign_certificate.certificate
- end
-
- def private_key
- self_sign_certificate.private_key
- end
-
- private
-
- def self_sign_certificate
- @self_sign_certificate ||= Acme::Client::SelfSignCertificate.new(subject_alt_names: [hostname])
- end
-end
diff --git a/vendor/acme-client/lib/acme/client/resources/registration.rb b/vendor/acme-client/lib/acme/client/resources/registration.rb
deleted file mode 100644
index b7a4c1133c84e7442bb8a44be8a36cd4e9dc71aa..0000000000000000000000000000000000000000
--- a/vendor/acme-client/lib/acme/client/resources/registration.rb
+++ /dev/null
@@ -1,37 +0,0 @@
-class Acme::Client::Resources::Registration
- attr_reader :id, :key, :contact, :uri, :next_uri, :recover_uri, :term_of_service_uri
-
- def initialize(client, response)
- @client = client
- @uri = response.headers['location']
- assign_links(response.headers['Link'])
- assign_attributes(response.body)
- end
-
- def get_terms
- return unless @term_of_service_uri
-
- @client.connection.get(@term_of_service_uri).body
- end
-
- def agree_terms
- return true unless @term_of_service_uri
-
- response = @client.connection.post(@uri, resource: 'reg', agreement: @term_of_service_uri)
- response.success?
- end
-
- private
-
- def assign_links(links)
- @next_uri = links['next']
- @recover_uri = links['recover']
- @term_of_service_uri = links['terms-of-service']
- end
-
- def assign_attributes(body)
- @id = body['id']
- @key = body['key']
- @contact = body['contact']
- end
-end
diff --git a/vendor/acme-client/lib/acme/client/self_sign_certificate.rb b/vendor/acme-client/lib/acme/client/self_sign_certificate.rb
deleted file mode 100644
index 2e7d98cba149d4fcbda721d0bc27f88d594b5150..0000000000000000000000000000000000000000
--- a/vendor/acme-client/lib/acme/client/self_sign_certificate.rb
+++ /dev/null
@@ -1,60 +0,0 @@
-class Acme::Client::SelfSignCertificate
- attr_reader :private_key, :subject_alt_names, :not_before, :not_after
-
- extend Forwardable
- def_delegators :certificate, :to_pem, :to_der
-
- def initialize(subject_alt_names:, not_before: default_not_before, not_after: default_not_after, private_key: generate_private_key)
- @private_key = private_key
- @subject_alt_names = subject_alt_names
- @not_before = not_before
- @not_after = not_after
- end
-
- def certificate
- @certificate ||= begin
- certificate = generate_certificate
-
- extension_factory = generate_extension_factory(certificate)
- subject_alt_name_entry = subject_alt_names.map { |d| "DNS: #{d}" }.join(',')
- subject_alt_name_extension = extension_factory.create_extension('subjectAltName', subject_alt_name_entry)
- certificate.add_extension(subject_alt_name_extension)
-
- certificate.sign(private_key, digest)
- end
- end
-
- private
-
- def generate_private_key
- OpenSSL::PKey::RSA.new(2048)
- end
-
- def default_not_before
- Time.now - 3600
- end
-
- def default_not_after
- Time.now + 30 * 24 * 3600
- end
-
- def digest
- OpenSSL::Digest::SHA256.new
- end
-
- def generate_certificate
- certificate = OpenSSL::X509::Certificate.new
- certificate.not_before = not_before
- certificate.not_after = not_after
- certificate.public_key = private_key.public_key
- certificate.version = 2
- certificate
- end
-
- def generate_extension_factory(certificate)
- extension_factory = OpenSSL::X509::ExtensionFactory.new
- extension_factory.subject_certificate = certificate
- extension_factory.issuer_certificate = certificate
- extension_factory
- end
-end
diff --git a/vendor/acme-client/lib/acme/client/version.rb b/vendor/acme-client/lib/acme/client/version.rb
deleted file mode 100644
index c989c12522dec58ea7fc6d374a9613d310c1556d..0000000000000000000000000000000000000000
--- a/vendor/acme-client/lib/acme/client/version.rb
+++ /dev/null
@@ -1,7 +0,0 @@
-# frozen_string_literal: true
-
-module Acme
- class Client
- VERSION = '0.4.1'.freeze
- end
-end