chore: last nits & fixes before release

acme/Cargo.toml

@@ -17,11 +17,11 @@ base64 = "0.21"
 url = { version = "2.3", features = ["serde"] }
 rcgen = "=0.9.2"
 time = { version = "0.3", features = ["serde", "serde-well-known", "wasm-bindgen"] }
+x509-parser = { version = "=0.14.0", features = ["verify", "validate"] }
 
 [target.'cfg(not(target_family = "wasm"))'.dependencies]
 reqwest = { version = "0.11", features = ["json", "__rustls"], default_features = false, optional = true }
 testcontainers = { version = "0.14", optional = true }
-x509-parser = { version = "=0.14.0", features = ["verify", "validate"] }
 
 [dev-dependencies]
 wasm-bindgen-test = "0.3"

acme/src/chall.rs

@@ -8,7 +8,7 @@ impl RustyAcme {
     /// see [RFC 8555 Section 7.5.1](https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5.1)
     pub fn dpop_chall_request(
         access_token: String,
-        handle_chall: AcmeChallenge,
+        dpop_chall: AcmeChallenge,
         account: &AcmeAccount,
         alg: JwsAlgorithm,
         kp: &Pem,
@@ -21,15 +21,15 @@ impl RustyAcme {
             "access_token": access_token,
         }));
 
-        let req = AcmeJws::new(alg, previous_nonce, &handle_chall.url, Some(&acct_url), payload, kp)?;
+        let req = AcmeJws::new(alg, previous_nonce, &dpop_chall.url, Some(&acct_url), payload, kp)?;
         Ok(req)
     }
 
     /// oidc challenge request to `POST /acme/challenge/{token}`
     /// see [RFC 8555 Section 7.5.1](https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5.1)
     pub fn oidc_chall_request(
         id_token: String,
-        handle_chall: AcmeChallenge,
+        oidc_chall: AcmeChallenge,
         account: &AcmeAccount,
         alg: JwsAlgorithm,
         kp: &Pem,
@@ -41,7 +41,7 @@ impl RustyAcme {
         let payload = Some(serde_json::json!({
             "id_token": id_token,
         }));
-        let req = AcmeJws::new(alg, previous_nonce, &handle_chall.url, Some(&acct_url), payload, kp)?;
+        let req = AcmeJws::new(alg, previous_nonce, &oidc_chall.url, Some(&acct_url), payload, kp)?;
         Ok(req)
     }
 

e2e-identity/src/lib.rs

@@ -177,7 +177,7 @@ impl RustyE2eIdentity {
         let new_authz = RustyAcme::new_authz_response(new_authz)?;
         let identifier = new_authz.identifier.to_json()?;
 
-        let wire_http_challenge = new_authz
+        let wire_dpop_challenge = new_authz
             .wire_dpop_challenge()
             .map(|c| serde_json::to_value(c).map(|chall| (chall, c.url.clone())))
             .transpose()?
@@ -190,7 +190,7 @@ impl RustyE2eIdentity {
 
         Ok(E2eiNewAcmeAuthz {
             identifier,
-            wire_http_challenge,
+            wire_dpop_challenge,
             wire_oidc_challenge,
         })
     }
@@ -248,18 +248,18 @@ impl RustyE2eIdentity {
     ///
     /// # Parameters
     /// * `access_token` - returned by wire-server from [this endpoint](https://staging-nginz-https.zinfra.io/api/swagger-ui/#/default/post_clients__cid__access_token)
-    /// * `handle_challenge` - you found after [Self::acme_new_authz_response]
+    /// * `dpop_challenge` - you found after [Self::acme_new_authz_response]
     /// * `account` - you got from [Self::acme_new_account_response]
     /// * `previous_nonce` - "replay-nonce" response header from `POST /acme/{provisioner-name}/authz/{authz-id}`
-    pub fn acme_new_challenge_request(
+    pub fn acme_dpop_challenge_request(
         &self,
         access_token: String,
-        handle_challenge: &E2eiAcmeChall,
+        dpop_challenge: &E2eiAcmeChall,
         account: &E2eiAcmeAccount,
         previous_nonce: String,
     ) -> E2eIdentityResult<Json> {
         let account = serde_json::from_value(account.clone().into())?;
-        let handle_chall = serde_json::from_value(handle_challenge.chall.clone())?;
+        let handle_chall = serde_json::from_value(dpop_challenge.chall.clone())?;
         let new_challenge_req = RustyAcme::dpop_chall_request(
             access_token,
             handle_chall,
@@ -271,6 +271,35 @@ impl RustyE2eIdentity {
         Ok(serde_json::to_value(new_challenge_req)?)
     }
 
+    /// Creates a new challenge request.
+    ///
+    /// See [RFC 8555 Section 7.5.1](https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5.1).
+    ///
+    /// # Parameters
+    /// * `id_token` - returned by Identity Provider
+    /// * `oidc_challenge` - you found after [Self::acme_new_authz_response]
+    /// * `account` - you got from [Self::acme_new_account_response]
+    /// * `previous_nonce` - "replay-nonce" response header from `POST /acme/{provisioner-name}/authz/{authz-id}`
+    pub fn acme_oidc_challenge_request(
+        &self,
+        id_token: String,
+        oidc_challenge: &E2eiAcmeChall,
+        account: &E2eiAcmeAccount,
+        previous_nonce: String,
+    ) -> E2eIdentityResult<Json> {
+        let account = serde_json::from_value(account.clone().into())?;
+        let oidc_chall = serde_json::from_value(oidc_challenge.chall.clone())?;
+        let new_challenge_req = RustyAcme::oidc_chall_request(
+            id_token,
+            oidc_chall,
+            &account,
+            self.sign_alg,
+            &self.sign_kp,
+            previous_nonce,
+        )?;
+        Ok(serde_json::to_value(new_challenge_req)?)
+    }
+
     /// Parses the response from `POST /acme/{provisioner-name}/challenge/{challenge-id}`.
     ///
     /// See [RFC 8555 Section 7.5.1](https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5.1).

e2e-identity/src/types.rs

@@ -18,7 +18,7 @@ pub struct E2eiNewAcmeOrder {
 pub struct E2eiNewAcmeAuthz {
     pub identifier: String,
     #[serde(skip_serializing_if = "Option::is_none")]
-    pub wire_http_challenge: Option<E2eiAcmeChall>,
+    pub wire_dpop_challenge: Option<E2eiAcmeChall>,
     #[serde(skip_serializing_if = "Option::is_none")]
     pub wire_oidc_challenge: Option<E2eiAcmeChall>,
 }