diff --git a/Cargo.lock b/Cargo.lock index d02365e1..af83fcb3 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2784,6 +2784,7 @@ dependencies = [ "asn1-rs", "base64 0.21.5", "ed25519-compact", + "fluvio-wasm-timer", "getrandom 0.2.11", "hex", "jwt-simple", diff --git a/acme/Cargo.toml b/acme/Cargo.toml index 079ee120..44575563 100644 --- a/acme/Cargo.toml +++ b/acme/Cargo.toml @@ -29,6 +29,8 @@ p384 = "0.13" pem = "3.0" getrandom = { version = "0.2.8", features = ["js"] } +fluvio-wasm-timer = "0.2" + [dev-dependencies] wasm-bindgen-test = "0.3" hex = "0.4.3" diff --git a/acme/src/certificate.rs b/acme/src/certificate.rs index e8e08682..0f5a1c15 100644 --- a/acme/src/certificate.rs +++ b/acme/src/certificate.rs @@ -57,7 +57,11 @@ impl RustyAcme { return Err(CertificateError::DisplayNameMismatch.into()); } - let invalid_handle = cert_identity.handle != identifier.handle.trim_start_matches(ClientId::URI_PREFIX); + let identifier_handle = identifier + .handle + .trim_start_matches(ClientId::URI_PREFIX) + .trim_start_matches(ClientId::HANDLE_PREFIX); + let invalid_handle = cert_identity.handle != identifier_handle; if invalid_handle { return Err(CertificateError::HandleMismatch.into()); } diff --git a/acme/src/error.rs b/acme/src/error.rs index ddd548fc..e0614497 100644 --- a/acme/src/error.rs +++ b/acme/src/error.rs @@ -95,4 +95,7 @@ pub enum CertificateError { /// X509 lacks required standard fields #[error("X509 lacks required standard fields")] InvalidFormat, + /// Advertised public key does not match algorithm + #[error("Advertised public key does not match algorithm")] + InvalidPublicKey, } diff --git a/acme/src/identity.rs b/acme/src/identity/mod.rs similarity index 63% rename from acme/src/identity.rs rename to acme/src/identity/mod.rs index 701143d2..5e02ea35 100644 --- a/acme/src/identity.rs +++ b/acme/src/identity/mod.rs @@ -5,12 +5,27 @@ use rusty_jwt_tools::prelude::*; use crate::error::CertificateError; use crate::prelude::*; +mod status; +mod thumbprint; + #[derive(Debug, Clone)] pub struct WireIdentity { pub client_id: String, pub handle: String, pub display_name: String, pub domain: String, + pub status: IdentityStatus, + pub thumbprint: String, +} + +#[derive(Debug, Clone, Eq, PartialEq)] +pub enum IdentityStatus { + /// All is fine + Valid, + /// The Certificate is expired + Expired, + /// The Certificate is revoked + Revoked, } pub trait WireIdentityReader { @@ -29,12 +44,16 @@ impl WireIdentityReader for x509_cert::Certificate { fn extract_identity(&self) -> RustyAcmeResult { let (client_id, handle) = try_extract_san(&self.tbs_certificate)?; let (display_name, domain) = try_extract_subject(&self.tbs_certificate)?; + let status = status::extract_status(&self.tbs_certificate); + let thumbprint = thumbprint::try_compute_jwk_canonicalized_thumbprint(&self.tbs_certificate)?; Ok(WireIdentity { client_id, handle, display_name, domain, + status, + thumbprint, }) } @@ -118,12 +137,16 @@ fn try_extract_san(cert: &x509_cert::TbsCertificate) -> RustyAcmeResult<(String, _ => None, }) .try_for_each(|name| -> RustyAcmeResult<()> { + // since both ClientId & handle are in the SAN we first try to parse the element as + // a ClientId (since it's the most characterizable) and else fallback to a handle if let Ok(cid) = ClientId::try_from_uri(name) { client_id = Some(cid.to_qualified()); } else if name.starts_with(ClientId::URI_PREFIX) { let h = name .strip_prefix(ClientId::URI_PREFIX) .ok_or(RustyAcmeError::ImplementationError)? + .strip_prefix(ClientId::HANDLE_PREFIX) + .ok_or(RustyAcmeError::ImplementationError)? .to_string(); handle = Some(h); } @@ -144,17 +167,33 @@ pub mod tests { wasm_bindgen_test_configure!(run_in_browser); const CERT: &str = r#"-----BEGIN CERTIFICATE----- -MIICDDCCAbOgAwIBAgIRAPByYiuFhbbYasW+GKz5FBkwCgYIKoZIzj0EAwIwLjEN -MAsGA1UEChMEd2lyZTEdMBsGA1UEAxMUd2lyZSBJbnRlcm1lZGlhdGUgQ0EwHhcN -MjMwNzMxMTQwMjA4WhcNMzMwNzI4MTQwMjA4WjApMREwDwYDVQQKEwh3aXJlLmNv -bTEUMBIGA1UEAxMLQWxpY2UgU21pdGgwKjAFBgMrZXADIQAF/hZvvmRkWMzqZ5jU -LnGKO+y8G/Vz+olfTknk7c/8IqOB5TCB4jAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0l -BAwwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFGhAhRlgprn/FUxPfL+ehHvvAigpMB8G -A1UdIwQYMBaAFB81Yl+jcBh8rnCo9MJtkZ+2vq5YMFwGA1UdEQRVMFOGFWltOndp -cmVhcHA9YWxpY2Vfd2lyZYY6aW06d2lyZWFwcD1UNENveTR2ZFJ6aWFud2ZPZ1hw -bjZBL2EzMzhlOWVhOWU4N2ZlY0B3aXJlLmNvbTAdBgwrBgEEAYKkZMYoQAEEDTAL -AgEGBAR3aXJlBAAwCgYIKoZIzj0EAwIDRwAwRAIgCP+OnliYCy7PKs3rt+x4zUuF -e2grybnLl5fsak6lFPUCIE4T8ZMlKkOZ9xeYdTlrUPT67hc++ZRAtcU03Kqiz8sm +MIICGDCCAb+gAwIBAgIQHhoe3LLRoHP+EPY4KOTgATAKBggqhkjOPQQDAjAuMQ0w +CwYDVQQKEwR3aXJlMR0wGwYDVQQDExR3aXJlIEludGVybWVkaWF0ZSBDQTAeFw0y +MzExMTYxMDM3MjZaFw0zMzExMTMxMDM3MjZaMCkxETAPBgNVBAoTCHdpcmUuY29t +MRQwEgYDVQQDEwtBbGljZSBTbWl0aDAqMAUGAytlcAMhANmHK7rIOLVhj/vmKmK1 +qei8Dor8Lu/FPOnXmKLZGKrfo4HyMIHvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUE +DDAKBggrBgEFBQcDAjAdBgNVHQ4EFgQUFlquvWRvc3MxFaLrNgzv+UdGoaswHwYD +VR0jBBgwFoAUz40pQ/qEp4eFDfctCF0jmJB+5xswaQYDVR0RBGIwYIYhaW06d2ly +ZWFwcD0lNDBhbGljZV93aXJlQHdpcmUuY29thjtpbTp3aXJlYXBwPXlsLThBX3da +U2ZhUzJ1VjhWdU1FQncvN2U3OTcyM2E4YmRjNjk0ZkB3aXJlLmNvbTAdBgwrBgEE +AYKkZMYoQAEEDTALAgEGBAR3aXJlBAAwCgYIKoZIzj0EAwIDRwAwRAIgRqbsOAF7 +OseMTgkjrKe3UO/UjDUGzW+jlDWOGLZsh5ECIDdNastqkvwOGfbWaeh+IuM6/oBz +flIOs9TQGOVc0YL1 +-----END CERTIFICATE-----"#; + + const CERT_EXPIRED: &str = r#"-----BEGIN CERTIFICATE----- +MIICGDCCAb+gAwIBAgIQM1JQFaSAmNPtoyWrvmZNGjAKBggqhkjOPQQDAjAuMQ0w +CwYDVQQKEwR3aXJlMR0wGwYDVQQDExR3aXJlIEludGVybWVkaWF0ZSBDQTAeFw0y +MzExMTYxMDQ2MDVaFw0yMzExMTYxMTA2MDVaMCkxETAPBgNVBAoTCHdpcmUuY29t +MRQwEgYDVQQDEwtBbGljZSBTbWl0aDAqMAUGAytlcAMhAEJioXny0jRMd1GAo9aq +ywcUQBJwuc4ym1DxDBuTrFCzo4HyMIHvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUE +DDAKBggrBgEFBQcDAjAdBgNVHQ4EFgQU3OFsPDRVZrOLHbL7vGiVE9CzyKwwHwYD +VR0jBBgwFoAUusKuRvUWmJgzjSYJL3ndc8W2414waQYDVR0RBGIwYIYhaW06d2ly +ZWFwcD0lNDBhbGljZV93aXJlQHdpcmUuY29thjtpbTp3aXJlYXBwPXlhRld5M3Yt +UUZDZms0X2VkLW9fNEEvNGU4NTI0ZWY0ZTIzMDY4YkB3aXJlLmNvbTAdBgwrBgEE +AYKkZMYoQAEEDTALAgEGBAR3aXJlBAAwCgYIKoZIzj0EAwIDRwAwRAIgPA0RmEYk +k9Jtg4ND98qu7qkUM3vtVVLiZkbCnRlFF04CIGCwhSo/78Kt8h6292SkT8c8eCS6 +4PmNd7NrZ71etdKR -----END CERTIFICATE-----"#; #[test] @@ -163,9 +202,9 @@ e2grybnLl5fsak6lFPUCIE4T8ZMlKkOZ9xeYdTlrUPT67hc++ZRAtcU03Kqiz8sm let cert_der = pem::parse(CERT).unwrap(); let identity = cert_der.contents().extract_identity().unwrap(); - let expected_client_id = "T4Coy4vdRzianwfOgXpn6A:a338e9ea9e87fec@wire.com"; + let expected_client_id = "yl-8A_wZSfaS2uV8VuMEBw:7e79723a8bdc694f@wire.com"; assert_eq!(&identity.client_id, expected_client_id); - assert_eq!(&identity.handle, "alice_wire"); + assert_eq!(&identity.handle, "alice_wire@wire.com"); assert_eq!(&identity.display_name, "Alice Smith"); assert_eq!(&identity.domain, "wire.com"); } @@ -175,7 +214,7 @@ e2grybnLl5fsak6lFPUCIE4T8ZMlKkOZ9xeYdTlrUPT67hc++ZRAtcU03Kqiz8sm fn should_find_created_at_claim() { let cert_der = pem::parse(CERT).unwrap(); let created_at = cert_der.contents().extract_created_at().unwrap(); - assert_eq!(created_at, 1690812128); + assert_eq!(created_at, 1700131046); } #[test] @@ -185,7 +224,27 @@ e2grybnLl5fsak6lFPUCIE4T8ZMlKkOZ9xeYdTlrUPT67hc++ZRAtcU03Kqiz8sm let spki = cert_der.contents().extract_public_key().unwrap(); assert_eq!( hex::encode(spki), - "05fe166fbe646458ccea6798d42e718a3becbc1bf573fa895f4e49e4edcffc22" + "d9872bbac838b5618ffbe62a62b5a9e8bc0e8afc2eefc53ce9d798a2d918aadf" ); } + + #[test] + #[wasm_bindgen_test] + fn should_have_valid_status() { + let cert_der = pem::parse(CERT).unwrap(); + let identity = cert_der.contents().extract_identity().unwrap(); + assert_eq!(&identity.status, &IdentityStatus::Valid); + + let cert_der = pem::parse(CERT_EXPIRED).unwrap(); + let identity = cert_der.contents().extract_identity().unwrap(); + assert_eq!(&identity.status, &IdentityStatus::Expired); + } + + #[test] + #[wasm_bindgen_test] + fn should_have_thumbprint() { + let cert_der = pem::parse(CERT).unwrap(); + let identity = cert_der.contents().extract_identity().unwrap(); + assert!(!identity.thumbprint.is_empty()); + } } diff --git a/acme/src/identity/status.rs b/acme/src/identity/status.rs new file mode 100644 index 00000000..cbba5a6e --- /dev/null +++ b/acme/src/identity/status.rs @@ -0,0 +1,30 @@ +use super::IdentityStatus; + +pub(crate) fn extract_status(cert: &x509_cert::TbsCertificate) -> IdentityStatus { + if is_revoked(cert) { + IdentityStatus::Revoked + } else if !is_time_valid(cert) { + IdentityStatus::Expired + } else { + IdentityStatus::Valid + } +} + +fn is_time_valid(cert: &x509_cert::TbsCertificate) -> bool { + // 'not_before' < now < 'not_after' + let x509_cert::time::Validity { not_before, not_after } = cert.validity; + + let now = fluvio_wasm_timer::SystemTime::now(); + let Ok(now) = now.duration_since(fluvio_wasm_timer::UNIX_EPOCH) else { + return false; + }; + + let is_nbf = now >= not_before.to_unix_duration(); + let is_naf = now < not_after.to_unix_duration(); + is_nbf && is_naf +} + +// TODO +fn is_revoked(_cert: &x509_cert::TbsCertificate) -> bool { + false +} diff --git a/acme/src/identity/thumbprint.rs b/acme/src/identity/thumbprint.rs new file mode 100644 index 00000000..f6bf2ec8 --- /dev/null +++ b/acme/src/identity/thumbprint.rs @@ -0,0 +1,33 @@ +use crate::{ + error::CertificateError, + prelude::{RustyAcmeError, RustyAcmeResult}, +}; +use jwt_simple::prelude::*; +use rusty_jwt_tools::{ + jwk::TryIntoJwk, + prelude::{HashAlgorithm, JwkThumbprint}, +}; +use x509_cert::spki::SubjectPublicKeyInfoOwned; + +/// See: https://datatracker.ietf.org/doc/html/rfc8037#appendix-A.3 +pub(crate) fn try_compute_jwk_canonicalized_thumbprint(cert: &x509_cert::TbsCertificate) -> RustyAcmeResult { + let jwk = try_into_jwk(&cert.subject_public_key_info)?; + // Hash is always SHA-256 + let thumbprint = JwkThumbprint::generate(&jwk, HashAlgorithm::SHA256)?; + Ok(thumbprint.kid) +} + +fn try_into_jwk(spki: &SubjectPublicKeyInfoOwned) -> RustyAcmeResult { + let oid = oid_registry::Oid::new(std::borrow::Cow::Borrowed(spki.algorithm.oid.as_bytes())); + + // cannot pattern match oid_registry::Oid because it contains a Cow<'_> + if oid == oid_registry::OID_SIG_ED25519 { + Ok(Ed25519PublicKey::from_bytes(spki.subject_public_key.raw_bytes())?.try_into_jwk()?) + } else if oid == oid_registry::OID_SIG_ECDSA_WITH_SHA256 { + Ok(ES256PublicKey::from_bytes(spki.subject_public_key.raw_bytes())?.try_into_jwk()?) + } else if oid == oid_registry::OID_SIG_ECDSA_WITH_SHA384 { + Ok(ES384PublicKey::from_bytes(spki.subject_public_key.raw_bytes())?.try_into_jwk()?) + } else { + Err(RustyAcmeError::InvalidCertificate(CertificateError::InvalidPublicKey)) + } +} diff --git a/acme/src/lib.rs b/acme/src/lib.rs index 880963da..5d5aa7d7 100644 --- a/acme/src/lib.rs +++ b/acme/src/lib.rs @@ -20,7 +20,7 @@ pub mod prelude { pub use error::{RustyAcmeError, RustyAcmeResult}; pub use finalize::AcmeFinalize; pub use identifier::{AcmeIdentifier, WireIdentifier}; - pub use identity::{WireIdentity, WireIdentityReader}; + pub use identity::{IdentityStatus, WireIdentity, WireIdentityReader}; pub use jws::AcmeJws; pub use order::AcmeOrder; diff --git a/acme/src/order.rs b/acme/src/order.rs index 2e8581c4..d3d41c50 100644 --- a/acme/src/order.rs +++ b/acme/src/order.rs @@ -22,7 +22,7 @@ impl RustyAcme { let acct_url = account.acct_url()?; let domain = client_id.domain.clone(); - let handle = format!("{}{handle}", ClientId::URI_PREFIX); + let handle = format!("{}{}{handle}@{domain}", ClientId::URI_PREFIX, ClientId::HANDLE_PREFIX); let identifiers = vec![AcmeIdentifier::try_new( display_name.to_string(), domain, diff --git a/e2e-identity/README.md b/e2e-identity/README.md index 31341c9c..0ce1564c 100644 --- a/e2e-identity/README.md +++ b/e2e-identity/README.md @@ -11,14 +11,14 @@ sequenceDiagram acme-server->>-wire-client: 201 wire-client->>+acme-server: 🔒 POST /acme/wire/new-order acme-server->>-wire-client: 201 - wire-client->>+acme-server: 🔒 POST /acme/wire/authz/na9wv49aMfgJhvBpM2ssWMnh5VtRw0AK + wire-client->>+acme-server: 🔒 POST /acme/wire/authz/ZlrB9iK6q75JlvKGJ0SnICpRMRI1Ugki acme-server->>-wire-client: 200 wire-client->>+wire-server: GET /clients/token/nonce wire-server->>-wire-client: 200 wire-client->>wire-client: create DPoP token - wire-client->>+wire-server: POST /clients/8e6424430d3b28be/access-token + wire-client->>+wire-server: POST /clients/7e79723a8bdc694f/access-token wire-server->>-wire-client: 200 - wire-client->>+acme-server: 🔒 POST /acme/wire/challenge/na9wv49aMfgJhvBpM2ssWMnh5VtRw0AK/s8y0OXyQLwMDTEHmU0KuZKYx41VCAvcT + wire-client->>+acme-server: 🔒 POST /acme/wire/challenge/ZlrB9iK6q75JlvKGJ0SnICpRMRI1Ugki/q7hy0z2jop2HweyInjvkgLNSQUDqV5PR acme-server->>-wire-client: 200 wire-client->>wire-client: OAUTH authorization request wire-client->>+IdP: GET /dex/auth @@ -26,19 +26,19 @@ sequenceDiagram wire-client->>wire-client: OAUTH authorization code wire-client->>+IdP: POST /dex/token IdP->>-wire-client: 200 - wire-client->>+acme-server: 🔒 POST /acme/wire/challenge/na9wv49aMfgJhvBpM2ssWMnh5VtRw0AK/b6gKurvFiAkViZX4bD9mn9PfGiFtIszq + wire-client->>+acme-server: 🔒 POST /acme/wire/challenge/ZlrB9iK6q75JlvKGJ0SnICpRMRI1Ugki/SDJQ76rdWuofetahvzpgljsuhCZL2pzv acme-server->>-wire-client: 200 - wire-client->>+acme-server: 🔒 POST /acme/wire/order/MhKeR55I65zvTjIhX8W2NUNAkzqqML8W + wire-client->>+acme-server: 🔒 POST /acme/wire/order/frvYQkMlSJYUh1izqP43EMrm6yk2WGtn acme-server->>-wire-client: 200 - wire-client->>+acme-server: 🔒 POST /acme/wire/order/MhKeR55I65zvTjIhX8W2NUNAkzqqML8W/finalize + wire-client->>+acme-server: 🔒 POST /acme/wire/order/frvYQkMlSJYUh1izqP43EMrm6yk2WGtn/finalize acme-server->>-wire-client: 200 - wire-client->>+acme-server: 🔒 POST /acme/wire/certificate/leUvZchiW6iR45toJCeyFf7x1wnDBPIi + wire-client->>+acme-server: 🔒 POST /acme/wire/certificate/SovyprYoMfROGmEbACsGVLwvn2A0h5j9 acme-server->>-wire-client: 200 ``` ### Initial setup with ACME server #### 1. fetch acme directory for hyperlinks ```http request -GET https://stepca:32771/acme/wire/directory +GET https://stepca:32865/acme/wire/directory /acme/{acme-provisioner}/directory ``` #### 2. get the ACME directory with links for newNonce, newAccount & newOrder @@ -48,38 +48,38 @@ content-type: application/json ``` ```json { - "newNonce": "https://stepca:32771/acme/wire/new-nonce", - "newAccount": "https://stepca:32771/acme/wire/new-account", - "newOrder": "https://stepca:32771/acme/wire/new-order", - "revokeCert": "https://stepca:32771/acme/wire/revoke-cert" + "newNonce": "https://stepca:32865/acme/wire/new-nonce", + "newAccount": "https://stepca:32865/acme/wire/new-account", + "newOrder": "https://stepca:32865/acme/wire/new-order", + "revokeCert": "https://stepca:32865/acme/wire/revoke-cert" } ``` #### 3. fetch a new nonce for the very first request ```http request -HEAD https://stepca:32771/acme/wire/new-nonce +HEAD https://stepca:32865/acme/wire/new-nonce /acme/{acme-provisioner}/new-nonce ``` #### 4. get a nonce for creating an account ```http request 200 cache-control: no-store -link: ;rel="index" -replay-nonce: NUtYZjM1YjEybjhVam94MmZWOHdTUzhCZGNKRW11aG8 +link: ;rel="index" +replay-nonce: Y0MzcXpVbzFlYkFiMFJqbk1QZXNBYXlQYlpSUDZmb0c ``` ```text -NUtYZjM1YjEybjhVam94MmZWOHdTUzhCZGNKRW11aG8 +Y0MzcXpVbzFlYkFiMFJqbk1QZXNBYXlQYlpSUDZmb0c ``` #### 5. create a new account ```http request -POST https://stepca:32771/acme/wire/new-account +POST https://stepca:32865/acme/wire/new-account /acme/{acme-provisioner}/new-account content-type: application/jose+json ``` ```json { - "protected": "eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCIsImp3ayI6eyJrdHkiOiJPS1AiLCJjcnYiOiJFZDI1NTE5IiwieCI6IldDSU1UbEJNM3pLLVNvOS1DODgycWtUMWVFblFtV19RWkZxRU9RcUlpYlUifSwibm9uY2UiOiJOVXRZWmpNMVlqRXliamhWYW05NE1tWldPSGRUVXpoQ1pHTktSVzExYUc4IiwidXJsIjoiaHR0cHM6Ly9zdGVwY2E6MzI3NzEvYWNtZS93aXJlL25ldy1hY2NvdW50In0", + "protected": "eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCIsImp3ayI6eyJrdHkiOiJPS1AiLCJjcnYiOiJFZDI1NTE5IiwieCI6IjJZY3J1c2c0dFdHUC0tWXFZcldwNkx3T2l2d3U3OFU4NmRlWW90a1lxdDgifSwibm9uY2UiOiJZME16Y1hwVmJ6RmxZa0ZpTUZKcWJrMVFaWE5CWVhsUVlscFNVRFptYjBjIiwidXJsIjoiaHR0cHM6Ly9zdGVwY2E6MzI4NjUvYWNtZS93aXJlL25ldy1hY2NvdW50In0", "payload": "eyJ0ZXJtc09mU2VydmljZUFncmVlZCI6dHJ1ZSwiY29udGFjdCI6WyJhbm9ueW1vdXNAYW5vbnltb3VzLmludmFsaWQiXSwib25seVJldHVybkV4aXN0aW5nIjpmYWxzZX0", - "signature": "sEre1e652aYZIgoWKVBaPpEx3plSJsFhzESOpLmjnzIUmGUYLurpztoUml08g4a4eMMShWSDvgIEG7uySDAYBQ" + "signature": "dOasRoIwxbbHLFydwUy-kfGvwaGUdIWkVgoj__LTqawx-K7muirWt_5iCC7FSLuR3qBhwwt-qTKXHIJ55LfNDg" } ``` ```json @@ -96,11 +96,11 @@ content-type: application/jose+json "jwk": { "crv": "Ed25519", "kty": "OKP", - "x": "WCIMTlBM3zK-So9-C882qkT1eEnQmW_QZFqEOQqIibU" + "x": "2Ycrusg4tWGP--YqYrWp6LwOivwu78U86deYotkYqt8" }, - "nonce": "NUtYZjM1YjEybjhVam94MmZWOHdTUzhCZGNKRW11aG8", + "nonce": "Y0MzcXpVbzFlYkFiMFJqbk1QZXNBYXlQYlpSUDZmb0c", "typ": "JWT", - "url": "https://stepca:32771/acme/wire/new-account" + "url": "https://stepca:32865/acme/wire/new-account" } } ``` @@ -109,28 +109,28 @@ content-type: application/jose+json 201 cache-control: no-store content-type: application/json -link: ;rel="index" -location: https://stepca:32771/acme/wire/account/1KpNo1VC3eNOadojcAzjbQLStG1xq35Q -replay-nonce: Rzc3UGdpaWpNWFRja0ZXNDBzeWJWS3FTdVVZR21wc1Y +link: ;rel="index" +location: https://stepca:32865/acme/wire/account/QAsrvmXogvcXjtocOwpPNtIgf9lg1qMF +replay-nonce: Q3RFRWJvNFJpQ3E1c09JM2dmcHpUQW5WVHZ6aGY1OFE ``` ```json { "status": "valid", - "orders": "https://stepca:32771/acme/wire/account/1KpNo1VC3eNOadojcAzjbQLStG1xq35Q/orders" + "orders": "https://stepca:32865/acme/wire/account/QAsrvmXogvcXjtocOwpPNtIgf9lg1qMF/orders" } ``` ### Request a certificate with relevant identifiers #### 7. create a new order ```http request -POST https://stepca:32771/acme/wire/new-order +POST https://stepca:32865/acme/wire/new-order /acme/{acme-provisioner}/new-order content-type: application/jose+json ``` ```json { - "protected": "eyJhbGciOiJFZERTQSIsImtpZCI6Imh0dHBzOi8vc3RlcGNhOjMyNzcxL2FjbWUvd2lyZS9hY2NvdW50LzFLcE5vMVZDM2VOT2Fkb2pjQXpqYlFMU3RHMXhxMzVRIiwidHlwIjoiSldUIiwibm9uY2UiOiJSemMzVUdkcGFXcE5XRlJqYTBaWE5EQnplV0pXUzNGVGRWVlpSMjF3YzFZIiwidXJsIjoiaHR0cHM6Ly9zdGVwY2E6MzI3NzEvYWNtZS93aXJlL25ldy1vcmRlciJ9", - "payload": "eyJpZGVudGlmaWVycyI6W3sidHlwZSI6IndpcmVhcHAtaWQiLCJ2YWx1ZSI6IntcIm5hbWVcIjpcIkFsaWNlIFNtaXRoXCIsXCJkb21haW5cIjpcIndpcmUuY29tXCIsXCJjbGllbnQtaWRcIjpcImltOndpcmVhcHA9TGNrc0piNzRUbTZOMTJjRGpGeTdsUS84ZTY0MjQ0MzBkM2IyOGJlQHdpcmUuY29tXCIsXCJoYW5kbGVcIjpcImltOndpcmVhcHA9YWxpY2Vfd2lyZVwifSJ9XSwibm90QmVmb3JlIjoiMjAyMy0xMC0wNFQxNDowMTo1OC4zNjE4MDlaIiwibm90QWZ0ZXIiOiIyMDMzLTEwLTAxVDE0OjAxOjU4LjM2MTgwOVoifQ", - "signature": "9jYDWrMYE3cuz_KkAKbLXycXMMLbcTc1cvHAicRYil7dUBMM5OeZDW-vHioXFMB3sL1444Bxgzrl-nUafpIgBw" + "protected": "eyJhbGciOiJFZERTQSIsImtpZCI6Imh0dHBzOi8vc3RlcGNhOjMyODY1L2FjbWUvd2lyZS9hY2NvdW50L1FBc3J2bVhvZ3ZjWGp0b2NPd3BQTnRJZ2Y5bGcxcU1GIiwidHlwIjoiSldUIiwibm9uY2UiOiJRM1JGUldKdk5GSnBRM0UxYzA5Sk0yZG1jSHBVUVc1V1ZIWjZhR1kxT0ZFIiwidXJsIjoiaHR0cHM6Ly9zdGVwY2E6MzI4NjUvYWNtZS93aXJlL25ldy1vcmRlciJ9", + "payload": "eyJpZGVudGlmaWVycyI6W3sidHlwZSI6IndpcmVhcHAtaWQiLCJ2YWx1ZSI6IntcIm5hbWVcIjpcIkFsaWNlIFNtaXRoXCIsXCJkb21haW5cIjpcIndpcmUuY29tXCIsXCJjbGllbnQtaWRcIjpcImltOndpcmVhcHA9eWwtOEFfd1pTZmFTMnVWOFZ1TUVCdy83ZTc5NzIzYThiZGM2OTRmQHdpcmUuY29tXCIsXCJoYW5kbGVcIjpcImltOndpcmVhcHA9JTQwYWxpY2Vfd2lyZUB3aXJlLmNvbVwifSJ9XSwibm90QmVmb3JlIjoiMjAyMy0xMS0xNlQxMDozNzoyNi4zMzQ5NTZaIiwibm90QWZ0ZXIiOiIyMDMzLTExLTEzVDEwOjM3OjI2LjMzNDk1NloifQ", + "signature": "H2kWe-7FlkioXhNyDTPOieomP1TXfc7CqWBcyMz0Jt1Brl5ir6cB3l__iYePNI0HdP-hApqzeyRRCwizZhLjBg" } ``` ```json @@ -139,18 +139,18 @@ content-type: application/jose+json "identifiers": [ { "type": "wireapp-id", - "value": "{\"name\":\"Alice Smith\",\"domain\":\"wire.com\",\"client-id\":\"im:wireapp=LcksJb74Tm6N12cDjFy7lQ/8e6424430d3b28be@wire.com\",\"handle\":\"im:wireapp=alice_wire\"}" + "value": "{\"name\":\"Alice Smith\",\"domain\":\"wire.com\",\"client-id\":\"im:wireapp=yl-8A_wZSfaS2uV8VuMEBw/7e79723a8bdc694f@wire.com\",\"handle\":\"im:wireapp=%40alice_wire@wire.com\"}" } ], - "notAfter": "2033-10-01T14:01:58.361809Z", - "notBefore": "2023-10-04T14:01:58.361809Z" + "notAfter": "2033-11-13T10:37:26.334956Z", + "notBefore": "2023-11-16T10:37:26.334956Z" }, "protected": { "alg": "EdDSA", - "kid": "https://stepca:32771/acme/wire/account/1KpNo1VC3eNOadojcAzjbQLStG1xq35Q", - "nonce": "Rzc3UGdpaWpNWFRja0ZXNDBzeWJWS3FTdVVZR21wc1Y", + "kid": "https://stepca:32865/acme/wire/account/QAsrvmXogvcXjtocOwpPNtIgf9lg1qMF", + "nonce": "Q3RFRWJvNFJpQ3E1c09JM2dmcHpUQW5WVHZ6aGY1OFE", "typ": "JWT", - "url": "https://stepca:32771/acme/wire/new-order" + "url": "https://stepca:32865/acme/wire/new-order" } } ``` @@ -159,40 +159,40 @@ content-type: application/jose+json 201 cache-control: no-store content-type: application/json -link: ;rel="index" -location: https://stepca:32771/acme/wire/order/MhKeR55I65zvTjIhX8W2NUNAkzqqML8W -replay-nonce: Q0tLU24yMWxDMGRBR1duQkdxMTlxYzhRTEdRSW5KaG8 +link: ;rel="index" +location: https://stepca:32865/acme/wire/order/frvYQkMlSJYUh1izqP43EMrm6yk2WGtn +replay-nonce: U1FDdUdjNWUyQmRwM1RsbkFMYTZRZUp2U1ZaaHE3eXM ``` ```json { "status": "pending", - "finalize": "https://stepca:32771/acme/wire/order/MhKeR55I65zvTjIhX8W2NUNAkzqqML8W/finalize", + "finalize": "https://stepca:32865/acme/wire/order/frvYQkMlSJYUh1izqP43EMrm6yk2WGtn/finalize", "identifiers": [ { "type": "wireapp-id", - "value": "{\"name\":\"Alice Smith\",\"domain\":\"wire.com\",\"client-id\":\"im:wireapp=LcksJb74Tm6N12cDjFy7lQ/8e6424430d3b28be@wire.com\",\"handle\":\"im:wireapp=alice_wire\"}" + "value": "{\"name\":\"Alice Smith\",\"domain\":\"wire.com\",\"client-id\":\"im:wireapp=yl-8A_wZSfaS2uV8VuMEBw/7e79723a8bdc694f@wire.com\",\"handle\":\"im:wireapp=%40alice_wire@wire.com\"}" } ], "authorizations": [ - "https://stepca:32771/acme/wire/authz/na9wv49aMfgJhvBpM2ssWMnh5VtRw0AK" + "https://stepca:32865/acme/wire/authz/ZlrB9iK6q75JlvKGJ0SnICpRMRI1Ugki" ], - "expires": "2023-10-05T14:01:58Z", - "notBefore": "2023-10-04T14:01:58.361809Z", - "notAfter": "2033-10-01T14:01:58.361809Z" + "expires": "2023-11-17T10:37:26Z", + "notBefore": "2023-11-16T10:37:26.334956Z", + "notAfter": "2033-11-13T10:37:26.334956Z" } ``` ### Display-name and handle already authorized #### 9. create authorization and fetch challenges ```http request -POST https://stepca:32771/acme/wire/authz/na9wv49aMfgJhvBpM2ssWMnh5VtRw0AK +POST https://stepca:32865/acme/wire/authz/ZlrB9iK6q75JlvKGJ0SnICpRMRI1Ugki /acme/{acme-provisioner}/authz/{authz-id} content-type: application/jose+json ``` ```json { - "protected": "eyJhbGciOiJFZERTQSIsImtpZCI6Imh0dHBzOi8vc3RlcGNhOjMyNzcxL2FjbWUvd2lyZS9hY2NvdW50LzFLcE5vMVZDM2VOT2Fkb2pjQXpqYlFMU3RHMXhxMzVRIiwidHlwIjoiSldUIiwibm9uY2UiOiJRMHRMVTI0eU1XeERNR1JCUjFkdVFrZHhNVGx4WXpoUlRFZFJTVzVLYUc4IiwidXJsIjoiaHR0cHM6Ly9zdGVwY2E6MzI3NzEvYWNtZS93aXJlL2F1dGh6L25hOXd2NDlhTWZnSmh2QnBNMnNzV01uaDVWdFJ3MEFLIn0", + "protected": "eyJhbGciOiJFZERTQSIsImtpZCI6Imh0dHBzOi8vc3RlcGNhOjMyODY1L2FjbWUvd2lyZS9hY2NvdW50L1FBc3J2bVhvZ3ZjWGp0b2NPd3BQTnRJZ2Y5bGcxcU1GIiwidHlwIjoiSldUIiwibm9uY2UiOiJVMUZEZFVkak5XVXlRbVJ3TTFSc2JrRk1ZVFpSWlVwMlUxWmFhSEUzZVhNIiwidXJsIjoiaHR0cHM6Ly9zdGVwY2E6MzI4NjUvYWNtZS93aXJlL2F1dGh6L1psckI5aUs2cTc1Smx2S0dKMFNuSUNwUk1SSTFVZ2tpIn0", "payload": "", - "signature": "GzGCb_41mLNcCT3KtTc7OQeizAYedSoEkYHkKaee4hMICuGJmD8zue-IwTVBzaG-t1OJiFfxvmy2lxE0ybKQCg" + "signature": "6BlZ0gjB9GA42yNHUhZ_956-aWnREct-uZBVxs1ypTk6Xe1O77p2W0dc3Nxt6CmkLtTNuMXudhREeNL8jW6KAg" } ``` ```json @@ -200,10 +200,10 @@ content-type: application/jose+json "payload": {}, "protected": { "alg": "EdDSA", - "kid": "https://stepca:32771/acme/wire/account/1KpNo1VC3eNOadojcAzjbQLStG1xq35Q", - "nonce": "Q0tLU24yMWxDMGRBR1duQkdxMTlxYzhRTEdRSW5KaG8", + "kid": "https://stepca:32865/acme/wire/account/QAsrvmXogvcXjtocOwpPNtIgf9lg1qMF", + "nonce": "U1FDdUdjNWUyQmRwM1RsbkFMYTZRZUp2U1ZaaHE3eXM", "typ": "JWT", - "url": "https://stepca:32771/acme/wire/authz/na9wv49aMfgJhvBpM2ssWMnh5VtRw0AK" + "url": "https://stepca:32865/acme/wire/authz/ZlrB9iK6q75JlvKGJ0SnICpRMRI1Ugki" } } ``` @@ -212,40 +212,40 @@ content-type: application/jose+json 200 cache-control: no-store content-type: application/json -link: ;rel="index" -location: https://stepca:32771/acme/wire/authz/na9wv49aMfgJhvBpM2ssWMnh5VtRw0AK -replay-nonce: ZzZ2aG5GUHZFdkVGSk1FWGFUQ24zOUJVNkk2WmpDVzM +link: ;rel="index" +location: https://stepca:32865/acme/wire/authz/ZlrB9iK6q75JlvKGJ0SnICpRMRI1Ugki +replay-nonce: aHd2bExMa1dvSW51R3RpQVdycFhGdlB1U2t6R0JxanU ``` ```json { "status": "pending", - "expires": "2023-10-05T14:01:58Z", + "expires": "2023-11-17T10:37:26Z", "challenges": [ { "type": "wire-oidc-01", - "url": "https://stepca:32771/acme/wire/challenge/na9wv49aMfgJhvBpM2ssWMnh5VtRw0AK/b6gKurvFiAkViZX4bD9mn9PfGiFtIszq", + "url": "https://stepca:32865/acme/wire/challenge/ZlrB9iK6q75JlvKGJ0SnICpRMRI1Ugki/SDJQ76rdWuofetahvzpgljsuhCZL2pzv", "status": "pending", - "token": "6qgGq43yUhGfvM8vJWvQRr9AX735Q4QV", - "target": "http://dex:15419/dex" + "token": "NWcjk8D8F3lduoWZGNHSYZCq5UgQmHbv", + "target": "http://dex:21491/dex" }, { "type": "wire-dpop-01", - "url": "https://stepca:32771/acme/wire/challenge/na9wv49aMfgJhvBpM2ssWMnh5VtRw0AK/s8y0OXyQLwMDTEHmU0KuZKYx41VCAvcT", + "url": "https://stepca:32865/acme/wire/challenge/ZlrB9iK6q75JlvKGJ0SnICpRMRI1Ugki/q7hy0z2jop2HweyInjvkgLNSQUDqV5PR", "status": "pending", - "token": "6qgGq43yUhGfvM8vJWvQRr9AX735Q4QV", - "target": "http://wire.com:23614/clients/8e6424430d3b28be/access-token" + "token": "NWcjk8D8F3lduoWZGNHSYZCq5UgQmHbv", + "target": "http://wire.com:19814/clients/7e79723a8bdc694f/access-token" } ], "identifier": { "type": "wireapp-id", - "value": "{\"name\":\"Alice Smith\",\"domain\":\"wire.com\",\"client-id\":\"im:wireapp=LcksJb74Tm6N12cDjFy7lQ/8e6424430d3b28be@wire.com\",\"handle\":\"im:wireapp=alice_wire\"}" + "value": "{\"name\":\"Alice Smith\",\"domain\":\"wire.com\",\"client-id\":\"im:wireapp=yl-8A_wZSfaS2uV8VuMEBw/7e79723a8bdc694f@wire.com\",\"handle\":\"im:wireapp=%40alice_wire@wire.com\"}" } } ``` ### Client fetches JWT DPoP access token (with wire-server) #### 11. fetch a nonce from wire-server ```http request -GET http://wire.com:23614/clients/token/nonce +GET http://wire.com:19814/clients/token/nonce ``` #### 12. get wire-server nonce ```http request @@ -253,7 +253,7 @@ GET http://wire.com:23614/clients/token/nonce ``` ```text -Sng5T09QRWpSR1RYN2RIUDJ5TzQ3MXdSSHFGSHJReXU +ejdUMW13ZHliemtDZVgwaE1WQmlyWlJrZFJXT3U3MzM ``` #### 13. create client DPoP token @@ -261,21 +261,21 @@ Sng5T09QRWpSR1RYN2RIUDJ5TzQ3MXdSSHFGSHJReXU
Dpop token -See it on [jwt.io](https://jwt.io/#id_token=eyJhbGciOiJFZERTQSIsInR5cCI6ImRwb3Arand0IiwiandrIjp7Imt0eSI6Ik9LUCIsImNydiI6IkVkMjU1MTkiLCJ4IjoiV0NJTVRsQk0zekstU285LUM4ODJxa1QxZUVuUW1XX1FaRnFFT1FxSWliVSJ9fQ.eyJpYXQiOjE2OTY0MjQ1MTgsImV4cCI6MTY5NjQzMTcxOCwibmJmIjoxNjk2NDI0NTE4LCJzdWIiOiJpbTp3aXJlYXBwPUxja3NKYjc0VG02TjEyY0RqRnk3bFEvOGU2NDI0NDMwZDNiMjhiZUB3aXJlLmNvbSIsImp0aSI6ImU3MDU2ODg4LWZlMDctNGE0NS05NzllLTJiODJjNmJlNDI5OCIsIm5vbmNlIjoiU25nNVQwOVFSV3BTUjFSWU4yUklVREo1VHpRM01YZFNTSEZHU0hKUmVYVSIsImh0bSI6IlBPU1QiLCJodHUiOiJodHRwOi8vd2lyZS5jb206MjM2MTQvY2xpZW50cy84ZTY0MjQ0MzBkM2IyOGJlL2FjY2Vzcy10b2tlbiIsImNoYWwiOiI2cWdHcTQzeVVoR2Z2TTh2Sld2UVJyOUFYNzM1UTRRViJ9.ppWSIXjQadmBJUyeuDGtp9XBvmtXH4bXptwH4seAOasEzxIViIT3JMR4GVru1qSiCM_RTACdFLCViSHUG4WrBA) +See it on [jwt.io](https://jwt.io/#id_token=eyJhbGciOiJFZERTQSIsInR5cCI6ImRwb3Arand0IiwiandrIjp7Imt0eSI6Ik9LUCIsImNydiI6IkVkMjU1MTkiLCJ4IjoiMlljcnVzZzR0V0dQLS1ZcVlyV3A2THdPaXZ3dTc4VTg2ZGVZb3RrWXF0OCJ9fQ.eyJpYXQiOjE3MDAxMjc0NDYsImV4cCI6MTcwMDEzNDY0NiwibmJmIjoxNzAwMTI3NDQ2LCJzdWIiOiJpbTp3aXJlYXBwPXlsLThBX3daU2ZhUzJ1VjhWdU1FQncvN2U3OTcyM2E4YmRjNjk0ZkB3aXJlLmNvbSIsImp0aSI6IjQyMjQzODgwLWYyZmQtNDFkMi04NTA5LWU4YmU5NjFiYTg5NSIsIm5vbmNlIjoiZWpkVU1XMTNaSGxpZW10RFpWZ3dhRTFXUW1seVdsSnJaRkpYVDNVM016TSIsImh0bSI6IlBPU1QiLCJodHUiOiJodHRwOi8vd2lyZS5jb206MTk4MTQvY2xpZW50cy83ZTc5NzIzYThiZGM2OTRmL2FjY2Vzcy10b2tlbiIsImNoYWwiOiJOV2NqazhEOEYzbGR1b1daR05IU1laQ3E1VWdRbUhidiJ9.5LS1-r8eIr9LwC4ekyjMd55UY-8dBi7K8KtCK9LQW0BmCE7CJ292svbuZGvNsUHPXU_UQwitfdobvTkhPzmXAQ) Raw: ```text eyJhbGciOiJFZERTQSIsInR5cCI6ImRwb3Arand0IiwiandrIjp7Imt0eSI6Ik9L -UCIsImNydiI6IkVkMjU1MTkiLCJ4IjoiV0NJTVRsQk0zekstU285LUM4ODJxa1Qx -ZUVuUW1XX1FaRnFFT1FxSWliVSJ9fQ.eyJpYXQiOjE2OTY0MjQ1MTgsImV4cCI6M -TY5NjQzMTcxOCwibmJmIjoxNjk2NDI0NTE4LCJzdWIiOiJpbTp3aXJlYXBwPUxja -3NKYjc0VG02TjEyY0RqRnk3bFEvOGU2NDI0NDMwZDNiMjhiZUB3aXJlLmNvbSIsI -mp0aSI6ImU3MDU2ODg4LWZlMDctNGE0NS05NzllLTJiODJjNmJlNDI5OCIsIm5vb -mNlIjoiU25nNVQwOVFSV3BTUjFSWU4yUklVREo1VHpRM01YZFNTSEZHU0hKUmVYV -SIsImh0bSI6IlBPU1QiLCJodHUiOiJodHRwOi8vd2lyZS5jb206MjM2MTQvY2xpZ -W50cy84ZTY0MjQ0MzBkM2IyOGJlL2FjY2Vzcy10b2tlbiIsImNoYWwiOiI2cWdHc -TQzeVVoR2Z2TTh2Sld2UVJyOUFYNzM1UTRRViJ9.ppWSIXjQadmBJUyeuDGtp9XB -vmtXH4bXptwH4seAOasEzxIViIT3JMR4GVru1qSiCM_RTACdFLCViSHUG4WrBA +UCIsImNydiI6IkVkMjU1MTkiLCJ4IjoiMlljcnVzZzR0V0dQLS1ZcVlyV3A2THdP +aXZ3dTc4VTg2ZGVZb3RrWXF0OCJ9fQ.eyJpYXQiOjE3MDAxMjc0NDYsImV4cCI6M +TcwMDEzNDY0NiwibmJmIjoxNzAwMTI3NDQ2LCJzdWIiOiJpbTp3aXJlYXBwPXlsL +ThBX3daU2ZhUzJ1VjhWdU1FQncvN2U3OTcyM2E4YmRjNjk0ZkB3aXJlLmNvbSIsI +mp0aSI6IjQyMjQzODgwLWYyZmQtNDFkMi04NTA5LWU4YmU5NjFiYTg5NSIsIm5vb +mNlIjoiZWpkVU1XMTNaSGxpZW10RFpWZ3dhRTFXUW1seVdsSnJaRkpYVDNVM016T +SIsImh0bSI6IlBPU1QiLCJodHUiOiJodHRwOi8vd2lyZS5jb206MTk4MTQvY2xpZ +W50cy83ZTc5NzIzYThiZGM2OTRmL2FjY2Vzcy10b2tlbiIsImNoYWwiOiJOV2Nqa +zhEOEYzbGR1b1daR05IU1laQ3E1VWdRbUhidiJ9.5LS1-r8eIr9LwC4ekyjMd55U +Y-8dBi7K8KtCK9LQW0BmCE7CJ292svbuZGvNsUHPXU_UQwitfdobvTkhPzmXAQ ``` Decoded: @@ -286,7 +286,7 @@ Decoded: "jwk": { "crv": "Ed25519", "kty": "OKP", - "x": "WCIMTlBM3zK-So9-C882qkT1eEnQmW_QZFqEOQqIibU" + "x": "2Ycrusg4tWGP--YqYrWp6LwOivwu78U86deYotkYqt8" }, "typ": "dpop+jwt" } @@ -294,15 +294,15 @@ Decoded: ```json { - "chal": "6qgGq43yUhGfvM8vJWvQRr9AX735Q4QV", - "exp": 1696431718, + "chal": "NWcjk8D8F3lduoWZGNHSYZCq5UgQmHbv", + "exp": 1700134646, "htm": "POST", - "htu": "http://wire.com:23614/clients/8e6424430d3b28be/access-token", - "iat": 1696424518, - "jti": "e7056888-fe07-4a45-979e-2b82c6be4298", - "nbf": 1696424518, - "nonce": "Sng5T09QRWpSR1RYN2RIUDJ5TzQ3MXdSSHFGSHJReXU", - "sub": "im:wireapp=LcksJb74Tm6N12cDjFy7lQ/8e6424430d3b28be@wire.com" + "htu": "http://wire.com:19814/clients/7e79723a8bdc694f/access-token", + "iat": 1700127446, + "jti": "42243880-f2fd-41d2-8509-e8be961ba895", + "nbf": 1700127446, + "nonce": "ejdUMW13ZHliemtDZVgwaE1WQmlyWlJrZFJXT3U3MzM", + "sub": "im:wireapp=yl-8A_wZSfaS2uV8VuMEBw/7e79723a8bdc694f@wire.com" } ``` @@ -310,10 +310,10 @@ Decoded: ✅ Signature Verified with key: ```text -----BEGIN PRIVATE KEY----- -MC4CAQAwBQYDK2VwBCIEIOhojRA5NJf+HfldSVPQJgUXt3P8YGZAkFMa7lkAYq2t +MC4CAQAwBQYDK2VwBCIEIE7XLqe2M1O8K+hx5yXekpw95IQKTlzUKC1iSyxAjxen -----END PRIVATE KEY----- -----BEGIN PUBLIC KEY----- -MCowBQYDK2VwAyEAWCIMTlBM3zK+So9+C882qkT1eEnQmW/QZFqEOQqIibU= +MCowBQYDK2VwAyEA2Ycrusg4tWGP++YqYrWp6LwOivwu78U86deYotkYqt8= -----END PUBLIC KEY----- ``` @@ -322,9 +322,9 @@ MCowBQYDK2VwAyEAWCIMTlBM3zK+So9+C882qkT1eEnQmW/QZFqEOQqIibU= #### 14. trade client DPoP token for an access token ```http request -POST http://wire.com:23614/clients/8e6424430d3b28be/access-token +POST http://wire.com:19814/clients/7e79723a8bdc694f/access-token /clients/{device-id}/access-token -dpop: ZXlKaGJHY2lPaUpGWkVSVFFTSXNJblI1Y0NJNkltUndiM0FyYW5kMElpd2lhbmRySWpwN0ltdDBlU0k2SWs5TFVDSXNJbU55ZGlJNklrVmtNalUxTVRraUxDSjRJam9pVjBOSlRWUnNRazB6ZWtzdFUyODVMVU00T0RKeGExUXhaVVZ1VVcxWFgxRmFSbkZGVDFGeFNXbGlWU0o5ZlEuZXlKcFlYUWlPakUyT1RZME1qUTFNVGdzSW1WNGNDSTZNVFk1TmpRek1UY3hPQ3dpYm1KbUlqb3hOamsyTkRJME5URTRMQ0p6ZFdJaU9pSnBiVHAzYVhKbFlYQndQVXhqYTNOS1lqYzBWRzAyVGpFeVkwUnFSbmszYkZFdk9HVTJOREkwTkRNd1pETmlNamhpWlVCM2FYSmxMbU52YlNJc0ltcDBhU0k2SW1VM01EVTJPRGc0TFdabE1EY3ROR0UwTlMwNU56bGxMVEppT0RKak5tSmxOREk1T0NJc0ltNXZibU5sSWpvaVUyNW5OVlF3T1ZGU1YzQlRVakZTV1U0eVVrbFZSRW8xVkhwUk0wMVlaRk5UU0VaSFUwaEtVbVZZVlNJc0ltaDBiU0k2SWxCUFUxUWlMQ0pvZEhVaU9pSm9kSFJ3T2k4dmQybHlaUzVqYjIwNk1qTTJNVFF2WTJ4cFpXNTBjeTg0WlRZME1qUTBNekJrTTJJeU9HSmxMMkZqWTJWemN5MTBiMnRsYmlJc0ltTm9ZV3dpT2lJMmNXZEhjVFF6ZVZWb1IyWjJUVGgyU2xkMlVWSnlPVUZZTnpNMVVUUlJWaUo5LnBwV1NJWGpRYWRtQkpVeWV1REd0cDlYQnZtdFhINGJYcHR3SDRzZUFPYXNFenhJVmlJVDNKTVI0R1ZydTFxU2lDTV9SVEFDZEZMQ1ZpU0hVRzRXckJB +dpop: ZXlKaGJHY2lPaUpGWkVSVFFTSXNJblI1Y0NJNkltUndiM0FyYW5kMElpd2lhbmRySWpwN0ltdDBlU0k2SWs5TFVDSXNJbU55ZGlJNklrVmtNalUxTVRraUxDSjRJam9pTWxsamNuVnpaelIwVjBkUUxTMVpjVmx5VjNBMlRIZFBhWFozZFRjNFZUZzJaR1ZaYjNScldYRjBPQ0o5ZlEuZXlKcFlYUWlPakUzTURBeE1qYzBORFlzSW1WNGNDSTZNVGN3TURFek5EWTBOaXdpYm1KbUlqb3hOekF3TVRJM05EUTJMQ0p6ZFdJaU9pSnBiVHAzYVhKbFlYQndQWGxzTFRoQlgzZGFVMlpoVXpKMVZqaFdkVTFGUW5jdk4yVTNPVGN5TTJFNFltUmpOamswWmtCM2FYSmxMbU52YlNJc0ltcDBhU0k2SWpReU1qUXpPRGd3TFdZeVptUXROREZrTWkwNE5UQTVMV1U0WW1VNU5qRmlZVGc1TlNJc0ltNXZibU5sSWpvaVpXcGtWVTFYTVROYVNHeHBaVzEwUkZwV1ozZGhSVEZYVVcxc2VWZHNTbkphUmtwWVZETlZNMDE2VFNJc0ltaDBiU0k2SWxCUFUxUWlMQ0pvZEhVaU9pSm9kSFJ3T2k4dmQybHlaUzVqYjIwNk1UazRNVFF2WTJ4cFpXNTBjeTgzWlRjNU56SXpZVGhpWkdNMk9UUm1MMkZqWTJWemN5MTBiMnRsYmlJc0ltTm9ZV3dpT2lKT1YyTnFhemhFT0VZemJHUjFiMWRhUjA1SVUxbGFRM0UxVldkUmJVaGlkaUo5LjVMUzEtcjhlSXI5THdDNGVreWpNZDU1VVktOGRCaTdLOEt0Q0s5TFFXMEJtQ0U3Q0oyOTJzdmJ1Wkd2TnNVSFBYVV9VUXdpdGZkb2J2VGtoUHptWEFR ``` #### 15. get a Dpop access token from wire-server ```http request @@ -334,7 +334,7 @@ dpop: ZXlKaGJHY2lPaUpGWkVSVFFTSXNJblI1Y0NJNkltUndiM0FyYW5kMElpd2lhbmRySWpwN0ltdD ```json { "expires_in": 2082008461, - "token": "eyJhbGciOiJFZERTQSIsInR5cCI6ImF0K2p3dCIsImp3ayI6eyJrdHkiOiJPS1AiLCJjcnYiOiJFZDI1NTE5IiwieCI6InZhZnpLVlVBa2YzWG05RFR4RkVPX1RNRjJ2Ri1MckFsN1Itc2FyU1dzYTQifX0.eyJpYXQiOjE2OTY0MjgxMTgsImV4cCI6MTY5NjQyODQ3OCwibmJmIjoxNjk2NDI4MTEzLCJpc3MiOiJodHRwOi8vd2lyZS5jb206MjM2MTQvY2xpZW50cy84ZTY0MjQ0MzBkM2IyOGJlL2FjY2Vzcy10b2tlbiIsInN1YiI6ImltOndpcmVhcHA9TGNrc0piNzRUbTZOMTJjRGpGeTdsUS84ZTY0MjQ0MzBkM2IyOGJlQHdpcmUuY29tIiwiYXVkIjoiaHR0cDovL3dpcmUuY29tOjIzNjE0L2NsaWVudHMvOGU2NDI0NDMwZDNiMjhiZS9hY2Nlc3MtdG9rZW4iLCJqdGkiOiJlYTJkZDliNS1jN2FmLTRiNjMtYWQ1Yi1kMjE3ODI3YmQ3MGIiLCJub25jZSI6IlNuZzVUMDlRUldwU1IxUllOMlJJVURKNVR6UTNNWGRTU0hGR1NISlJlWFUiLCJjaGFsIjoiNnFnR3E0M3lVaEdmdk04dkpXdlFScjlBWDczNVE0UVYiLCJjbmYiOnsia2lkIjoiNm9zY1ZZWGZWR1M1ZE83eDNkenYwaXQxNUxWcE1UaTZaQ1hLby1HWVdhVSJ9LCJwcm9vZiI6ImV5SmhiR2NpT2lKRlpFUlRRU0lzSW5SNWNDSTZJbVJ3YjNBcmFuZDBJaXdpYW5kcklqcDdJbXQwZVNJNklrOUxVQ0lzSW1OeWRpSTZJa1ZrTWpVMU1Ua2lMQ0o0SWpvaVYwTkpUVlJzUWswemVrc3RVMjg1TFVNNE9ESnhhMVF4WlVWdVVXMVhYMUZhUm5GRlQxRnhTV2xpVlNKOWZRLmV5SnBZWFFpT2pFMk9UWTBNalExTVRnc0ltVjRjQ0k2TVRZNU5qUXpNVGN4T0N3aWJtSm1Jam94TmprMk5ESTBOVEU0TENKemRXSWlPaUpwYlRwM2FYSmxZWEJ3UFV4amEzTktZamMwVkcwMlRqRXlZMFJxUm5rM2JGRXZPR1UyTkRJME5ETXdaRE5pTWpoaVpVQjNhWEpsTG1OdmJTSXNJbXAwYVNJNkltVTNNRFUyT0RnNExXWmxNRGN0TkdFME5TMDVOemxsTFRKaU9ESmpObUpsTkRJNU9DSXNJbTV2Ym1ObElqb2lVMjVuTlZRd09WRlNWM0JUVWpGU1dVNHlVa2xWUkVvMVZIcFJNMDFZWkZOVFNFWkhVMGhLVW1WWVZTSXNJbWgwYlNJNklsQlBVMVFpTENKb2RIVWlPaUpvZEhSd09pOHZkMmx5WlM1amIyMDZNak0yTVRRdlkyeHBaVzUwY3k4NFpUWTBNalEwTXpCa00ySXlPR0psTDJGalkyVnpjeTEwYjJ0bGJpSXNJbU5vWVd3aU9pSTJjV2RIY1RRemVWVm9SMloyVFRoMlNsZDJVVkp5T1VGWU56TTFVVFJSVmlKOS5wcFdTSVhqUWFkbUJKVXlldURHdHA5WEJ2bXRYSDRiWHB0d0g0c2VBT2FzRXp4SVZpSVQzSk1SNEdWcnUxcVNpQ01fUlRBQ2RGTENWaVNIVUc0V3JCQSIsImNsaWVudF9pZCI6ImltOndpcmVhcHA9TGNrc0piNzRUbTZOMTJjRGpGeTdsUS84ZTY0MjQ0MzBkM2IyOGJlQHdpcmUuY29tIiwiYXBpX3ZlcnNpb24iOjUsInNjb3BlIjoid2lyZV9jbGllbnRfaWQifQ.woVD2uFjYWHe34qsWWgfeekYDVMUjLob6Bf-_9bu3DTilaIVDF-jtRNawZRvLbLRXYvD6xoxSHFu7Ce46mzcDA", + "token": "eyJhbGciOiJFZERTQSIsInR5cCI6ImF0K2p3dCIsImp3ayI6eyJrdHkiOiJPS1AiLCJjcnYiOiJFZDI1NTE5IiwieCI6Ild2NUM4VUU0aFYzZks1Y0JYTEUzdjUzM2lOT0VJUUVFZllyQlRnZDZuRXcifX0.eyJpYXQiOjE3MDAxMjc0NDYsImV4cCI6MTcwMDEzMTQwNiwibmJmIjoxNzAwMTI3NDQ2LCJpc3MiOiJodHRwOi8vd2lyZS5jb206MTk4MTQvY2xpZW50cy83ZTc5NzIzYThiZGM2OTRmL2FjY2Vzcy10b2tlbiIsInN1YiI6ImltOndpcmVhcHA9eWwtOEFfd1pTZmFTMnVWOFZ1TUVCdy83ZTc5NzIzYThiZGM2OTRmQHdpcmUuY29tIiwiYXVkIjoiaHR0cDovL3dpcmUuY29tOjE5ODE0L2NsaWVudHMvN2U3OTcyM2E4YmRjNjk0Zi9hY2Nlc3MtdG9rZW4iLCJqdGkiOiI4NDZiYzAyMi03NzNlLTQyYTMtYmU2OS03NzE0YmIwMDE5MTUiLCJub25jZSI6ImVqZFVNVzEzWkhsaWVtdERaVmd3YUUxV1FtbHlXbEpyWkZKWFQzVTNNek0iLCJjaGFsIjoiTldjams4RDhGM2xkdW9XWkdOSFNZWkNxNVVnUW1IYnYiLCJjbmYiOnsia2lkIjoiM2VpYi1zZDRsM28wWmFLV1dLeXlKTEpMeFFQT2laWTdCMHR5LWFsWUVrdyJ9LCJwcm9vZiI6ImV5SmhiR2NpT2lKRlpFUlRRU0lzSW5SNWNDSTZJbVJ3YjNBcmFuZDBJaXdpYW5kcklqcDdJbXQwZVNJNklrOUxVQ0lzSW1OeWRpSTZJa1ZrTWpVMU1Ua2lMQ0o0SWpvaU1sbGpjblZ6WnpSMFYwZFFMUzFaY1ZseVYzQTJUSGRQYVhaM2RUYzRWVGcyWkdWWmIzUnJXWEYwT0NKOWZRLmV5SnBZWFFpT2pFM01EQXhNamMwTkRZc0ltVjRjQ0k2TVRjd01ERXpORFkwTml3aWJtSm1Jam94TnpBd01USTNORFEyTENKemRXSWlPaUpwYlRwM2FYSmxZWEJ3UFhsc0xUaEJYM2RhVTJaaFV6SjFWamhXZFUxRlFuY3ZOMlUzT1RjeU0yRTRZbVJqTmprMFprQjNhWEpsTG1OdmJTSXNJbXAwYVNJNklqUXlNalF6T0Rnd0xXWXlabVF0TkRGa01pMDROVEE1TFdVNFltVTVOakZpWVRnNU5TSXNJbTV2Ym1ObElqb2laV3BrVlUxWE1UTmFTR3hwWlcxMFJGcFdaM2RoUlRGWFVXMXNlVmRzU25KYVJrcFlWRE5WTTAxNlRTSXNJbWgwYlNJNklsQlBVMVFpTENKb2RIVWlPaUpvZEhSd09pOHZkMmx5WlM1amIyMDZNVGs0TVRRdlkyeHBaVzUwY3k4M1pUYzVOekl6WVRoaVpHTTJPVFJtTDJGalkyVnpjeTEwYjJ0bGJpSXNJbU5vWVd3aU9pSk9WMk5xYXpoRU9FWXpiR1IxYjFkYVIwNUlVMWxhUTNFMVZXZFJiVWhpZGlKOS41TFMxLXI4ZUlyOUx3QzRla3lqTWQ1NVVZLThkQmk3SzhLdENLOUxRVzBCbUNFN0NKMjkyc3ZidVpHdk5zVUhQWFVfVVF3aXRmZG9idlRraFB6bVhBUSIsImNsaWVudF9pZCI6ImltOndpcmVhcHA9eWwtOEFfd1pTZmFTMnVWOFZ1TUVCdy83ZTc5NzIzYThiZGM2OTRmQHdpcmUuY29tIiwiYXBpX3ZlcnNpb24iOjUsInNjb3BlIjoid2lyZV9jbGllbnRfaWQifQ.5wwU5jI0D6Rvk-vZHOuivGREDtSVUAIipn3VKrG-X4yCpSwJ1d1AHcH7SttQIawlJNFcTf8k9QiPTxCAM-8ECw", "type": "DPoP" } ``` @@ -342,41 +342,41 @@ dpop: ZXlKaGJHY2lPaUpGWkVSVFFTSXNJblI1Y0NJNkltUndiM0FyYW5kMElpd2lhbmRySWpwN0ltdD
Access token -See it on [jwt.io](https://jwt.io/#id_token=eyJhbGciOiJFZERTQSIsInR5cCI6ImF0K2p3dCIsImp3ayI6eyJrdHkiOiJPS1AiLCJjcnYiOiJFZDI1NTE5IiwieCI6InZhZnpLVlVBa2YzWG05RFR4RkVPX1RNRjJ2Ri1MckFsN1Itc2FyU1dzYTQifX0.eyJpYXQiOjE2OTY0MjgxMTgsImV4cCI6MTY5NjQyODQ3OCwibmJmIjoxNjk2NDI4MTEzLCJpc3MiOiJodHRwOi8vd2lyZS5jb206MjM2MTQvY2xpZW50cy84ZTY0MjQ0MzBkM2IyOGJlL2FjY2Vzcy10b2tlbiIsInN1YiI6ImltOndpcmVhcHA9TGNrc0piNzRUbTZOMTJjRGpGeTdsUS84ZTY0MjQ0MzBkM2IyOGJlQHdpcmUuY29tIiwiYXVkIjoiaHR0cDovL3dpcmUuY29tOjIzNjE0L2NsaWVudHMvOGU2NDI0NDMwZDNiMjhiZS9hY2Nlc3MtdG9rZW4iLCJqdGkiOiJlYTJkZDliNS1jN2FmLTRiNjMtYWQ1Yi1kMjE3ODI3YmQ3MGIiLCJub25jZSI6IlNuZzVUMDlRUldwU1IxUllOMlJJVURKNVR6UTNNWGRTU0hGR1NISlJlWFUiLCJjaGFsIjoiNnFnR3E0M3lVaEdmdk04dkpXdlFScjlBWDczNVE0UVYiLCJjbmYiOnsia2lkIjoiNm9zY1ZZWGZWR1M1ZE83eDNkenYwaXQxNUxWcE1UaTZaQ1hLby1HWVdhVSJ9LCJwcm9vZiI6ImV5SmhiR2NpT2lKRlpFUlRRU0lzSW5SNWNDSTZJbVJ3YjNBcmFuZDBJaXdpYW5kcklqcDdJbXQwZVNJNklrOUxVQ0lzSW1OeWRpSTZJa1ZrTWpVMU1Ua2lMQ0o0SWpvaVYwTkpUVlJzUWswemVrc3RVMjg1TFVNNE9ESnhhMVF4WlVWdVVXMVhYMUZhUm5GRlQxRnhTV2xpVlNKOWZRLmV5SnBZWFFpT2pFMk9UWTBNalExTVRnc0ltVjRjQ0k2TVRZNU5qUXpNVGN4T0N3aWJtSm1Jam94TmprMk5ESTBOVEU0TENKemRXSWlPaUpwYlRwM2FYSmxZWEJ3UFV4amEzTktZamMwVkcwMlRqRXlZMFJxUm5rM2JGRXZPR1UyTkRJME5ETXdaRE5pTWpoaVpVQjNhWEpsTG1OdmJTSXNJbXAwYVNJNkltVTNNRFUyT0RnNExXWmxNRGN0TkdFME5TMDVOemxsTFRKaU9ESmpObUpsTkRJNU9DSXNJbTV2Ym1ObElqb2lVMjVuTlZRd09WRlNWM0JUVWpGU1dVNHlVa2xWUkVvMVZIcFJNMDFZWkZOVFNFWkhVMGhLVW1WWVZTSXNJbWgwYlNJNklsQlBVMVFpTENKb2RIVWlPaUpvZEhSd09pOHZkMmx5WlM1amIyMDZNak0yTVRRdlkyeHBaVzUwY3k4NFpUWTBNalEwTXpCa00ySXlPR0psTDJGalkyVnpjeTEwYjJ0bGJpSXNJbU5vWVd3aU9pSTJjV2RIY1RRemVWVm9SMloyVFRoMlNsZDJVVkp5T1VGWU56TTFVVFJSVmlKOS5wcFdTSVhqUWFkbUJKVXlldURHdHA5WEJ2bXRYSDRiWHB0d0g0c2VBT2FzRXp4SVZpSVQzSk1SNEdWcnUxcVNpQ01fUlRBQ2RGTENWaVNIVUc0V3JCQSIsImNsaWVudF9pZCI6ImltOndpcmVhcHA9TGNrc0piNzRUbTZOMTJjRGpGeTdsUS84ZTY0MjQ0MzBkM2IyOGJlQHdpcmUuY29tIiwiYXBpX3ZlcnNpb24iOjUsInNjb3BlIjoid2lyZV9jbGllbnRfaWQifQ.woVD2uFjYWHe34qsWWgfeekYDVMUjLob6Bf-_9bu3DTilaIVDF-jtRNawZRvLbLRXYvD6xoxSHFu7Ce46mzcDA) +See it on [jwt.io](https://jwt.io/#id_token=eyJhbGciOiJFZERTQSIsInR5cCI6ImF0K2p3dCIsImp3ayI6eyJrdHkiOiJPS1AiLCJjcnYiOiJFZDI1NTE5IiwieCI6Ild2NUM4VUU0aFYzZks1Y0JYTEUzdjUzM2lOT0VJUUVFZllyQlRnZDZuRXcifX0.eyJpYXQiOjE3MDAxMjc0NDYsImV4cCI6MTcwMDEzMTQwNiwibmJmIjoxNzAwMTI3NDQ2LCJpc3MiOiJodHRwOi8vd2lyZS5jb206MTk4MTQvY2xpZW50cy83ZTc5NzIzYThiZGM2OTRmL2FjY2Vzcy10b2tlbiIsInN1YiI6ImltOndpcmVhcHA9eWwtOEFfd1pTZmFTMnVWOFZ1TUVCdy83ZTc5NzIzYThiZGM2OTRmQHdpcmUuY29tIiwiYXVkIjoiaHR0cDovL3dpcmUuY29tOjE5ODE0L2NsaWVudHMvN2U3OTcyM2E4YmRjNjk0Zi9hY2Nlc3MtdG9rZW4iLCJqdGkiOiI4NDZiYzAyMi03NzNlLTQyYTMtYmU2OS03NzE0YmIwMDE5MTUiLCJub25jZSI6ImVqZFVNVzEzWkhsaWVtdERaVmd3YUUxV1FtbHlXbEpyWkZKWFQzVTNNek0iLCJjaGFsIjoiTldjams4RDhGM2xkdW9XWkdOSFNZWkNxNVVnUW1IYnYiLCJjbmYiOnsia2lkIjoiM2VpYi1zZDRsM28wWmFLV1dLeXlKTEpMeFFQT2laWTdCMHR5LWFsWUVrdyJ9LCJwcm9vZiI6ImV5SmhiR2NpT2lKRlpFUlRRU0lzSW5SNWNDSTZJbVJ3YjNBcmFuZDBJaXdpYW5kcklqcDdJbXQwZVNJNklrOUxVQ0lzSW1OeWRpSTZJa1ZrTWpVMU1Ua2lMQ0o0SWpvaU1sbGpjblZ6WnpSMFYwZFFMUzFaY1ZseVYzQTJUSGRQYVhaM2RUYzRWVGcyWkdWWmIzUnJXWEYwT0NKOWZRLmV5SnBZWFFpT2pFM01EQXhNamMwTkRZc0ltVjRjQ0k2TVRjd01ERXpORFkwTml3aWJtSm1Jam94TnpBd01USTNORFEyTENKemRXSWlPaUpwYlRwM2FYSmxZWEJ3UFhsc0xUaEJYM2RhVTJaaFV6SjFWamhXZFUxRlFuY3ZOMlUzT1RjeU0yRTRZbVJqTmprMFprQjNhWEpsTG1OdmJTSXNJbXAwYVNJNklqUXlNalF6T0Rnd0xXWXlabVF0TkRGa01pMDROVEE1TFdVNFltVTVOakZpWVRnNU5TSXNJbTV2Ym1ObElqb2laV3BrVlUxWE1UTmFTR3hwWlcxMFJGcFdaM2RoUlRGWFVXMXNlVmRzU25KYVJrcFlWRE5WTTAxNlRTSXNJbWgwYlNJNklsQlBVMVFpTENKb2RIVWlPaUpvZEhSd09pOHZkMmx5WlM1amIyMDZNVGs0TVRRdlkyeHBaVzUwY3k4M1pUYzVOekl6WVRoaVpHTTJPVFJtTDJGalkyVnpjeTEwYjJ0bGJpSXNJbU5vWVd3aU9pSk9WMk5xYXpoRU9FWXpiR1IxYjFkYVIwNUlVMWxhUTNFMVZXZFJiVWhpZGlKOS41TFMxLXI4ZUlyOUx3QzRla3lqTWQ1NVVZLThkQmk3SzhLdENLOUxRVzBCbUNFN0NKMjkyc3ZidVpHdk5zVUhQWFVfVVF3aXRmZG9idlRraFB6bVhBUSIsImNsaWVudF9pZCI6ImltOndpcmVhcHA9eWwtOEFfd1pTZmFTMnVWOFZ1TUVCdy83ZTc5NzIzYThiZGM2OTRmQHdpcmUuY29tIiwiYXBpX3ZlcnNpb24iOjUsInNjb3BlIjoid2lyZV9jbGllbnRfaWQifQ.5wwU5jI0D6Rvk-vZHOuivGREDtSVUAIipn3VKrG-X4yCpSwJ1d1AHcH7SttQIawlJNFcTf8k9QiPTxCAM-8ECw) Raw: ```text eyJhbGciOiJFZERTQSIsInR5cCI6ImF0K2p3dCIsImp3ayI6eyJrdHkiOiJPS1Ai -LCJjcnYiOiJFZDI1NTE5IiwieCI6InZhZnpLVlVBa2YzWG05RFR4RkVPX1RNRjJ2 -Ri1MckFsN1Itc2FyU1dzYTQifX0.eyJpYXQiOjE2OTY0MjgxMTgsImV4cCI6MTY5 -NjQyODQ3OCwibmJmIjoxNjk2NDI4MTEzLCJpc3MiOiJodHRwOi8vd2lyZS5jb206 -MjM2MTQvY2xpZW50cy84ZTY0MjQ0MzBkM2IyOGJlL2FjY2Vzcy10b2tlbiIsInN1 -YiI6ImltOndpcmVhcHA9TGNrc0piNzRUbTZOMTJjRGpGeTdsUS84ZTY0MjQ0MzBk -M2IyOGJlQHdpcmUuY29tIiwiYXVkIjoiaHR0cDovL3dpcmUuY29tOjIzNjE0L2Ns -aWVudHMvOGU2NDI0NDMwZDNiMjhiZS9hY2Nlc3MtdG9rZW4iLCJqdGkiOiJlYTJk -ZDliNS1jN2FmLTRiNjMtYWQ1Yi1kMjE3ODI3YmQ3MGIiLCJub25jZSI6IlNuZzVU -MDlRUldwU1IxUllOMlJJVURKNVR6UTNNWGRTU0hGR1NISlJlWFUiLCJjaGFsIjoi -NnFnR3E0M3lVaEdmdk04dkpXdlFScjlBWDczNVE0UVYiLCJjbmYiOnsia2lkIjoi -Nm9zY1ZZWGZWR1M1ZE83eDNkenYwaXQxNUxWcE1UaTZaQ1hLby1HWVdhVSJ9LCJw +LCJjcnYiOiJFZDI1NTE5IiwieCI6Ild2NUM4VUU0aFYzZks1Y0JYTEUzdjUzM2lO +T0VJUUVFZllyQlRnZDZuRXcifX0.eyJpYXQiOjE3MDAxMjc0NDYsImV4cCI6MTcw +MDEzMTQwNiwibmJmIjoxNzAwMTI3NDQ2LCJpc3MiOiJodHRwOi8vd2lyZS5jb206 +MTk4MTQvY2xpZW50cy83ZTc5NzIzYThiZGM2OTRmL2FjY2Vzcy10b2tlbiIsInN1 +YiI6ImltOndpcmVhcHA9eWwtOEFfd1pTZmFTMnVWOFZ1TUVCdy83ZTc5NzIzYThi +ZGM2OTRmQHdpcmUuY29tIiwiYXVkIjoiaHR0cDovL3dpcmUuY29tOjE5ODE0L2Ns +aWVudHMvN2U3OTcyM2E4YmRjNjk0Zi9hY2Nlc3MtdG9rZW4iLCJqdGkiOiI4NDZi +YzAyMi03NzNlLTQyYTMtYmU2OS03NzE0YmIwMDE5MTUiLCJub25jZSI6ImVqZFVN +VzEzWkhsaWVtdERaVmd3YUUxV1FtbHlXbEpyWkZKWFQzVTNNek0iLCJjaGFsIjoi +Tldjams4RDhGM2xkdW9XWkdOSFNZWkNxNVVnUW1IYnYiLCJjbmYiOnsia2lkIjoi +M2VpYi1zZDRsM28wWmFLV1dLeXlKTEpMeFFQT2laWTdCMHR5LWFsWUVrdyJ9LCJw cm9vZiI6ImV5SmhiR2NpT2lKRlpFUlRRU0lzSW5SNWNDSTZJbVJ3YjNBcmFuZDBJ aXdpYW5kcklqcDdJbXQwZVNJNklrOUxVQ0lzSW1OeWRpSTZJa1ZrTWpVMU1Ua2lM -Q0o0SWpvaVYwTkpUVlJzUWswemVrc3RVMjg1TFVNNE9ESnhhMVF4WlVWdVVXMVhY -MUZhUm5GRlQxRnhTV2xpVlNKOWZRLmV5SnBZWFFpT2pFMk9UWTBNalExTVRnc0lt -VjRjQ0k2TVRZNU5qUXpNVGN4T0N3aWJtSm1Jam94TmprMk5ESTBOVEU0TENKemRX -SWlPaUpwYlRwM2FYSmxZWEJ3UFV4amEzTktZamMwVkcwMlRqRXlZMFJxUm5rM2JG -RXZPR1UyTkRJME5ETXdaRE5pTWpoaVpVQjNhWEpsTG1OdmJTSXNJbXAwYVNJNklt -VTNNRFUyT0RnNExXWmxNRGN0TkdFME5TMDVOemxsTFRKaU9ESmpObUpsTkRJNU9D -SXNJbTV2Ym1ObElqb2lVMjVuTlZRd09WRlNWM0JUVWpGU1dVNHlVa2xWUkVvMVZI -cFJNMDFZWkZOVFNFWkhVMGhLVW1WWVZTSXNJbWgwYlNJNklsQlBVMVFpTENKb2RI -VWlPaUpvZEhSd09pOHZkMmx5WlM1amIyMDZNak0yTVRRdlkyeHBaVzUwY3k4NFpU -WTBNalEwTXpCa00ySXlPR0psTDJGalkyVnpjeTEwYjJ0bGJpSXNJbU5vWVd3aU9p -STJjV2RIY1RRemVWVm9SMloyVFRoMlNsZDJVVkp5T1VGWU56TTFVVFJSVmlKOS5w -cFdTSVhqUWFkbUJKVXlldURHdHA5WEJ2bXRYSDRiWHB0d0g0c2VBT2FzRXp4SVZp -SVQzSk1SNEdWcnUxcVNpQ01fUlRBQ2RGTENWaVNIVUc0V3JCQSIsImNsaWVudF9p -ZCI6ImltOndpcmVhcHA9TGNrc0piNzRUbTZOMTJjRGpGeTdsUS84ZTY0MjQ0MzBk -M2IyOGJlQHdpcmUuY29tIiwiYXBpX3ZlcnNpb24iOjUsInNjb3BlIjoid2lyZV9j -bGllbnRfaWQifQ.woVD2uFjYWHe34qsWWgfeekYDVMUjLob6Bf-_9bu3DTilaIVD -F-jtRNawZRvLbLRXYvD6xoxSHFu7Ce46mzcDA +Q0o0SWpvaU1sbGpjblZ6WnpSMFYwZFFMUzFaY1ZseVYzQTJUSGRQYVhaM2RUYzRW +VGcyWkdWWmIzUnJXWEYwT0NKOWZRLmV5SnBZWFFpT2pFM01EQXhNamMwTkRZc0lt +VjRjQ0k2TVRjd01ERXpORFkwTml3aWJtSm1Jam94TnpBd01USTNORFEyTENKemRX +SWlPaUpwYlRwM2FYSmxZWEJ3UFhsc0xUaEJYM2RhVTJaaFV6SjFWamhXZFUxRlFu +Y3ZOMlUzT1RjeU0yRTRZbVJqTmprMFprQjNhWEpsTG1OdmJTSXNJbXAwYVNJNklq +UXlNalF6T0Rnd0xXWXlabVF0TkRGa01pMDROVEE1TFdVNFltVTVOakZpWVRnNU5T +SXNJbTV2Ym1ObElqb2laV3BrVlUxWE1UTmFTR3hwWlcxMFJGcFdaM2RoUlRGWFVX +MXNlVmRzU25KYVJrcFlWRE5WTTAxNlRTSXNJbWgwYlNJNklsQlBVMVFpTENKb2RI +VWlPaUpvZEhSd09pOHZkMmx5WlM1amIyMDZNVGs0TVRRdlkyeHBaVzUwY3k4M1pU +YzVOekl6WVRoaVpHTTJPVFJtTDJGalkyVnpjeTEwYjJ0bGJpSXNJbU5vWVd3aU9p +Sk9WMk5xYXpoRU9FWXpiR1IxYjFkYVIwNUlVMWxhUTNFMVZXZFJiVWhpZGlKOS41 +TFMxLXI4ZUlyOUx3QzRla3lqTWQ1NVVZLThkQmk3SzhLdENLOUxRVzBCbUNFN0NK +Mjkyc3ZidVpHdk5zVUhQWFVfVVF3aXRmZG9idlRraFB6bVhBUSIsImNsaWVudF9p +ZCI6ImltOndpcmVhcHA9eWwtOEFfd1pTZmFTMnVWOFZ1TUVCdy83ZTc5NzIzYThi +ZGM2OTRmQHdpcmUuY29tIiwiYXBpX3ZlcnNpb24iOjUsInNjb3BlIjoid2lyZV9j +bGllbnRfaWQifQ.5wwU5jI0D6Rvk-vZHOuivGREDtSVUAIipn3VKrG-X4yCpSwJ1 +d1AHcH7SttQIawlJNFcTf8k9QiPTxCAM-8ECw ``` Decoded: @@ -387,7 +387,7 @@ Decoded: "jwk": { "crv": "Ed25519", "kty": "OKP", - "x": "vafzKVUAkf3Xm9DTxFEO_TMF2vF-LrAl7R-sarSWsa4" + "x": "Wv5C8UE4hV3fK5cBXLE3v533iNOEIQEEfYrBTgd6nEw" }, "typ": "at+jwt" } @@ -396,21 +396,21 @@ Decoded: ```json { "api_version": 5, - "aud": "http://wire.com:23614/clients/8e6424430d3b28be/access-token", - "chal": "6qgGq43yUhGfvM8vJWvQRr9AX735Q4QV", - "client_id": "im:wireapp=LcksJb74Tm6N12cDjFy7lQ/8e6424430d3b28be@wire.com", + "aud": "http://wire.com:19814/clients/7e79723a8bdc694f/access-token", + "chal": "NWcjk8D8F3lduoWZGNHSYZCq5UgQmHbv", + "client_id": "im:wireapp=yl-8A_wZSfaS2uV8VuMEBw/7e79723a8bdc694f@wire.com", "cnf": { - "kid": "6oscVYXfVGS5dO7x3dzv0it15LVpMTi6ZCXKo-GYWaU" + "kid": "3eib-sd4l3o0ZaKWWKyyJLJLxQPOiZY7B0ty-alYEkw" }, - "exp": 1696428478, - "iat": 1696428118, - "iss": "http://wire.com:23614/clients/8e6424430d3b28be/access-token", - "jti": "ea2dd9b5-c7af-4b63-ad5b-d217827bd70b", - "nbf": 1696428113, - "nonce": "Sng5T09QRWpSR1RYN2RIUDJ5TzQ3MXdSSHFGSHJReXU", - "proof": "eyJhbGciOiJFZERTQSIsInR5cCI6ImRwb3Arand0IiwiandrIjp7Imt0eSI6Ik9LUCIsImNydiI6IkVkMjU1MTkiLCJ4IjoiV0NJTVRsQk0zekstU285LUM4ODJxa1QxZUVuUW1XX1FaRnFFT1FxSWliVSJ9fQ.eyJpYXQiOjE2OTY0MjQ1MTgsImV4cCI6MTY5NjQzMTcxOCwibmJmIjoxNjk2NDI0NTE4LCJzdWIiOiJpbTp3aXJlYXBwPUxja3NKYjc0VG02TjEyY0RqRnk3bFEvOGU2NDI0NDMwZDNiMjhiZUB3aXJlLmNvbSIsImp0aSI6ImU3MDU2ODg4LWZlMDctNGE0NS05NzllLTJiODJjNmJlNDI5OCIsIm5vbmNlIjoiU25nNVQwOVFSV3BTUjFSWU4yUklVREo1VHpRM01YZFNTSEZHU0hKUmVYVSIsImh0bSI6IlBPU1QiLCJodHUiOiJodHRwOi8vd2lyZS5jb206MjM2MTQvY2xpZW50cy84ZTY0MjQ0MzBkM2IyOGJlL2FjY2Vzcy10b2tlbiIsImNoYWwiOiI2cWdHcTQzeVVoR2Z2TTh2Sld2UVJyOUFYNzM1UTRRViJ9.ppWSIXjQadmBJUyeuDGtp9XBvmtXH4bXptwH4seAOasEzxIViIT3JMR4GVru1qSiCM_RTACdFLCViSHUG4WrBA", + "exp": 1700131406, + "iat": 1700127446, + "iss": "http://wire.com:19814/clients/7e79723a8bdc694f/access-token", + "jti": "846bc022-773e-42a3-be69-7714bb001915", + "nbf": 1700127446, + "nonce": "ejdUMW13ZHliemtDZVgwaE1WQmlyWlJrZFJXT3U3MzM", + "proof": "eyJhbGciOiJFZERTQSIsInR5cCI6ImRwb3Arand0IiwiandrIjp7Imt0eSI6Ik9LUCIsImNydiI6IkVkMjU1MTkiLCJ4IjoiMlljcnVzZzR0V0dQLS1ZcVlyV3A2THdPaXZ3dTc4VTg2ZGVZb3RrWXF0OCJ9fQ.eyJpYXQiOjE3MDAxMjc0NDYsImV4cCI6MTcwMDEzNDY0NiwibmJmIjoxNzAwMTI3NDQ2LCJzdWIiOiJpbTp3aXJlYXBwPXlsLThBX3daU2ZhUzJ1VjhWdU1FQncvN2U3OTcyM2E4YmRjNjk0ZkB3aXJlLmNvbSIsImp0aSI6IjQyMjQzODgwLWYyZmQtNDFkMi04NTA5LWU4YmU5NjFiYTg5NSIsIm5vbmNlIjoiZWpkVU1XMTNaSGxpZW10RFpWZ3dhRTFXUW1seVdsSnJaRkpYVDNVM016TSIsImh0bSI6IlBPU1QiLCJodHUiOiJodHRwOi8vd2lyZS5jb206MTk4MTQvY2xpZW50cy83ZTc5NzIzYThiZGM2OTRmL2FjY2Vzcy10b2tlbiIsImNoYWwiOiJOV2NqazhEOEYzbGR1b1daR05IU1laQ3E1VWdRbUhidiJ9.5LS1-r8eIr9LwC4ekyjMd55UY-8dBi7K8KtCK9LQW0BmCE7CJ292svbuZGvNsUHPXU_UQwitfdobvTkhPzmXAQ", "scope": "wire_client_id", - "sub": "im:wireapp=LcksJb74Tm6N12cDjFy7lQ/8e6424430d3b28be@wire.com" + "sub": "im:wireapp=yl-8A_wZSfaS2uV8VuMEBw/7e79723a8bdc694f@wire.com" } ``` @@ -418,10 +418,10 @@ Decoded: ✅ Signature Verified with key: ```text -----BEGIN PRIVATE KEY----- -MC4CAQAwBQYDK2VwBCIEIFQQ7jyWXZj+y/AFz/Xh+gs0rXpf7xNVdRxYbbcM2cO8 +MC4CAQAwBQYDK2VwBCIEIAGGBAguoUtTvyaP+kgd6XmrafRRrCrTAJKaAA/TNscR -----END PRIVATE KEY----- -----BEGIN PUBLIC KEY----- -MCowBQYDK2VwAyEAvafzKVUAkf3Xm9DTxFEO/TMF2vF+LrAl7R+sarSWsa4= +MCowBQYDK2VwAyEAWv5C8UE4hV3fK5cBXLE3v533iNOEIQEEfYrBTgd6nEw= -----END PUBLIC KEY----- ``` @@ -431,28 +431,28 @@ MCowBQYDK2VwAyEAvafzKVUAkf3Xm9DTxFEO/TMF2vF+LrAl7R+sarSWsa4= ### Client provides access token #### 16. validate Dpop challenge (clientId) ```http request -POST https://stepca:32771/acme/wire/challenge/na9wv49aMfgJhvBpM2ssWMnh5VtRw0AK/s8y0OXyQLwMDTEHmU0KuZKYx41VCAvcT +POST https://stepca:32865/acme/wire/challenge/ZlrB9iK6q75JlvKGJ0SnICpRMRI1Ugki/q7hy0z2jop2HweyInjvkgLNSQUDqV5PR /acme/{acme-provisioner}/challenge/{authz-id}/{challenge-id} content-type: application/jose+json ``` ```json { - "protected": "eyJhbGciOiJFZERTQSIsImtpZCI6Imh0dHBzOi8vc3RlcGNhOjMyNzcxL2FjbWUvd2lyZS9hY2NvdW50LzFLcE5vMVZDM2VOT2Fkb2pjQXpqYlFMU3RHMXhxMzVRIiwidHlwIjoiSldUIiwibm9uY2UiOiJaeloyYUc1R1VIWkZka1ZHU2sxRldHRlVRMjR6T1VKVk5razJXbXBEVnpNIiwidXJsIjoiaHR0cHM6Ly9zdGVwY2E6MzI3NzEvYWNtZS93aXJlL2NoYWxsZW5nZS9uYTl3djQ5YU1mZ0podkJwTTJzc1dNbmg1VnRSdzBBSy9zOHkwT1h5UUx3TURURUhtVTBLdVpLWXg0MVZDQXZjVCJ9", - "payload": "eyJhY2Nlc3NfdG9rZW4iOiJleUpoYkdjaU9pSkZaRVJUUVNJc0luUjVjQ0k2SW1GMEsycDNkQ0lzSW1wM2F5STZleUpyZEhraU9pSlBTMUFpTENKamNuWWlPaUpGWkRJMU5URTVJaXdpZUNJNkluWmhabnBMVmxWQmEyWXpXRzA1UkZSNFJrVlBYMVJOUmpKMlJpMU1ja0ZzTjFJdGMyRnlVMWR6WVRRaWZYMC5leUpwWVhRaU9qRTJPVFkwTWpneE1UZ3NJbVY0Y0NJNk1UWTVOalF5T0RRM09Dd2libUptSWpveE5qazJOREk0TVRFekxDSnBjM01pT2lKb2RIUndPaTh2ZDJseVpTNWpiMjA2TWpNMk1UUXZZMnhwWlc1MGN5ODRaVFkwTWpRME16QmtNMkl5T0dKbEwyRmpZMlZ6Y3kxMGIydGxiaUlzSW5OMVlpSTZJbWx0T25kcGNtVmhjSEE5VEdOcmMwcGlOelJVYlRaT01USmpSR3BHZVRkc1VTODRaVFkwTWpRME16QmtNMkl5T0dKbFFIZHBjbVV1WTI5dElpd2lZWFZrSWpvaWFIUjBjRG92TDNkcGNtVXVZMjl0T2pJek5qRTBMMk5zYVdWdWRITXZPR1UyTkRJME5ETXdaRE5pTWpoaVpTOWhZMk5sYzNNdGRHOXJaVzRpTENKcWRHa2lPaUpsWVRKa1pEbGlOUzFqTjJGbUxUUmlOak10WVdRMVlpMWtNakUzT0RJM1ltUTNNR0lpTENKdWIyNWpaU0k2SWxOdVp6VlVNRGxSVWxkd1UxSXhVbGxPTWxKSlZVUktOVlI2VVROTldHUlRVMGhHUjFOSVNsSmxXRlVpTENKamFHRnNJam9pTm5GblIzRTBNM2xWYUVkbWRrMDRka3BYZGxGU2NqbEJXRGN6TlZFMFVWWWlMQ0pqYm1ZaU9uc2lhMmxrSWpvaU5tOXpZMVpaV0daV1IxTTFaRTgzZUROa2VuWXdhWFF4TlV4V2NFMVVhVFphUTFoTGJ5MUhXVmRoVlNKOUxDSndjbTl2WmlJNkltVjVTbWhpUjJOcFQybEtSbHBGVWxSUlUwbHpTVzVTTldORFNUWkpiVkozWWpOQmNtRnVaREJKYVhkcFlXNWtja2xxY0RkSmJYUXdaVk5KTmtsck9VeFZRMGx6U1cxT2VXUnBTVFpKYTFaclRXcFZNVTFVYTJsTVEwbzBTV3B2YVZZd1RrcFVWbEp6VVdzd2VtVnJjM1JWTWpnMVRGVk5ORTlFU25oaE1WRjRXbFZXZFZWWE1WaFlNVVpoVW01R1JsUXhSbmhUVjJ4cFZsTktPV1pSTG1WNVNuQlpXRkZwVDJwRk1rOVVXVEJOYWxFeFRWUm5jMGx0VmpSalEwazJUVlJaTlU1cVVYcE5WR040VDBOM2FXSnRTbTFKYW05NFRtcHJNazVFU1RCT1ZFVTBURU5LZW1SWFNXbFBhVXB3WWxSd00yRllTbXhaV0VKM1VGVjRhbUV6VGt0WmFtTXdWa2N3TWxScVJYbFpNRkp4VW01ck0ySkdSWFpQUjFVeVRrUkpNRTVFVFhkYVJFNXBUV3BvYVZwVlFqTmhXRXBzVEcxT2RtSlRTWE5KYlhBd1lWTkpOa2x0VlROTlJGVXlUMFJuTkV4WFdteE5SR04wVGtkRk1FNVRNRFZPZW14c1RGUkthVTlFU21wT2JVcHNUa1JKTlU5RFNYTkpiVFYyWW0xT2JFbHFiMmxWTWpWdVRsWlJkMDlXUmxOV00wSlVWV3BHVTFkVk5IbFZhMnhXVWtWdk1WWkljRkpOTURGWldrWk9WRk5GV2toVk1HaExWVzFXV1ZaVFNYTkpiV2d3WWxOSk5rbHNRbEJWTVZGcFRFTktiMlJJVldsUGFVcHZaRWhTZDA5cE9IWmtNbXg1V2xNMWFtSXlNRFpOYWsweVRWUlJkbGt5ZUhCYVZ6VXdZM2s0TkZwVVdUQk5hbEV3VFhwQ2EwMHlTWGxQUjBwc1RESkdhbGt5Vm5wamVURXdZakowYkdKcFNYTkpiVTV2V1ZkM2FVOXBTVEpqVjJSSVkxUlJlbVZXVm05U01sb3lWRlJvTWxOc1pESlZWa3A1VDFWR1dVNTZUVEZWVkZKU1ZtbEtPUzV3Y0ZkVFNWaHFVV0ZrYlVKS1ZYbGxkVVJIZEhBNVdFSjJiWFJZU0RSaVdIQjBkMGcwYzJWQlQyRnpSWHA0U1ZacFNWUXpTazFTTkVkV2NuVXhjVk5wUTAxZlVsUkJRMlJHVEVOV2FWTklWVWMwVjNKQ1FTSXNJbU5zYVdWdWRGOXBaQ0k2SW1sdE9uZHBjbVZoY0hBOVRHTnJjMHBpTnpSVWJUWk9NVEpqUkdwR2VUZHNVUzg0WlRZME1qUTBNekJrTTJJeU9HSmxRSGRwY21VdVkyOXRJaXdpWVhCcFgzWmxjbk5wYjI0aU9qVXNJbk5qYjNCbElqb2lkMmx5WlY5amJHbGxiblJmYVdRaWZRLndvVkQydUZqWVdIZTM0cXNXV2dmZWVrWURWTVVqTG9iNkJmLV85YnUzRFRpbGFJVkRGLWp0Uk5hd1pSdkxiTFJYWXZENnhveFNIRnU3Q2U0Nm16Y0RBIn0", - "signature": "ZVuGLngiTuOpMXbxrlRhOOia5WkDpi1QZwsuQ1jgjjl2RvNKVxX1z2vGrg8LnfBWwWpTOs0AnEkaCFhaDBvjAg" + "protected": "eyJhbGciOiJFZERTQSIsImtpZCI6Imh0dHBzOi8vc3RlcGNhOjMyODY1L2FjbWUvd2lyZS9hY2NvdW50L1FBc3J2bVhvZ3ZjWGp0b2NPd3BQTnRJZ2Y5bGcxcU1GIiwidHlwIjoiSldUIiwibm9uY2UiOiJhSGQyYkV4TWExZHZTVzUxUjNScFFWZHljRmhHZGxCMVUydDZSMEp4YW5VIiwidXJsIjoiaHR0cHM6Ly9zdGVwY2E6MzI4NjUvYWNtZS93aXJlL2NoYWxsZW5nZS9abHJCOWlLNnE3NUpsdktHSjBTbklDcFJNUkkxVWdraS9xN2h5MHoyam9wMkh3ZXlJbmp2a2dMTlNRVURxVjVQUiJ9", + "payload": "eyJhY2Nlc3NfdG9rZW4iOiJleUpoYkdjaU9pSkZaRVJUUVNJc0luUjVjQ0k2SW1GMEsycDNkQ0lzSW1wM2F5STZleUpyZEhraU9pSlBTMUFpTENKamNuWWlPaUpGWkRJMU5URTVJaXdpZUNJNklsZDJOVU00VlVVMGFGWXpaa3MxWTBKWVRFVXpkalV6TTJsT1QwVkpVVVZGWmxseVFsUm5aRFp1UlhjaWZYMC5leUpwWVhRaU9qRTNNREF4TWpjME5EWXNJbVY0Y0NJNk1UY3dNREV6TVRRd05pd2libUptSWpveE56QXdNVEkzTkRRMkxDSnBjM01pT2lKb2RIUndPaTh2ZDJseVpTNWpiMjA2TVRrNE1UUXZZMnhwWlc1MGN5ODNaVGM1TnpJellUaGlaR00yT1RSbUwyRmpZMlZ6Y3kxMGIydGxiaUlzSW5OMVlpSTZJbWx0T25kcGNtVmhjSEE5ZVd3dE9FRmZkMXBUWm1GVE1uVldPRloxVFVWQ2R5ODNaVGM1TnpJellUaGlaR00yT1RSbVFIZHBjbVV1WTI5dElpd2lZWFZrSWpvaWFIUjBjRG92TDNkcGNtVXVZMjl0T2pFNU9ERTBMMk5zYVdWdWRITXZOMlUzT1RjeU0yRTRZbVJqTmprMFppOWhZMk5sYzNNdGRHOXJaVzRpTENKcWRHa2lPaUk0TkRaaVl6QXlNaTAzTnpObExUUXlZVE10WW1VMk9TMDNOekUwWW1Jd01ERTVNVFVpTENKdWIyNWpaU0k2SW1WcVpGVk5WekV6V2toc2FXVnRkRVJhVm1kM1lVVXhWMUZ0YkhsWGJFcHlXa1pLV0ZRelZUTk5lazBpTENKamFHRnNJam9pVGxkamFtczRSRGhHTTJ4a2RXOVhXa2RPU0ZOWldrTnhOVlZuVVcxSVluWWlMQ0pqYm1ZaU9uc2lhMmxrSWpvaU0yVnBZaTF6WkRSc00yOHdXbUZMVjFkTGVYbEtURXBNZUZGUVQybGFXVGRDTUhSNUxXRnNXVVZyZHlKOUxDSndjbTl2WmlJNkltVjVTbWhpUjJOcFQybEtSbHBGVWxSUlUwbHpTVzVTTldORFNUWkpiVkozWWpOQmNtRnVaREJKYVhkcFlXNWtja2xxY0RkSmJYUXdaVk5KTmtsck9VeFZRMGx6U1cxT2VXUnBTVFpKYTFaclRXcFZNVTFVYTJsTVEwbzBTV3B2YVUxc2JHcGpibFo2V25wU01GWXdaRkZNVXpGYVkxWnNlVll6UVRKVVNHUlFZVmhhTTJSVVl6UldWR2N5V2tkV1dtSXpVbkpYV0VZd1QwTktPV1pSTG1WNVNuQlpXRkZwVDJwRk0wMUVRWGhOYW1Nd1RrUlpjMGx0VmpSalEwazJUVlJqZDAxRVJYcE9SRmt3VG1sM2FXSnRTbTFKYW05NFRucEJkMDFVU1ROT1JGRXlURU5LZW1SWFNXbFBhVXB3WWxSd00yRllTbXhaV0VKM1VGaHNjMHhVYUVKWU0yUmhWVEphYUZWNlNqRldhbWhYWkZVeFJsRnVZM1pPTWxVelQxUmplVTB5UlRSWmJWSnFUbXByTUZwclFqTmhXRXBzVEcxT2RtSlRTWE5KYlhBd1lWTkpOa2xxVVhsTmFsRjZUMFJuZDB4WFdYbGFiVkYwVGtSR2EwMXBNRFJPVkVFMVRGZFZORmx0VlRWT2FrWnBXVlJuTlU1VFNYTkpiVFYyWW0xT2JFbHFiMmxhVjNCclZsVXhXRTFVVG1GVFIzaHdXbGN4TUZKR2NGZGFNMlJvVWxSR1dGVlhNWE5sVm1SelUyNUtZVkpyY0ZsV1JFNVdUVEF4TmxSVFNYTkpiV2d3WWxOSk5rbHNRbEJWTVZGcFRFTktiMlJJVldsUGFVcHZaRWhTZDA5cE9IWmtNbXg1V2xNMWFtSXlNRFpOVkdzMFRWUlJkbGt5ZUhCYVZ6VXdZM2s0TTFwVVl6Vk9la2w2V1ZSb2FWcEhUVEpQVkZKdFRESkdhbGt5Vm5wamVURXdZakowYkdKcFNYTkpiVTV2V1ZkM2FVOXBTazlXTWs1eFlYcG9SVTlGV1hwaVIxSXhZakZrWVZJd05VbFZNV3hoVVRORk1WWlhaRkppVldocFpHbEtPUzQxVEZNeExYSTRaVWx5T1V4M1F6UmxhM2xxVFdRMU5WVlpMVGhrUW1rM1N6aExkRU5MT1V4UlZ6QkNiVU5GTjBOS01qa3ljM1ppZFZwSGRrNXpWVWhRV0ZWZlZWRjNhWFJtWkc5aWRsUnJhRkI2YlZoQlVTSXNJbU5zYVdWdWRGOXBaQ0k2SW1sdE9uZHBjbVZoY0hBOWVXd3RPRUZmZDFwVFptRlRNblZXT0ZaMVRVVkNkeTgzWlRjNU56SXpZVGhpWkdNMk9UUm1RSGRwY21VdVkyOXRJaXdpWVhCcFgzWmxjbk5wYjI0aU9qVXNJbk5qYjNCbElqb2lkMmx5WlY5amJHbGxiblJmYVdRaWZRLjV3d1U1akkwRDZSdmstdlpIT3VpdkdSRUR0U1ZVQUlpcG4zVktyRy1YNHlDcFN3SjFkMUFIY0g3U3R0UUlhd2xKTkZjVGY4azlRaVBUeENBTS04RUN3In0", + "signature": "NgTumXzIyNQWYTbB156vR4gU1F-IZYc1NmgpBfKZU7TezLBMb9YYjxfFZGDJ_LhellvEz1jJiTc9GCaPTHhJDg" } ``` ```json { "payload": { - "access_token": "eyJhbGciOiJFZERTQSIsInR5cCI6ImF0K2p3dCIsImp3ayI6eyJrdHkiOiJPS1AiLCJjcnYiOiJFZDI1NTE5IiwieCI6InZhZnpLVlVBa2YzWG05RFR4RkVPX1RNRjJ2Ri1MckFsN1Itc2FyU1dzYTQifX0.eyJpYXQiOjE2OTY0MjgxMTgsImV4cCI6MTY5NjQyODQ3OCwibmJmIjoxNjk2NDI4MTEzLCJpc3MiOiJodHRwOi8vd2lyZS5jb206MjM2MTQvY2xpZW50cy84ZTY0MjQ0MzBkM2IyOGJlL2FjY2Vzcy10b2tlbiIsInN1YiI6ImltOndpcmVhcHA9TGNrc0piNzRUbTZOMTJjRGpGeTdsUS84ZTY0MjQ0MzBkM2IyOGJlQHdpcmUuY29tIiwiYXVkIjoiaHR0cDovL3dpcmUuY29tOjIzNjE0L2NsaWVudHMvOGU2NDI0NDMwZDNiMjhiZS9hY2Nlc3MtdG9rZW4iLCJqdGkiOiJlYTJkZDliNS1jN2FmLTRiNjMtYWQ1Yi1kMjE3ODI3YmQ3MGIiLCJub25jZSI6IlNuZzVUMDlRUldwU1IxUllOMlJJVURKNVR6UTNNWGRTU0hGR1NISlJlWFUiLCJjaGFsIjoiNnFnR3E0M3lVaEdmdk04dkpXdlFScjlBWDczNVE0UVYiLCJjbmYiOnsia2lkIjoiNm9zY1ZZWGZWR1M1ZE83eDNkenYwaXQxNUxWcE1UaTZaQ1hLby1HWVdhVSJ9LCJwcm9vZiI6ImV5SmhiR2NpT2lKRlpFUlRRU0lzSW5SNWNDSTZJbVJ3YjNBcmFuZDBJaXdpYW5kcklqcDdJbXQwZVNJNklrOUxVQ0lzSW1OeWRpSTZJa1ZrTWpVMU1Ua2lMQ0o0SWpvaVYwTkpUVlJzUWswemVrc3RVMjg1TFVNNE9ESnhhMVF4WlVWdVVXMVhYMUZhUm5GRlQxRnhTV2xpVlNKOWZRLmV5SnBZWFFpT2pFMk9UWTBNalExTVRnc0ltVjRjQ0k2TVRZNU5qUXpNVGN4T0N3aWJtSm1Jam94TmprMk5ESTBOVEU0TENKemRXSWlPaUpwYlRwM2FYSmxZWEJ3UFV4amEzTktZamMwVkcwMlRqRXlZMFJxUm5rM2JGRXZPR1UyTkRJME5ETXdaRE5pTWpoaVpVQjNhWEpsTG1OdmJTSXNJbXAwYVNJNkltVTNNRFUyT0RnNExXWmxNRGN0TkdFME5TMDVOemxsTFRKaU9ESmpObUpsTkRJNU9DSXNJbTV2Ym1ObElqb2lVMjVuTlZRd09WRlNWM0JUVWpGU1dVNHlVa2xWUkVvMVZIcFJNMDFZWkZOVFNFWkhVMGhLVW1WWVZTSXNJbWgwYlNJNklsQlBVMVFpTENKb2RIVWlPaUpvZEhSd09pOHZkMmx5WlM1amIyMDZNak0yTVRRdlkyeHBaVzUwY3k4NFpUWTBNalEwTXpCa00ySXlPR0psTDJGalkyVnpjeTEwYjJ0bGJpSXNJbU5vWVd3aU9pSTJjV2RIY1RRemVWVm9SMloyVFRoMlNsZDJVVkp5T1VGWU56TTFVVFJSVmlKOS5wcFdTSVhqUWFkbUJKVXlldURHdHA5WEJ2bXRYSDRiWHB0d0g0c2VBT2FzRXp4SVZpSVQzSk1SNEdWcnUxcVNpQ01fUlRBQ2RGTENWaVNIVUc0V3JCQSIsImNsaWVudF9pZCI6ImltOndpcmVhcHA9TGNrc0piNzRUbTZOMTJjRGpGeTdsUS84ZTY0MjQ0MzBkM2IyOGJlQHdpcmUuY29tIiwiYXBpX3ZlcnNpb24iOjUsInNjb3BlIjoid2lyZV9jbGllbnRfaWQifQ.woVD2uFjYWHe34qsWWgfeekYDVMUjLob6Bf-_9bu3DTilaIVDF-jtRNawZRvLbLRXYvD6xoxSHFu7Ce46mzcDA" + "access_token": "eyJhbGciOiJFZERTQSIsInR5cCI6ImF0K2p3dCIsImp3ayI6eyJrdHkiOiJPS1AiLCJjcnYiOiJFZDI1NTE5IiwieCI6Ild2NUM4VUU0aFYzZks1Y0JYTEUzdjUzM2lOT0VJUUVFZllyQlRnZDZuRXcifX0.eyJpYXQiOjE3MDAxMjc0NDYsImV4cCI6MTcwMDEzMTQwNiwibmJmIjoxNzAwMTI3NDQ2LCJpc3MiOiJodHRwOi8vd2lyZS5jb206MTk4MTQvY2xpZW50cy83ZTc5NzIzYThiZGM2OTRmL2FjY2Vzcy10b2tlbiIsInN1YiI6ImltOndpcmVhcHA9eWwtOEFfd1pTZmFTMnVWOFZ1TUVCdy83ZTc5NzIzYThiZGM2OTRmQHdpcmUuY29tIiwiYXVkIjoiaHR0cDovL3dpcmUuY29tOjE5ODE0L2NsaWVudHMvN2U3OTcyM2E4YmRjNjk0Zi9hY2Nlc3MtdG9rZW4iLCJqdGkiOiI4NDZiYzAyMi03NzNlLTQyYTMtYmU2OS03NzE0YmIwMDE5MTUiLCJub25jZSI6ImVqZFVNVzEzWkhsaWVtdERaVmd3YUUxV1FtbHlXbEpyWkZKWFQzVTNNek0iLCJjaGFsIjoiTldjams4RDhGM2xkdW9XWkdOSFNZWkNxNVVnUW1IYnYiLCJjbmYiOnsia2lkIjoiM2VpYi1zZDRsM28wWmFLV1dLeXlKTEpMeFFQT2laWTdCMHR5LWFsWUVrdyJ9LCJwcm9vZiI6ImV5SmhiR2NpT2lKRlpFUlRRU0lzSW5SNWNDSTZJbVJ3YjNBcmFuZDBJaXdpYW5kcklqcDdJbXQwZVNJNklrOUxVQ0lzSW1OeWRpSTZJa1ZrTWpVMU1Ua2lMQ0o0SWpvaU1sbGpjblZ6WnpSMFYwZFFMUzFaY1ZseVYzQTJUSGRQYVhaM2RUYzRWVGcyWkdWWmIzUnJXWEYwT0NKOWZRLmV5SnBZWFFpT2pFM01EQXhNamMwTkRZc0ltVjRjQ0k2TVRjd01ERXpORFkwTml3aWJtSm1Jam94TnpBd01USTNORFEyTENKemRXSWlPaUpwYlRwM2FYSmxZWEJ3UFhsc0xUaEJYM2RhVTJaaFV6SjFWamhXZFUxRlFuY3ZOMlUzT1RjeU0yRTRZbVJqTmprMFprQjNhWEpsTG1OdmJTSXNJbXAwYVNJNklqUXlNalF6T0Rnd0xXWXlabVF0TkRGa01pMDROVEE1TFdVNFltVTVOakZpWVRnNU5TSXNJbTV2Ym1ObElqb2laV3BrVlUxWE1UTmFTR3hwWlcxMFJGcFdaM2RoUlRGWFVXMXNlVmRzU25KYVJrcFlWRE5WTTAxNlRTSXNJbWgwYlNJNklsQlBVMVFpTENKb2RIVWlPaUpvZEhSd09pOHZkMmx5WlM1amIyMDZNVGs0TVRRdlkyeHBaVzUwY3k4M1pUYzVOekl6WVRoaVpHTTJPVFJtTDJGalkyVnpjeTEwYjJ0bGJpSXNJbU5vWVd3aU9pSk9WMk5xYXpoRU9FWXpiR1IxYjFkYVIwNUlVMWxhUTNFMVZXZFJiVWhpZGlKOS41TFMxLXI4ZUlyOUx3QzRla3lqTWQ1NVVZLThkQmk3SzhLdENLOUxRVzBCbUNFN0NKMjkyc3ZidVpHdk5zVUhQWFVfVVF3aXRmZG9idlRraFB6bVhBUSIsImNsaWVudF9pZCI6ImltOndpcmVhcHA9eWwtOEFfd1pTZmFTMnVWOFZ1TUVCdy83ZTc5NzIzYThiZGM2OTRmQHdpcmUuY29tIiwiYXBpX3ZlcnNpb24iOjUsInNjb3BlIjoid2lyZV9jbGllbnRfaWQifQ.5wwU5jI0D6Rvk-vZHOuivGREDtSVUAIipn3VKrG-X4yCpSwJ1d1AHcH7SttQIawlJNFcTf8k9QiPTxCAM-8ECw" }, "protected": { "alg": "EdDSA", - "kid": "https://stepca:32771/acme/wire/account/1KpNo1VC3eNOadojcAzjbQLStG1xq35Q", - "nonce": "ZzZ2aG5GUHZFdkVGSk1FWGFUQ24zOUJVNkk2WmpDVzM", + "kid": "https://stepca:32865/acme/wire/account/QAsrvmXogvcXjtocOwpPNtIgf9lg1qMF", + "nonce": "aHd2bExMa1dvSW51R3RpQVdycFhGdlB1U2t6R0JxanU", "typ": "JWT", - "url": "https://stepca:32771/acme/wire/challenge/na9wv49aMfgJhvBpM2ssWMnh5VtRw0AK/s8y0OXyQLwMDTEHmU0KuZKYx41VCAvcT" + "url": "https://stepca:32865/acme/wire/challenge/ZlrB9iK6q75JlvKGJ0SnICpRMRI1Ugki/q7hy0z2jop2HweyInjvkgLNSQUDqV5PR" } } ``` @@ -461,29 +461,29 @@ content-type: application/jose+json 200 cache-control: no-store content-type: application/json -link: ;rel="index" -link: ;rel="up" -location: https://stepca:32771/acme/wire/challenge/na9wv49aMfgJhvBpM2ssWMnh5VtRw0AK/s8y0OXyQLwMDTEHmU0KuZKYx41VCAvcT -replay-nonce: SVRHVWdEbzZNc0NWcDFqbmRPUGxodjhWYWlLNjNib1I +link: ;rel="index" +link: ;rel="up" +location: https://stepca:32865/acme/wire/challenge/ZlrB9iK6q75JlvKGJ0SnICpRMRI1Ugki/q7hy0z2jop2HweyInjvkgLNSQUDqV5PR +replay-nonce: SGlEc3MzQ3lUWjZhcWhoV3gwMW82Nk1KYzYzUkJXWEQ ``` ```json { "type": "wire-dpop-01", - "url": "https://stepca:32771/acme/wire/challenge/na9wv49aMfgJhvBpM2ssWMnh5VtRw0AK/s8y0OXyQLwMDTEHmU0KuZKYx41VCAvcT", + "url": "https://stepca:32865/acme/wire/challenge/ZlrB9iK6q75JlvKGJ0SnICpRMRI1Ugki/q7hy0z2jop2HweyInjvkgLNSQUDqV5PR", "status": "valid", - "token": "6qgGq43yUhGfvM8vJWvQRr9AX735Q4QV", - "target": "http://wire.com:23614/clients/8e6424430d3b28be/access-token" + "token": "NWcjk8D8F3lduoWZGNHSYZCq5UgQmHbv", + "target": "http://wire.com:19814/clients/7e79723a8bdc694f/access-token" } ``` ### Authenticate end user using OIDC Authorization Code with PKCE flow #### 18. OAUTH authorization request ```text -code_verifier=Ff-l5lKhPtWTvAAgKde1HlUGy2_0lwdlSkFLYm5oqio&code_challenge=Ym7_OJF63McAxN6AbzCpYFdYtB1ELmrHKw8O_LJ4KrQ +code_verifier=0kBEjyRJ75veatbbZff4EY_28TRbqWhHfj4IcvVz5Xg&code_challenge=52n0eoMinfGIsOYTVHZygTO0aqYvmCBFNVmUJTA4ZvA ``` #### 19. OAUTH authorization request (auth code endpoint) ```http request -GET http://dex:15419/dex/auth?response_type=code&client_id=wireapp&state=4alcXSP6aMU69ausw0tZ7A&code_challenge=Ym7_OJF63McAxN6AbzCpYFdYtB1ELmrHKw8O_LJ4KrQ&code_challenge_method=S256&redirect_uri=http%3A%2F%2Fwire.com%3A23614%2Fcallback&scope=openid+profile&nonce=2S9xhxZR85FO6fPlU5A3Rg +GET http://dex:21491/dex/auth?response_type=code&client_id=wireapp&state=j6NYppHtn7eBJd1JM7CIrA&code_challenge=52n0eoMinfGIsOYTVHZygTO0aqYvmCBFNVmUJTA4ZvA&code_challenge_method=S256&redirect_uri=http%3A%2F%2Fwire.com%3A19814%2Fcallback&scope=openid+profile&nonce=REQyyne9UjP6K0MwFPEbVA ``` #### 20. OAUTH authorization code @@ -491,50 +491,51 @@ GET http://dex:15419/dex/auth?response_type=code&client_id=wireapp&state=4alcXSP #### 22. OAUTH authorization code + verifier (token endpoint) ```http request -POST http://dex:15419/dex/token +POST http://dex:21491/dex/token accept: application/json content-type: application/x-www-form-urlencoded -authorization: Basic d2lyZWFwcDpXblpMVWtWMWRHMXZTVmxhVGpoc2NYQTBkRFF6ZW10Sw== +authorization: Basic d2lyZWFwcDpWVEJvVmxOWlZEazFlWEZtU1V0S1JYVlpZelpWUWxSeQ== ``` ```text -grant_type=authorization_code&code=v5audasvgrzbxtzkqfpczwjdm&code_verifier=Ff-l5lKhPtWTvAAgKde1HlUGy2_0lwdlSkFLYm5oqio&redirect_uri=http%3A%2F%2Fwire.com%3A23614%2Fcallback +grant_type=authorization_code&code=s43qgxcl7jqkhwhhwdpm3smhl&code_verifier=0kBEjyRJ75veatbbZff4EY_28TRbqWhHfj4IcvVz5Xg&redirect_uri=http%3A%2F%2Fwire.com%3A19814%2Fcallback ``` #### 23. OAUTH access token ```text { - "access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjY0ZjViYTRjNjZiYTU2ZjdiNzJhZTYzZGYzYzQ1YmQ2MTBjZGZiYWMifQ.eyJpc3MiOiJodHRwOi8vZGV4OjE1NDE5L2RleCIsInN1YiI6IkNqdHBiVHAzYVhKbFlYQndQVXhqYTNOS1lqYzBWRzAyVGpFeVkwUnFSbmszYkZFdk9HVTJOREkwTkRNd1pETmlNamhpWlVCM2FYSmxMbU52YlJJRWJHUmhjQSIsImF1ZCI6IndpcmVhcHAiLCJleHAiOjE2OTY1MTQ1MTgsImlhdCI6MTY5NjQyODExOCwibm9uY2UiOiIyUzl4aHhaUjg1Rk82ZlBsVTVBM1JnIiwiYXRfaGFzaCI6ImlBV0szRERRV0dpQ3RWLWVaWFVkckEiLCJuYW1lIjoiaW06d2lyZWFwcD1hbGljZV93aXJlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiQWxpY2UgU21pdGgifQ.mJSVLIz7z_elhxQsZfM0xRWzb6SB7fA1vHUAuM5mvob6UHrwoopSRmLZmVYF5slJIFQx0Vm93IW5d4qSb2prePotlLpw9a8hqyeoTKjLBul-fv9qiraKG96_o6rALanabBx-vZWERtgQBZP_KB5ddNyiZlnZAplWSuqEt0JEKMEBW6iu2u0YuU0rdhJWsFlcmXrW-qKv_r9YxT3LgsUFIm02UElJQSUHx8FSsv5iKKYKrWBM8TvjUcSG4HjJgrzkO2Rz7lNeTfveTzKyTcg-jMVkB_IF_ImjYNkW-46veqGua-zCeiYC3T57e8Xxzda6SHxl1GPsCwHJSCjee7EtDQ", + "access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImJkOTQ5ZDVjZWFjMzU1MTJlNDliMWU3YzE5MTBhM2UxZjZjMjcyYzkifQ.eyJpc3MiOiJodHRwOi8vZGV4OjIxNDkxL2RleCIsInN1YiI6IkNqdHBiVHAzYVhKbFlYQndQWGxzTFRoQlgzZGFVMlpoVXpKMVZqaFdkVTFGUW5jdk4yVTNPVGN5TTJFNFltUmpOamswWmtCM2FYSmxMbU52YlJJRWJHUmhjQSIsImF1ZCI6IndpcmVhcHAiLCJleHAiOjE3MDAyMTc0NDYsImlhdCI6MTcwMDEzMTA0Niwibm9uY2UiOiJSRVF5eW5lOVVqUDZLME13RlBFYlZBIiwiYXRfaGFzaCI6ImR0T3doVFY3a1JtSkRDUGRLMFgwYkEiLCJuYW1lIjoiaW06d2lyZWFwcD0lNDBhbGljZV93aXJlQHdpcmUuY29tIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiQWxpY2UgU21pdGgifQ.HhjZcj4__Uvg-JcS6v9MLAgAvsiKLVmBO-NXlu7l0IhGAqJElvU-Sl_cY49wq68la45arX9BazWwvk5PPb1uOmSsnwkRijnOA8oEJcEJ_30HzxXbzRmvYUk5B_f-45d1MQcsPjkewe75I4JGCM9qxPyylqmjobw4IH5rGPhGNOXBv_kxC1WdFW24xym1vIo2gClmXF8GTOyr_afU7ahWWEXHNRBhpD7k0RCuMtr-mRMsVn98eo0kV1HIrwEJwGtP2qOUdUXVga0kxGISfFVOlQLbVh5bfbUAT9aMMaVWIsdmdfhU2WPUVlUxM8dQaXGNITpZqBP9U7Zpjod4IbNJHg", "expires_in": 86399, - "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjY0ZjViYTRjNjZiYTU2ZjdiNzJhZTYzZGYzYzQ1YmQ2MTBjZGZiYWMifQ.eyJpc3MiOiJodHRwOi8vZGV4OjE1NDE5L2RleCIsInN1YiI6IkNqdHBiVHAzYVhKbFlYQndQVXhqYTNOS1lqYzBWRzAyVGpFeVkwUnFSbmszYkZFdk9HVTJOREkwTkRNd1pETmlNamhpWlVCM2FYSmxMbU52YlJJRWJHUmhjQSIsImF1ZCI6IndpcmVhcHAiLCJleHAiOjE2OTY1MTQ1MTgsImlhdCI6MTY5NjQyODExOCwibm9uY2UiOiIyUzl4aHhaUjg1Rk82ZlBsVTVBM1JnIiwiYXRfaGFzaCI6Ik44YXlSbDU0QS1WNmNndVNuY3ExZGciLCJjX2hhc2giOiJLQkxrTmRpeGJyeTlCMC0wV0RoWTNBIiwibmFtZSI6ImltOndpcmVhcHA9YWxpY2Vfd2lyZSIsInByZWZlcnJlZF91c2VybmFtZSI6IkFsaWNlIFNtaXRoIn0.OtCd3L6iv-iJ0M3cI_a8iN4qDa2c_SdqCofRWBwpokWXNj6V_t-1voGvCc808Atq9QnjiWHBhGgPzxymcYnjWk_wnjxz4L9NhxQxmwdm3eBjXDafIZ1OW4R2vH3zacrajRSL4psfZXMi3c6x0A0ag8OJ6253fyUpguX5jIeD45kkn-ciwGYPFz8WPnM83mva3ljLWgDlI91wMhWVC7BNC035VunyQpzr2gwIWMo2LUUdEx_Opl3_RtxZJVK76HvKgKVHk46ZAIU6AFsAIcxLgPZsOlAn7mlUxjTRyNaQnyuhr8EM2FU5fmTsV-Sm6gOVCzzW7FUD-V0WwCUXEkaFZA", + "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImJkOTQ5ZDVjZWFjMzU1MTJlNDliMWU3YzE5MTBhM2UxZjZjMjcyYzkifQ.eyJpc3MiOiJodHRwOi8vZGV4OjIxNDkxL2RleCIsInN1YiI6IkNqdHBiVHAzYVhKbFlYQndQWGxzTFRoQlgzZGFVMlpoVXpKMVZqaFdkVTFGUW5jdk4yVTNPVGN5TTJFNFltUmpOamswWmtCM2FYSmxMbU52YlJJRWJHUmhjQSIsImF1ZCI6IndpcmVhcHAiLCJleHAiOjE3MDAyMTc0NDYsImlhdCI6MTcwMDEzMTA0Niwibm9uY2UiOiJSRVF5eW5lOVVqUDZLME13RlBFYlZBIiwiYXRfaGFzaCI6IlpVNlRPbzdrd1hmVy1oNTZyNXBGQlEiLCJjX2hhc2giOiJjbzJ3amRDWDBOZEhudHpkTDNXR1FBIiwibmFtZSI6ImltOndpcmVhcHA9JTQwYWxpY2Vfd2lyZUB3aXJlLmNvbSIsInByZWZlcnJlZF91c2VybmFtZSI6IkFsaWNlIFNtaXRoIn0.yfevAqKN_8K3UGriUoMWboA72J8Izru8uXhFiott2LwAN8I0SExdvnLrDQpgq0plXITRjzfSPlOGBpnS-tT55Uh1mqxw6YxfDFqhuUFf471q_uWjuEte5zGJ8u3G_1dXqvu5UueX7Y9oh0S0GdbVY3GCv6wugta0cDfOeBkWpNT5eXq6PU4wj8whA_op7HlCnMNxmWvimX5TMqtrFBMhpHuhbeCQYICE2sL39tR3MP9armEDX13tNKjlUFuxKv8-HrYYNneDmKplyCSmAAi2j8XIBW7qs7Hc1ZEBjmCoikFfi_Iw2yCGvsC1JXyB_VGOr_ak1RXCRGbBVG-VmfibHw", "token_type": "bearer" } ``` ```text -eyJhbGciOiJSUzI1NiIsImtpZCI6IjY0ZjViYTRjNjZiYTU2ZjdiNzJhZTYzZGYzYzQ1YmQ2MTBjZGZiYWMifQ.eyJpc3MiOiJodHRwOi8vZGV4OjE1NDE5L2RleCIsInN1YiI6IkNqdHBiVHAzYVhKbFlYQndQVXhqYTNOS1lqYzBWRzAyVGpFeVkwUnFSbmszYkZFdk9HVTJOREkwTkRNd1pETmlNamhpWlVCM2FYSmxMbU52YlJJRWJHUmhjQSIsImF1ZCI6IndpcmVhcHAiLCJleHAiOjE2OTY1MTQ1MTgsImlhdCI6MTY5NjQyODExOCwibm9uY2UiOiIyUzl4aHhaUjg1Rk82ZlBsVTVBM1JnIiwiYXRfaGFzaCI6Ik44YXlSbDU0QS1WNmNndVNuY3ExZGciLCJjX2hhc2giOiJLQkxrTmRpeGJyeTlCMC0wV0RoWTNBIiwibmFtZSI6ImltOndpcmVhcHA9YWxpY2Vfd2lyZSIsInByZWZlcnJlZF91c2VybmFtZSI6IkFsaWNlIFNtaXRoIn0.OtCd3L6iv-iJ0M3cI_a8iN4qDa2c_SdqCofRWBwpokWXNj6V_t-1voGvCc808Atq9QnjiWHBhGgPzxymcYnjWk_wnjxz4L9NhxQxmwdm3eBjXDafIZ1OW4R2vH3zacrajRSL4psfZXMi3c6x0A0ag8OJ6253fyUpguX5jIeD45kkn-ciwGYPFz8WPnM83mva3ljLWgDlI91wMhWVC7BNC035VunyQpzr2gwIWMo2LUUdEx_Opl3_RtxZJVK76HvKgKVHk46ZAIU6AFsAIcxLgPZsOlAn7mlUxjTRyNaQnyuhr8EM2FU5fmTsV-Sm6gOVCzzW7FUD-V0WwCUXEkaFZA +eyJhbGciOiJSUzI1NiIsImtpZCI6ImJkOTQ5ZDVjZWFjMzU1MTJlNDliMWU3YzE5MTBhM2UxZjZjMjcyYzkifQ.eyJpc3MiOiJodHRwOi8vZGV4OjIxNDkxL2RleCIsInN1YiI6IkNqdHBiVHAzYVhKbFlYQndQWGxzTFRoQlgzZGFVMlpoVXpKMVZqaFdkVTFGUW5jdk4yVTNPVGN5TTJFNFltUmpOamswWmtCM2FYSmxMbU52YlJJRWJHUmhjQSIsImF1ZCI6IndpcmVhcHAiLCJleHAiOjE3MDAyMTc0NDYsImlhdCI6MTcwMDEzMTA0Niwibm9uY2UiOiJSRVF5eW5lOVVqUDZLME13RlBFYlZBIiwiYXRfaGFzaCI6IlpVNlRPbzdrd1hmVy1oNTZyNXBGQlEiLCJjX2hhc2giOiJjbzJ3amRDWDBOZEhudHpkTDNXR1FBIiwibmFtZSI6ImltOndpcmVhcHA9JTQwYWxpY2Vfd2lyZUB3aXJlLmNvbSIsInByZWZlcnJlZF91c2VybmFtZSI6IkFsaWNlIFNtaXRoIn0.yfevAqKN_8K3UGriUoMWboA72J8Izru8uXhFiott2LwAN8I0SExdvnLrDQpgq0plXITRjzfSPlOGBpnS-tT55Uh1mqxw6YxfDFqhuUFf471q_uWjuEte5zGJ8u3G_1dXqvu5UueX7Y9oh0S0GdbVY3GCv6wugta0cDfOeBkWpNT5eXq6PU4wj8whA_op7HlCnMNxmWvimX5TMqtrFBMhpHuhbeCQYICE2sL39tR3MP9armEDX13tNKjlUFuxKv8-HrYYNneDmKplyCSmAAi2j8XIBW7qs7Hc1ZEBjmCoikFfi_Iw2yCGvsC1JXyB_VGOr_ak1RXCRGbBVG-VmfibHw ``` #### 24. validate oidc challenge (userId + displayName)
Id token -See it on [jwt.io](https://jwt.io/#id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6IjY0ZjViYTRjNjZiYTU2ZjdiNzJhZTYzZGYzYzQ1YmQ2MTBjZGZiYWMifQ.eyJpc3MiOiJodHRwOi8vZGV4OjE1NDE5L2RleCIsInN1YiI6IkNqdHBiVHAzYVhKbFlYQndQVXhqYTNOS1lqYzBWRzAyVGpFeVkwUnFSbmszYkZFdk9HVTJOREkwTkRNd1pETmlNamhpWlVCM2FYSmxMbU52YlJJRWJHUmhjQSIsImF1ZCI6IndpcmVhcHAiLCJleHAiOjE2OTY1MTQ1MTgsImlhdCI6MTY5NjQyODExOCwibm9uY2UiOiIyUzl4aHhaUjg1Rk82ZlBsVTVBM1JnIiwiYXRfaGFzaCI6Ik44YXlSbDU0QS1WNmNndVNuY3ExZGciLCJjX2hhc2giOiJLQkxrTmRpeGJyeTlCMC0wV0RoWTNBIiwibmFtZSI6ImltOndpcmVhcHA9YWxpY2Vfd2lyZSIsInByZWZlcnJlZF91c2VybmFtZSI6IkFsaWNlIFNtaXRoIn0.OtCd3L6iv-iJ0M3cI_a8iN4qDa2c_SdqCofRWBwpokWXNj6V_t-1voGvCc808Atq9QnjiWHBhGgPzxymcYnjWk_wnjxz4L9NhxQxmwdm3eBjXDafIZ1OW4R2vH3zacrajRSL4psfZXMi3c6x0A0ag8OJ6253fyUpguX5jIeD45kkn-ciwGYPFz8WPnM83mva3ljLWgDlI91wMhWVC7BNC035VunyQpzr2gwIWMo2LUUdEx_Opl3_RtxZJVK76HvKgKVHk46ZAIU6AFsAIcxLgPZsOlAn7mlUxjTRyNaQnyuhr8EM2FU5fmTsV-Sm6gOVCzzW7FUD-V0WwCUXEkaFZA) +See it on [jwt.io](https://jwt.io/#id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6ImJkOTQ5ZDVjZWFjMzU1MTJlNDliMWU3YzE5MTBhM2UxZjZjMjcyYzkifQ.eyJpc3MiOiJodHRwOi8vZGV4OjIxNDkxL2RleCIsInN1YiI6IkNqdHBiVHAzYVhKbFlYQndQWGxzTFRoQlgzZGFVMlpoVXpKMVZqaFdkVTFGUW5jdk4yVTNPVGN5TTJFNFltUmpOamswWmtCM2FYSmxMbU52YlJJRWJHUmhjQSIsImF1ZCI6IndpcmVhcHAiLCJleHAiOjE3MDAyMTc0NDYsImlhdCI6MTcwMDEzMTA0Niwibm9uY2UiOiJSRVF5eW5lOVVqUDZLME13RlBFYlZBIiwiYXRfaGFzaCI6IlpVNlRPbzdrd1hmVy1oNTZyNXBGQlEiLCJjX2hhc2giOiJjbzJ3amRDWDBOZEhudHpkTDNXR1FBIiwibmFtZSI6ImltOndpcmVhcHA9JTQwYWxpY2Vfd2lyZUB3aXJlLmNvbSIsInByZWZlcnJlZF91c2VybmFtZSI6IkFsaWNlIFNtaXRoIn0.yfevAqKN_8K3UGriUoMWboA72J8Izru8uXhFiott2LwAN8I0SExdvnLrDQpgq0plXITRjzfSPlOGBpnS-tT55Uh1mqxw6YxfDFqhuUFf471q_uWjuEte5zGJ8u3G_1dXqvu5UueX7Y9oh0S0GdbVY3GCv6wugta0cDfOeBkWpNT5eXq6PU4wj8whA_op7HlCnMNxmWvimX5TMqtrFBMhpHuhbeCQYICE2sL39tR3MP9armEDX13tNKjlUFuxKv8-HrYYNneDmKplyCSmAAi2j8XIBW7qs7Hc1ZEBjmCoikFfi_Iw2yCGvsC1JXyB_VGOr_ak1RXCRGbBVG-VmfibHw) Raw: ```text -eyJhbGciOiJSUzI1NiIsImtpZCI6IjY0ZjViYTRjNjZiYTU2ZjdiNzJhZTYzZGYz -YzQ1YmQ2MTBjZGZiYWMifQ.eyJpc3MiOiJodHRwOi8vZGV4OjE1NDE5L2RleCIsI -nN1YiI6IkNqdHBiVHAzYVhKbFlYQndQVXhqYTNOS1lqYzBWRzAyVGpFeVkwUnFSb -mszYkZFdk9HVTJOREkwTkRNd1pETmlNamhpWlVCM2FYSmxMbU52YlJJRWJHUmhjQ -SIsImF1ZCI6IndpcmVhcHAiLCJleHAiOjE2OTY1MTQ1MTgsImlhdCI6MTY5NjQyO -DExOCwibm9uY2UiOiIyUzl4aHhaUjg1Rk82ZlBsVTVBM1JnIiwiYXRfaGFzaCI6I -k44YXlSbDU0QS1WNmNndVNuY3ExZGciLCJjX2hhc2giOiJLQkxrTmRpeGJyeTlCM -C0wV0RoWTNBIiwibmFtZSI6ImltOndpcmVhcHA9YWxpY2Vfd2lyZSIsInByZWZlc -nJlZF91c2VybmFtZSI6IkFsaWNlIFNtaXRoIn0.OtCd3L6iv-iJ0M3cI_a8iN4qD -a2c_SdqCofRWBwpokWXNj6V_t-1voGvCc808Atq9QnjiWHBhGgPzxymcYnjWk_wn -jxz4L9NhxQxmwdm3eBjXDafIZ1OW4R2vH3zacrajRSL4psfZXMi3c6x0A0ag8OJ6 -253fyUpguX5jIeD45kkn-ciwGYPFz8WPnM83mva3ljLWgDlI91wMhWVC7BNC035V -unyQpzr2gwIWMo2LUUdEx_Opl3_RtxZJVK76HvKgKVHk46ZAIU6AFsAIcxLgPZsO -lAn7mlUxjTRyNaQnyuhr8EM2FU5fmTsV-Sm6gOVCzzW7FUD-V0WwCUXEkaFZA +eyJhbGciOiJSUzI1NiIsImtpZCI6ImJkOTQ5ZDVjZWFjMzU1MTJlNDliMWU3YzE5 +MTBhM2UxZjZjMjcyYzkifQ.eyJpc3MiOiJodHRwOi8vZGV4OjIxNDkxL2RleCIsI +nN1YiI6IkNqdHBiVHAzYVhKbFlYQndQWGxzTFRoQlgzZGFVMlpoVXpKMVZqaFdkV +TFGUW5jdk4yVTNPVGN5TTJFNFltUmpOamswWmtCM2FYSmxMbU52YlJJRWJHUmhjQ +SIsImF1ZCI6IndpcmVhcHAiLCJleHAiOjE3MDAyMTc0NDYsImlhdCI6MTcwMDEzM +TA0Niwibm9uY2UiOiJSRVF5eW5lOVVqUDZLME13RlBFYlZBIiwiYXRfaGFzaCI6I +lpVNlRPbzdrd1hmVy1oNTZyNXBGQlEiLCJjX2hhc2giOiJjbzJ3amRDWDBOZEhud +HpkTDNXR1FBIiwibmFtZSI6ImltOndpcmVhcHA9JTQwYWxpY2Vfd2lyZUB3aXJlL +mNvbSIsInByZWZlcnJlZF91c2VybmFtZSI6IkFsaWNlIFNtaXRoIn0.yfevAqKN_ +8K3UGriUoMWboA72J8Izru8uXhFiott2LwAN8I0SExdvnLrDQpgq0plXITRjzfSP +lOGBpnS-tT55Uh1mqxw6YxfDFqhuUFf471q_uWjuEte5zGJ8u3G_1dXqvu5UueX7 +Y9oh0S0GdbVY3GCv6wugta0cDfOeBkWpNT5eXq6PU4wj8whA_op7HlCnMNxmWvim +X5TMqtrFBMhpHuhbeCQYICE2sL39tR3MP9armEDX13tNKjlUFuxKv8-HrYYNneDm +KplyCSmAAi2j8XIBW7qs7Hc1ZEBjmCoikFfi_Iw2yCGvsC1JXyB_VGOr_ak1RXCR +GbBVG-VmfibHw ``` Decoded: @@ -542,22 +543,22 @@ Decoded: ```json { "alg": "RS256", - "kid": "64f5ba4c66ba56f7b72ae63df3c45bd610cdfbac" + "kid": "bd949d5ceac35512e49b1e7c1910a3e1f6c272c9" } ``` ```json { - "at_hash": "N8ayRl54A-V6cguSncq1dg", + "at_hash": "ZU6TOo7kwXfW-h56r5pFBQ", "aud": "wireapp", - "c_hash": "KBLkNdixbry9B0-0WDhY3A", - "exp": 1696514518, - "iat": 1696428118, - "iss": "http://dex:15419/dex", - "name": "im:wireapp=alice_wire", - "nonce": "2S9xhxZR85FO6fPlU5A3Rg", + "c_hash": "co2wjdCX0NdHntzdL3WGQA", + "exp": 1700217446, + "iat": 1700131046, + "iss": "http://dex:21491/dex", + "name": "im:wireapp=%40alice_wire@wire.com", + "nonce": "REQyyne9UjP6K0MwFPEbVA", "preferred_username": "Alice Smith", - "sub": "CjtpbTp3aXJlYXBwPUxja3NKYjc0VG02TjEyY0RqRnk3bFEvOGU2NDI0NDMwZDNiMjhiZUB3aXJlLmNvbRIEbGRhcA" + "sub": "CjtpbTp3aXJlYXBwPXlsLThBX3daU2ZhUzJ1VjhWdU1FQncvN2U3OTcyM2E4YmRjNjk0ZkB3aXJlLmNvbRIEbGRhcA" } ``` @@ -565,13 +566,13 @@ Decoded: ✅ Signature Verified with key: ```text -----BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA94ceBIZf2i7QQjJD0lFn -Uu2388P5HK6fbn4ahpdmXCiabT9uLdObLxHymTU3ULJC9yyYMwQHPmIKlO2nH2b4 -uge0pxsPWhdVzwSnJuKyTmpChGmKkNcEQMqcVl82OwiMugsBzOe2KTPhf8O3ANWa -U02gyV388/Rgyl0lqU1Ba97IIsDYtoPnzXeyLr78ZdDoCgFnUYBaIb4K0eMNB8gZ -o2XxPGIYOKNcXwMQpBsjxsQU10OD0zP14lYafBJ1Anm10HiO/7qj97EjGBlStBIa -xqUiqaeIdIgZngxskorjftbS296IqIt4Cv5yH2ZbNe0PDB+EQT6/Yzb85hDnVotb -3wIDAQAB +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ZKVEL7JymOS2UXrUdZh +MktwgTszV+cLLcgz79/T3CSaAOdSWqWaG7cvBzYj5R5mdEpu90Cfs1gWQinlpFKD +KlCx2LNYcYxWG35hPO7VdMwXNf35KMeaWa/YnQukYGNqrNCc8proZjq6HVEmGqDC +0wMM940tIs2gfhOgO7qEJFuTUC2iSKnBX6O68wxEEpXcCWBfvs2xuKFcRdLPZzgb +INBGryMkIEy/mAAB4BDHaykC/AQipiilIWwbltgpsawl6o8UE4ebhQ/IKip0rVbY +SLudZeo0FTC9vpnRZbVuBJfe3y1dYl95WQ+SdfcF7EXE4BprZpIw2kMpqX0x9OpQ +VQIDAQAB -----END PUBLIC KEY----- ``` @@ -580,29 +581,29 @@ xqUiqaeIdIgZngxskorjftbS296IqIt4Cv5yH2ZbNe0PDB+EQT6/Yzb85hDnVotb Note: The ACME provisioner is configured with rules for transforming values received in the token into a Wire handle and display name. ```http request -POST https://stepca:32771/acme/wire/challenge/na9wv49aMfgJhvBpM2ssWMnh5VtRw0AK/b6gKurvFiAkViZX4bD9mn9PfGiFtIszq +POST https://stepca:32865/acme/wire/challenge/ZlrB9iK6q75JlvKGJ0SnICpRMRI1Ugki/SDJQ76rdWuofetahvzpgljsuhCZL2pzv /acme/{acme-provisioner}/challenge/{authz-id}/{challenge-id} content-type: application/jose+json ``` ```json { - "protected": "eyJhbGciOiJFZERTQSIsImtpZCI6Imh0dHBzOi8vc3RlcGNhOjMyNzcxL2FjbWUvd2lyZS9hY2NvdW50LzFLcE5vMVZDM2VOT2Fkb2pjQXpqYlFMU3RHMXhxMzVRIiwidHlwIjoiSldUIiwibm9uY2UiOiJTVlJIVldkRWJ6Wk5jME5XY0RGcWJtUlBVR3hvZGpoV1lXbExOak5pYjFJIiwidXJsIjoiaHR0cHM6Ly9zdGVwY2E6MzI3NzEvYWNtZS93aXJlL2NoYWxsZW5nZS9uYTl3djQ5YU1mZ0podkJwTTJzc1dNbmg1VnRSdzBBSy9iNmdLdXJ2RmlBa1ZpWlg0YkQ5bW45UGZHaUZ0SXN6cSJ9", - "payload": "eyJpZF90b2tlbiI6ImV5SmhiR2NpT2lKU1V6STFOaUlzSW10cFpDSTZJalkwWmpWaVlUUmpOalppWVRVMlpqZGlOekpoWlRZelpHWXpZelExWW1RMk1UQmpaR1ppWVdNaWZRLmV5SnBjM01pT2lKb2RIUndPaTh2WkdWNE9qRTFOREU1TDJSbGVDSXNJbk4xWWlJNklrTnFkSEJpVkhBellWaEtiRmxZUW5kUVZYaHFZVE5PUzFscVl6QldSekF5VkdwRmVWa3dVbkZTYm1zellrWkZkazlIVlRKT1JFa3dUa1JOZDFwRVRtbE5hbWhwV2xWQ00yRllTbXhNYlU1MllsSkpSV0pIVW1oalFTSXNJbUYxWkNJNkluZHBjbVZoY0hBaUxDSmxlSEFpT2pFMk9UWTFNVFExTVRnc0ltbGhkQ0k2TVRZNU5qUXlPREV4T0N3aWJtOXVZMlVpT2lJeVV6bDRhSGhhVWpnMVJrODJabEJzVlRWQk0xSm5JaXdpWVhSZmFHRnphQ0k2SWs0NFlYbFNiRFUwUVMxV05tTm5kVk51WTNFeFpHY2lMQ0pqWDJoaGMyZ2lPaUpMUWt4clRtUnBlR0p5ZVRsQ01DMHdWMFJvV1ROQklpd2libUZ0WlNJNkltbHRPbmRwY21WaGNIQTlZV3hwWTJWZmQybHlaU0lzSW5CeVpXWmxjbkpsWkY5MWMyVnlibUZ0WlNJNklrRnNhV05sSUZOdGFYUm9JbjAuT3RDZDNMNml2LWlKME0zY0lfYThpTjRxRGEyY19TZHFDb2ZSV0J3cG9rV1hOajZWX3QtMXZvR3ZDYzgwOEF0cTlRbmppV0hCaEdnUHp4eW1jWW5qV2tfd25qeHo0TDlOaHhReG13ZG0zZUJqWERhZklaMU9XNFIydkgzemFjcmFqUlNMNHBzZlpYTWkzYzZ4MEEwYWc4T0o2MjUzZnlVcGd1WDVqSWVENDVra24tY2l3R1lQRno4V1BuTTgzbXZhM2xqTFdnRGxJOTF3TWhXVkM3Qk5DMDM1VnVueVFwenIyZ3dJV01vMkxVVWRFeF9PcGwzX1J0eFpKVks3Nkh2S2dLVkhrNDZaQUlVNkFGc0FJY3hMZ1Bac09sQW43bWxVeGpUUnlOYVFueXVocjhFTTJGVTVmbVRzVi1TbTZnT1ZDenpXN0ZVRC1WMFd3Q1VYRWthRlpBIiwia2V5YXV0aCI6IjZxZ0dxNDN5VWhHZnZNOHZKV3ZRUnI5QVg3MzVRNFFWLjZvc2NWWVhmVkdTNWRPN3gzZHp2MGl0MTVMVnBNVGk2WkNYS28tR1lXYVUifQ", - "signature": "Lm4B10w4qepfF6_bZZMZvWYkNccfvFu2rYFUxxKRkB8P5d-Hdo0Qe9rQX_S9oWJnr8yXCyy0ifIHlYRogJbgDA" + "protected": "eyJhbGciOiJFZERTQSIsImtpZCI6Imh0dHBzOi8vc3RlcGNhOjMyODY1L2FjbWUvd2lyZS9hY2NvdW50L1FBc3J2bVhvZ3ZjWGp0b2NPd3BQTnRJZ2Y5bGcxcU1GIiwidHlwIjoiSldUIiwibm9uY2UiOiJTR2xFYzNNelEzbFVXalpoY1dob1YzZ3dNVzgyTmsxS1l6WXpVa0pYV0VRIiwidXJsIjoiaHR0cHM6Ly9zdGVwY2E6MzI4NjUvYWNtZS93aXJlL2NoYWxsZW5nZS9abHJCOWlLNnE3NUpsdktHSjBTbklDcFJNUkkxVWdraS9TREpRNzZyZFd1b2ZldGFodnpwZ2xqc3VoQ1pMMnB6diJ9", + "payload": "eyJpZF90b2tlbiI6ImV5SmhiR2NpT2lKU1V6STFOaUlzSW10cFpDSTZJbUprT1RRNVpEVmpaV0ZqTXpVMU1USmxORGxpTVdVM1l6RTVNVEJoTTJVeFpqWmpNamN5WXpraWZRLmV5SnBjM01pT2lKb2RIUndPaTh2WkdWNE9qSXhORGt4TDJSbGVDSXNJbk4xWWlJNklrTnFkSEJpVkhBellWaEtiRmxZUW5kUVdHeHpURlJvUWxnelpHRlZNbHBvVlhwS01WWnFhRmRrVlRGR1VXNWpkazR5VlROUFZHTjVUVEpGTkZsdFVtcE9hbXN3V210Q00yRllTbXhNYlU1MllsSkpSV0pIVW1oalFTSXNJbUYxWkNJNkluZHBjbVZoY0hBaUxDSmxlSEFpT2pFM01EQXlNVGMwTkRZc0ltbGhkQ0k2TVRjd01ERXpNVEEwTml3aWJtOXVZMlVpT2lKU1JWRjVlVzVsT1ZWcVVEWkxNRTEzUmxCRllsWkJJaXdpWVhSZmFHRnphQ0k2SWxwVk5sUlBiemRyZDFobVZ5MW9OVFp5TlhCR1FsRWlMQ0pqWDJoaGMyZ2lPaUpqYnpKM2FtUkRXREJPWkVodWRIcGtURE5YUjFGQklpd2libUZ0WlNJNkltbHRPbmRwY21WaGNIQTlKVFF3WVd4cFkyVmZkMmx5WlVCM2FYSmxMbU52YlNJc0luQnlaV1psY25KbFpGOTFjMlZ5Ym1GdFpTSTZJa0ZzYVdObElGTnRhWFJvSW4wLnlmZXZBcUtOXzhLM1VHcmlVb01XYm9BNzJKOEl6cnU4dVhoRmlvdHQyTHdBTjhJMFNFeGR2bkxyRFFwZ3EwcGxYSVRSanpmU1BsT0dCcG5TLXRUNTVVaDFtcXh3Nll4ZkRGcWh1VUZmNDcxcV91V2p1RXRlNXpHSjh1M0dfMWRYcXZ1NVV1ZVg3WTlvaDBTMEdkYlZZM0dDdjZ3dWd0YTBjRGZPZUJrV3BOVDVlWHE2UFU0d2o4d2hBX29wN0hsQ25NTnhtV3ZpbVg1VE1xdHJGQk1ocEh1aGJlQ1FZSUNFMnNMMzl0UjNNUDlhcm1FRFgxM3ROS2psVUZ1eEt2OC1IcllZTm5lRG1LcGx5Q1NtQUFpMmo4WElCVzdxczdIYzFaRUJqbUNvaWtGZmlfSXcyeUNHdnNDMUpYeUJfVkdPcl9hazFSWENSR2JCVkctVm1maWJIdyIsImtleWF1dGgiOiJOV2NqazhEOEYzbGR1b1daR05IU1laQ3E1VWdRbUhidi4zZWliLXNkNGwzbzBaYUtXV0t5eUpMSkx4UVBPaVpZN0IwdHktYWxZRWt3In0", + "signature": "aTsNPk2C4rSe0wbW6PzLWdXMtiww8kQ6rokYNRtWc-QOEONhEZ4eKeMCI-kJ43eGQceTm0KjJtBYk-ar9RLqCA" } ``` ```json { "payload": { - "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjY0ZjViYTRjNjZiYTU2ZjdiNzJhZTYzZGYzYzQ1YmQ2MTBjZGZiYWMifQ.eyJpc3MiOiJodHRwOi8vZGV4OjE1NDE5L2RleCIsInN1YiI6IkNqdHBiVHAzYVhKbFlYQndQVXhqYTNOS1lqYzBWRzAyVGpFeVkwUnFSbmszYkZFdk9HVTJOREkwTkRNd1pETmlNamhpWlVCM2FYSmxMbU52YlJJRWJHUmhjQSIsImF1ZCI6IndpcmVhcHAiLCJleHAiOjE2OTY1MTQ1MTgsImlhdCI6MTY5NjQyODExOCwibm9uY2UiOiIyUzl4aHhaUjg1Rk82ZlBsVTVBM1JnIiwiYXRfaGFzaCI6Ik44YXlSbDU0QS1WNmNndVNuY3ExZGciLCJjX2hhc2giOiJLQkxrTmRpeGJyeTlCMC0wV0RoWTNBIiwibmFtZSI6ImltOndpcmVhcHA9YWxpY2Vfd2lyZSIsInByZWZlcnJlZF91c2VybmFtZSI6IkFsaWNlIFNtaXRoIn0.OtCd3L6iv-iJ0M3cI_a8iN4qDa2c_SdqCofRWBwpokWXNj6V_t-1voGvCc808Atq9QnjiWHBhGgPzxymcYnjWk_wnjxz4L9NhxQxmwdm3eBjXDafIZ1OW4R2vH3zacrajRSL4psfZXMi3c6x0A0ag8OJ6253fyUpguX5jIeD45kkn-ciwGYPFz8WPnM83mva3ljLWgDlI91wMhWVC7BNC035VunyQpzr2gwIWMo2LUUdEx_Opl3_RtxZJVK76HvKgKVHk46ZAIU6AFsAIcxLgPZsOlAn7mlUxjTRyNaQnyuhr8EM2FU5fmTsV-Sm6gOVCzzW7FUD-V0WwCUXEkaFZA", - "keyauth": "6qgGq43yUhGfvM8vJWvQRr9AX735Q4QV.6oscVYXfVGS5dO7x3dzv0it15LVpMTi6ZCXKo-GYWaU" + "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImJkOTQ5ZDVjZWFjMzU1MTJlNDliMWU3YzE5MTBhM2UxZjZjMjcyYzkifQ.eyJpc3MiOiJodHRwOi8vZGV4OjIxNDkxL2RleCIsInN1YiI6IkNqdHBiVHAzYVhKbFlYQndQWGxzTFRoQlgzZGFVMlpoVXpKMVZqaFdkVTFGUW5jdk4yVTNPVGN5TTJFNFltUmpOamswWmtCM2FYSmxMbU52YlJJRWJHUmhjQSIsImF1ZCI6IndpcmVhcHAiLCJleHAiOjE3MDAyMTc0NDYsImlhdCI6MTcwMDEzMTA0Niwibm9uY2UiOiJSRVF5eW5lOVVqUDZLME13RlBFYlZBIiwiYXRfaGFzaCI6IlpVNlRPbzdrd1hmVy1oNTZyNXBGQlEiLCJjX2hhc2giOiJjbzJ3amRDWDBOZEhudHpkTDNXR1FBIiwibmFtZSI6ImltOndpcmVhcHA9JTQwYWxpY2Vfd2lyZUB3aXJlLmNvbSIsInByZWZlcnJlZF91c2VybmFtZSI6IkFsaWNlIFNtaXRoIn0.yfevAqKN_8K3UGriUoMWboA72J8Izru8uXhFiott2LwAN8I0SExdvnLrDQpgq0plXITRjzfSPlOGBpnS-tT55Uh1mqxw6YxfDFqhuUFf471q_uWjuEte5zGJ8u3G_1dXqvu5UueX7Y9oh0S0GdbVY3GCv6wugta0cDfOeBkWpNT5eXq6PU4wj8whA_op7HlCnMNxmWvimX5TMqtrFBMhpHuhbeCQYICE2sL39tR3MP9armEDX13tNKjlUFuxKv8-HrYYNneDmKplyCSmAAi2j8XIBW7qs7Hc1ZEBjmCoikFfi_Iw2yCGvsC1JXyB_VGOr_ak1RXCRGbBVG-VmfibHw", + "keyauth": "NWcjk8D8F3lduoWZGNHSYZCq5UgQmHbv.3eib-sd4l3o0ZaKWWKyyJLJLxQPOiZY7B0ty-alYEkw" }, "protected": { "alg": "EdDSA", - "kid": "https://stepca:32771/acme/wire/account/1KpNo1VC3eNOadojcAzjbQLStG1xq35Q", - "nonce": "SVRHVWdEbzZNc0NWcDFqbmRPUGxodjhWYWlLNjNib1I", + "kid": "https://stepca:32865/acme/wire/account/QAsrvmXogvcXjtocOwpPNtIgf9lg1qMF", + "nonce": "SGlEc3MzQ3lUWjZhcWhoV3gwMW82Nk1KYzYzUkJXWEQ", "typ": "JWT", - "url": "https://stepca:32771/acme/wire/challenge/na9wv49aMfgJhvBpM2ssWMnh5VtRw0AK/b6gKurvFiAkViZX4bD9mn9PfGiFtIszq" + "url": "https://stepca:32865/acme/wire/challenge/ZlrB9iK6q75JlvKGJ0SnICpRMRI1Ugki/SDJQ76rdWuofetahvzpgljsuhCZL2pzv" } } ``` @@ -611,32 +612,32 @@ content-type: application/jose+json 200 cache-control: no-store content-type: application/json -link: ;rel="index" -link: ;rel="up" -location: https://stepca:32771/acme/wire/challenge/na9wv49aMfgJhvBpM2ssWMnh5VtRw0AK/b6gKurvFiAkViZX4bD9mn9PfGiFtIszq -replay-nonce: TUFFbGJFdExrV3ZmMGNLalMwM3hrZVF3bTZvSWttdGo +link: ;rel="index" +link: ;rel="up" +location: https://stepca:32865/acme/wire/challenge/ZlrB9iK6q75JlvKGJ0SnICpRMRI1Ugki/SDJQ76rdWuofetahvzpgljsuhCZL2pzv +replay-nonce: RU5lbjZxVzVLbW1KMlJ0Tnc3R0NmRzBmcXNDV2g3Y0Y ``` ```json { "type": "wire-oidc-01", - "url": "https://stepca:32771/acme/wire/challenge/na9wv49aMfgJhvBpM2ssWMnh5VtRw0AK/b6gKurvFiAkViZX4bD9mn9PfGiFtIszq", + "url": "https://stepca:32865/acme/wire/challenge/ZlrB9iK6q75JlvKGJ0SnICpRMRI1Ugki/SDJQ76rdWuofetahvzpgljsuhCZL2pzv", "status": "valid", - "token": "6qgGq43yUhGfvM8vJWvQRr9AX735Q4QV", - "target": "http://dex:15419/dex" + "token": "NWcjk8D8F3lduoWZGNHSYZCq5UgQmHbv", + "target": "http://dex:21491/dex" } ``` ### Client presents a CSR and gets its certificate #### 26. verify the status of the order ```http request -POST https://stepca:32771/acme/wire/order/MhKeR55I65zvTjIhX8W2NUNAkzqqML8W +POST https://stepca:32865/acme/wire/order/frvYQkMlSJYUh1izqP43EMrm6yk2WGtn /acme/{acme-provisioner}/order/{order-id} content-type: application/jose+json ``` ```json { - "protected": "eyJhbGciOiJFZERTQSIsImtpZCI6Imh0dHBzOi8vc3RlcGNhOjMyNzcxL2FjbWUvd2lyZS9hY2NvdW50LzFLcE5vMVZDM2VOT2Fkb2pjQXpqYlFMU3RHMXhxMzVRIiwidHlwIjoiSldUIiwibm9uY2UiOiJUVUZGYkdKRmRFeHJWM1ptTUdOTGFsTXdNM2hyWlZGM2JUWnZTV3R0ZEdvIiwidXJsIjoiaHR0cHM6Ly9zdGVwY2E6MzI3NzEvYWNtZS93aXJlL29yZGVyL01oS2VSNTVJNjV6dlRqSWhYOFcyTlVOQWt6cXFNTDhXIn0", + "protected": "eyJhbGciOiJFZERTQSIsImtpZCI6Imh0dHBzOi8vc3RlcGNhOjMyODY1L2FjbWUvd2lyZS9hY2NvdW50L1FBc3J2bVhvZ3ZjWGp0b2NPd3BQTnRJZ2Y5bGcxcU1GIiwidHlwIjoiSldUIiwibm9uY2UiOiJSVTVsYmpaeFZ6VkxiVzFLTWxKMFRuYzNSME5tUnpCbWNYTkRWMmczWTBZIiwidXJsIjoiaHR0cHM6Ly9zdGVwY2E6MzI4NjUvYWNtZS93aXJlL29yZGVyL2ZydllRa01sU0pZVWgxaXpxUDQzRU1ybTZ5azJXR3RuIn0", "payload": "", - "signature": "WoRJTgGbF0aH856dbMq532NNuY-s5KaT20MEg6Cen6bgEwOY-qEih-OqANr4TMCg52sNNMUHcXMzl-G_l0cBBQ" + "signature": "fu9NIgfiB9fN3SKCNiRfZFkjTnZuzNmmCflxFmhbFPdFSO1RMNbFNbxSVLcycNIVGJsU-WgAIXnOhbbp1zU_CQ" } ``` ```json @@ -644,10 +645,10 @@ content-type: application/jose+json "payload": {}, "protected": { "alg": "EdDSA", - "kid": "https://stepca:32771/acme/wire/account/1KpNo1VC3eNOadojcAzjbQLStG1xq35Q", - "nonce": "TUFFbGJFdExrV3ZmMGNLalMwM3hrZVF3bTZvSWttdGo", + "kid": "https://stepca:32865/acme/wire/account/QAsrvmXogvcXjtocOwpPNtIgf9lg1qMF", + "nonce": "RU5lbjZxVzVLbW1KMlJ0Tnc3R0NmRzBmcXNDV2g3Y0Y", "typ": "JWT", - "url": "https://stepca:32771/acme/wire/order/MhKeR55I65zvTjIhX8W2NUNAkzqqML8W" + "url": "https://stepca:32865/acme/wire/order/frvYQkMlSJYUh1izqP43EMrm6yk2WGtn" } } ``` @@ -656,52 +657,52 @@ content-type: application/jose+json 200 cache-control: no-store content-type: application/json -link: ;rel="index" -location: https://stepca:32771/acme/wire/order/MhKeR55I65zvTjIhX8W2NUNAkzqqML8W -replay-nonce: RTV3R3hIMXlLMGJwV0tiNXZ1eTlMYmFWc2UwTmxNaUg +link: ;rel="index" +location: https://stepca:32865/acme/wire/order/frvYQkMlSJYUh1izqP43EMrm6yk2WGtn +replay-nonce: MVNuQnlwTmhnMmQ5SWdBZXJqNnFtTVJUdUxMRmI5U0Q ``` ```json { "status": "ready", - "finalize": "https://stepca:32771/acme/wire/order/MhKeR55I65zvTjIhX8W2NUNAkzqqML8W/finalize", + "finalize": "https://stepca:32865/acme/wire/order/frvYQkMlSJYUh1izqP43EMrm6yk2WGtn/finalize", "identifiers": [ { "type": "wireapp-id", - "value": "{\"name\":\"Alice Smith\",\"domain\":\"wire.com\",\"client-id\":\"im:wireapp=LcksJb74Tm6N12cDjFy7lQ/8e6424430d3b28be@wire.com\",\"handle\":\"im:wireapp=alice_wire\"}" + "value": "{\"name\":\"Alice Smith\",\"domain\":\"wire.com\",\"client-id\":\"im:wireapp=yl-8A_wZSfaS2uV8VuMEBw/7e79723a8bdc694f@wire.com\",\"handle\":\"im:wireapp=%40alice_wire@wire.com\"}" } ], "authorizations": [ - "https://stepca:32771/acme/wire/authz/na9wv49aMfgJhvBpM2ssWMnh5VtRw0AK" + "https://stepca:32865/acme/wire/authz/ZlrB9iK6q75JlvKGJ0SnICpRMRI1Ugki" ], - "expires": "2023-10-05T14:01:58Z", - "notBefore": "2023-10-04T14:01:58.361809Z", - "notAfter": "2033-10-01T14:01:58.361809Z" + "expires": "2023-11-17T10:37:26Z", + "notBefore": "2023-11-16T10:37:26.334956Z", + "notAfter": "2033-11-13T10:37:26.334956Z" } ``` #### 28. create a CSR and call finalize url ```http request -POST https://stepca:32771/acme/wire/order/MhKeR55I65zvTjIhX8W2NUNAkzqqML8W/finalize +POST https://stepca:32865/acme/wire/order/frvYQkMlSJYUh1izqP43EMrm6yk2WGtn/finalize /acme/{acme-provisioner}/order/{order-id}/finalize content-type: application/jose+json ``` ```json { - "protected": "eyJhbGciOiJFZERTQSIsImtpZCI6Imh0dHBzOi8vc3RlcGNhOjMyNzcxL2FjbWUvd2lyZS9hY2NvdW50LzFLcE5vMVZDM2VOT2Fkb2pjQXpqYlFMU3RHMXhxMzVRIiwidHlwIjoiSldUIiwibm9uY2UiOiJSVFYzUjNoSU1YbExNR0p3VjB0aU5YWjFlVGxNWW1GV2MyVXdUbXhOYVVnIiwidXJsIjoiaHR0cHM6Ly9zdGVwY2E6MzI3NzEvYWNtZS93aXJlL29yZGVyL01oS2VSNTVJNjV6dlRqSWhYOFcyTlVOQWt6cXFNTDhXL2ZpbmFsaXplIn0", - "payload": "eyJjc3IiOiJNSUlCSVRDQjFBSUJBREF4TVJFd0R3WURWUVFLREFoM2FYSmxMbU52YlRFY01Cb0dDMkNHU0FHRy1FSURBWUZ4REF0QmJHbGpaU0JUYldsMGFEQXFNQVVHQXl0bGNBTWhBRmdpREU1UVROOHl2a3FQZmd2UE5xcEU5WGhKMEpsdjBHUmFoRGtLaUltMW9IQXdiZ1lKS29aSWh2Y05BUWtPTVdFd1h6QmRCZ05WSFJFRVZqQlVoanRwYlRwM2FYSmxZWEJ3UFV4amEzTktZamMwVkcwMlRqRXlZMFJxUm5rM2JGRXZPR1UyTkRJME5ETXdaRE5pTWpoaVpVQjNhWEpsTG1OdmJZWVZhVzA2ZDJseVpXRndjRDFoYkdsalpWOTNhWEpsTUFVR0F5dGxjQU5CQU80VWpFUndJaHp2cnl2Um9kMGNTMS1NOHE5VDdUWHhOMjBkQW54VGpkcUotWUZDTmhRaUlONUdEV204NERuTmt2SlgtbjhUUUx3TXY3Y1l3akJFNGdFIn0", - "signature": "L0dF9hJ5uKNEgmT5NCter2GpX0DYvzX3qc0bv9hc4IKnyZAyFN3qofSW35jgLLsZZneGTrLvY49ipaS07ItHDA" + "protected": "eyJhbGciOiJFZERTQSIsImtpZCI6Imh0dHBzOi8vc3RlcGNhOjMyODY1L2FjbWUvd2lyZS9hY2NvdW50L1FBc3J2bVhvZ3ZjWGp0b2NPd3BQTnRJZ2Y5bGcxcU1GIiwidHlwIjoiSldUIiwibm9uY2UiOiJNVk51UW5sd1RtaG5NbVE1U1dkQlpYSnFObkZ0VFZKVWRVeE1SbUk1VTBRIiwidXJsIjoiaHR0cHM6Ly9zdGVwY2E6MzI4NjUvYWNtZS93aXJlL29yZGVyL2ZydllRa01sU0pZVWgxaXpxUDQzRU1ybTZ5azJXR3RuL2ZpbmFsaXplIn0", + "payload": "eyJjc3IiOiJNSUlCTFRDQjRBSUJBREF4TVJFd0R3WURWUVFLREFoM2FYSmxMbU52YlRFY01Cb0dDMkNHU0FHRy1FSURBWUZ4REF0QmJHbGpaU0JUYldsMGFEQXFNQVVHQXl0bGNBTWhBTm1ISzdySU9MVmhqX3ZtS21LMXFlaThEb3I4THVfRlBPblhtS0xaR0tyZm9Id3dlZ1lKS29aSWh2Y05BUWtPTVcwd2F6QnBCZ05WSFJFRVlqQmdoanRwYlRwM2FYSmxZWEJ3UFhsc0xUaEJYM2RhVTJaaFV6SjFWamhXZFUxRlFuY3ZOMlUzT1RjeU0yRTRZbVJqTmprMFprQjNhWEpsTG1OdmJZWWhhVzA2ZDJseVpXRndjRDBsTkRCaGJHbGpaVjkzYVhKbFFIZHBjbVV1WTI5dE1BVUdBeXRsY0FOQkFDSFBZb21weTkzLUZ5NmtwcjdKVlFPTDNaS1pQRnFPZjhfaml5S1F6MlNvUGdNbTFuejZoVXRBMTNIMmtudWxqYzlsSWlyU1JidTZvbEthNjdibFdncyJ9", + "signature": "9bZLWvoQBIOWODf6MTc3jLAcRAbgr8i1gZeowLYRgmU9ETXp5_NDX6Y6kz0Qm8tQtumhMYOzkRJPaY3s5rmwCg" } ``` ```json { "payload": { - "csr": "MIIBITCB1AIBADAxMREwDwYDVQQKDAh3aXJlLmNvbTEcMBoGC2CGSAGG-EIDAYFxDAtBbGljZSBTbWl0aDAqMAUGAytlcAMhAFgiDE5QTN8yvkqPfgvPNqpE9XhJ0Jlv0GRahDkKiIm1oHAwbgYJKoZIhvcNAQkOMWEwXzBdBgNVHREEVjBUhjtpbTp3aXJlYXBwPUxja3NKYjc0VG02TjEyY0RqRnk3bFEvOGU2NDI0NDMwZDNiMjhiZUB3aXJlLmNvbYYVaW06d2lyZWFwcD1hbGljZV93aXJlMAUGAytlcANBAO4UjERwIhzvryvRod0cS1-M8q9T7TXxN20dAnxTjdqJ-YFCNhQiIN5GDWm84DnNkvJX-n8TQLwMv7cYwjBE4gE" + "csr": "MIIBLTCB4AIBADAxMREwDwYDVQQKDAh3aXJlLmNvbTEcMBoGC2CGSAGG-EIDAYFxDAtBbGljZSBTbWl0aDAqMAUGAytlcAMhANmHK7rIOLVhj_vmKmK1qei8Dor8Lu_FPOnXmKLZGKrfoHwwegYJKoZIhvcNAQkOMW0wazBpBgNVHREEYjBghjtpbTp3aXJlYXBwPXlsLThBX3daU2ZhUzJ1VjhWdU1FQncvN2U3OTcyM2E4YmRjNjk0ZkB3aXJlLmNvbYYhaW06d2lyZWFwcD0lNDBhbGljZV93aXJlQHdpcmUuY29tMAUGAytlcANBACHPYompy93-Fy6kpr7JVQOL3ZKZPFqOf8_jiyKQz2SoPgMm1nz6hUtA13H2knuljc9lIirSRbu6olKa67blWgs" }, "protected": { "alg": "EdDSA", - "kid": "https://stepca:32771/acme/wire/account/1KpNo1VC3eNOadojcAzjbQLStG1xq35Q", - "nonce": "RTV3R3hIMXlLMGJwV0tiNXZ1eTlMYmFWc2UwTmxNaUg", + "kid": "https://stepca:32865/acme/wire/account/QAsrvmXogvcXjtocOwpPNtIgf9lg1qMF", + "nonce": "MVNuQnlwTmhnMmQ5SWdBZXJqNnFtTVJUdUxMRmI5U0Q", "typ": "JWT", - "url": "https://stepca:32771/acme/wire/order/MhKeR55I65zvTjIhX8W2NUNAkzqqML8W/finalize" + "url": "https://stepca:32865/acme/wire/order/frvYQkMlSJYUh1izqP43EMrm6yk2WGtn/finalize" } } ``` @@ -709,13 +710,13 @@ content-type: application/jose+json openssl -verify ✅ ``` -----BEGIN CERTIFICATE REQUEST----- -MIIBITCB1AIBADAxMREwDwYDVQQKDAh3aXJlLmNvbTEcMBoGC2CGSAGG+EIDAYFx -DAtBbGljZSBTbWl0aDAqMAUGAytlcAMhAFgiDE5QTN8yvkqPfgvPNqpE9XhJ0Jlv -0GRahDkKiIm1oHAwbgYJKoZIhvcNAQkOMWEwXzBdBgNVHREEVjBUhjtpbTp3aXJl -YXBwPUxja3NKYjc0VG02TjEyY0RqRnk3bFEvOGU2NDI0NDMwZDNiMjhiZUB3aXJl -LmNvbYYVaW06d2lyZWFwcD1hbGljZV93aXJlMAUGAytlcANBAO4UjERwIhzvryvR -od0cS1+M8q9T7TXxN20dAnxTjdqJ+YFCNhQiIN5GDWm84DnNkvJX+n8TQLwMv7cY -wjBE4gE= +MIIBLTCB4AIBADAxMREwDwYDVQQKDAh3aXJlLmNvbTEcMBoGC2CGSAGG+EIDAYFx +DAtBbGljZSBTbWl0aDAqMAUGAytlcAMhANmHK7rIOLVhj/vmKmK1qei8Dor8Lu/F +POnXmKLZGKrfoHwwegYJKoZIhvcNAQkOMW0wazBpBgNVHREEYjBghjtpbTp3aXJl +YXBwPXlsLThBX3daU2ZhUzJ1VjhWdU1FQncvN2U3OTcyM2E4YmRjNjk0ZkB3aXJl +LmNvbYYhaW06d2lyZWFwcD0lNDBhbGljZV93aXJlQHdpcmUuY29tMAUGAytlcANB +ACHPYompy93+Fy6kpr7JVQOL3ZKZPFqOf8/jiyKQz2SoPgMm1nz6hUtA13H2knul +jc9lIirSRbu6olKa67blWgs= -----END CERTIFICATE REQUEST----- ``` @@ -728,19 +729,19 @@ Certificate Request: Public Key Algorithm: ED25519 ED25519 Public-Key: pub: - 58:22:0c:4e:50:4c:df:32:be:4a:8f:7e:0b:cf:36: - aa:44:f5:78:49:d0:99:6f:d0:64:5a:84:39:0a:88: - 89:b5 + d9:87:2b:ba:c8:38:b5:61:8f:fb:e6:2a:62:b5:a9: + e8:bc:0e:8a:fc:2e:ef:c5:3c:e9:d7:98:a2:d9:18: + aa:df Attributes: Requested Extensions: X509v3 Subject Alternative Name: - URI:im:wireapp=LcksJb74Tm6N12cDjFy7lQ/8e6424430d3b28be@wire.com, URI:im:wireapp=alice_wire + URI:im:wireapp=yl-8A_wZSfaS2uV8VuMEBw/7e79723a8bdc694f@wire.com, URI:im:wireapp=%40alice_wire@wire.com Signature Algorithm: ED25519 Signature Value: - ee:14:8c:44:70:22:1c:ef:af:2b:d1:a1:dd:1c:4b:5f:8c:f2: - af:53:ed:35:f1:37:6d:1d:02:7c:53:8d:da:89:f9:81:42:36: - 14:22:20:de:46:0d:69:bc:e0:39:cd:92:f2:57:fa:7f:13:40: - bc:0c:bf:b7:18:c2:30:44:e2:01 + 21:cf:62:89:a9:cb:dd:fe:17:2e:a4:a6:be:c9:55:03:8b:dd: + 92:99:3c:5a:8e:7f:cf:e3:8b:22:90:cf:64:a8:3e:03:26:d6: + 7c:fa:85:4b:40:d7:71:f6:92:7b:a5:8d:cf:65:22:2a:d2:45: + bb:ba:a2:52:9a:eb:b6:e5:5a:0b ``` @@ -749,40 +750,40 @@ Certificate Request: 200 cache-control: no-store content-type: application/json -link: ;rel="index" -location: https://stepca:32771/acme/wire/order/MhKeR55I65zvTjIhX8W2NUNAkzqqML8W -replay-nonce: R01qSWgxV25FSDBWYW56TjE5WG5IM3FEaXB4T3F1b1Y +link: ;rel="index" +location: https://stepca:32865/acme/wire/order/frvYQkMlSJYUh1izqP43EMrm6yk2WGtn +replay-nonce: S2RwalpyUmc1MEZjWnRRdTRMQ2tYcUNVbXhDY1V1Z20 ``` ```json { - "certificate": "https://stepca:32771/acme/wire/certificate/leUvZchiW6iR45toJCeyFf7x1wnDBPIi", + "certificate": "https://stepca:32865/acme/wire/certificate/SovyprYoMfROGmEbACsGVLwvn2A0h5j9", "status": "valid", - "finalize": "https://stepca:32771/acme/wire/order/MhKeR55I65zvTjIhX8W2NUNAkzqqML8W/finalize", + "finalize": "https://stepca:32865/acme/wire/order/frvYQkMlSJYUh1izqP43EMrm6yk2WGtn/finalize", "identifiers": [ { "type": "wireapp-id", - "value": "{\"name\":\"Alice Smith\",\"domain\":\"wire.com\",\"client-id\":\"im:wireapp=LcksJb74Tm6N12cDjFy7lQ/8e6424430d3b28be@wire.com\",\"handle\":\"im:wireapp=alice_wire\"}" + "value": "{\"name\":\"Alice Smith\",\"domain\":\"wire.com\",\"client-id\":\"im:wireapp=yl-8A_wZSfaS2uV8VuMEBw/7e79723a8bdc694f@wire.com\",\"handle\":\"im:wireapp=%40alice_wire@wire.com\"}" } ], "authorizations": [ - "https://stepca:32771/acme/wire/authz/na9wv49aMfgJhvBpM2ssWMnh5VtRw0AK" + "https://stepca:32865/acme/wire/authz/ZlrB9iK6q75JlvKGJ0SnICpRMRI1Ugki" ], - "expires": "2023-10-05T14:01:58Z", - "notBefore": "2023-10-04T14:01:58.361809Z", - "notAfter": "2033-10-01T14:01:58.361809Z" + "expires": "2023-11-17T10:37:26Z", + "notBefore": "2023-11-16T10:37:26.334956Z", + "notAfter": "2033-11-13T10:37:26.334956Z" } ``` #### 30. fetch the certificate ```http request -POST https://stepca:32771/acme/wire/certificate/leUvZchiW6iR45toJCeyFf7x1wnDBPIi +POST https://stepca:32865/acme/wire/certificate/SovyprYoMfROGmEbACsGVLwvn2A0h5j9 /acme/{acme-provisioner}/certificate/{certificate-id} content-type: application/jose+json ``` ```json { - "protected": "eyJhbGciOiJFZERTQSIsImtpZCI6Imh0dHBzOi8vc3RlcGNhOjMyNzcxL2FjbWUvd2lyZS9hY2NvdW50LzFLcE5vMVZDM2VOT2Fkb2pjQXpqYlFMU3RHMXhxMzVRIiwidHlwIjoiSldUIiwibm9uY2UiOiJSMDFxU1dneFYyNUZTREJXWVc1NlRqRTVXRzVJTTNGRWFYQjRUM0YxYjFZIiwidXJsIjoiaHR0cHM6Ly9zdGVwY2E6MzI3NzEvYWNtZS93aXJlL2NlcnRpZmljYXRlL2xlVXZaY2hpVzZpUjQ1dG9KQ2V5RmY3eDF3bkRCUElpIn0", + "protected": "eyJhbGciOiJFZERTQSIsImtpZCI6Imh0dHBzOi8vc3RlcGNhOjMyODY1L2FjbWUvd2lyZS9hY2NvdW50L1FBc3J2bVhvZ3ZjWGp0b2NPd3BQTnRJZ2Y5bGcxcU1GIiwidHlwIjoiSldUIiwibm9uY2UiOiJTMlJ3YWxweVVtYzFNRVpqV25SUmRUUk1RMnRZY1VOVmJYaERZMVYxWjIwIiwidXJsIjoiaHR0cHM6Ly9zdGVwY2E6MzI4NjUvYWNtZS93aXJlL2NlcnRpZmljYXRlL1NvdnlwcllvTWZST0dtRWJBQ3NHVkx3dm4yQTBoNWo5In0", "payload": "", - "signature": "swN6WWrKPuSQy-jeG5avoLHOeFN11cs8hTmw-TL-FMCUpHDTSLWIxhm7oChXe4tXBvgwjYOgxD0QkWlG_B9wAg" + "signature": "cb_v7fS9OxXP878nxrb3qLL4rajrZqwX3Ol5WxCQC7cGANmRHbsDT57k4ugi2XkHRO_5dkbekktcwo6NZXQUAQ" } ``` ```json @@ -790,10 +791,10 @@ content-type: application/jose+json "payload": {}, "protected": { "alg": "EdDSA", - "kid": "https://stepca:32771/acme/wire/account/1KpNo1VC3eNOadojcAzjbQLStG1xq35Q", - "nonce": "R01qSWgxV25FSDBWYW56TjE5WG5IM3FEaXB4T3F1b1Y", + "kid": "https://stepca:32865/acme/wire/account/QAsrvmXogvcXjtocOwpPNtIgf9lg1qMF", + "nonce": "S2RwalpyUmc1MEZjWnRRdTRMQ2tYcUNVbXhDY1V1Z20", "typ": "JWT", - "url": "https://stepca:32771/acme/wire/certificate/leUvZchiW6iR45toJCeyFf7x1wnDBPIi" + "url": "https://stepca:32865/acme/wire/certificate/SovyprYoMfROGmEbACsGVLwvn2A0h5j9" } } ``` @@ -802,28 +803,28 @@ content-type: application/jose+json 200 cache-control: no-store content-type: application/pem-certificate-chain -link: ;rel="index" -replay-nonce: YW9tb2RwSkJab3RYc3NOUXlzTk5GT0M5VlU0SHVocnU +link: ;rel="index" +replay-nonce: VXJtMU9Yd1B6SVZJeUxJRzhFY2VKZkhETkQzSUQzSUo ``` ```json -"-----BEGIN CERTIFICATE-----\nMIICDjCCAbSgAwIBAgIRAK1DlQbUQ0L9JHNF1bZj6KUwCgYIKoZIzj0EAwIwLjEN\nMAsGA1UEChMEd2lyZTEdMBsGA1UEAxMUd2lyZSBJbnRlcm1lZGlhdGUgQ0EwHhcN\nMjMxMDA0MTQwMTU4WhcNMzMxMDAxMTQwMTU4WjApMREwDwYDVQQKEwh3aXJlLmNv\nbTEUMBIGA1UEAxMLQWxpY2UgU21pdGgwKjAFBgMrZXADIQBYIgxOUEzfMr5Kj34L\nzzaqRPV4SdCZb9BkWoQ5CoiJtaOB5jCB4zAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0l\nBAwwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFFA2kJnLNbplaxYHdk4Dpd5PwkphMB8G\nA1UdIwQYMBaAFNnroB8NtWRP7G5gd0gut6ywYi8nMF0GA1UdEQRWMFSGFWltOndp\ncmVhcHA9YWxpY2Vfd2lyZYY7aW06d2lyZWFwcD1MY2tzSmI3NFRtNk4xMmNEakZ5\nN2xRLzhlNjQyNDQzMGQzYjI4YmVAd2lyZS5jb20wHQYMKwYBBAGCpGTGKEABBA0w\nCwIBBgQEd2lyZQQAMAoGCCqGSM49BAMCA0gAMEUCIQCjkvVPGaEULIgX5sStJeHn\n6P38nlWQqx/hUJnZu4pqwAIgXerNZnyJ+3GXiJfF7qqOFgT81SkndcKDoL50SQ7I\nBQY=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIBuDCCAV6gAwIBAgIQJfiFPUj797UCuqEPQpqugzAKBggqhkjOPQQDAjAmMQ0w\nCwYDVQQKEwR3aXJlMRUwEwYDVQQDEwx3aXJlIFJvb3QgQ0EwHhcNMjMxMDA0MTQw\nMTU2WhcNMzMxMDAxMTQwMTU2WjAuMQ0wCwYDVQQKEwR3aXJlMR0wGwYDVQQDExR3\naXJlIEludGVybWVkaWF0ZSBDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABD8T\nTtbuu6f7zGfNBD/7MeMLIJBI+nXGaGcM7Tf6pvuvX/qzT/aqpBDze8bpRRA98XSJ\nqgOq+gQxoBzfqXBGBwmjZjBkMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAG\nAQH/AgEAMB0GA1UdDgQWBBTZ66AfDbVkT+xuYHdILressGIvJzAfBgNVHSMEGDAW\ngBSZ+ZGXjmZ5vT0hu/WqkgVTgDPs3jAKBggqhkjOPQQDAgNIADBFAiEA29/azNss\n1iOHSIpuBa4wanQRD8A+bjFwPBRqSNv29N0CIHHXBCXjWxBMtltly89W6MQizq1g\nG6AtiIMrHdSUUvi1\n-----END CERTIFICATE-----\n" +"-----BEGIN CERTIFICATE-----\nMIICGDCCAb+gAwIBAgIQHhoe3LLRoHP+EPY4KOTgATAKBggqhkjOPQQDAjAuMQ0w\nCwYDVQQKEwR3aXJlMR0wGwYDVQQDExR3aXJlIEludGVybWVkaWF0ZSBDQTAeFw0y\nMzExMTYxMDM3MjZaFw0zMzExMTMxMDM3MjZaMCkxETAPBgNVBAoTCHdpcmUuY29t\nMRQwEgYDVQQDEwtBbGljZSBTbWl0aDAqMAUGAytlcAMhANmHK7rIOLVhj/vmKmK1\nqei8Dor8Lu/FPOnXmKLZGKrfo4HyMIHvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUE\nDDAKBggrBgEFBQcDAjAdBgNVHQ4EFgQUFlquvWRvc3MxFaLrNgzv+UdGoaswHwYD\nVR0jBBgwFoAUz40pQ/qEp4eFDfctCF0jmJB+5xswaQYDVR0RBGIwYIYhaW06d2ly\nZWFwcD0lNDBhbGljZV93aXJlQHdpcmUuY29thjtpbTp3aXJlYXBwPXlsLThBX3da\nU2ZhUzJ1VjhWdU1FQncvN2U3OTcyM2E4YmRjNjk0ZkB3aXJlLmNvbTAdBgwrBgEE\nAYKkZMYoQAEEDTALAgEGBAR3aXJlBAAwCgYIKoZIzj0EAwIDRwAwRAIgRqbsOAF7\nOseMTgkjrKe3UO/UjDUGzW+jlDWOGLZsh5ECIDdNastqkvwOGfbWaeh+IuM6/oBz\nflIOs9TQGOVc0YL1\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIBuTCCAV+gAwIBAgIRALZ7S0CrN0AU7he5I5RE7kUwCgYIKoZIzj0EAwIwJjEN\nMAsGA1UEChMEd2lyZTEVMBMGA1UEAxMMd2lyZSBSb290IENBMB4XDTIzMTExNjEw\nMzcyNFoXDTMzMTExMzEwMzcyNFowLjENMAsGA1UEChMEd2lyZTEdMBsGA1UEAxMU\nd2lyZSBJbnRlcm1lZGlhdGUgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARX\nN+Bn/11sYUO48us2X+JrOBMXf/Gn9kV1D+fp1SQ3JzQl/KEwmtG3OJHB6ljtQiIF\nQTKP2xV8Zu9vK1Z8zD43o2YwZDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgw\nBgEB/wIBADAdBgNVHQ4EFgQUz40pQ/qEp4eFDfctCF0jmJB+5xswHwYDVR0jBBgw\nFoAUCseuIlZpBnsVzFcCJvAXBodYgo0wCgYIKoZIzj0EAwIDSAAwRQIgfR0sHfuG\nN2EBypbVEz5g7zRMQsbKCUxUAW5cNiEc9IICIQDCDymSCXPFRw1QNv/7WQXATH1L\nhQc4PK0oC9I4QpceyA==\n-----END CERTIFICATE-----\n" ``` ###### Certificate #1 openssl -verify ✅ ``` -----BEGIN CERTIFICATE----- -MIICDjCCAbSgAwIBAgIRAK1DlQbUQ0L9JHNF1bZj6KUwCgYIKoZIzj0EAwIwLjEN -MAsGA1UEChMEd2lyZTEdMBsGA1UEAxMUd2lyZSBJbnRlcm1lZGlhdGUgQ0EwHhcN -MjMxMDA0MTQwMTU4WhcNMzMxMDAxMTQwMTU4WjApMREwDwYDVQQKEwh3aXJlLmNv -bTEUMBIGA1UEAxMLQWxpY2UgU21pdGgwKjAFBgMrZXADIQBYIgxOUEzfMr5Kj34L -zzaqRPV4SdCZb9BkWoQ5CoiJtaOB5jCB4zAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0l -BAwwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFFA2kJnLNbplaxYHdk4Dpd5PwkphMB8G -A1UdIwQYMBaAFNnroB8NtWRP7G5gd0gut6ywYi8nMF0GA1UdEQRWMFSGFWltOndp -cmVhcHA9YWxpY2Vfd2lyZYY7aW06d2lyZWFwcD1MY2tzSmI3NFRtNk4xMmNEakZ5 -N2xRLzhlNjQyNDQzMGQzYjI4YmVAd2lyZS5jb20wHQYMKwYBBAGCpGTGKEABBA0w -CwIBBgQEd2lyZQQAMAoGCCqGSM49BAMCA0gAMEUCIQCjkvVPGaEULIgX5sStJeHn -6P38nlWQqx/hUJnZu4pqwAIgXerNZnyJ+3GXiJfF7qqOFgT81SkndcKDoL50SQ7I -BQY= +MIICGDCCAb+gAwIBAgIQHhoe3LLRoHP+EPY4KOTgATAKBggqhkjOPQQDAjAuMQ0w +CwYDVQQKEwR3aXJlMR0wGwYDVQQDExR3aXJlIEludGVybWVkaWF0ZSBDQTAeFw0y +MzExMTYxMDM3MjZaFw0zMzExMTMxMDM3MjZaMCkxETAPBgNVBAoTCHdpcmUuY29t +MRQwEgYDVQQDEwtBbGljZSBTbWl0aDAqMAUGAytlcAMhANmHK7rIOLVhj/vmKmK1 +qei8Dor8Lu/FPOnXmKLZGKrfo4HyMIHvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUE +DDAKBggrBgEFBQcDAjAdBgNVHQ4EFgQUFlquvWRvc3MxFaLrNgzv+UdGoaswHwYD +VR0jBBgwFoAUz40pQ/qEp4eFDfctCF0jmJB+5xswaQYDVR0RBGIwYIYhaW06d2ly +ZWFwcD0lNDBhbGljZV93aXJlQHdpcmUuY29thjtpbTp3aXJlYXBwPXlsLThBX3da +U2ZhUzJ1VjhWdU1FQncvN2U3OTcyM2E4YmRjNjk0ZkB3aXJlLmNvbTAdBgwrBgEE +AYKkZMYoQAEEDTALAgEGBAR3aXJlBAAwCgYIKoZIzj0EAwIDRwAwRAIgRqbsOAF7 +OseMTgkjrKe3UO/UjDUGzW+jlDWOGLZsh5ECIDdNastqkvwOGfbWaeh+IuM6/oBz +flIOs9TQGOVc0YL1 -----END CERTIFICATE----- ``` @@ -832,39 +833,39 @@ Certificate: Data: Version: 3 (0x2) Serial Number: - ad:43:95:06:d4:43:42:fd:24:73:45:d5:b6:63:e8:a5 + 1e:1a:1e:dc:b2:d1:a0:73:fe:10:f6:38:28:e4:e0:01 Signature Algorithm: ecdsa-with-SHA256 Issuer: O = wire, CN = wire Intermediate CA Validity - Not Before: Oct 4 14:01:58 2023 GMT - Not After : Oct 1 14:01:58 2033 GMT + Not Before: Nov 16 10:37:26 2023 GMT + Not After : Nov 13 10:37:26 2033 GMT Subject: O = wire.com, CN = Alice Smith Subject Public Key Info: Public Key Algorithm: ED25519 ED25519 Public-Key: pub: - 58:22:0c:4e:50:4c:df:32:be:4a:8f:7e:0b:cf:36: - aa:44:f5:78:49:d0:99:6f:d0:64:5a:84:39:0a:88: - 89:b5 + d9:87:2b:ba:c8:38:b5:61:8f:fb:e6:2a:62:b5:a9: + e8:bc:0e:8a:fc:2e:ef:c5:3c:e9:d7:98:a2:d9:18: + aa:df X509v3 extensions: X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Client Authentication X509v3 Subject Key Identifier: - 50:36:90:99:CB:35:BA:65:6B:16:07:76:4E:03:A5:DE:4F:C2:4A:61 + 16:5A:AE:BD:64:6F:73:73:31:15:A2:EB:36:0C:EF:F9:47:46:A1:AB X509v3 Authority Key Identifier: - D9:EB:A0:1F:0D:B5:64:4F:EC:6E:60:77:48:2E:B7:AC:B0:62:2F:27 + CF:8D:29:43:FA:84:A7:87:85:0D:F7:2D:08:5D:23:98:90:7E:E7:1B X509v3 Subject Alternative Name: - URI:im:wireapp=alice_wire, URI:im:wireapp=LcksJb74Tm6N12cDjFy7lQ/8e6424430d3b28be@wire.com + URI:im:wireapp=%40alice_wire@wire.com, URI:im:wireapp=yl-8A_wZSfaS2uV8VuMEBw/7e79723a8bdc694f@wire.com 1.3.6.1.4.1.37476.9000.64.1: 0......wire.. Signature Algorithm: ecdsa-with-SHA256 Signature Value: - 30:45:02:21:00:a3:92:f5:4f:19:a1:14:2c:88:17:e6:c4:ad: - 25:e1:e7:e8:fd:fc:9e:55:90:ab:1f:e1:50:99:d9:bb:8a:6a: - c0:02:20:5d:ea:cd:66:7c:89:fb:71:97:88:97:c5:ee:aa:8e: - 16:04:fc:d5:29:27:75:c2:83:a0:be:74:49:0e:c8:05:06 + 30:44:02:20:46:a6:ec:38:01:7b:3a:c7:8c:4e:09:23:ac:a7: + b7:50:ef:d4:8c:35:06:cd:6f:a3:94:35:8e:18:b6:6c:87:91: + 02:20:37:4d:6a:cb:6a:92:fc:0e:19:f6:d6:69:e8:7e:22:e3: + 3a:fe:80:73:7e:52:0e:b3:d4:d0:18:e5:5c:d1:82:f5 ``` @@ -872,16 +873,16 @@ Certificate: openssl -verify ✅ ``` -----BEGIN CERTIFICATE----- -MIIBuDCCAV6gAwIBAgIQJfiFPUj797UCuqEPQpqugzAKBggqhkjOPQQDAjAmMQ0w -CwYDVQQKEwR3aXJlMRUwEwYDVQQDEwx3aXJlIFJvb3QgQ0EwHhcNMjMxMDA0MTQw -MTU2WhcNMzMxMDAxMTQwMTU2WjAuMQ0wCwYDVQQKEwR3aXJlMR0wGwYDVQQDExR3 -aXJlIEludGVybWVkaWF0ZSBDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABD8T -Ttbuu6f7zGfNBD/7MeMLIJBI+nXGaGcM7Tf6pvuvX/qzT/aqpBDze8bpRRA98XSJ -qgOq+gQxoBzfqXBGBwmjZjBkMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAG -AQH/AgEAMB0GA1UdDgQWBBTZ66AfDbVkT+xuYHdILressGIvJzAfBgNVHSMEGDAW -gBSZ+ZGXjmZ5vT0hu/WqkgVTgDPs3jAKBggqhkjOPQQDAgNIADBFAiEA29/azNss -1iOHSIpuBa4wanQRD8A+bjFwPBRqSNv29N0CIHHXBCXjWxBMtltly89W6MQizq1g -G6AtiIMrHdSUUvi1 +MIIBuTCCAV+gAwIBAgIRALZ7S0CrN0AU7he5I5RE7kUwCgYIKoZIzj0EAwIwJjEN +MAsGA1UEChMEd2lyZTEVMBMGA1UEAxMMd2lyZSBSb290IENBMB4XDTIzMTExNjEw +MzcyNFoXDTMzMTExMzEwMzcyNFowLjENMAsGA1UEChMEd2lyZTEdMBsGA1UEAxMU +d2lyZSBJbnRlcm1lZGlhdGUgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARX +N+Bn/11sYUO48us2X+JrOBMXf/Gn9kV1D+fp1SQ3JzQl/KEwmtG3OJHB6ljtQiIF +QTKP2xV8Zu9vK1Z8zD43o2YwZDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgw +BgEB/wIBADAdBgNVHQ4EFgQUz40pQ/qEp4eFDfctCF0jmJB+5xswHwYDVR0jBBgw +FoAUCseuIlZpBnsVzFcCJvAXBodYgo0wCgYIKoZIzj0EAwIDSAAwRQIgfR0sHfuG +N2EBypbVEz5g7zRMQsbKCUxUAW5cNiEc9IICIQDCDymSCXPFRw1QNv/7WQXATH1L +hQc4PK0oC9I4QpceyA== -----END CERTIFICATE----- ``` @@ -890,22 +891,22 @@ Certificate: Data: Version: 3 (0x2) Serial Number: - 25:f8:85:3d:48:fb:f7:b5:02:ba:a1:0f:42:9a:ae:83 + b6:7b:4b:40:ab:37:40:14:ee:17:b9:23:94:44:ee:45 Signature Algorithm: ecdsa-with-SHA256 Issuer: O = wire, CN = wire Root CA Validity - Not Before: Oct 4 14:01:56 2023 GMT - Not After : Oct 1 14:01:56 2033 GMT + Not Before: Nov 16 10:37:24 2023 GMT + Not After : Nov 13 10:37:24 2033 GMT Subject: O = wire, CN = wire Intermediate CA Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: - 04:3f:13:4e:d6:ee:bb:a7:fb:cc:67:cd:04:3f:fb: - 31:e3:0b:20:90:48:fa:75:c6:68:67:0c:ed:37:fa: - a6:fb:af:5f:fa:b3:4f:f6:aa:a4:10:f3:7b:c6:e9: - 45:10:3d:f1:74:89:aa:03:aa:fa:04:31:a0:1c:df: - a9:70:46:07:09 + 04:57:37:e0:67:ff:5d:6c:61:43:b8:f2:eb:36:5f: + e2:6b:38:13:17:7f:f1:a7:f6:45:75:0f:e7:e9:d5: + 24:37:27:34:25:fc:a1:30:9a:d1:b7:38:91:c1:ea: + 58:ed:42:22:05:41:32:8f:db:15:7c:66:ef:6f:2b: + 56:7c:cc:3e:37 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: @@ -914,14 +915,14 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE, pathlen:0 X509v3 Subject Key Identifier: - D9:EB:A0:1F:0D:B5:64:4F:EC:6E:60:77:48:2E:B7:AC:B0:62:2F:27 + CF:8D:29:43:FA:84:A7:87:85:0D:F7:2D:08:5D:23:98:90:7E:E7:1B X509v3 Authority Key Identifier: - 99:F9:91:97:8E:66:79:BD:3D:21:BB:F5:AA:92:05:53:80:33:EC:DE + 0A:C7:AE:22:56:69:06:7B:15:CC:57:02:26:F0:17:06:87:58:82:8D Signature Algorithm: ecdsa-with-SHA256 Signature Value: - 30:45:02:21:00:db:df:da:cc:db:2c:d6:23:87:48:8a:6e:05: - ae:30:6a:74:11:0f:c0:3e:6e:31:70:3c:14:6a:48:db:f6:f4: - dd:02:20:71:d7:04:25:e3:5b:10:4c:b6:5b:65:cb:cf:56:e8: - c4:22:ce:ad:60:1b:a0:2d:88:83:2b:1d:d4:94:52:f8:b5 + 30:45:02:20:7d:1d:2c:1d:fb:86:37:61:01:ca:96:d5:13:3e: + 60:ef:34:4c:42:c6:ca:09:4c:54:01:6e:5c:36:21:1c:f4:82: + 02:21:00:c2:0f:29:92:09:73:c5:47:0d:50:36:ff:fb:59:05: + c0:4c:7d:4b:85:07:38:3c:ad:28:0b:d2:38:42:97:1e:c8 ``` diff --git a/e2e-identity/src/builder.rs b/e2e-identity/src/builder.rs index 2e1231b4..7bf704b0 100644 --- a/e2e-identity/src/builder.rs +++ b/e2e-identity/src/builder.rs @@ -200,7 +200,13 @@ impl WireIdentityBuilder { cert_params.distinguished_name = dn; let client_id = ClientId::try_from_qualified(&self.client_id).unwrap().to_uri(); - let handle = format!("{}{}", ClientId::URI_PREFIX, self.handle); + let handle = format!( + "{}{}{}@{}", + ClientId::URI_PREFIX, + ClientId::HANDLE_PREFIX, + self.handle, + self.domain + ); cert_params.subject_alt_names = vec![rcgen::SanType::URI(client_id), rcgen::SanType::URI(handle)]; cert_params.extended_key_usages = vec![rcgen::ExtendedKeyUsagePurpose::ClientAuth]; diff --git a/e2e-identity/src/lib.rs b/e2e-identity/src/lib.rs index 167b7642..eaaea224 100644 --- a/e2e-identity/src/lib.rs +++ b/e2e-identity/src/lib.rs @@ -13,7 +13,9 @@ mod error; mod types; pub mod prelude { - pub use rusty_acme::prelude::{AcmeDirectory, RustyAcme, RustyAcmeError, WireIdentity, WireIdentityReader}; + pub use rusty_acme::prelude::{ + AcmeDirectory, IdentityStatus, RustyAcme, RustyAcmeError, WireIdentity, WireIdentityReader, + }; pub use rusty_jwt_tools::prelude::{ClientId as E2eiClientId, HashAlgorithm, JwsAlgorithm, RustyJwtError}; #[cfg(feature = "identity-builder")] diff --git a/e2e-identity/tests/api.rs b/e2e-identity/tests/api.rs index 76ce82f4..3ee7fecf 100644 --- a/e2e-identity/tests/api.rs +++ b/e2e-identity/tests/api.rs @@ -15,8 +15,8 @@ mod utils; fn e2e_api() { let prev_nonce = || utils::rand_base64_str(32); for (enrollment, backend_kp) in enrollments() { - let user_id = "T4Coy4vdRzianwfOgXpn6A"; - let device_id = "a338e9ea9e87fec"; + let user_id = "yl-8A_wZSfaS2uV8VuMEBw"; + let device_id = "7e79723a8bdc694f"; let domain = "wire.org"; let qualified_client_id = format!("{user_id}:{device_id}@{domain}"); @@ -87,7 +87,7 @@ fn e2e_api() { "identifiers": [ { "type": "wireapp-id", - "value": "{\"name\":\"Alice Smith\",\"domain\":\"wire.com\",\"client-id\":\"im:wireapp=T4Coy4vdRzianwfOgXpn6A/a338e9ea9e87fec@wire.com\",\"handle\":\"im:wireapp=alice_wire\"}" + "value": "{\"name\":\"Alice Smith\",\"domain\":\"wire.com\",\"client-id\":\"im:wireapp=yl-8A_wZSfaS2uV8VuMEBw/7e79723a8bdc694f@wire.com\",\"handle\":\"im:wireapp=%40alice_wire@wire.com\"}" } ], "authorizations": [ @@ -129,12 +129,12 @@ fn e2e_api() { "url": "https://localhost:55170/acme/acme/challenge/ZelRfonEK02jDGlPCJYHrY8tJKNsH0mw/0y6hLM0TTOVUkawDhQcw5RB7ONwuhooW", "status": "pending", "token": "Gvg5AyOaw0uIQOWKE8lCSIP9nIYwcQiY", - "target": "https://wire.com/clients/a338e9ea9e87fec/access-token" + "target": "https://wire.com/clients/7e79723a8bdc694f/access-token" } ], "identifier": { "type": "wireapp-id", - "value": "{\"name\":\"Alice Smith\",\"domain\":\"wire.com\",\"client-id\":\"im:wireapp=T4Coy4vdRzianwfOgXpn6A/a338e9ea9e87fec@wire.com\",\"handle\":\"im:wireapp=alice_wire\"}" + "value": "{\"name\":\"Alice Smith\",\"domain\":\"wire.com\",\"client-id\":\"im:wireapp=yl-8A_wZSfaS2uV8VuMEBw/7e79723a8bdc694f@wire.com\",\"handle\":\"im:wireapp=%40alice_wire@wire.com\"}" } }); let authz = enrollment.acme_new_authz_response(resp).unwrap(); @@ -234,7 +234,7 @@ fn e2e_api() { "identifiers": [ { "type": "wireapp-id", - "value": "{\"name\":\"Alice Smith\",\"domain\":\"wire.com\",\"client-id\":\"im:wireapp=T4Coy4vdRzianwfOgXpn6A/a338e9ea9e87fec@wire.com\",\"handle\":\"im:wireapp=alice_wire\"}" + "value": "{\"name\":\"Alice Smith\",\"domain\":\"wire.com\",\"client-id\":\"im:wireapp=yl-8A_wZSfaS2uV8VuMEBw/7e79723a8bdc694f@wire.com\",\"handle\":\"im:wireapp=%40alice_wire@wire.com\"}" } ], "authorizations": [ @@ -262,7 +262,7 @@ fn e2e_api() { "identifiers": [ { "type": "wireapp-id", - "value": "{\"name\":\"Alice Smith\",\"domain\":\"wire.com\",\"client-id\":\"im:wireapp=T4Coy4vdRzianwfOgXpn6A/a338e9ea9e87fec@wire.com\",\"handle\":\"im:wireapp=alice_wire\"}" + "value": "{\"name\":\"Alice Smith\",\"domain\":\"wire.com\",\"client-id\":\"im:wireapp=yl-8A_wZSfaS2uV8VuMEBw/7e79723a8bdc694f@wire.com\",\"handle\":\"im:wireapp=%40alice_wire@wire.com\"}" } ], "authorizations": [ @@ -283,29 +283,30 @@ fn e2e_api() { .unwrap(); let resp = r#"-----BEGIN CERTIFICATE----- -MIICDDCCAbOgAwIBAgIRAPByYiuFhbbYasW+GKz5FBkwCgYIKoZIzj0EAwIwLjEN -MAsGA1UEChMEd2lyZTEdMBsGA1UEAxMUd2lyZSBJbnRlcm1lZGlhdGUgQ0EwHhcN -MjMwNzMxMTQwMjA4WhcNMzMwNzI4MTQwMjA4WjApMREwDwYDVQQKEwh3aXJlLmNv -bTEUMBIGA1UEAxMLQWxpY2UgU21pdGgwKjAFBgMrZXADIQAF/hZvvmRkWMzqZ5jU -LnGKO+y8G/Vz+olfTknk7c/8IqOB5TCB4jAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0l -BAwwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFGhAhRlgprn/FUxPfL+ehHvvAigpMB8G -A1UdIwQYMBaAFB81Yl+jcBh8rnCo9MJtkZ+2vq5YMFwGA1UdEQRVMFOGFWltOndp -cmVhcHA9YWxpY2Vfd2lyZYY6aW06d2lyZWFwcD1UNENveTR2ZFJ6aWFud2ZPZ1hw -bjZBL2EzMzhlOWVhOWU4N2ZlY0B3aXJlLmNvbTAdBgwrBgEEAYKkZMYoQAEEDTAL -AgEGBAR3aXJlBAAwCgYIKoZIzj0EAwIDRwAwRAIgCP+OnliYCy7PKs3rt+x4zUuF -e2grybnLl5fsak6lFPUCIE4T8ZMlKkOZ9xeYdTlrUPT67hc++ZRAtcU03Kqiz8sm +MIICGDCCAb+gAwIBAgIQHhoe3LLRoHP+EPY4KOTgATAKBggqhkjOPQQDAjAuMQ0w +CwYDVQQKEwR3aXJlMR0wGwYDVQQDExR3aXJlIEludGVybWVkaWF0ZSBDQTAeFw0y +MzExMTYxMDM3MjZaFw0zMzExMTMxMDM3MjZaMCkxETAPBgNVBAoTCHdpcmUuY29t +MRQwEgYDVQQDEwtBbGljZSBTbWl0aDAqMAUGAytlcAMhANmHK7rIOLVhj/vmKmK1 +qei8Dor8Lu/FPOnXmKLZGKrfo4HyMIHvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUE +DDAKBggrBgEFBQcDAjAdBgNVHQ4EFgQUFlquvWRvc3MxFaLrNgzv+UdGoaswHwYD +VR0jBBgwFoAUz40pQ/qEp4eFDfctCF0jmJB+5xswaQYDVR0RBGIwYIYhaW06d2ly +ZWFwcD0lNDBhbGljZV93aXJlQHdpcmUuY29thjtpbTp3aXJlYXBwPXlsLThBX3da +U2ZhUzJ1VjhWdU1FQncvN2U3OTcyM2E4YmRjNjk0ZkB3aXJlLmNvbTAdBgwrBgEE +AYKkZMYoQAEEDTALAgEGBAR3aXJlBAAwCgYIKoZIzj0EAwIDRwAwRAIgRqbsOAF7 +OseMTgkjrKe3UO/UjDUGzW+jlDWOGLZsh5ECIDdNastqkvwOGfbWaeh+IuM6/oBz +flIOs9TQGOVc0YL1 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIBuTCCAV6gAwIBAgIQfYC2CCR4Uw9GPkJ2nSq8ATAKBggqhkjOPQQDAjAmMQ0w -CwYDVQQKEwR3aXJlMRUwEwYDVQQDEwx3aXJlIFJvb3QgQ0EwHhcNMjMwNzMxMTQw -MjA2WhcNMzMwNzI4MTQwMjA2WjAuMQ0wCwYDVQQKEwR3aXJlMR0wGwYDVQQDExR3 -aXJlIEludGVybWVkaWF0ZSBDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCOc -sqiFG9+GHjqHP26inah0Vyxt8IoZykStaLLskp2IDB8/px2k6TbNV5areq09+g26 -QTxTzlaBWUE/Y9rCoqmjZjBkMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAG -AQH/AgEAMB0GA1UdDgQWBBQfNWJfo3AYfK5wqPTCbZGftr6uWDAfBgNVHSMEGDAW -gBQgDq04Td1mq9ala953Mito5QHARjAKBggqhkjOPQQDAgNJADBGAiEA+MIEAiG2 -DxMYFdlfpS2zs/Ed+1Co/pkE3iTlbhcQK6ACIQD1Xhg2dteHl4bILtK0aVH1BRtD -jHdSVZh5wt4eD7IMag== +MIIBuTCCAV+gAwIBAgIRALZ7S0CrN0AU7he5I5RE7kUwCgYIKoZIzj0EAwIwJjEN +MAsGA1UEChMEd2lyZTEVMBMGA1UEAxMMd2lyZSBSb290IENBMB4XDTIzMTExNjEw +MzcyNFoXDTMzMTExMzEwMzcyNFowLjENMAsGA1UEChMEd2lyZTEdMBsGA1UEAxMU +d2lyZSBJbnRlcm1lZGlhdGUgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARX +N+Bn/11sYUO48us2X+JrOBMXf/Gn9kV1D+fp1SQ3JzQl/KEwmtG3OJHB6ljtQiIF +QTKP2xV8Zu9vK1Z8zD43o2YwZDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgw +BgEB/wIBADAdBgNVHQ4EFgQUz40pQ/qEp4eFDfctCF0jmJB+5xswHwYDVR0jBBgw +FoAUCseuIlZpBnsVzFcCJvAXBodYgo0wCgYIKoZIzj0EAwIDSAAwRQIgfR0sHfuG +N2EBypbVEz5g7zRMQsbKCUxUAW5cNiEc9IICIQDCDymSCXPFRw1QNv/7WQXATH1L +hQc4PK0oC9I4QpceyA== -----END CERTIFICATE-----"#; enrollment .acme_x509_certificate_response(resp.to_string(), order) diff --git a/e2e-identity/tests/utils/cfg.rs b/e2e-identity/tests/utils/cfg.rs index 5240a37f..583eadc9 100644 --- a/e2e-identity/tests/utils/cfg.rs +++ b/e2e-identity/tests/utils/cfg.rs @@ -156,7 +156,7 @@ impl<'a> E2eTest<'a> { ldap_cfg: LdapCfg { host: ldap_host.to_string(), display_name: display_name.to_string(), - handle: format!("{}{handle}", ClientId::URI_PREFIX), + handle: format!("{}%40{handle}@{domain}", ClientId::URI_PREFIX), email, password: password.to_string(), domain: domain.to_string(), diff --git a/jwt/src/model/client_id.rs b/jwt/src/model/client_id.rs index ee6d2668..27f6223a 100644 --- a/jwt/src/model/client_id.rs +++ b/jwt/src/model/client_id.rs @@ -21,6 +21,9 @@ impl ClientId { /// URI prefix for all subject URIs pub const URI_PREFIX: &'static str = "im:wireapp="; + /// Present in front of the handle. It's '@' URL encoded + pub const HANDLE_PREFIX: &'static str = "%40"; + /// Between user-id & client-id when converted to an URI pub const URI_DELIMITER: &'static str = "/";