Note: This script can only be used with RSA key pairs. If you want to use ECDSA key pairs, you'll need to reconfigure the script yourself.
This pre-request script can be used with Postman to interact with the majority of endpoints including our custom endpoints.
pm.sendRequest({
url: 'http://kjur.github.io/jsrsasign/jsrsasign-latest-all-min.js',
method: 'GET',
}, function (err, res) {
pm.globals.set('jsrsasign-js', res.text());
pm.sendRequest({
url: pm.environment.get('baseUrl') + '/new-nonce',
method: 'GET',
}, function (err, res) {
const replayNonce = res.headers.find(h => h.key == 'Replay-Nonce').value;
pm.environment.set('Replay-Nonce', replayNonce);
// JWT generation script adapted from
// https://gist.github.com/corbanb/db03150abbe899285d6a86cc480f674d
var navigator = {};
var window = {};
eval(pm.globals.get("jsrsasign-js"));
var privateKey = pm.environment.get('account_private_key') || ''
const pathInfo = pm.variables.replaceIn(pm.request.url.getPath());
// Set headers for JWT
var header = {
'kid':pm.environment.get('baseUrl') + '/acct/' + pm.environment.get('accountId') || '',
'nonce': pm.environment.get('Replay-Nonce') || '',
"url" : pm.environment.get("baseUrl") + pathInfo || '',
'alg': 'RS256'
};
var data = pm.request.body.raw || ''
// sign token
var sJWT = KJUR.jws.JWS.sign(header.alg, header, data, privateKey).split(".")
let body = {
'protected': sJWT[0],
'payload': sJWT[1],
'signature': sJWT[2]
}
pm.request.body.raw=body
});
});
This pre-request script can be used with Postman to exchange your old key pair with a new key pair using the key-change endpoint.
pm.sendRequest({
url: 'http://kjur.github.io/jsrsasign/jsrsasign-latest-all-min.js',
method: 'GET',
}, function (err, res) {
pm.globals.set('jsrsasign-js', res.text());
pm.sendRequest({
url: pm.environment.get('baseUrl') + '/new-nonce',
method: 'GET',
}, function (err, res) {
const replayNonce = res.headers.find(h => h.key == 'Replay-Nonce').value;
pm.environment.set('Replay-Nonce', replayNonce);
// JWT generation script adapted from
// https://gist.github.com/corbanb/db03150abbe899285d6a86cc480f674d
var navigator = {};
var window = {};
eval(pm.globals.get("jsrsasign-js"));
var newPrivateKey = pm.environment.get('account_new_private_key') || ''
const pathInfo = pm.variables.replaceIn(pm.request.url.getPath());
var newPubKeyJWK = {
'kty':'RSA',
'e':'AQAB',
'n':pm.environment.get("new_public_key_n")
}
var innerHeader = {
'jwk': newPubKeyJWK,
"url" : pm.environment.get("baseUrl") + pathInfo || '',
'alg': 'RS256'
};
var oldPubKeyJWK = {
'kty':'RSA',
'e':'AQAB',
'n':pm.environment.get("old_public_key_n")
}
var innerData = {
'account': pm.environment.get('baseUrl') + '/acct/' + pm.environment.get('accountId') || '',
'oldKey' : oldPubKeyJWK
};
var innerJWS = KJUR.jws.JWS.sign(innerHeader.alg, innerHeader, innerData, newPrivateKey).split(".")
var oldPrivateKey = pm.environment.get('account_private_key') || ''
let outerPayload = {
'protected': innerJWS[0],
'payload': innerJWS[1],
'signature': innerJWS[2]
}
var outerHeader = {
'kid': pm.environment.get('baseUrl') + '/acct/' + pm.environment.get('accountId') || '',
'nonce': pm.environment.get('Replay-Nonce') || '',
"url" : pm.environment.get("baseUrl") + pathInfo || '',
'alg': 'RS256'
};
var sJWT = KJUR.jws.JWS.sign(outerHeader.alg, outerHeader, outerPayload, oldPrivateKey).split(".")
let body = {
'protected': sJWT[0],
'payload': sJWT[1],
'signature': sJWT[2]
}
pm.request.body.raw=body
});
});
These environment variables are needed to ensure the request is signed correctly each time.
https://acme.cisco.com/acme/directory
Account ID associated with your acme account
Private key associated with account to sign each request.
New private key you want to associate with your account. This is used for the key-change request.
N value associated with new public key. This is used for the key-change request.
N value associated with old public key. This is used for the key-change request.
This will automatically be generated in for each request but must exist to be set.
The Cisco ACME team is not responsible for issues using this script.
Cisco ACME