BREAKING CHANGE(acme): Replace external acme-client with a built-in RFC8555-compliant ACME implementation and update public APIs accordingly

ts/acme/acme.classes.account.ts

@@ -0,0 +1,45 @@
+import type { AcmeHttpClient } from './acme.classes.http-client.js';
+import type { IAcmeAccount, IAcmeAccountCreateRequest } from './acme.interfaces.js';
+
+/**
+ * ACME account management - registration and key management
+ */
+export class AcmeAccount {
+  private httpClient: AcmeHttpClient;
+  private accountUrl: string | null = null;
+
+  constructor(httpClient: AcmeHttpClient) {
+    this.httpClient = httpClient;
+  }
+
+  /**
+   * Register or retrieve an ACME account.
+   * Uses JWK (not kid) since account URL is not yet known.
+   * Captures account URL from Location header for subsequent requests.
+   */
+  async create(request: IAcmeAccountCreateRequest): Promise<IAcmeAccount> {
+    const dir = await this.httpClient.getDirectory();
+    const response = await this.httpClient.signedRequest(dir.newAccount, request, {
+      useJwk: true,
+    });
+
+    // Capture account URL from Location header (used as kid for future requests)
+    const location = response.headers['location'];
+    if (location) {
+      this.accountUrl = location;
+      this.httpClient.kid = location;
+    }
+
+    return response.data as IAcmeAccount;
+  }
+
+  /**
+   * Get the account URL (kid) for use in JWS headers
+   */
+  getAccountUrl(): string {
+    if (!this.accountUrl) {
+      throw new Error('Account not yet created - call create() first');
+    }
+    return this.accountUrl;
+  }
+}