How to use the acme.jose function in acme

:rtype: `tuple` of `.Account` and `acme.client.Client`

    """
    # Log non-standard actions, potentially wrong API calls
    if account_storage.find_all():
        logger.info("There are already existing accounts for %s", config.server)
    if config.email is None:
        if not config.register_unsafely_without_email:
            msg = ("No email was provided and "
                   "--register-unsafely-without-email was not present.")
            logger.warn(msg)
            raise errors.Error(msg)
        logger.warn("Registering without email!")

    # Each new registration shall use a fresh new key
    key = jose.JWKRSA(key=jose.ComparableRSAKey(
        rsa.generate_private_key(
            public_exponent=65537,
            key_size=config.rsa_key_size,
            backend=default_backend())))
    acme = acme_from_config_key(config, key)
    # TODO: add phone?
    regr = perform_registration(acme, config)

    if regr.terms_of_service is not None:
        if tos_cb is not None and not tos_cb(regr):
            raise errors.Error(
                "Registration cannot proceed without accepting "
                "Terms of Service.")
        regr = acme.agree_to_tos(regr)

    acc = account.Account(regr, key)

__slots__ = jose.Signature._orig_slots  # pylint: disable=no-member

    # TODO: decoder/encoder should accept cls? Otherwise, subclassing
    # JSONObjectWithFields is tricky...
    header_cls = Header
    header = jose.Field(
        'header', omitempty=True, default=header_cls(),
        decoder=header_cls.from_json)

    # TODO: decoder should check that nonce is in the protected header


class JWS(jose.JWS):
    """ACME JWS."""
    signature_cls = Signature
    __slots__ = jose.JWS._orig_slots  # pylint: disable=no-member

    @classmethod
    def sign(cls, payload, key, alg, nonce):  # pylint: disable=arguments-differ
        return super(JWS, cls).sign(payload, key=key, alg=alg,
                                    protect=frozenset(['nonce']), nonce=nonce)

logger = logging.getLogger(__name__)


class Signature(jose.JSONObjectWithFields):
    """ACME signature.

    :ivar .JWASignature alg: Signature algorithm.
    :ivar bytes sig: Signature.
    :ivar bytes nonce: Nonce.
    :ivar .JWK jwk: JWK.

    """
    NONCE_SIZE = 16
    """Minimum size of nonce in bytes."""

    alg = jose.Field('alg', decoder=jose.JWASignature.from_json)
    sig = jose.Field('sig', encoder=jose.encode_b64jose,
                     decoder=jose.decode_b64jose)
    nonce = jose.Field(
        'nonce', encoder=jose.encode_b64jose, decoder=functools.partial(
            jose.decode_b64jose, size=NONCE_SIZE, minimum=True))
    jwk = jose.Field('jwk', decoder=jose.JWK.from_json)

    @classmethod
    def from_msg(cls, msg, key, nonce=None, nonce_size=None, alg=jose.RS256):
        """Create signature with nonce prepended to the message.

        :param bytes msg: Message to be signed.

        :param key: Key used for signing.
        :type key: `cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`
            (optionally wrapped in `.ComparableRSAKey`).

import pkg_resources

import M2Crypto

from acme import messages
from acme import jose

from letsencrypt import network


logger = logging.getLogger()
logger.setLevel(logging.DEBUG)

NEW_REG_URL = 'https://www.letsencrypt-demo.org/acme/new-reg'

key = jose.JWKRSA.load(pkg_resources.resource_string(
    'acme.jose', os.path.join('testdata', 'rsa512_key.pem')))
net = network.Network(NEW_REG_URL, key)

regr = net.register(contact=(
    'mailto:cert-admin@example.com', 'tel:+12025551212'))
logging.info('Auto-accepting TOS: %s', regr.terms_of_service)
net.update_registration(regr.update(
    body=regr.body.update(agreement=regr.terms_of_service)))
logging.debug(regr)

authzr = net.request_challenges(
    identifier=messages.Identifier(
        typ=messages.IDENTIFIER_FQDN, value='example1.com'),
    new_authzr_uri=regr.new_authzr_uri)
logging.debug(authzr)

def key_authorization(self, account_key):
        """Generate Key Authorization.

        :param JWK account_key:
        :rtype unicode:

        """
        return self.encode("token") + "." + jose.b64encode(
            account_key.thumbprint(
                hash_function=self.thumbprint_hash_function)).decode()

def _get_acme_client_for_revoc(self, cert, version):
        # Set up acme_client with proper key
        acc_fs = account.AccountFileStorage(self.config)
        try:
            acc = acc_fs.load(cert.configuration["renewalparams"]["account"])
        except errors.AccountNotFound:
            logger.warning("Unable to find original account for revocation? "
                           "Did you wipe the accounts?")
            logger.debug(
                "Using associated private cert key for acme revocation")

            with open(cert.version("privkey", version)) as key_f:
                cert_key = key_f.read()
            return acme_client.Client(
                self.config.server, key=jose.JWK.load(cert_key))

        else:
            return acme_client.Client(self.config.server, key=acc.key)

def certs(value):  # pylint: disable=missing-docstring,no-self-argument
            return tuple(jose.decode_cert(cert) for cert in value)

    @classmethod
    def from_json(cls, value):
        if value not in cls.POSSIBLE_NAMES:
            raise jose.DeserializationError(
                '{0} not recognized'.format(cls.__name__))
        return cls.POSSIBLE_NAMES[value]

class Registration(ResourceBody):
    """Registration Resource Body.

    :ivar acme.jose.jwk.JWK key: Public key.
    :ivar tuple contact: Contact information following ACME spec,
        `tuple` of `unicode`.
    :ivar unicode agreement:
    :ivar unicode authorizations: URI where
        `messages.Registration.Authorizations` can be found.
    :ivar unicode certificates: URI where
        `messages.Registration.Certificates` can be found.

    """
    # on new-reg key server ignores 'key' and populates it based on
    # JWS.signature.combined.jwk
    key = jose.Field('key', omitempty=True, decoder=jose.JWK.from_json)
    contact = jose.Field('contact', omitempty=True, default=())
    agreement = jose.Field('agreement', omitempty=True)
    authorizations = jose.Field('authorizations', omitempty=True)
    certificates = jose.Field('certificates', omitempty=True)

    class Authorizations(jose.JSONObjectWithFields):
        """Authorizations granted to Account in the process of registration.

        :ivar tuple authorizations: URIs to Authorization Resources.

        """
        authorizations = jose.Field('authorizations')

    class Certificates(jose.JSONObjectWithFields):
        """Certificates granted to Account in the process of registration.

def nonce(value):  # pylint: disable=missing-docstring,no-self-argument
        try:
            return jose.decode_b64jose(value)
        except jose.DeserializationError as error:
            # TODO: custom error
            raise jose.DeserializationError("Invalid nonce: {0}".format(error))