def _validate_http_challenge(self, challenge_name, fqdn, token, jwk_thumbprint):
""" validate http challenge """
self.logger.debug('Challenge._validate_http_challenge({0}:{1}:{2})'.format(challenge_name, fqdn, token))
# resolve name
(response, invalid) = fqdn_resolve(fqdn, self.dns_server_list)
self.logger.debug('fqdn_resolve() ended with: {0}/{1}'.format(response, invalid))
if not invalid:
req = url_get(self.logger, 'http://{0}/.well-known/acme-challenge/{1}'.format(fqdn, token), self.dns_server_list, verify=False)
# make challenge validation unsuccessful
# req = url_get(self.logger, 'http://{0}/.well-known/acme-challenge/{1}'.format('test.test', 'foo.bar.some.not.existing.ressource'))
if req:
response_got = req.splitlines()[0]
response_expected = '{0}.{1}'.format(token, jwk_thumbprint)
self.logger.debug('response_got: {0} response_expected: {1}'.format(response_got, response_expected))
if response_got == response_expected:
self.logger.debug('validation successful')
result = True
else:
self.logger.debug('validation not successful')
result = False
else:
self.logger.debug('validation not successfull.. no request object')
result = False
else:
result = False
self.logger.debug('Challenge._validate_http_challenge() ended with: {0}/{1}'.format(result, invalid))
return (result, invalid)
def _validate_alpn_challenge(self, challenge_name, fqdn, token,
jwk_thumbprint):
""" validate dns challenge """
self.logger.debug(
'Challenge._validate_alpn_challenge({0}:{1}:{2})'.format(
challenge_name, fqdn, token))
# resolve name
(response, invalid) = fqdn_resolve(fqdn, self.dns_server_list)
self.logger.debug('fqdn_resolve() ended with: {0}/{1}'.format(
response, invalid))
# we are expecting a certifiate extension which is the sha256 hexdigest of token in a byte structure
# which is base64 encoded '0420' has been taken from acme_srv.sh sources
sha256_digest = sha256_hash_hex(
self.logger, '{0}.{1}'.format(token, jwk_thumbprint))
extension_value = b64_encode(
self.logger, bytearray.fromhex('0420{0}'.format(sha256_digest)))
self.logger.debug('computed value: {0}'.format(extension_value))
if not invalid:
# check if we need to set a proxy
if self.proxy_server_list:
proxy_server = proxy_check(self.logger, fqdn,
self.proxy_server_list)
else:
proxy_server = None
cert = servercert_get(self.logger, fqdn, 443, proxy_server)
if cert:
san_list = cert_san_get(self.logger, cert, recode=False)
fqdn_in_san = fqdn_in_san_check(self.logger, san_list, fqdn)
if fqdn_in_san:
extension_list = cert_extensions_get(self.logger,
cert,
recode=False)
if extension_value in extension_list:
self.logger.debug('alpn validation successful')
result = True
else:
self.logger.debug('alpn validation not successful')
result = False
else:
self.logger.debug('fqdn check against san failed')
result = False
else:
self.logger.debug('no cert returned...')
result = False
else:
result = False
self.logger.debug(
'Challenge._validate_alpn_challenge() ended with: {0}/{1}'.format(
result, invalid))
return (result, invalid)
def _validate_http_challenge(self, challenge_name, fqdn, token,
jwk_thumbprint):
""" validate http challenge """
self.logger.debug(
'Challenge._validate_http_challenge({0}:{1}:{2})'.format(
challenge_name, fqdn, token))
# resolve name
(response, invalid) = fqdn_resolve(fqdn, self.dns_server_list)
self.logger.debug('fqdn_resolve() ended with: {0}/{1}'.format(
response, invalid))
if not invalid:
# check if we need to set a proxy
if self.proxy_server_list:
proxy_server = proxy_check(self.logger, fqdn,
self.proxy_server_list)
else:
proxy_server = None
req = url_get(self.logger,
'http://{0}/.well-known/acme-challenge/{1}'.format(
fqdn, token),
dns_server_list=self.dns_server_list,
proxy_server=proxy_server,
verify=False,
timeout=self.challenge_validation_timeout)
if req:
response_got = req.splitlines()[0]
response_expected = '{0}.{1}'.format(token, jwk_thumbprint)
self.logger.debug(
'response_got: {0} response_expected: {1}'.format(
response_got, response_expected))
if response_got == response_expected:
self.logger.debug('validation successful')
result = True
else:
self.logger.debug('validation not successful')
result = False
else:
self.logger.debug(
'validation not successfull.. no request object')
result = False
else:
result = False
self.logger.debug(
'Challenge._validate_http_challenge() ended with: {0}/{1}'.format(
result, invalid))
return (result, invalid)