def _validate_http_challenge(self, challenge_name, fqdn, token, jwk_thumbprint): """ validate http challenge """ self.logger.debug('Challenge._validate_http_challenge({0}:{1}:{2})'.format(challenge_name, fqdn, token)) # resolve name (response, invalid) = fqdn_resolve(fqdn, self.dns_server_list) self.logger.debug('fqdn_resolve() ended with: {0}/{1}'.format(response, invalid)) if not invalid: req = url_get(self.logger, 'http://{0}/.well-known/acme-challenge/{1}'.format(fqdn, token), self.dns_server_list, verify=False) # make challenge validation unsuccessful # req = url_get(self.logger, 'http://{0}/.well-known/acme-challenge/{1}'.format('test.test', 'foo.bar.some.not.existing.ressource')) if req: response_got = req.splitlines()[0] response_expected = '{0}.{1}'.format(token, jwk_thumbprint) self.logger.debug('response_got: {0} response_expected: {1}'.format(response_got, response_expected)) if response_got == response_expected: self.logger.debug('validation successful') result = True else: self.logger.debug('validation not successful') result = False else: self.logger.debug('validation not successfull.. no request object') result = False else: result = False self.logger.debug('Challenge._validate_http_challenge() ended with: {0}/{1}'.format(result, invalid)) return (result, invalid)
def _validate_alpn_challenge(self, challenge_name, fqdn, token, jwk_thumbprint): """ validate dns challenge """ self.logger.debug( 'Challenge._validate_alpn_challenge({0}:{1}:{2})'.format( challenge_name, fqdn, token)) # resolve name (response, invalid) = fqdn_resolve(fqdn, self.dns_server_list) self.logger.debug('fqdn_resolve() ended with: {0}/{1}'.format( response, invalid)) # we are expecting a certifiate extension which is the sha256 hexdigest of token in a byte structure # which is base64 encoded '0420' has been taken from acme_srv.sh sources sha256_digest = sha256_hash_hex( self.logger, '{0}.{1}'.format(token, jwk_thumbprint)) extension_value = b64_encode( self.logger, bytearray.fromhex('0420{0}'.format(sha256_digest))) self.logger.debug('computed value: {0}'.format(extension_value)) if not invalid: # check if we need to set a proxy if self.proxy_server_list: proxy_server = proxy_check(self.logger, fqdn, self.proxy_server_list) else: proxy_server = None cert = servercert_get(self.logger, fqdn, 443, proxy_server) if cert: san_list = cert_san_get(self.logger, cert, recode=False) fqdn_in_san = fqdn_in_san_check(self.logger, san_list, fqdn) if fqdn_in_san: extension_list = cert_extensions_get(self.logger, cert, recode=False) if extension_value in extension_list: self.logger.debug('alpn validation successful') result = True else: self.logger.debug('alpn validation not successful') result = False else: self.logger.debug('fqdn check against san failed') result = False else: self.logger.debug('no cert returned...') result = False else: result = False self.logger.debug( 'Challenge._validate_alpn_challenge() ended with: {0}/{1}'.format( result, invalid)) return (result, invalid)
def _validate_http_challenge(self, challenge_name, fqdn, token, jwk_thumbprint): """ validate http challenge """ self.logger.debug( 'Challenge._validate_http_challenge({0}:{1}:{2})'.format( challenge_name, fqdn, token)) # resolve name (response, invalid) = fqdn_resolve(fqdn, self.dns_server_list) self.logger.debug('fqdn_resolve() ended with: {0}/{1}'.format( response, invalid)) if not invalid: # check if we need to set a proxy if self.proxy_server_list: proxy_server = proxy_check(self.logger, fqdn, self.proxy_server_list) else: proxy_server = None req = url_get(self.logger, 'http://{0}/.well-known/acme-challenge/{1}'.format( fqdn, token), dns_server_list=self.dns_server_list, proxy_server=proxy_server, verify=False, timeout=self.challenge_validation_timeout) if req: response_got = req.splitlines()[0] response_expected = '{0}.{1}'.format(token, jwk_thumbprint) self.logger.debug( 'response_got: {0} response_expected: {1}'.format( response_got, response_expected)) if response_got == response_expected: self.logger.debug('validation successful') result = True else: self.logger.debug('validation not successful') result = False else: self.logger.debug( 'validation not successfull.. no request object') result = False else: result = False self.logger.debug( 'Challenge._validate_http_challenge() ended with: {0}/{1}'.format( result, invalid)) return (result, invalid)