def verify(self, chall, account_public_key): """Verify the key authorization. :param KeyAuthorization chall: Challenge that corresponds to this response. :param JWK account_public_key: :return: ``True`` iff verification of the key authorization was successful. :rtype: bool """ parts = self.key_authorization.split('.') # pylint: disable=no-member if len(parts) != 2: logger.debug("Key authorization (%r) is not well formed", self.key_authorization) return False if parts[0] != chall.encode("token"): logger.debug("Mismatching token in key authorization: " "%r instead of %r", parts[0], chall.encode("token")) return False thumbprint = jose.b64encode(account_public_key.thumbprint( hash_function=self.thumbprint_hash_function)).decode() if parts[1] != thumbprint: logger.debug("Mismatching thumbprint in key authorization: " "%r instead of %r", parts[0], thumbprint) return False return True
def validation(self, account_key, **unused_kwargs): """Generate validation. :param JWK account_key: :rtype: unicode """ return jose.b64encode(hashlib.sha256(self.key_authorization( account_key).encode("utf-8")).digest()).decode()
def key_authorization(self, account_key: jose.JWK) -> str: """Generate Key Authorization. :param JWK account_key: :rtype unicode: """ return self.encode("token") + "." + jose.b64encode( account_key.thumbprint( hash_function=self.thumbprint_hash_function)).decode()
def key_authorization(self, account_key): """Generate Key Authorization. :param JWK account_key: :rtype unicode: """ return self.encode("token") + "." + jose.b64encode( account_key.thumbprint( hash_function=self.thumbprint_hash_function)).decode()
def validation(self, account_key, **unused_kwargs): """Generate validation. :param JWK account_key: :rtype: unicode """ return jose.b64encode( hashlib.sha256( self.key_authorization(account_key).encode( "utf-8")).digest()).decode()
def test_debug_challenges(self): config = mock.Mock(debug_challenges=True, verbose_count=0) authzrs = [gen_dom_authzr(domain="0", challs=acme_util.CHALLENGES)] mock_order = mock.MagicMock(authorizations=authzrs) account_key_thumbprint = b"foobarbaz" self.mock_account.key.thumbprint.return_value = account_key_thumbprint self.mock_net.poll.side_effect = _gen_mock_on_poll() self.handler.handle_authorizations(mock_order, config) self.assertEqual(self.mock_net.answer_challenge.call_count, 1) self.assertEqual(self.mock_display.notification.call_count, 1) self.assertIn('Pass "-v" for more info', self.mock_display.notification.call_args[0][0]) self.assertNotIn( f"http://{authzrs[0].body.identifier.value}/.well-known/acme-challenge/" + b64encode(authzrs[0].body.challenges[0].chall.token).decode(), self.mock_display.notification.call_args[0][0]) self.assertNotIn( b64encode(account_key_thumbprint).decode(), self.mock_display.notification.call_args[0][0])
def _perform_emailreply00(self, achall): response, _ = achall.challb.response_and_validation(achall.account_key) text = 'A challenge request for S/MIME certificate has been sent. In few minutes, ACME server will send a challenge e-mail to requested recipient {}. Please, copy the ENTIRE subject and paste it below. The subject starts with the label ACME: '.format(achall.domain) display_util.notification(text,pause=False) code,subject = display_util.input_text('Subject: ', force_interactive=True) token64 = subject.split(' ')[-1] token1 = jose.b64.b64decode(token64) full_token = token1+achall.chall.token # We reconstruct the ChallengeBody challt = messages.ChallengeBody.from_json({ 'type': 'email-reply-00', 'token': jose.b64.b64encode(bytes(full_token)).decode('ascii'), 'url': achall.challb.uri, 'status': achall.challb.status.to_json(), 'from': achall.challb.chall.from_addr }) response, validation = challt.response_and_validation(achall.account_key) digest = hashes.Hash(hashes.SHA256()) digest.update(validation.encode()) thumbprint = jose.b64encode(digest.finalize()).decode() display_util.notification('A challenge response has been generated. Please, copy the following text, reply the e-mail you have received from ACME server and paste this text in the TOP of the message\'s body: ',pause=False) print('\n-----BEGIN ACME RESPONSE-----\n' '{}\n' '-----END ACME RESPONSE-----\n'.format(thumbprint)) return response
def ProcessEmailChallenge(msg, achall): if (email.utils.parseaddr(msg['From'])[1] != achall.challb.chall.from_addr): raise FromAddressMismatch if (msg['To'] != achall.domain): raise ReceiptAddressMismatch subject = msg['Subject'] from_addr = email.utils.parseaddr(msg['From'])[1] if (msg.get('DKIM-Signature', None)): dkim.ProcessDKIM(msg, from_addr) elif (msg.get_content_subtype() == 'signed'): pkcs7.ProcessPKCS7(msg, from_addr) if (not subject.startswith('ACME: ')): raise BadSubject token64 = subject.split(' ')[-1] token1 = jose.b64.b64decode(token64) full_token = token1 + achall.chall.token # We reconstruct the ChallengeBody challt = messages.ChallengeBody.from_json({ 'type': 'email-reply-00', 'token': jose.b64.b64encode(bytes(full_token)).decode('ascii'), 'url': achall.challb.uri, 'status': achall.challb.status.to_json(), 'from': achall.challb.chall.from_addr }) response, validation = challt.response_and_validation(achall.account_key) digest = hashes.Hash(hashes.SHA256()) digest.update(validation.encode()) thumbprint = jose.b64encode(digest.finalize()).decode() return response, '-----BEGIN ACME RESPONSE-----\n{}\n-----END ACME RESPONSE-----\n'.format( thumbprint)
def setUp(self): self.privkey = KEY self.pubkey = self.privkey.public_key() self.nonce = jose.b64encode(b'Nonce') self.url = 'hi' self.kid = 'baaaaa'
def test_post_wrong_post_response_nonce(self): self.available_nonces = [jose.b64encode(b'good'), b'f'] self.assertRaises(errors.BadNonce, self.net.post, 'uri', self.obj, content_type=self.content_type)
def test_post_wrong_initial_nonce(self): # HEAD self.available_nonces = [b'f', jose.b64encode(b'good')] self.assertRaises(errors.BadNonce, self.net.post, 'uri', self.obj, content_type=self.content_type)