def obtain_certificate(self, domains): """Obtains a certificate from the ACME server. `.register` must be called before `.obtain_certificate` :param list domains: domains to get a certificate :returns: `.CertificateResource`, certificate chain (as returned by `.fetch_chain`), and newly generated private key (`.le_util.Key`) and DER-encoded Certificate Signing Request (`.le_util.CSR`). :rtype: tuple """ authzr = self.auth_handler.get_authorizations( domains, self.config.allow_subset_of_names) domains = [a.body.identifier.value.encode('ascii') for a in authzr] # Create CSR from names key = crypto_util.init_save_key(self.config.rsa_key_size, self.config.key_dir) csr = crypto_util.init_save_csr(key, domains, self.config.csr_dir) return (self.obtain_certificate_from_csr(domains, csr, authzr=authzr) + (key, csr))
def obtain_certificate(self, domains): """Obtains a certificate from the ACME server. `.register` must be called before `.obtain_certificate` :param list domains: domains to get a certificate :returns: `.CertificateResource`, certificate chain (as returned by `.fetch_chain`), and newly generated private key (`.le_util.Key`) and DER-encoded Certificate Signing Request (`.le_util.CSR`). :rtype: tuple """ authzr = self.auth_handler.get_authorizations( domains, self.config.allow_subset_of_names) domains = [a.body.identifier.value.encode('ascii') for a in authzr] # Create CSR from names key = crypto_util.init_save_key( self.config.rsa_key_size, self.config.key_dir) csr = crypto_util.init_save_csr(key, domains, self.config.csr_dir) return (self.obtain_certificate_from_csr(domains, csr, authzr=authzr) + (key, csr))
def obtain_certificate(self, domains, csr=None): """Obtains a certificate from the ACME server. :meth:`.register` must be called before :meth:`.obtain_certificate` .. todo:: This function does not currently handle CSR correctly. :param set domains: domains to get a certificate :param csr: CSR must contain requested domains, the key used to generate this CSR can be different than self.authkey :type csr: :class:`CSR` :returns: Certificate, private key, and certificate chain (all PEM-encoded). :rtype: `tuple` of `str` """ if self.auth_handler is None: msg = ("Unable to obtain certificate because authenticator is " "not set.") logging.warning(msg) raise errors.LetsEncryptClientError(msg) if self.account.regr is None: raise errors.LetsEncryptClientError( "Please register with the ACME server first.") # Perform Challenges/Get Authorizations authzr = self.auth_handler.get_authorizations(domains) # Create CSR from names cert_key = crypto_util.init_save_key( self.config.rsa_key_size, self.config.key_dir) csr = crypto_util.init_save_csr( cert_key, domains, self.config.cert_dir) # Retrieve certificate certr = self.network.request_issuance( jose.ComparableX509( M2Crypto.X509.load_request_der_string(csr.data)), authzr) cert_pem = certr.body.as_pem() chain_pem = None if certr.cert_chain_uri is not None: chain_pem = self.network.fetch_chain(certr) if chain_pem is None: # XXX: just to stop RenewableCert from complaining; this is # probably not a good solution chain_pem = "" else: chain_pem = chain_pem.as_pem() return cert_pem, cert_key.pem, chain_pem
def _get_snakeoil_paths(self): # TODO: generate only once tmp_dir = os.path.join(self.config.work_dir, "snakeoil") le_key = crypto_util.init_save_key(key_size=1024, key_dir=tmp_dir, keyname="key.pem") key = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM, le_key.pem) cert = acme_crypto_util.gen_ss_cert(key, domains=[socket.gethostname()]) cert_path = os.path.join(tmp_dir, "cert.pem") cert_pem = OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, cert) with open(cert_path, "w") as cert_file: cert_file.write(cert_pem) return cert_path, le_key.file
def obtain_certificate(self, domains, csr=None): """Obtains a certificate from the ACME server. :meth:`.register` must be called before :meth:`.obtain_certificate` .. todo:: This function does not currently handle CSR correctly. :param set domains: domains to get a certificate :param csr: CSR must contain requested domains, the key used to generate this CSR can be different than self.authkey :type csr: :class:`CSR` :returns: Certificate, private key, and certificate chain (all PEM-encoded). :rtype: `tuple` of `str` """ if self.auth_handler is None: msg = ("Unable to obtain certificate because authenticator is " "not set.") logging.warning(msg) raise errors.LetsEncryptClientError(msg) if self.account.regr is None: raise errors.LetsEncryptClientError( "Please register with the ACME server first.") # Perform Challenges/Get Authorizations authzr = self.auth_handler.get_authorizations(domains) # Create CSR from names cert_key = crypto_util.init_save_key(self.config.rsa_key_size, self.config.key_dir) csr = crypto_util.init_save_csr(cert_key, domains, self.config.cert_dir) # Retrieve certificate certr = self.network.request_issuance( jose.ComparableX509(M2Crypto.X509.load_request_der_string( csr.data)), authzr) cert_pem = certr.body.as_pem() chain_pem = None if certr.cert_chain_uri is not None: chain_pem = self.network.fetch_chain(certr) if chain_pem is None: # XXX: just to stop RenewableCert from complaining; this is # probably not a good solution chain_pem = "" else: chain_pem = chain_pem.as_pem() return cert_pem, cert_key.pem, chain_pem
def _get_snakeoil_paths(self): # TODO: generate only once tmp_dir = os.path.join(self.config.work_dir, "snakeoil") key = crypto_util.init_save_key( key_size=1024, key_dir=tmp_dir, keyname="key.pem") cert_pem = crypto_util.make_ss_cert( key.pem, domains=[socket.gethostname()]) cert = os.path.join(tmp_dir, "cert.pem") with open(cert, 'w') as cert_file: cert_file.write(cert_pem) return cert, key.file
def _get_snakeoil_paths(self): # TODO: generate only once tmp_dir = os.path.join(self.config.work_dir, "snakeoil") key = crypto_util.init_save_key(key_size=1024, key_dir=tmp_dir, keyname="key.pem") cert_pem = crypto_util.make_ss_cert(key.pem, domains=[socket.gethostname()]) cert = os.path.join(tmp_dir, "cert.pem") with open(cert, 'w') as cert_file: cert_file.write(cert_pem) return cert, key.file
def _get_snakeoil_paths(self): # TODO: generate only once tmp_dir = os.path.join(self.config.work_dir, "snakeoil") le_key = crypto_util.init_save_key( key_size=1024, key_dir=tmp_dir, keyname="key.pem") key = OpenSSL.crypto.load_privatekey( OpenSSL.crypto.FILETYPE_PEM, le_key.pem) cert = acme_crypto_util.gen_ss_cert(key, domains=[socket.gethostname()]) cert_path = os.path.join(tmp_dir, "cert.pem") cert_pem = OpenSSL.crypto.dump_certificate( OpenSSL.crypto.FILETYPE_PEM, cert) with open(cert_path, 'w') as cert_file: cert_file.write(cert_pem) return cert_path, le_key.file
def obtain_certificate(self, domains, csr=None): """Obtains a certificate from the ACME server. :meth:`.register` must be called before :meth:`.obtain_certificate` .. todo:: This function does not currently handle csr correctly... :param set domains: domains to get a certificate :param csr: CSR must contain requested domains, the key used to generate this CSR can be different than self.authkey :type csr: :class:`CSR` :returns: cert_key, cert_path, chain_path :rtype: `tuple` of (:class:`letsencrypt.le_util.Key`, str, str) """ if self.auth_handler is None: msg = ("Unable to obtain certificate because authenticator is " "not set.") logging.warning(msg) raise errors.LetsEncryptClientError(msg) if self.account.regr is None: raise errors.LetsEncryptClientError( "Please register with the ACME server first.") # Perform Challenges/Get Authorizations authzr = self.auth_handler.get_authorizations(domains) # Create CSR from names cert_key = crypto_util.init_save_key( self.config.rsa_key_size, self.config.key_dir) csr = crypto_util.init_save_csr( cert_key, domains, self.config.cert_dir) # Retrieve certificate certr = self.network.request_issuance( jose.ComparableX509( M2Crypto.X509.load_request_der_string(csr.data)), authzr) # Save Certificate cert_path, chain_path = self.save_certificate( certr, self.config.cert_path, self.config.chain_path) revoker.Revoker.store_cert_key( cert_path, self.account.key.file, self.config) return cert_key, cert_path, chain_path
def obtain_certificate(self, domains): """Obtains a certificate from the ACME server. `.register` must be called before `.obtain_certificate` :param set domains: domains to get a certificate :returns: `.CertificateResource`, certificate chain (as returned by `.fetch_chain`), and newly generated private key (`.le_util.Key`) and DER-encoded Certificate Signing Request (`.le_util.CSR`). :rtype: tuple """ # Create CSR from names key = crypto_util.init_save_key(self.config.rsa_key_size, self.config.key_dir) csr = crypto_util.init_save_csr(key, domains, self.config.csr_dir) return self._obtain_certificate(domains, csr) + (key, csr)
def from_email(cls, config, email): """Generate a new account from an email address. :param config: Configuration :type config: :class:`letsencrypt.interfaces.IConfig` :param str email: Email address :raises .errors.Error: If invalid email address is given. """ if not email or cls.safe_email(email): email = email if email else None le_util.make_or_verify_dir( config.account_keys_dir, 0o700, os.geteuid()) key = crypto_util.init_save_key( config.rsa_key_size, config.account_keys_dir, cls._get_config_filename(email)) return cls(config, key, email) raise errors.Error("Invalid email address.")
def _call(cls, key_size, key_dir): from letsencrypt.crypto_util import init_save_key return init_save_key(key_size, key_dir, 'key-letsencrypt.pem')