def get_jwk_from_public_key(public_key):
e = public_key.public_numbers().e
n = public_key.public_numbers().n
e = util.to_base64(util.int_to_bytes(e))
n = util.to_base64(util.int_to_bytes(n))
my_jwk = {"kty": "RSA", "n": n, "e": e}
return my_jwk
def get_jws(protected_header, payload, private_key):
protected_header = util.to_base64(json.dumps(protected_header))
if (payload != ""):
payload = util.to_base64(json.dumps(payload))
message = protected_header + "." + payload
signature = private_key.sign(message.encode('utf8'), padding.PKCS1v15(),
hashes.SHA256())
signature = util.to_base64(signature)
jws = {}
jws["protected"] = protected_header
jws["payload"] = payload
jws["signature"] = signature
jws = json.dumps(jws).encode("utf8")
return jws
def dns_01_challenge(self):
self.logger.info("Performing dns-01 challenge")
for challenge in self.acme_challenges:
token = challenge["token"]
chall_url = challenge["url"]
key_auth = crypto.get_key_authorization(token, self.jwk)
hashed_key_auth = hashlib.sha256(key_auth.encode('utf-8')).digest()
hashed_key_auth = util.to_base64(hashed_key_auth)
zone = ". 300 IN TXT " + hashed_key_auth
resolver = DnsResolver(zone)
dns_server = DNSServer(resolver,
address=self.record_addr,
port=10053)
dns_server.start_thread()
r_dict = util.acme_server_request(self, chall_url, {}).json()
self.logger.debug(r_dict)
r_dict = util.poll_acme_server(self, challenge['auth_url'], "",
"valid")
self.logger.debug(r_dict)
dns_server.stop()
return
def get_csr(domains, private_key):
domain_names = []
for domain in domains:
domain_names.append(x509.DNSName(domain))
builder = x509.CertificateSigningRequestBuilder()
builder = builder.subject_name(
x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, domains[0])]))
builder = builder.add_extension(x509.SubjectAlternativeName(domain_names),
critical=False)
request = builder.sign(private_key, hashes.SHA256(), default_backend())
request = util.to_base64(request.public_bytes(Encoding.DER))
return request
def revoke_certificate(self):
self.logger.info("Revoking Certificate")
cert = util.to_base64(self.acme_certificate)
payload = {'certificate': cert}
r = util.acme_server_request(self, self.acme_revokeCert_url, payload)
self.logger.debug(r.headers)
def get_key_authorization(token, jwk):
jwk = json.dumps(jwk, sort_keys=True, separators=(',', ':')).encode('utf8')
thumbprint = hashlib.sha256(jwk).digest()
thumbprint = util.to_base64(thumbprint)
return token + "." + thumbprint