Esempio n. 1
0
def RequestIssuance(info):
	#create csr
	hostname = info['hostname']
	fqdn= hostname + DOMAIN
	authz=json.loads(info['authz_json'])
	csr = _createCertRequest(info['csr_privkey'], name={'CN': fqdn}, digest="sha256")
	payload={
		"resource":"new-cert",
		"csr":_b64(csr),
	}
	resp=requests.get(CA)
	nonce=resp.headers['Replay-Nonce'].encode('utf-8')
	resp=_send_signed_request(authz.get('new_cert_uri'), payload, hostname, nonce)
	logger.debug('NewCert resp: {}:{}'.format(resp.status_code, resp.headers))
	if resp.status_code==201:
		db.updateHost(hostname, 'certificate', resp.headers.get('Location'))
		logger.info('Certificate issued!')
		return True
	if resp.status_code==202:
		while True:
			resp=requests.get(resp.url)
			logger.debug('NewCert resp: {}:{}'.format(resp.status_code, resp.headers))
			if resp==201:
				db.updateHost(hostname, 'certificate', resp.headers.get('Location'))
				return True
			if resp!=202:
				time.sleep(resp.headers('Retry-After'))
	return False
Esempio n. 2
0
def Poll(info):
	authz=json.loads(info['authz_json'])
	resp=requests.get(authz.get('uri'))
	logger.debug('Poll resp: {}\n{}:{}'.format(resp.headers, resp.status_code, resp.text))
	if resp.status_code==200:#Challenge accepted & Valid keep polling until status is valid
		while True:
			time.sleep(5)
			resp=requests.get(authz.get('uri'))
			logger.debug('Poll resp: {}\n{}:{}'.format(resp.headers, resp.status_code, resp.text))
			if resp.json().get('status')=='valid':
				break
		authz_json={
			"body":resp.json(),
			"new_cert_uri":resp.links['next'].get('url'),
			"uri":authz.get('uri')
		}
		db.updateHost(info['hostname'],'authz_json', json.dumps(authz_json))
		return True
	if resp.status_code==202:#Challenge accepted but not validated yet.#look for retry-after header.
		if resp.headers.get('Retry-After') != None:
			while True:
				logger.info('Waiting {} seconds for LetsEncrypt to verify challenge.'.format(resp.headers.get('Retry-After')))
				time.sleep(resp.headers.get('Retry-After'))
				resp=requests.get(authz.get('uri'))
				if resp.status_code!=202:
					break
		return True
	return False
Esempio n. 3
0
def Register(info):
	hostname=info['hostname']
	resp=requests.get(CA)
	nonce=resp.headers['Replay-Nonce'].encode('utf8')
	LEdir=json.loads(resp.text)
	payload={
		"resource":"new-reg",
	}
	logger.debug('Registering {} with LetsEncrypt.'.format(hostname))
	registration = _send_signed_request(LEdir['new-reg'], payload, hostname, nonce)
	#logger.debug('Reg Response Content: \n{}'.format(resp.content))
	logger.debug('Reg response: {}\n{}:{}'.format(registration.headers, registration.status_code, registration.text))
	if registration.status_code==201:
		#look for terms
		TERMS=registration.links['terms-of-service']
		logger.info('TERMS: {}'.format(TERMS))
		if TERMS!=None:
			logger.debug('Agreeing to terms')
			payload={
				"resource":"reg",
				"agreement":TERMS.get('url'),
			}
			resp=_send_signed_request(registration.headers.get('Location'), payload, hostname, registration.headers.get('Replay-Nonce'))
			logger.debug('Terms resp: {}\n{}:{}'.format(resp.headers, resp.status_code, resp.text))

		reg_json={
			"body":{
				"agreement":TERMS.get('url'),
				"key":registration.json().get('key'),
				},
			"new_authzr_uri":registration.links['next'].get('url'),
			"terms_of_service":TERMS.get('url'),
			"uri":registration.headers.get('Location')
			}
		db.updateHost(hostname,'reg_json', json.dumps(reg_json))
		return True
	if registration.status_code==409:
		#already registered
		logger.debug('{} is already registered.'.format(hostname))
		return True
	return False
Esempio n. 4
0
def RequestChallenges(info):
	hostname=info['hostname']
	resp=requests.get(CA)
	nonce=resp.headers['Replay-Nonce'].encode('utf-8')
	payload={
		"resource":"new-authz",
		"identifier": {
			"type": "dns",
			"value": hostname+DOMAIN,
		}
	}
	logger.debug('Getting Authz')
	resp=_send_signed_request(ast.literal_eval(info['reg_json']).get('new_authzr_uri'), payload, hostname, nonce)
	logger.debug('Authz resp: {}\n{}:{}'.format(resp.headers, resp.status_code, resp.text))
	if resp.status_code==201:
		authz_json={
			"body":resp.json(),
			"new_cert_uri":resp.links['next'].get('url'),
			"uri":resp.headers.get('Location')
		}
		db.updateHost(hostname,'authz_json', json.dumps(authz_json))
		return True
	return False