Esempio n. 1
0
    def obtain_certificate(self, domains):
        """Obtains a certificate from the ACME server.

        `.register` must be called before `.obtain_certificate`

        :param list domains: domains to get a certificate

        :returns: `.CertificateResource`, certificate chain (as
            returned by `.fetch_chain`), and newly generated private key
            (`.le_util.Key`) and DER-encoded Certificate Signing Request
            (`.le_util.CSR`).
        :rtype: tuple

        """
        authzr = self.auth_handler.get_authorizations(
            domains, self.config.allow_subset_of_names)

        domains = [a.body.identifier.value.encode('ascii') for a in authzr]

        # Create CSR from names
        key = crypto_util.init_save_key(self.config.rsa_key_size,
                                        self.config.key_dir)
        csr = crypto_util.init_save_csr(key, domains, self.config.csr_dir)

        return (self.obtain_certificate_from_csr(domains, csr, authzr=authzr) +
                (key, csr))
Esempio n. 2
0
    def obtain_certificate(self, domains):
        """Obtains a certificate from the ACME server.

        `.register` must be called before `.obtain_certificate`

        :param list domains: domains to get a certificate

        :returns: `.CertificateResource`, certificate chain (as
            returned by `.fetch_chain`), and newly generated private key
            (`.le_util.Key`) and DER-encoded Certificate Signing Request
            (`.le_util.CSR`).
        :rtype: tuple

        """
        authzr = self.auth_handler.get_authorizations(
                domains,
                self.config.allow_subset_of_names)

        domains = [a.body.identifier.value.encode('ascii')
                                          for a in authzr]

        # Create CSR from names
        key = crypto_util.init_save_key(
            self.config.rsa_key_size, self.config.key_dir)
        csr = crypto_util.init_save_csr(key, domains, self.config.csr_dir)

        return (self.obtain_certificate_from_csr(domains, csr, authzr=authzr)
                                                                + (key, csr))
Esempio n. 3
0
    def obtain_certificate(self, domains, csr=None):
        """Obtains a certificate from the ACME server.

        :meth:`.register` must be called before :meth:`.obtain_certificate`

        .. todo:: This function does not currently handle CSR correctly.

        :param set domains: domains to get a certificate

        :param csr: CSR must contain requested domains, the key used to generate
            this CSR can be different than self.authkey
        :type csr: :class:`CSR`

        :returns: Certificate, private key, and certificate chain (all
            PEM-encoded).
        :rtype: `tuple` of `str`

        """
        if self.auth_handler is None:
            msg = ("Unable to obtain certificate because authenticator is "
                   "not set.")
            logging.warning(msg)
            raise errors.LetsEncryptClientError(msg)
        if self.account.regr is None:
            raise errors.LetsEncryptClientError(
                "Please register with the ACME server first.")

        # Perform Challenges/Get Authorizations
        authzr = self.auth_handler.get_authorizations(domains)

        # Create CSR from names
        cert_key = crypto_util.init_save_key(
            self.config.rsa_key_size, self.config.key_dir)
        csr = crypto_util.init_save_csr(
            cert_key, domains, self.config.cert_dir)

        # Retrieve certificate
        certr = self.network.request_issuance(
            jose.ComparableX509(
                M2Crypto.X509.load_request_der_string(csr.data)),
            authzr)

        cert_pem = certr.body.as_pem()
        chain_pem = None
        if certr.cert_chain_uri is not None:
            chain_pem = self.network.fetch_chain(certr)

        if chain_pem is None:
            # XXX: just to stop RenewableCert from complaining; this is
            #      probably not a good solution
            chain_pem = ""
        else:
            chain_pem = chain_pem.as_pem()

        return cert_pem, cert_key.pem, chain_pem
Esempio n. 4
0
 def _get_snakeoil_paths(self):
     # TODO: generate only once
     tmp_dir = os.path.join(self.config.work_dir, "snakeoil")
     le_key = crypto_util.init_save_key(key_size=1024, key_dir=tmp_dir, keyname="key.pem")
     key = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM, le_key.pem)
     cert = acme_crypto_util.gen_ss_cert(key, domains=[socket.gethostname()])
     cert_path = os.path.join(tmp_dir, "cert.pem")
     cert_pem = OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, cert)
     with open(cert_path, "w") as cert_file:
         cert_file.write(cert_pem)
     return cert_path, le_key.file
Esempio n. 5
0
    def obtain_certificate(self, domains, csr=None):
        """Obtains a certificate from the ACME server.

        :meth:`.register` must be called before :meth:`.obtain_certificate`

        .. todo:: This function does not currently handle CSR correctly.

        :param set domains: domains to get a certificate

        :param csr: CSR must contain requested domains, the key used to generate
            this CSR can be different than self.authkey
        :type csr: :class:`CSR`

        :returns: Certificate, private key, and certificate chain (all
            PEM-encoded).
        :rtype: `tuple` of `str`

        """
        if self.auth_handler is None:
            msg = ("Unable to obtain certificate because authenticator is "
                   "not set.")
            logging.warning(msg)
            raise errors.LetsEncryptClientError(msg)
        if self.account.regr is None:
            raise errors.LetsEncryptClientError(
                "Please register with the ACME server first.")

        # Perform Challenges/Get Authorizations
        authzr = self.auth_handler.get_authorizations(domains)

        # Create CSR from names
        cert_key = crypto_util.init_save_key(self.config.rsa_key_size,
                                             self.config.key_dir)
        csr = crypto_util.init_save_csr(cert_key, domains,
                                        self.config.cert_dir)

        # Retrieve certificate
        certr = self.network.request_issuance(
            jose.ComparableX509(M2Crypto.X509.load_request_der_string(
                csr.data)), authzr)

        cert_pem = certr.body.as_pem()
        chain_pem = None
        if certr.cert_chain_uri is not None:
            chain_pem = self.network.fetch_chain(certr)

        if chain_pem is None:
            # XXX: just to stop RenewableCert from complaining; this is
            #      probably not a good solution
            chain_pem = ""
        else:
            chain_pem = chain_pem.as_pem()

        return cert_pem, cert_key.pem, chain_pem
Esempio n. 6
0
 def _get_snakeoil_paths(self):
     # TODO: generate only once
     tmp_dir = os.path.join(self.config.work_dir, "snakeoil")
     key = crypto_util.init_save_key(
         key_size=1024, key_dir=tmp_dir, keyname="key.pem")
     cert_pem = crypto_util.make_ss_cert(
         key.pem, domains=[socket.gethostname()])
     cert = os.path.join(tmp_dir, "cert.pem")
     with open(cert, 'w') as cert_file:
         cert_file.write(cert_pem)
     return cert, key.file
Esempio n. 7
0
 def _get_snakeoil_paths(self):
     # TODO: generate only once
     tmp_dir = os.path.join(self.config.work_dir, "snakeoil")
     key = crypto_util.init_save_key(key_size=1024,
                                     key_dir=tmp_dir,
                                     keyname="key.pem")
     cert_pem = crypto_util.make_ss_cert(key.pem,
                                         domains=[socket.gethostname()])
     cert = os.path.join(tmp_dir, "cert.pem")
     with open(cert, 'w') as cert_file:
         cert_file.write(cert_pem)
     return cert, key.file
Esempio n. 8
0
 def _get_snakeoil_paths(self):
     # TODO: generate only once
     tmp_dir = os.path.join(self.config.work_dir, "snakeoil")
     le_key = crypto_util.init_save_key(
         key_size=1024, key_dir=tmp_dir, keyname="key.pem")
     key = OpenSSL.crypto.load_privatekey(
         OpenSSL.crypto.FILETYPE_PEM, le_key.pem)
     cert = acme_crypto_util.gen_ss_cert(key, domains=[socket.gethostname()])
     cert_path = os.path.join(tmp_dir, "cert.pem")
     cert_pem = OpenSSL.crypto.dump_certificate(
         OpenSSL.crypto.FILETYPE_PEM, cert)
     with open(cert_path, 'w') as cert_file:
         cert_file.write(cert_pem)
     return cert_path, le_key.file
Esempio n. 9
0
    def obtain_certificate(self, domains, csr=None):
        """Obtains a certificate from the ACME server.

        :meth:`.register` must be called before :meth:`.obtain_certificate`

        .. todo:: This function does not currently handle csr correctly...

        :param set domains: domains to get a certificate

        :param csr: CSR must contain requested domains, the key used to generate
            this CSR can be different than self.authkey
        :type csr: :class:`CSR`

        :returns: cert_key, cert_path, chain_path
        :rtype: `tuple` of (:class:`letsencrypt.le_util.Key`, str, str)

        """
        if self.auth_handler is None:
            msg = ("Unable to obtain certificate because authenticator is "
                   "not set.")
            logging.warning(msg)
            raise errors.LetsEncryptClientError(msg)
        if self.account.regr is None:
            raise errors.LetsEncryptClientError(
                "Please register with the ACME server first.")

        # Perform Challenges/Get Authorizations
        authzr = self.auth_handler.get_authorizations(domains)

        # Create CSR from names
        cert_key = crypto_util.init_save_key(
            self.config.rsa_key_size, self.config.key_dir)
        csr = crypto_util.init_save_csr(
            cert_key, domains, self.config.cert_dir)

        # Retrieve certificate
        certr = self.network.request_issuance(
            jose.ComparableX509(
                M2Crypto.X509.load_request_der_string(csr.data)),
            authzr)

        # Save Certificate
        cert_path, chain_path = self.save_certificate(
            certr, self.config.cert_path, self.config.chain_path)

        revoker.Revoker.store_cert_key(
            cert_path, self.account.key.file, self.config)

        return cert_key, cert_path, chain_path
Esempio n. 10
0
    def obtain_certificate(self, domains):
        """Obtains a certificate from the ACME server.

        `.register` must be called before `.obtain_certificate`

        :param set domains: domains to get a certificate

        :returns: `.CertificateResource`, certificate chain (as
            returned by `.fetch_chain`), and newly generated private key
            (`.le_util.Key`) and DER-encoded Certificate Signing Request
            (`.le_util.CSR`).
        :rtype: tuple

        """
        # Create CSR from names
        key = crypto_util.init_save_key(self.config.rsa_key_size, self.config.key_dir)
        csr = crypto_util.init_save_csr(key, domains, self.config.csr_dir)

        return self._obtain_certificate(domains, csr) + (key, csr)
Esempio n. 11
0
    def obtain_certificate(self, domains):
        """Obtains a certificate from the ACME server.

        `.register` must be called before `.obtain_certificate`

        :param set domains: domains to get a certificate

        :returns: `.CertificateResource`, certificate chain (as
            returned by `.fetch_chain`), and newly generated private key
            (`.le_util.Key`) and DER-encoded Certificate Signing Request
            (`.le_util.CSR`).
        :rtype: tuple

        """
        # Create CSR from names
        key = crypto_util.init_save_key(self.config.rsa_key_size,
                                        self.config.key_dir)
        csr = crypto_util.init_save_csr(key, domains, self.config.csr_dir)

        return self._obtain_certificate(domains, csr) + (key, csr)
Esempio n. 12
0
    def from_email(cls, config, email):
        """Generate a new account from an email address.

        :param config: Configuration
        :type config: :class:`letsencrypt.interfaces.IConfig`

        :param str email: Email address

        :raises .errors.Error: If invalid email address is given.

        """
        if not email or cls.safe_email(email):
            email = email if email else None

            le_util.make_or_verify_dir(
                config.account_keys_dir, 0o700, os.geteuid())
            key = crypto_util.init_save_key(
                config.rsa_key_size, config.account_keys_dir,
                cls._get_config_filename(email))
            return cls(config, key, email)

        raise errors.Error("Invalid email address.")
Esempio n. 13
0
    def from_email(cls, config, email):
        """Generate a new account from an email address.

        :param config: Configuration
        :type config: :class:`letsencrypt.interfaces.IConfig`

        :param str email: Email address

        :raises .errors.Error: If invalid email address is given.

        """
        if not email or cls.safe_email(email):
            email = email if email else None

            le_util.make_or_verify_dir(
                config.account_keys_dir, 0o700, os.geteuid())
            key = crypto_util.init_save_key(
                config.rsa_key_size, config.account_keys_dir,
                cls._get_config_filename(email))
            return cls(config, key, email)

        raise errors.Error("Invalid email address.")
Esempio n. 14
0
 def _call(cls, key_size, key_dir):
     from letsencrypt.crypto_util import init_save_key
     return init_save_key(key_size, key_dir, 'key-letsencrypt.pem')
Esempio n. 15
0
 def _call(cls, key_size, key_dir):
     from letsencrypt.crypto_util import init_save_key
     return init_save_key(key_size, key_dir, 'key-letsencrypt.pem')