def download_certificate(self): self.logger.info("Downloading certificate to cert.pem") r = util.acme_server_request(self, self.acme_certificate_url, "") self.acme_certificate_str = r.content.decode("utf-8") self.acme_certificate = crypto.pem_to_der_certificate(r.content) crypto.write_certificate(r.content, 'cert.pem') self.logger.debug(self.acme_certificate)
def http_01_challenge(self): self.logger.info("Performing http-01 challenge") for challenge in self.acme_challenges: token = challenge["token"] chall_url = challenge["url"] key_auth = crypto.get_key_authorization(token, self.jwk) zone = ". 60 IN A " + self.record_addr resolver = DnsResolver(zone) dns_server = DNSServer(resolver, address=self.record_addr, port=10053) dns_server.start_thread() challenge_server = ChallengeServer(token, key_auth, self.record_addr) challenge_server.start() r_dict = util.acme_server_request(self, chall_url, {}).json() self.logger.debug(r_dict) _dict = util.poll_acme_server(self, challenge['auth_url'], "", "valid") self.logger.debug(r_dict) challenge_server.terminate() challenge_server.join() dns_server.stop() return
def dns_01_challenge(self): self.logger.info("Performing dns-01 challenge") for challenge in self.acme_challenges: token = challenge["token"] chall_url = challenge["url"] key_auth = crypto.get_key_authorization(token, self.jwk) hashed_key_auth = hashlib.sha256(key_auth.encode('utf-8')).digest() hashed_key_auth = util.to_base64(hashed_key_auth) zone = ". 300 IN TXT " + hashed_key_auth resolver = DnsResolver(zone) dns_server = DNSServer(resolver, address=self.record_addr, port=10053) dns_server.start_thread() r_dict = util.acme_server_request(self, chall_url, {}).json() self.logger.debug(r_dict) r_dict = util.poll_acme_server(self, challenge['auth_url'], "", "valid") self.logger.debug(r_dict) dns_server.stop() return
def get_challenges(self, challenge_type='http-01'): self.logger.info("Fetching Challenges") self.acme_challenges = [] for url in self.acme_authorization_urls: r_dict = util.acme_server_request(self, url, "").json() cur_challenge = util.extract_challenges_dict( r_dict, url, challenge_type) self.acme_challenges.append(cur_challenge) self.logger.debug(self.acme_challenges)
def finalize_order(self): self.logger.info("Finalizing Order!") request = crypto.get_csr(self.domains, self.certificate_private_key) payload = {'csr': request} r = util.acme_server_request(self, self.acme_finalize_url, payload) r_dict = r.json() self.logger.debug(r_dict) r_dict = util.poll_acme_server(self, self.acme_order_url, "", 'valid') self.acme_certificate_url = r_dict['certificate'] self.logger.debug(r_dict)
def submit_order(self, order_domains): self.logger.info("Submitting a new order") url = self.acme_newOrder_url identifiers = [] for domain in order_domains: identifiers.append({"type": "dns", "value": domain}) payload = {"identifiers": identifiers} r = util.acme_server_request(self, url, payload) r_dict = r.json() self.acme_authorization_urls = r_dict['authorizations'] self.acme_finalize_url = r_dict['finalize'] self.acme_order_url = r.headers['Location'] self.logger.debug(r_dict) self.logger.debug(r.headers)
def revoke_certificate(self): self.logger.info("Revoking Certificate") cert = util.to_base64(self.acme_certificate) payload = {'certificate': cert} r = util.acme_server_request(self, self.acme_revokeCert_url, payload) self.logger.debug(r.headers)