コード例 #1
0
    def acme_revocation(self, cert):
        """Handle ACME "revocation" phase.

        :param dict cert: TODO

        :returns: ACME "revocation" message.
        :rtype: :class:`letsencrypt.acme.message.Revocation`

        """
        certificate = acme_util.ComparableX509(
            M2Crypto.X509.load_cert(cert["backup_cert_file"]))
        with open(cert["backup_key_file"], 'rU') as backup_key_file:
            key = Crypto.PublicKey.RSA.importKey(backup_key_file.read())

        revocation = self.network.send_and_receive_expected(
            messages.RevocationRequest.create(certificate=certificate,
                                              key=key), messages.Revocation)

        zope.component.getUtility(interfaces.IDisplay).generic_notification(
            "You have successfully revoked the certificate for "
            "%s" % cert["cn"])

        self.remove_cert_key(cert)
        self.list_certs_keys()

        return revocation
コード例 #2
0
    def _acme_revoke(self, cert):
        """Revoke the certificate with the ACME server.

        :param cert: certificate to revoke
        :type cert: :class:`letsencrypt.client.revoker.Cert`

        :returns: TODO

        """
        # These will both have to change in the future away from M2Crypto
        # pylint: disable=protected-access
        certificate = acme_util.ComparableX509(cert._cert)
        try:
            with open(cert.backup_key_path, "rU") as backup_key_file:
                key = Crypto.PublicKey.RSA.importKey(backup_key_file.read())

        # If the key file doesn't exist... or is corrupted
        except (IndexError, ValueError, TypeError):
            raise errors.LetsEncryptRevokerError(
                "Corrupted backup key file: %s" % cert.backup_key_path)

        # TODO: Catch error associated with already revoked and proceed.
        return self.network.send_and_receive_expected(
            messages.RevocationRequest.create(certificate=certificate, key=key),
            messages.Revocation)
コード例 #3
0
    def list_certs_keys(self):
        """List trusted Let's Encrypt certificates."""
        list_file = os.path.join(self.config.cert_key_backup, "LIST")
        certs = []

        if not os.path.isfile(list_file):
            logging.info(
                "You don't have any certificates saved from letsencrypt")
            return

        c_sha1_vh = {}
        for (cert, _, path) in self.installer.get_all_certs_keys():
            try:
                c_sha1_vh[acme_util.ComparableX509(
                    M2Crypto.X509.load_cert(cert).get_fingerprint(
                        md='sha1'))] = path
            except M2Crypto.X509.X509Error:
                continue

        with open(list_file, 'rb') as csvfile:
            csvreader = csv.reader(csvfile)
            for row in csvreader:
                cert = crypto_util.get_cert_info(row[1])

                b_k = os.path.join(self.config.cert_key_backup,
                                   os.path.basename(row[2]) + "_" + row[0])
                b_c = os.path.join(self.config.cert_key_backup,
                                   os.path.basename(row[1]) + "_" + row[0])

                cert.update({
                    "orig_key_file":
                    row[2],
                    "orig_cert_file":
                    row[1],
                    "idx":
                    int(row[0]),
                    "backup_key_file":
                    b_k,
                    "backup_cert_file":
                    b_c,
                    "installed":
                    c_sha1_vh.get(cert["fingerprint"], ""),
                })
                certs.append(cert)
        if certs:
            self.choose_certs(certs)
        else:
            zope.component.getUtility(
                interfaces.IDisplay).generic_notification(
                    "There are not any trusted Let's Encrypt "
                    "certificates for this server.")
コード例 #4
0
    def acme_certificate(self, csr_der):
        """Handle ACME "certificate" phase.

        :param str csr_der: CSR in DER format.

        :returns: ACME "certificate" message.
        :rtype: :class:`letsencrypt.acme.message.Certificate`

        """
        logging.info("Preparing and sending CSR...")
        return self.network.send_and_receive_expected(
            messages.CertificateRequest.create(
                csr=acme_util.ComparableX509(
                    M2Crypto.X509.load_request_der_string(csr_der)),
                key=Crypto.PublicKey.RSA.importKey(self.authkey.pem)),
            messages.Certificate)
コード例 #5
0
 def _decode_cert(cls, b64der):
     return util.ComparableX509(
         M2Crypto.X509.load_cert_der_string(jose.b64decode(b64der)))
コード例 #6
0
import unittest

import Crypto.PublicKey.RSA
import M2Crypto.X509
import mock

from letsencrypt.acme import errors
from letsencrypt.acme import jose
from letsencrypt.acme import other
from letsencrypt.acme import util

KEY = Crypto.PublicKey.RSA.importKey(
    pkg_resources.resource_string('letsencrypt.client.tests',
                                  'testdata/rsa256_key.pem'))
CERT = util.ComparableX509(
    M2Crypto.X509.load_cert(
        pkg_resources.resource_filename('letsencrypt.client.tests',
                                        'testdata/cert.pem')))
CSR = util.ComparableX509(
    M2Crypto.X509.load_request(
        pkg_resources.resource_filename('letsencrypt.client.tests',
                                        'testdata/csr.pem')))


class MessageTest(unittest.TestCase):
    """Tests for letsencrypt.acme.messages.Message."""
    def setUp(self):
        # pylint: disable=missing-docstring,too-few-public-methods
        from letsencrypt.acme.messages import Message

        class TestMessage(Message):
            acme_type = 'test'