def request_new_certificate(hostname, accnt_key, priv_key, tmp_chall_dict,
directory_url):
"""Runs the entire process of ACME registration and certificate request"""
client = create_v2_client(directory_url, accnt_key)
try:
client.net.account = client.new_account(
messages.NewRegistration.from_data(terms_of_service_agreed=True))
except errors.ConflictError as error:
existing_reg = messages.RegistrationResource(uri=error.location)
existing_reg = client.query_registration(existing_reg)
client.update_registration(existing_reg)
csr = crypto_util.make_csr(priv_key, [hostname], False)
order = client.new_order(csr)
log.info('Created a new order for the issuance of a certificate for %s',
hostname)
challb = select_http01_chall(order)
_, chall_tok = challb.response_and_validation(client.net.key)
v = challb.chall.encode("token")
log.info('Exposing challenge on %s', v)
tmp_chall_dict.set(v, ChallTok(chall_tok))
cr = client.answer_challenge(challb, challb.response(client.net.key))
log.debug('Acme CA responded to challenge request with: %s', cr)
order = client.poll_and_finalize(order)
return split_certificate_chain(order.fullchain_pem)
def register(storage, client, log, agree_to_tos_url=None):
existing_regr = None
if not os.path.exists(storage):
# Create a new registration.
log("Registering a new account with Let's Encrypt.")
regr = client.register()
else:
log("Validating existing account saved to %s." % storage)
# Validate existing registration by querying for it from the server.
with open(storage, 'r') as f:
regr = acme.messages.RegistrationResource.json_loads(f.read())
existing_regr = regr.json_dumps()
try:
regr = client.query_registration(regr)
except acme.messages.Error as e:
if e.typ == "urn:acme:error:unauthorized":
# There is a problem accessing our own account. This probably
# means the stored registration information is not valid.
raise AccountDataIsCorrupt(storage)
raise
# If this call is to agree to a terms of service agreement, update the
# registration.
if agree_to_tos_url:
regr = client.update_registration(regr.update(body=regr.body.update(agreement=agree_to_tos_url)))
# Write new or updated registration (if it changed, and hopefully json_dumps is stable).
if existing_regr != regr.json_dumps():
if existing_regr is not None:
log("Saving updated account information.")
with open(storage, 'w') as f:
f.write(regr.json_dumps_pretty())
return regr
def register(storage, client, log, agree_to_tos_url=None):
existing_regr = None
if not os.path.exists(storage):
# Create a new registration.
log("Registering a new account with Let's Encrypt.")
regr = client.register()
else:
log("Validating existing account saved to %s." % storage)
# Validate existing registration by querying for it from the server.
with open(storage, 'r') as f:
regr = acme.messages.RegistrationResource.json_loads(f.read())
existing_regr = regr.json_dumps()
regr = client.query_registration(regr)
# If this call is to agree to a terms of service agreement, update the
# registration.
if agree_to_tos_url:
regr = client.update_registration(regr.update(body=regr.body.update(agreement=agree_to_tos_url)))
# Write new or updated registration (if it changed, and hopefully json_dumps is stable).
if existing_regr != regr.json_dumps():
if existing_regr is not None:
log("Saving updated account information.")
with open(storage, 'w') as f:
f.write(regr.json_dumps_pretty())
return regr
def register(storage, client, log, agree_to_tos_url=None):
existing_regr = None
if not os.path.exists(storage):
# Create a new registration.
log("Registering a new account with Let's Encrypt.")
regr = client.register()
else:
log("Validating existing account saved to %s." % storage)
# Validate existing registration by querying for it from the server.
with open(storage, 'r') as f:
regr = acme.messages.RegistrationResource.json_loads(f.read())
existing_regr = regr.json_dumps()
try:
regr = client.query_registration(regr)
except acme.messages.Error as e:
if e.typ == "urn:acme:error:unauthorized":
# There is a problem accessing our own account. This probably
# means the stored registration information is not valid.
raise AccountDataIsCorrupt(storage)
raise
# If this call is to agree to a terms of service agreement, update the
# registration.
if agree_to_tos_url:
regr = client.update_registration(regr.update(body=regr.body.update(agreement=agree_to_tos_url)))
# Write new or updated registration (if it changed, and hopefully json_dumps is stable).
if existing_regr != regr.json_dumps():
if existing_regr is not None:
log("Saving updated account information.")
with open(storage, 'w') as f:
f.write(regr.json_dumps_pretty())
return regr
def _register(hostname):
existing_regr = None
#see if hostname exists in our DB
info = _recallHost(hostname)
if info == None:
_storeKeypair(hostname, _generateKeypair(), _generateKeypair())
info = _recallHost(hostname)
key = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM, base64.b64decode(info['acct_privkey']))
client = acme.client.Client(CA,jose.JWKRSA(key=jose.ComparableRSAKey(key)))
print client
if info['reg_json'] == None:
# Create a new registration.
print ("Registering a new account with Let's Encrypt.")
regr = client.register()
else:
print ("Validating existing account for hostname %s." % hostname)
# Validate existing registration by querying for it from the server.
regr = acme.messages.RegistrationResource.json_loads(info['reg_json'])
existing_regr = regr.json_dumps()
try:
regr = client.query_registration(regr)
except acme.messages.Error as e:
if e.typ == "urn:acme:error:unauthorized":
# There is a problem accessing our own account. This probably
# means the stored registration information is not valid.
raise AccountDataIsCorrupt(storage)
raise
# If this call is to agree to a terms of service agreement, update the
# registration.
regr = client.update_registration(regr.update(body=regr.body.update(agreement=TERMS)))
# Write new or updated registration (if it changed, and hopefully json_dumps is stable).
if existing_regr != regr.json_dumps():
if existing_regr is not None:
print ("Saving updated account information.")
_updateHost(hostname, 'reg_json', regr.json_dumps_pretty())
return regr
