def request_new_certificate(hostname, accnt_key, priv_key, tmp_chall_dict, directory_url): """Runs the entire process of ACME registration and certificate request""" client = create_v2_client(directory_url, accnt_key) try: client.net.account = client.new_account( messages.NewRegistration.from_data(terms_of_service_agreed=True)) except errors.ConflictError as error: existing_reg = messages.RegistrationResource(uri=error.location) existing_reg = client.query_registration(existing_reg) client.update_registration(existing_reg) csr = crypto_util.make_csr(priv_key, [hostname], False) order = client.new_order(csr) log.info('Created a new order for the issuance of a certificate for %s', hostname) challb = select_http01_chall(order) _, chall_tok = challb.response_and_validation(client.net.key) v = challb.chall.encode("token") log.info('Exposing challenge on %s', v) tmp_chall_dict.set(v, ChallTok(chall_tok)) cr = client.answer_challenge(challb, challb.response(client.net.key)) log.debug('Acme CA responded to challenge request with: %s', cr) order = client.poll_and_finalize(order) return split_certificate_chain(order.fullchain_pem)
def register(storage, client, log, agree_to_tos_url=None): existing_regr = None if not os.path.exists(storage): # Create a new registration. log("Registering a new account with Let's Encrypt.") regr = client.register() else: log("Validating existing account saved to %s." % storage) # Validate existing registration by querying for it from the server. with open(storage, 'r') as f: regr = acme.messages.RegistrationResource.json_loads(f.read()) existing_regr = regr.json_dumps() try: regr = client.query_registration(regr) except acme.messages.Error as e: if e.typ == "urn:acme:error:unauthorized": # There is a problem accessing our own account. This probably # means the stored registration information is not valid. raise AccountDataIsCorrupt(storage) raise # If this call is to agree to a terms of service agreement, update the # registration. if agree_to_tos_url: regr = client.update_registration(regr.update(body=regr.body.update(agreement=agree_to_tos_url))) # Write new or updated registration (if it changed, and hopefully json_dumps is stable). if existing_regr != regr.json_dumps(): if existing_regr is not None: log("Saving updated account information.") with open(storage, 'w') as f: f.write(regr.json_dumps_pretty()) return regr
def register(storage, client, log, agree_to_tos_url=None): existing_regr = None if not os.path.exists(storage): # Create a new registration. log("Registering a new account with Let's Encrypt.") regr = client.register() else: log("Validating existing account saved to %s." % storage) # Validate existing registration by querying for it from the server. with open(storage, 'r') as f: regr = acme.messages.RegistrationResource.json_loads(f.read()) existing_regr = regr.json_dumps() regr = client.query_registration(regr) # If this call is to agree to a terms of service agreement, update the # registration. if agree_to_tos_url: regr = client.update_registration(regr.update(body=regr.body.update(agreement=agree_to_tos_url))) # Write new or updated registration (if it changed, and hopefully json_dumps is stable). if existing_regr != regr.json_dumps(): if existing_regr is not None: log("Saving updated account information.") with open(storage, 'w') as f: f.write(regr.json_dumps_pretty()) return regr
def _register(hostname): existing_regr = None #see if hostname exists in our DB info = _recallHost(hostname) if info == None: _storeKeypair(hostname, _generateKeypair(), _generateKeypair()) info = _recallHost(hostname) key = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM, base64.b64decode(info['acct_privkey'])) client = acme.client.Client(CA,jose.JWKRSA(key=jose.ComparableRSAKey(key))) print client if info['reg_json'] == None: # Create a new registration. print ("Registering a new account with Let's Encrypt.") regr = client.register() else: print ("Validating existing account for hostname %s." % hostname) # Validate existing registration by querying for it from the server. regr = acme.messages.RegistrationResource.json_loads(info['reg_json']) existing_regr = regr.json_dumps() try: regr = client.query_registration(regr) except acme.messages.Error as e: if e.typ == "urn:acme:error:unauthorized": # There is a problem accessing our own account. This probably # means the stored registration information is not valid. raise AccountDataIsCorrupt(storage) raise # If this call is to agree to a terms of service agreement, update the # registration. regr = client.update_registration(regr.update(body=regr.body.update(agreement=TERMS))) # Write new or updated registration (if it changed, and hopefully json_dumps is stable). if existing_regr != regr.json_dumps(): if existing_regr is not None: print ("Saving updated account information.") _updateHost(hostname, 'reg_json', regr.json_dumps_pretty()) return regr