def acme_revocation(self, cert):
"""Handle ACME "revocation" phase.
:param dict cert: TODO
:returns: ACME "revocation" message.
:rtype: :class:`letsencrypt.acme.message.Revocation`
"""
certificate = acme_util.ComparableX509(
M2Crypto.X509.load_cert(cert["backup_cert_file"]))
with open(cert["backup_key_file"], 'rU') as backup_key_file:
key = Crypto.PublicKey.RSA.importKey(backup_key_file.read())
revocation = self.network.send_and_receive_expected(
messages.RevocationRequest.create(certificate=certificate,
key=key), messages.Revocation)
zope.component.getUtility(interfaces.IDisplay).generic_notification(
"You have successfully revoked the certificate for "
"%s" % cert["cn"])
self.remove_cert_key(cert)
self.list_certs_keys()
return revocation
def _acme_revoke(self, cert):
"""Revoke the certificate with the ACME server.
:param cert: certificate to revoke
:type cert: :class:`letsencrypt.client.revoker.Cert`
:returns: TODO
"""
# These will both have to change in the future away from M2Crypto
# pylint: disable=protected-access
certificate = acme_util.ComparableX509(cert._cert)
try:
with open(cert.backup_key_path, "rU") as backup_key_file:
key = Crypto.PublicKey.RSA.importKey(backup_key_file.read())
# If the key file doesn't exist... or is corrupted
except (IndexError, ValueError, TypeError):
raise errors.LetsEncryptRevokerError(
"Corrupted backup key file: %s" % cert.backup_key_path)
# TODO: Catch error associated with already revoked and proceed.
return self.network.send_and_receive_expected(
messages.RevocationRequest.create(certificate=certificate, key=key),
messages.Revocation)
def list_certs_keys(self):
"""List trusted Let's Encrypt certificates."""
list_file = os.path.join(self.config.cert_key_backup, "LIST")
certs = []
if not os.path.isfile(list_file):
logging.info(
"You don't have any certificates saved from letsencrypt")
return
c_sha1_vh = {}
for (cert, _, path) in self.installer.get_all_certs_keys():
try:
c_sha1_vh[acme_util.ComparableX509(
M2Crypto.X509.load_cert(cert).get_fingerprint(
md='sha1'))] = path
except M2Crypto.X509.X509Error:
continue
with open(list_file, 'rb') as csvfile:
csvreader = csv.reader(csvfile)
for row in csvreader:
cert = crypto_util.get_cert_info(row[1])
b_k = os.path.join(self.config.cert_key_backup,
os.path.basename(row[2]) + "_" + row[0])
b_c = os.path.join(self.config.cert_key_backup,
os.path.basename(row[1]) + "_" + row[0])
cert.update({
"orig_key_file":
row[2],
"orig_cert_file":
row[1],
"idx":
int(row[0]),
"backup_key_file":
b_k,
"backup_cert_file":
b_c,
"installed":
c_sha1_vh.get(cert["fingerprint"], ""),
})
certs.append(cert)
if certs:
self.choose_certs(certs)
else:
zope.component.getUtility(
interfaces.IDisplay).generic_notification(
"There are not any trusted Let's Encrypt "
"certificates for this server.")
def acme_certificate(self, csr_der):
"""Handle ACME "certificate" phase.
:param str csr_der: CSR in DER format.
:returns: ACME "certificate" message.
:rtype: :class:`letsencrypt.acme.message.Certificate`
"""
logging.info("Preparing and sending CSR...")
return self.network.send_and_receive_expected(
messages.CertificateRequest.create(
csr=acme_util.ComparableX509(
M2Crypto.X509.load_request_der_string(csr_der)),
key=Crypto.PublicKey.RSA.importKey(self.authkey.pem)),
messages.Certificate)
def _decode_cert(cls, b64der):
return util.ComparableX509(
M2Crypto.X509.load_cert_der_string(jose.b64decode(b64der)))
import unittest
import Crypto.PublicKey.RSA
import M2Crypto.X509
import mock
from letsencrypt.acme import errors
from letsencrypt.acme import jose
from letsencrypt.acme import other
from letsencrypt.acme import util
KEY = Crypto.PublicKey.RSA.importKey(
pkg_resources.resource_string('letsencrypt.client.tests',
'testdata/rsa256_key.pem'))
CERT = util.ComparableX509(
M2Crypto.X509.load_cert(
pkg_resources.resource_filename('letsencrypt.client.tests',
'testdata/cert.pem')))
CSR = util.ComparableX509(
M2Crypto.X509.load_request(
pkg_resources.resource_filename('letsencrypt.client.tests',
'testdata/csr.pem')))
class MessageTest(unittest.TestCase):
"""Tests for letsencrypt.acme.messages.Message."""
def setUp(self):
# pylint: disable=missing-docstring,too-few-public-methods
from letsencrypt.acme.messages import Message
class TestMessage(Message):
acme_type = 'test'