Пример #1
0
    def add(self, payload, aname):
        """ add order request to database """
        self.logger.debug('Order.add({0})'.format(aname))
        error = None
        auth_dic = {}
        order_name = generate_random_string(self.logger, 12)
        expires = uts_now() + self.expiry

        if 'identifiers' in payload:

            data_dic = {'status': 2, 'expires': expires, 'account': aname}

            data_dic['name'] = order_name
            data_dic['identifiers'] = json.dumps(payload['identifiers'])

            #if 'notBefore' in payload:
            #    data_dic['notbefore'] = payload['notBefore']
            #if 'notAfter' in payload:
            #    data_dic['notafter'] = payload['notAfter']

            # check identifiers
            error = self.identifiers_check(payload['identifiers'])

            # change order status if needed
            if error:
                data_dic['status'] = 1

            # add order to db
            oid = self.dbstore.order_add(data_dic)

            if not error:
                if oid:
                    error = None
                    for auth in payload['identifiers']:
                        # generate name
                        auth_name = generate_random_string(self.logger, 12)
                        # store to return to upper func
                        auth_dic[auth_name] = auth.copy()
                        auth['name'] = auth_name
                        auth['order'] = oid
                        auth['status'] = 'pending'
                        self.dbstore.authorization_add(auth)
                else:
                    error = 'urn:ietf:params:acme:error:malformed'
        else:
            error = 'urn:ietf:params:acme:error:unsupportedIdentifier'

        # print(auth_dic)
        return (error, order_name, auth_dic, uts_to_date_utc(expires))
Пример #2
0
    def _new(self, authz_name, mtype, token):
        """ new challenge """
        self.logger.debug('Challenge._new({0})'.format(mtype))

        challenge_name = generate_random_string(self.logger, 12)

        data_dic = {
            'name': challenge_name,
            'expires': self.expiry,
            'type': mtype,
            'token': token,
            'authorization': authz_name,
            'status': 2
        }

        try:
            chid = self.dbstore.challenge_add(data_dic)
        except BaseException as err_:
            self.logger.critical(
                'acme2certifier database error in Challenge._new(): {0}'.
                format(err_))
            chid = None

        challenge_dic = {}
        if chid:
            challenge_dic['type'] = mtype
            challenge_dic['url'] = '{0}{1}{2}'.format(
                self.server_name, self.path_dic['chall_path'], challenge_name)
            challenge_dic['token'] = token
            if mtype == 'tkauth-01':
                challenge_dic['tkauth-type'] = 'atc'
        return challenge_dic
Пример #3
0
    def new(self, authz_name, mtype, token):
        """ new challenge """
        self.logger.debug('Challenge.new({0})'.format(mtype))

        challenge_name = generate_random_string(self.logger, 12)

        data_dic = {
            'name': challenge_name,
            'expires': self.expiry,
            'type': mtype,
            'token': token,
            'authorization': authz_name,
            'status': 2
        }
        chid = self.dbstore.challenge_add(data_dic)

        challenge_dic = {}
        if chid:
            challenge_dic['type'] = mtype
            challenge_dic['url'] = '{0}{1}{2}'.format(
                self.server_name, self.path_dic['chall_path'], challenge_name)
            challenge_dic['token'] = token
            if mtype == 'tkauth-01':
                challenge_dic['tkauth-type'] = 'atc'
        return challenge_dic
Пример #4
0
    def add(self, content, contact):
        """ prepare db insert and call DBstore helper """
        self.logger.debug('Account.account_add()')
        account_name = generate_random_string(self.logger, 12)
        # check request
        if 'alg' in content and 'jwk' in content and contact:
            # check jwk
            data_dic = {
                'name': account_name,
                'alg': content['alg'],
                'jwk': json.dumps(content['jwk']),
                'contact': json.dumps(contact),
            }

            (db_name, new) = self.dbstore.account_add(data_dic)
            self.logger.debug('god account_name:{0} new:{1}'.format(
                db_name, new))
            if new:
                code = 201
                message = account_name
            else:
                code = 200
                message = db_name
            detail = None
        else:
            code = 400
            message = 'urn:ietf:params:acme:error:malformed'
            detail = 'incomplete protected payload'

        self.logger.debug('Account.account_add() ended with:{0}'.format(code))
        return (code, message, detail)
Пример #5
0
 def store_csr(self, order_name, csr):
     """ get key for a specific account id """
     self.logger.debug('Certificate.store_csr({0})'.format(order_name))
     certificate_name = generate_random_string(self.logger, 12)
     data_dic = {'order': order_name, 'csr': csr, 'name': certificate_name}
     self.dbstore.certificate_add(data_dic)
     self.logger.debug('Certificate.store_csr() ended')
     return certificate_name
Пример #6
0
 def store_csr(self, order_name, csr):
     """ store csr into database """
     self.logger.debug('Certificate.store_csr({0})'.format(order_name))
     certificate_name = generate_random_string(self.logger, 12)
     data_dic = {'order' : order_name, 'csr' : csr, 'name': certificate_name}
     try:
         self.dbstore.certificate_add(data_dic)
     except BaseException as err_:
         self.logger.critical('Database error in Certificate.store_csr(): {0}'.format(err_))
     self.logger.debug('Certificate.store_csr() ended')
     return certificate_name
Пример #7
0
    def _add(self, content, contact):
        """ prepare db insert and call DBstore helper """
        self.logger.debug('Account.account._add()')
        account_name = generate_random_string(self.logger, 12)

        # check request
        if 'alg' in content and 'jwk' in content:

            if not self.contact_check_disable and not contact:
                code = 400
                message = 'urn:ietf:params:acme:error:malformed'
                detail = 'incomplete protected payload'
            else:
                # ecc_only check
                if self.ecc_only and not content['alg'].startswith('ES'):
                    code = 403
                    message = 'urn:ietf:params:acme:error:badPublicKey'
                    detail = 'Only ECC keys are supported'
                else:
                    # check jwk
                    data_dic = {
                        'name': account_name,
                        'alg': content['alg'],
                        'jwk': json.dumps(content['jwk']),
                        'contact': json.dumps(contact),
                    }
                    try:
                        (db_name, new) = self.dbstore.account_add(data_dic)
                    except BaseException as err_:
                        self.logger.critical(
                            'Database error in Account._add(): {0}'.format(
                                err_))
                        db_name = None
                        new = False
                    self.logger.debug('god account_name:{0} new:{1}'.format(
                        db_name, new))
                    if new:
                        code = 201
                        message = account_name
                    else:
                        code = 200
                        message = db_name
                    detail = None
        else:
            code = 400
            message = 'urn:ietf:params:acme:error:malformed'
            detail = 'incomplete protected payload'

        self.logger.debug('Account.account._add() ended with:{0}'.format(code))
        return (code, message, detail)
Пример #8
0
    def _authz_info(self, url):
        """ return authzs information """
        self.logger.debug('Authorization._authz_info({0})'.format(url))
        authz_name = url.replace('{0}{1}'.format(self.server_name, self.path_dic['authz_path']), '')
        expires = uts_now() + self.validity
        token = generate_random_string(self.logger, 32)
        authz_info_dic = {}

        # lookup authorization based on name
        try:
            authz = self.dbstore.authorization_lookup('name', authz_name)
        except BaseException as err_:
            self.logger.critical('acme2certifier database error in Authorization._authz_info(): {0}'.format(err_))
            authz = None

        if authz:
            # update authorization with expiry date and token (just to be sure)
            try:
                self.dbstore.authorization_update({'name' : authz_name, 'token' : token, 'expires' : expires})
            except BaseException as err_:
                self.logger.critical('acme2certifier database error in Authorization._authz_info(): {0}'.format(err_))
            authz_info_dic['expires'] = uts_to_date_utc(expires)

            # get authorization information from db to be inserted in message
            tnauth = None
            try:
                auth_info = self.dbstore.authorization_lookup('name', authz_name, ['status__name', 'type', 'value'])
            except BaseException as err_:
                self.logger.critical('acme2certifier database error in Authorization._authz_info(): {0}'.format(err_))
                auth_info = {}
            if auth_info:
                if 'status__name' in auth_info[0]:
                    authz_info_dic['status'] = auth_info[0]['status__name']
                else:
                    authz_info_dic['status'] = 'pending'

                if 'type' in auth_info[0]  and 'value' in auth_info[0]:
                    authz_info_dic['identifier'] = {'type' : auth_info[0]['type'], 'value' : auth_info[0]['value']}
                    if auth_info[0]['type'] == 'TNAuthList':
                        tnauth = True

            with Challenge(self.debug, self.server_name, self.logger, expires) as challenge:
                # get challenge data (either existing or new ones)
                authz_info_dic['challenges'] = challenge.challengeset_get(authz_name, authz_info_dic['status'], token, tnauth)

        self.logger.debug('Authorization._authz_info() returns: {0}'.format(json.dumps(authz_info_dic)))
        return authz_info_dic
Пример #9
0
    def authz_info(self, url):
        """ return authzs information """
        self.logger.debug('Authorization.info({0})'.format(url))
        authz_name = url.replace(
            '{0}{1}'.format(self.server_name, self.path_dic['authz_path']), '')
        expires = uts_now() + self.expiry
        token = generate_random_string(self.logger, 32)
        authz_info_dic = {}
        if self.dbstore.authorization_lookup('name', authz_name):

            # update authorization with expiry date and token (just to be sure)
            self.dbstore.authorization_update({
                'name': authz_name,
                'token': token,
                'expires': expires
            })
            authz_info_dic['expires'] = uts_to_date_utc(expires)

            # get authorization information from db to be inserted in message
            tnauth = None
            auth_info = self.dbstore.authorization_lookup(
                'name', authz_name, ['status__name', 'type', 'value'])
            if auth_info:
                authz_info_dic['status'] = auth_info[0]['status__name']
                authz_info_dic['identifier'] = {
                    'type': auth_info[0]['type'],
                    'value': auth_info[0]['value']
                }
                if auth_info[0]['type'] == 'TNAuthList':
                    tnauth = True
            challenge = Challenge(self.debug, self.server_name, self.logger,
                                  expires)
            authz_info_dic['challenges'] = challenge.new_set(
                authz_name, token, tnauth)

        self.logger.debug('Authorization.authz_info() returns: {0}'.format(
            json.dumps(authz_info_dic)))
        return authz_info_dic