def setUp(self):
self.response = mock.MagicMock(ok=True,
status_code=http_client.OK,
headers={},
links={})
self.net = mock.MagicMock()
self.net.post.return_value = self.response
self.net.get.return_value = self.response
self.directory = messages.Directory({
messages.NewRegistration:
'https://www.letsencrypt-demo.org/acme/new-reg',
messages.Revocation:
'https://www.letsencrypt-demo.org/acme/revoke-cert',
})
from acme.client import Client
self.client = Client(directory=self.directory,
key=KEY,
alg=jose.RS256,
net=self.net)
self.identifier = messages.Identifier(typ=messages.IDENTIFIER_FQDN,
value='example.com')
# Registration
self.contact = ('mailto:[email protected]', 'tel:+12025551212')
reg = messages.Registration(contact=self.contact, key=KEY.public_key())
self.new_reg = messages.NewRegistration(**dict(reg))
self.regr = messages.RegistrationResource(
body=reg,
uri='https://www.letsencrypt-demo.org/acme/reg/1',
new_authzr_uri='https://www.letsencrypt-demo.org/acme/new-reg',
terms_of_service='https://www.letsencrypt-demo.org/tos')
# Authorization
authzr_uri = 'https://www.letsencrypt-demo.org/acme/authz/1'
challb = messages.ChallengeBody(
uri=(authzr_uri + '/1'),
status=messages.STATUS_VALID,
chall=challenges.DNS(token=jose.b64decode(
'evaGxfADs6pSRb2LAv9IZf17Dt3juxGJ-PCt92wr-oA')))
self.challr = messages.ChallengeResource(body=challb,
authzr_uri=authzr_uri)
self.authz = messages.Authorization(identifier=messages.Identifier(
typ=messages.IDENTIFIER_FQDN, value='example.com'),
challenges=(challb, ),
combinations=None)
self.authzr = messages.AuthorizationResource(
body=self.authz,
uri=authzr_uri,
new_cert_uri='https://www.letsencrypt-demo.org/acme/new-cert')
# Request issuance
self.certr = messages.CertificateResource(
body=messages_test.CERT,
authzrs=(self.authzr, ),
uri='https://www.letsencrypt-demo.org/acme/cert/1',
cert_chain_uri='https://www.letsencrypt-demo.org/ca')
def setUp(self):
self.verify_ssl = mock.MagicMock()
self.wrap_in_jws = mock.MagicMock(return_value=mock.sentinel.wrapped)
from acme.client import Client
self.net = Client(
new_reg_uri='https://www.letsencrypt-demo.org/acme/new-reg',
key=KEY,
alg=jose.RS256,
verify_ssl=self.verify_ssl)
self.nonce = jose.b64encode('Nonce')
self.net._nonces.add(self.nonce) # pylint: disable=protected-access
self.response = mock.MagicMock(ok=True, status_code=httplib.OK)
self.response.headers = {}
self.response.links = {}
self.post = mock.MagicMock(return_value=self.response)
self.get = mock.MagicMock(return_value=self.response)
self.identifier = messages.Identifier(typ=messages.IDENTIFIER_FQDN,
value='example.com')
# Registration
self.contact = ('mailto:[email protected]', 'tel:+12025551212')
reg = messages.Registration(contact=self.contact,
key=KEY.public(),
recovery_token='t')
self.regr = messages.RegistrationResource(
body=reg,
uri='https://www.letsencrypt-demo.org/acme/reg/1',
new_authzr_uri='https://www.letsencrypt-demo.org/acme/new-reg',
terms_of_service='https://www.letsencrypt-demo.org/tos')
# Authorization
authzr_uri = 'https://www.letsencrypt-demo.org/acme/authz/1'
challb = messages.ChallengeBody(uri=(authzr_uri + '/1'),
status=messages.STATUS_VALID,
chall=challenges.DNS(token='foo'))
self.challr = messages.ChallengeResource(body=challb,
authzr_uri=authzr_uri)
self.authz = messages.Authorization(identifier=messages.Identifier(
typ=messages.IDENTIFIER_FQDN, value='example.com'),
challenges=(challb, ),
combinations=None)
self.authzr = messages.AuthorizationResource(
body=self.authz,
uri=authzr_uri,
new_cert_uri='https://www.letsencrypt-demo.org/acme/new-cert')
# Request issuance
self.certr = messages.CertificateResource(
body=messages_test.CERT,
authzrs=(self.authzr, ),
uri='https://www.letsencrypt-demo.org/acme/cert/1',
cert_chain_uri='https://www.letsencrypt-demo.org/ca')
def _parse_certificate(cls, response):
"""
Parse a response containing a certificate resource.
"""
links = _parse_header_links(response)
try:
cert_chain_uri = links[u'up'][u'url']
except KeyError:
cert_chain_uri = None
return (response.content().addCallback(
lambda body: messages.CertificateResource(
uri=cls._maybe_location(response),
cert_chain_uri=cert_chain_uri,
body=body)))
def request_issuance(self, csr, authzrs):
print("Se ejecuta request issuance")
"""Request issuance.
:param csr: CSR
:type csr: `OpenSSL.crypto.X509Req` wrapped in `.ComparableX509`
:param authzrs: `list` of `.AuthorizationResource`
:returns: Issued certificate
:rtype: `.messages.CertificateResource`
"""
assert authzrs, "Authorizations list is empty"
logger.debug("Requesting issuance...")
# TODO: assert len(authzrs) == number of SANs
#Checks if STARValidityCertbot file containing recurrent_cert_validity exists
if os.path.isfile("../../STARValidityCertbot"):
print "CLIENT.PY: STARValidityCertbot does exist"
fileSTAR = open("../../STARValidityCertbot", "r")
recurrent = True
recurrent_cert_validity = int(float(fileSTAR.read()))
req = messages.CertificateRequest(csr=csr, recurrent=recurrent,recurrent_cert_validity=recurrent_cert_validity)
else:
print "CLIENT.PY: STARValidityCertbot does NOT exist"
req = messages.CertificateRequest(csr=csr)
print "CSR sent to server is %s" % req
content_type = DER_CONTENT_TYPE # TODO: add 'cert_type 'argument
response = self.net.post(
self.directory.new_cert,
req,
content_type=content_type,
headers={'Accept': content_type})
cert_chain_uri = response.links.get('up', {}).get('url')
try:
uri = response.headers['Location']
file=open('/root/certId','wr+')
file.write(uri)
print(uri)
except KeyError:
raise errors.ClientError('"Location" Header missing')
return messages.CertificateResource(
uri=uri, authzrs=authzrs, cert_chain_uri=cert_chain_uri,
body=jose.ComparableX509(OpenSSL.crypto.load_certificate(
OpenSSL.crypto.FILETYPE_ASN1, response.content)))
def setUp(self):
super(ClientTest, self).setUp()
self.directory = DIRECTORY_V1
# Registration
self.regr = self.regr.update(
terms_of_service='https://www.letsencrypt-demo.org/tos')
# Request issuance
self.certr = messages.CertificateResource(
body=messages_test.CERT, authzrs=(self.authzr,),
uri='https://www.letsencrypt-demo.org/acme/cert/1',
cert_chain_uri='https://www.letsencrypt-demo.org/ca')
# Reason code for revocation
self.rsn = 1
from acme.client import Client
self.client = Client(
directory=self.directory, key=KEY, alg=jose.RS256, net=self.net)
def request_issuance(self, csr, authzrs):
"""Request issuance.
:param csr: CSR
:type csr: `OpenSSL.crypto.X509Req` wrapped in `.ComparableX509`
:param authzrs: `list` of `.AuthorizationResource`
:returns: Issued certificate
:rtype: `.messages.CertificateResource`
"""
assert authzrs, "Authorizations list is empty"
logger.debug("Requesting issuance...")
# TODO: assert len(authzrs) == number of SANs
req = messages.CertificateRequest(
csr=csr, authorizations=tuple(authzr.uri for authzr in authzrs))
content_type = self.DER_CONTENT_TYPE # TODO: add 'cert_type 'argument
response = self.net.post(
authzrs[0].new_cert_uri, # TODO: acme-spec #90
req,
content_type=content_type,
headers={'Accept': content_type})
cert_chain_uri = response.links.get('up', {}).get('url')
try:
uri = response.headers['Location']
except KeyError:
raise errors.ClientError('"Location" Header missing')
return messages.CertificateResource(
uri=uri,
authzrs=authzrs,
cert_chain_uri=cert_chain_uri,
body=jose.ComparableX509(
OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_ASN1,
response.content)))
def request_issuance(self, csr):
csr = csr.csr
# TODO: Only in Cryptography 1.3
# assert csr.is_signature_valid
cert = (
x509.CertificateBuilder().subject_name(csr.subject).issuer_name(
self._ca_name).not_valid_before(self._now() -
timedelta(seconds=3600)).
not_valid_after(self._now() + timedelta(days=90)).serial_number(
int(uuid4())).public_key(csr.public_key()).add_extension(
csr.extensions.get_extension_for_oid(
ExtensionOID.SUBJECT_ALTERNATIVE_NAME).value,
critical=False).add_extension(
x509.SubjectKeyIdentifier.from_public_key(
csr.public_key()),
critical=False).add_extension(
self._ca_aki,
critical=False).sign(private_key=self._ca_key,
algorithm=hashes.SHA256(),
backend=default_backend()))
cert_res = messages.CertificateResource(body=cert.public_bytes(
encoding=serialization.Encoding.DER))
return self._controller.issue().addCallback(lambda _: cert_res)
def fetch_chain(self, certr, max_length=10):
return succeed([
messages.CertificateResource(body=self._ca_cert.public_bytes(
encoding=serialization.Encoding.DER))
])
