def new_order(self, csr_pem): """Request a new Order object from the server. :param str csr_pem: A CSR in PEM format. :returns: The newly created order. :rtype: OrderResource """ csr = OpenSSL.crypto.load_certificate_request( OpenSSL.crypto.FILETYPE_PEM, csr_pem) # pylint: disable=protected-access dnsNames = crypto_util._pyopenssl_cert_or_req_all_names(csr) identifiers = [] for name in dnsNames: identifiers.append( messages.Identifier(typ=messages.IDENTIFIER_FQDN, value=name)) order = messages.NewOrder(identifiers=identifiers) response = self._post(self.directory['newOrder'], order) body = messages.Order.from_json(response.json()) authorizations = [] for url in body.authorizations: authorizations.append( self._authzr_from_response(self._post_as_get(url), uri=url)) return messages.OrderResource(body=body, uri=response.headers.get('Location'), authorizations=authorizations, csr_pem=csr_pem)
def new_order(self, csr_pem): """Request a new Order object from the server. If using ACMEv1, returns a dummy OrderResource with only the authorizations field filled in. :param str csr_pem: A CSR in PEM format. :returns: The newly created order. :rtype: OrderResource :raises errors.WildcardUnsupportedError: if a wildcard domain is requested but unsupported by the ACME version """ if self.acme_version == 1: csr = OpenSSL.crypto.load_certificate_request( OpenSSL.crypto.FILETYPE_PEM, csr_pem) # pylint: disable=protected-access dnsNames = crypto_util._pyopenssl_cert_or_req_all_names(csr) authorizations = [] for domain in dnsNames: authorizations.append( self.client.request_domain_challenges(domain)) return messages.OrderResource(authorizations=authorizations, csr_pem=csr_pem) return self.client.new_order(csr_pem)
def new_order(self, csr_pem): """Request a new Order object from the server. If using ACMEv1, returns a dummy OrderResource with only the authorizations field filled in. :param str csr_pem: A CSR in PEM format. :returns: The newly created order. :rtype: OrderResource :raises errors.WildcardUnsupportedError: if a wildcard domain is requested but unsupported by the ACME version """ if self.acme_version == 1: csr = OpenSSL.crypto.load_certificate_request(OpenSSL.crypto.FILETYPE_PEM, csr_pem) # pylint: disable=protected-access dnsNames = crypto_util._pyopenssl_cert_or_req_all_names(csr) authorizations = [] for domain in dnsNames: authorizations.append(self.client.request_domain_challenges(domain)) return messages.OrderResource(authorizations=authorizations, csr_pem=csr_pem) else: return self.client.new_order(csr_pem)
def verify_cert(self, domain, cert): """Verify tls-alpn-01 challenge certificate. :param unicode domain: Domain name being validated. :param OpensSSL.crypto.X509 cert: Challenge certificate. :returns: Whether the certificate was successfully verified. :rtype: bool """ # pylint: disable=protected-access names = crypto_util._pyopenssl_cert_or_req_all_names(cert) logger.debug('Certificate %s. SANs: %s', cert.digest('sha256'), names) if len(names) != 1 or names[0].lower() != domain.lower(): return False for i in range(cert.get_extension_count()): ext = cert.get_extension(i) # FIXME: assume this is the ACME extension. Currently there is no # way to get full OID of an unknown extension from pyopenssl. if ext.get_short_name() == b'UNDEF': data = ext.get_data() return data == self.h return False
def new_order(self, csr_pem): """Request a new Order object from the server. :param str csr_pem: A CSR in PEM format. :returns: The newly created order. :rtype: OrderResource """ csr = OpenSSL.crypto.load_certificate_request(OpenSSL.crypto.FILETYPE_PEM, csr_pem) # pylint: disable=protected-access dnsNames = crypto_util._pyopenssl_cert_or_req_all_names(csr) identifiers = [] for name in dnsNames: identifiers.append(messages.Identifier(typ=messages.IDENTIFIER_FQDN, value=name)) order = messages.NewOrder(identifiers=identifiers) response = self._post(self.directory['newOrder'], order) body = messages.Order.from_json(response.json()) authorizations = [] for url in body.authorizations: authorizations.append(self._authzr_from_response(self._post_as_get(url), uri=url)) return messages.OrderResource( body=body, uri=response.headers.get('Location'), authorizations=authorizations, csr_pem=csr_pem)
def new_order(self, csr_pem): """Request a new Order object from the server. :param str csr_pem: A CSR in PEM format. :returns: The newly created order. :rtype: OrderResource """ csr = OpenSSL.crypto.load_certificate_request( OpenSSL.crypto.FILETYPE_PEM, csr_pem) # pylint: disable=protected-access dnsNames = crypto_util._pyopenssl_cert_or_req_all_names(csr) ipNames = crypto_util._pyopenssl_cert_or_req_san_ip(csr) # ipNames is now []string identifiers = [] for name in dnsNames: identifiers.append( messages.Identifier(typ=messages.IDENTIFIER_FQDN, value=name)) for ips in ipNames: identifiers.append( messages.Identifier(typ=messages.IDENTIFIER_IP, value=ips)) order = messages.NewOrder(identifiers=identifiers) response = self._post(self.directory['newOrder'], order) body = messages.Order.from_json(response.json()) authorizations = [] # pylint has trouble understanding our josepy based objects which use # things like custom metaclass logic. body.authorizations should be a # list of strings containing URLs so let's disable this check here. for url in body.authorizations: # pylint: disable=not-an-iterable authorizations.append( self._authzr_from_response(self._post_as_get(url), uri=url)) return messages.OrderResource(body=body, uri=response.headers.get('Location'), authorizations=authorizations, csr_pem=csr_pem)
def _get_names_from_loaded_cert_or_req(loaded_cert_or_req): # pylint: disable=protected-access return acme_crypto_util._pyopenssl_cert_or_req_all_names( loaded_cert_or_req)
def _call(cls, loader, name): # pylint: disable=protected-access from acme.crypto_util import _pyopenssl_cert_or_req_all_names return _pyopenssl_cert_or_req_all_names(loader(name))
def _get_names_from_loaded_cert_or_req(loaded_cert_or_req): # pylint: disable=protected-access return acme_crypto_util._pyopenssl_cert_or_req_all_names(loaded_cert_or_req)
def _get_names_from_loaded_cert_or_req(loaded_cert_or_req: Union[crypto.X509, crypto.X509Req] ) -> List[str]: # pylint: disable=protected-access return acme_crypto_util._pyopenssl_cert_or_req_all_names(loaded_cert_or_req)
def _call(cls, loader, name): # pylint: disable=protected-access from acme.crypto_util import _pyopenssl_cert_or_req_all_names return _pyopenssl_cert_or_req_all_names(loader(name))