def add(self, payload, aname): """ add order request to database """ self.logger.debug('Order.add({0})'.format(aname)) error = None auth_dic = {} order_name = generate_random_string(self.logger, 12) expires = uts_now() + self.expiry if 'identifiers' in payload: data_dic = {'status': 2, 'expires': expires, 'account': aname} data_dic['name'] = order_name data_dic['identifiers'] = json.dumps(payload['identifiers']) #if 'notBefore' in payload: # data_dic['notbefore'] = payload['notBefore'] #if 'notAfter' in payload: # data_dic['notafter'] = payload['notAfter'] # check identifiers error = self.identifiers_check(payload['identifiers']) # change order status if needed if error: data_dic['status'] = 1 # add order to db oid = self.dbstore.order_add(data_dic) if not error: if oid: error = None for auth in payload['identifiers']: # generate name auth_name = generate_random_string(self.logger, 12) # store to return to upper func auth_dic[auth_name] = auth.copy() auth['name'] = auth_name auth['order'] = oid auth['status'] = 'pending' self.dbstore.authorization_add(auth) else: error = 'urn:ietf:params:acme:error:malformed' else: error = 'urn:ietf:params:acme:error:unsupportedIdentifier' # print(auth_dic) return (error, order_name, auth_dic, uts_to_date_utc(expires))
def _new(self, authz_name, mtype, token): """ new challenge """ self.logger.debug('Challenge._new({0})'.format(mtype)) challenge_name = generate_random_string(self.logger, 12) data_dic = { 'name': challenge_name, 'expires': self.expiry, 'type': mtype, 'token': token, 'authorization': authz_name, 'status': 2 } try: chid = self.dbstore.challenge_add(data_dic) except BaseException as err_: self.logger.critical( 'acme2certifier database error in Challenge._new(): {0}'. format(err_)) chid = None challenge_dic = {} if chid: challenge_dic['type'] = mtype challenge_dic['url'] = '{0}{1}{2}'.format( self.server_name, self.path_dic['chall_path'], challenge_name) challenge_dic['token'] = token if mtype == 'tkauth-01': challenge_dic['tkauth-type'] = 'atc' return challenge_dic
def new(self, authz_name, mtype, token): """ new challenge """ self.logger.debug('Challenge.new({0})'.format(mtype)) challenge_name = generate_random_string(self.logger, 12) data_dic = { 'name': challenge_name, 'expires': self.expiry, 'type': mtype, 'token': token, 'authorization': authz_name, 'status': 2 } chid = self.dbstore.challenge_add(data_dic) challenge_dic = {} if chid: challenge_dic['type'] = mtype challenge_dic['url'] = '{0}{1}{2}'.format( self.server_name, self.path_dic['chall_path'], challenge_name) challenge_dic['token'] = token if mtype == 'tkauth-01': challenge_dic['tkauth-type'] = 'atc' return challenge_dic
def add(self, content, contact): """ prepare db insert and call DBstore helper """ self.logger.debug('Account.account_add()') account_name = generate_random_string(self.logger, 12) # check request if 'alg' in content and 'jwk' in content and contact: # check jwk data_dic = { 'name': account_name, 'alg': content['alg'], 'jwk': json.dumps(content['jwk']), 'contact': json.dumps(contact), } (db_name, new) = self.dbstore.account_add(data_dic) self.logger.debug('god account_name:{0} new:{1}'.format( db_name, new)) if new: code = 201 message = account_name else: code = 200 message = db_name detail = None else: code = 400 message = 'urn:ietf:params:acme:error:malformed' detail = 'incomplete protected payload' self.logger.debug('Account.account_add() ended with:{0}'.format(code)) return (code, message, detail)
def store_csr(self, order_name, csr): """ get key for a specific account id """ self.logger.debug('Certificate.store_csr({0})'.format(order_name)) certificate_name = generate_random_string(self.logger, 12) data_dic = {'order': order_name, 'csr': csr, 'name': certificate_name} self.dbstore.certificate_add(data_dic) self.logger.debug('Certificate.store_csr() ended') return certificate_name
def store_csr(self, order_name, csr): """ store csr into database """ self.logger.debug('Certificate.store_csr({0})'.format(order_name)) certificate_name = generate_random_string(self.logger, 12) data_dic = {'order' : order_name, 'csr' : csr, 'name': certificate_name} try: self.dbstore.certificate_add(data_dic) except BaseException as err_: self.logger.critical('Database error in Certificate.store_csr(): {0}'.format(err_)) self.logger.debug('Certificate.store_csr() ended') return certificate_name
def _add(self, content, contact): """ prepare db insert and call DBstore helper """ self.logger.debug('Account.account._add()') account_name = generate_random_string(self.logger, 12) # check request if 'alg' in content and 'jwk' in content: if not self.contact_check_disable and not contact: code = 400 message = 'urn:ietf:params:acme:error:malformed' detail = 'incomplete protected payload' else: # ecc_only check if self.ecc_only and not content['alg'].startswith('ES'): code = 403 message = 'urn:ietf:params:acme:error:badPublicKey' detail = 'Only ECC keys are supported' else: # check jwk data_dic = { 'name': account_name, 'alg': content['alg'], 'jwk': json.dumps(content['jwk']), 'contact': json.dumps(contact), } try: (db_name, new) = self.dbstore.account_add(data_dic) except BaseException as err_: self.logger.critical( 'Database error in Account._add(): {0}'.format( err_)) db_name = None new = False self.logger.debug('god account_name:{0} new:{1}'.format( db_name, new)) if new: code = 201 message = account_name else: code = 200 message = db_name detail = None else: code = 400 message = 'urn:ietf:params:acme:error:malformed' detail = 'incomplete protected payload' self.logger.debug('Account.account._add() ended with:{0}'.format(code)) return (code, message, detail)
def _authz_info(self, url): """ return authzs information """ self.logger.debug('Authorization._authz_info({0})'.format(url)) authz_name = url.replace('{0}{1}'.format(self.server_name, self.path_dic['authz_path']), '') expires = uts_now() + self.validity token = generate_random_string(self.logger, 32) authz_info_dic = {} # lookup authorization based on name try: authz = self.dbstore.authorization_lookup('name', authz_name) except BaseException as err_: self.logger.critical('acme2certifier database error in Authorization._authz_info(): {0}'.format(err_)) authz = None if authz: # update authorization with expiry date and token (just to be sure) try: self.dbstore.authorization_update({'name' : authz_name, 'token' : token, 'expires' : expires}) except BaseException as err_: self.logger.critical('acme2certifier database error in Authorization._authz_info(): {0}'.format(err_)) authz_info_dic['expires'] = uts_to_date_utc(expires) # get authorization information from db to be inserted in message tnauth = None try: auth_info = self.dbstore.authorization_lookup('name', authz_name, ['status__name', 'type', 'value']) except BaseException as err_: self.logger.critical('acme2certifier database error in Authorization._authz_info(): {0}'.format(err_)) auth_info = {} if auth_info: if 'status__name' in auth_info[0]: authz_info_dic['status'] = auth_info[0]['status__name'] else: authz_info_dic['status'] = 'pending' if 'type' in auth_info[0] and 'value' in auth_info[0]: authz_info_dic['identifier'] = {'type' : auth_info[0]['type'], 'value' : auth_info[0]['value']} if auth_info[0]['type'] == 'TNAuthList': tnauth = True with Challenge(self.debug, self.server_name, self.logger, expires) as challenge: # get challenge data (either existing or new ones) authz_info_dic['challenges'] = challenge.challengeset_get(authz_name, authz_info_dic['status'], token, tnauth) self.logger.debug('Authorization._authz_info() returns: {0}'.format(json.dumps(authz_info_dic))) return authz_info_dic
def authz_info(self, url): """ return authzs information """ self.logger.debug('Authorization.info({0})'.format(url)) authz_name = url.replace( '{0}{1}'.format(self.server_name, self.path_dic['authz_path']), '') expires = uts_now() + self.expiry token = generate_random_string(self.logger, 32) authz_info_dic = {} if self.dbstore.authorization_lookup('name', authz_name): # update authorization with expiry date and token (just to be sure) self.dbstore.authorization_update({ 'name': authz_name, 'token': token, 'expires': expires }) authz_info_dic['expires'] = uts_to_date_utc(expires) # get authorization information from db to be inserted in message tnauth = None auth_info = self.dbstore.authorization_lookup( 'name', authz_name, ['status__name', 'type', 'value']) if auth_info: authz_info_dic['status'] = auth_info[0]['status__name'] authz_info_dic['identifier'] = { 'type': auth_info[0]['type'], 'value': auth_info[0]['value'] } if auth_info[0]['type'] == 'TNAuthList': tnauth = True challenge = Challenge(self.debug, self.server_name, self.logger, expires) authz_info_dic['challenges'] = challenge.new_set( authz_name, token, tnauth) self.logger.debug('Authorization.authz_info() returns: {0}'.format( json.dumps(authz_info_dic))) return authz_info_dic