def decode_csr(b64der): """Decode JOSE Base-64 DER-encoded CSR.""" try: return util.ComparableX509( M2Crypto.X509.load_request_der_string(decode_b64jose(b64der))) except M2Crypto.X509.X509Error as error: raise errors.DeserializationError(error)
def _acme_revoke(self, cert): """Revoke the certificate with the ACME server. :param cert: certificate to revoke :type cert: :class:`letsencrypt.revoker.Cert` :returns: TODO """ # These will both have to change in the future away from M2Crypto # pylint: disable=protected-access certificate = jose_util.ComparableX509(cert._cert) try: with open(cert.backup_key_path, "rU") as backup_key_file: key = Crypto.PublicKey.RSA.importKey(backup_key_file.read()) # If the key file doesn't exist... or is corrupted except (IndexError, ValueError, TypeError): raise errors.LetsEncryptRevokerError( "Corrupted backup key file: %s" % cert.backup_key_path) # TODO: Catch error associated with already revoked and proceed. return self.network.send_and_receive_expected( messages.RevocationRequest.create(certificate=certificate, key=key), messages.Revocation)
def x5c(value): # pylint: disable=missing-docstring,no-self-argument try: return tuple( util.ComparableX509( M2Crypto.X509.load_cert_der_string(base64.b64decode(cert))) for cert in value) except M2Crypto.X509.X509Error as error: raise errors.DeserializationError(error)
def x5c(value): # pylint: disable=missing-docstring,no-self-argument try: return tuple( util.ComparableX509( OpenSSL.crypto.load_certificate( OpenSSL.crypto.FILETYPE_ASN1, base64.b64decode(cert))) for cert in value) except OpenSSL.crypto.Error as error: raise errors.DeserializationError(error)
def decode_csr(b64der): """Decode JOSE Base-64 DER-encoded CSR. :param unicode b64der: :rtype: `OpenSSL.crypto.X509Req` wrapped in `.ComparableX509` """ try: return util.ComparableX509(OpenSSL.crypto.load_certificate_request( OpenSSL.crypto.FILETYPE_ASN1, decode_b64jose(b64der))) except OpenSSL.crypto.Error as error: raise errors.DeserializationError(error)
def _acme_revoke(self, cert): """Revoke the certificate with the ACME server. :param cert: certificate to revoke :type cert: :class:`letsencrypt.revoker.Cert` :returns: TODO """ # XXX | pylint: disable=unused-variable # pylint: disable=protected-access certificate = jose_util.ComparableX509(cert._cert) try: with open(cert.backup_key_path, "rU") as backup_key_file: key = OpenSSL.crypto.load_privatekey( OpenSSL.crypto.FILETYPE_PEM, backup_key_file.read()) # If the key file doesn't exist... or is corrupted except OpenSSL.crypto.Error as error: logger.debug(error, exc_info=True) raise errors.RevokerError("Corrupted backup key file: %s" % cert.backup_key_path) return self.acme.revoke(cert=None) # XXX
def _acme_revoke(self, cert): """Revoke the certificate with the ACME server. :param cert: certificate to revoke :type cert: :class:`letsencrypt.revoker.Cert` :returns: TODO """ # XXX | pylint: disable=unused-variable # These will both have to change in the future away from M2Crypto # pylint: disable=protected-access certificate = jose_util.ComparableX509(cert._cert) try: with open(cert.backup_key_path, "rU") as backup_key_file: key = Crypto.PublicKey.RSA.importKey(backup_key_file.read()) # If the key file doesn't exist... or is corrupted except (IndexError, ValueError, TypeError): raise errors.RevokerError("Corrupted backup key file: %s" % cert.backup_key_path) return self.network.revoke(cert=None) # XXX
import os import pkg_resources import unittest import Crypto.PublicKey.RSA import M2Crypto import mock from acme.jose import b64 from acme.jose import errors from acme.jose import jwa from acme.jose import jwk from acme.jose import util CERT = util.ComparableX509( M2Crypto.X509.load_cert( pkg_resources.resource_filename('letsencrypt.tests', 'testdata/cert.pem'))) RSA512_KEY = Crypto.PublicKey.RSA.importKey( pkg_resources.resource_string(__name__, os.path.join('testdata', 'rsa512_key.pem'))) class MediaTypeTest(unittest.TestCase): """Tests for acme.jose.jws.MediaType.""" def test_decode(self): from acme.jose.jws import MediaType self.assertEqual('application/app', MediaType.decode('application/app')) self.assertEqual('application/app', MediaType.decode('app')) self.assertRaises(errors.DeserializationError, MediaType.decode, 'app;foo')