def _new(self, authz_name, mtype, token):
""" new challenge """
self.logger.debug('Challenge._new({0})'.format(mtype))
challenge_name = generate_random_string(self.logger, 12)
data_dic = {
'name': challenge_name,
'expires': self.expiry,
'type': mtype,
'token': token,
'authorization': authz_name,
'status': 2
}
try:
chid = self.dbstore.challenge_add(data_dic)
except BaseException as err_:
self.logger.critical(
'acme2certifier database error in Challenge._new(): {0}'.
format(err_))
chid = None
challenge_dic = {}
if chid:
challenge_dic['type'] = mtype
challenge_dic['url'] = '{0}{1}{2}'.format(
self.server_name, self.path_dic['chall_path'], challenge_name)
challenge_dic['token'] = token
if mtype == 'tkauth-01':
challenge_dic['tkauth-type'] = 'atc'
return challenge_dic
def _add(self, content, payload, contact):
""" prepare db insert and call DBstore helper """
self.logger.debug('Account.account._add()')
account_name = generate_random_string(self.logger, 12)
# check request
if 'alg' in content and 'jwk' in content:
if not self.contact_check_disable and not contact:
code = 400
message = 'urn:ietf:params:acme:error:malformed'
detail = 'incomplete protected payload'
else:
# ecc_only check
if self.ecc_only and not content['alg'].startswith('ES'):
code = 403
message = 'urn:ietf:params:acme:error:badPublicKey'
detail = 'Only ECC keys are supported'
else:
# check jwk
data_dic = {
'name': account_name,
'alg': content['alg'],
'jwk': json.dumps(content['jwk']),
'contact': json.dumps(contact),
}
# add eab_kid to data_dic if eab_check is enabled and kid is part of the request
if self.eab_check:
if payload and 'externalaccountbinding' in payload and payload['externalaccountbinding']:
if 'protected' in payload['externalaccountbinding']:
eab_kid = self._eab_kid_get(payload['externalaccountbinding']['protected'])
self.logger.info('add eab_kid: {0} to data_dic'.format(eab_kid))
if eab_kid:
data_dic['eab_kid'] = eab_kid
try:
(db_name, new) = self.dbstore.account_add(data_dic)
except BaseException as err_:
self.logger.critical('Account.account._add(): Database error: {0}'.format(err_))
db_name = None
new = False
self.logger.debug('got account_name:{0} new:{1}'.format(db_name, new))
if new:
code = 201
message = account_name
else:
code = 200
message = db_name
detail = None
else:
code = 400
message = 'urn:ietf:params:acme:error:malformed'
detail = 'incomplete protected payload'
self.logger.debug('Account.account._add() ended with:{0}'.format(code))
return(code, message, detail)
def store_csr(self, order_name, csr):
""" store csr into database """
self.logger.debug('Certificate.store_csr({0})'.format(order_name))
certificate_name = generate_random_string(self.logger, 12)
data_dic = {'order': order_name, 'csr': csr, 'name': certificate_name}
try:
self.dbstore.certificate_add(data_dic)
except BaseException as err_:
self.logger.critical(
'Database error in Certificate.store_csr(): {0}'.format(err_))
self.logger.debug('Certificate.store_csr() ended')
return certificate_name
def _authz_info(self, url):
""" return authzs information """
self.logger.debug('Authorization._authz_info({0})'.format(url))
authz_name = url.replace(
'{0}{1}'.format(self.server_name, self.path_dic['authz_path']), '')
expires = uts_now() + self.validity
token = generate_random_string(self.logger, 32)
authz_info_dic = {}
# lookup authorization based on name
try:
authz = self.dbstore.authorization_lookup('name', authz_name)
except BaseException as err_:
self.logger.critical(
'acme2certifier database error in Authorization._authz_info(): {0}'
.format(err_))
authz = None
if authz:
# update authorization with expiry date and token (just to be sure)
try:
self.dbstore.authorization_update({
'name': authz_name,
'token': token,
'expires': expires
})
except BaseException as err_:
self.logger.error(
'acme2certifier database error in Authorization._authz_info(): {0}'
.format(err_))
authz_info_dic['expires'] = uts_to_date_utc(expires)
# get authorization information from db to be inserted in message
tnauth = None
try:
auth_info = self.dbstore.authorization_lookup(
'name', authz_name, ['status__name', 'type', 'value'])
except BaseException as err_:
self.logger.error(
'acme2certifier database error in Authorization._authz_info(): {0}'
.format(err_))
auth_info = {}
if auth_info:
if 'status__name' in auth_info[0]:
authz_info_dic['status'] = auth_info[0]['status__name']
else:
authz_info_dic['status'] = 'pending'
if 'type' in auth_info[0] and 'value' in auth_info[0]:
authz_info_dic['identifier'] = {
'type': auth_info[0]['type'],
'value': auth_info[0]['value']
}
if auth_info[0]['type'] == 'TNAuthList':
tnauth = True
else:
authz_info_dic['status'] = 'pending'
with Challenge(self.debug, self.server_name, self.logger,
expires) as challenge:
# get challenge data (either existing or new ones)
authz_info_dic['challenges'] = challenge.challengeset_get(
authz_name, authz_info_dic['status'], token, tnauth)
self.logger.debug('Authorization._authz_info() returns: {0}'.format(
json.dumps(authz_info_dic)))
return authz_info_dic
def _add(self, payload, aname):
""" add order request to database """
self.logger.debug('Order._add({0})'.format(aname))
error = None
auth_dic = {}
order_name = generate_random_string(self.logger, 12)
expires = uts_now() + self.validity
if 'identifiers' in payload:
data_dic = {'status': 2, 'expires': expires, 'account': aname}
data_dic['name'] = order_name
data_dic['identifiers'] = json.dumps(payload['identifiers'])
#if 'notBefore' in payload:
# data_dic['notbefore'] = payload['notBefore']
#if 'notAfter' in payload:
# data_dic['notafter'] = payload['notAfter']
# check identifiers
error = self._identifiers_check(payload['identifiers'])
# change order status if needed
if error:
data_dic['status'] = 1
try:
# add order to db
oid = self.dbstore.order_add(data_dic)
except BaseException as err_:
self.logger.critical(
'acme2certifier database error in Order._add() order: {0}'.
format(err_))
oid = None
if not error:
if oid:
error = None
for auth in payload['identifiers']:
# generate name
auth_name = generate_random_string(self.logger, 12)
# store to return to upper func
auth_dic[auth_name] = auth.copy()
auth['name'] = auth_name
auth['order'] = oid
auth['status'] = 'pending'
auth['expires'] = uts_now() + self.authz_validity
try:
self.dbstore.authorization_add(auth)
except BaseException as err_:
self.logger.critical(
'acme2certifier database error in Order._add() authz: {0}'
.format(err_))
else:
error = 'urn:ietf:params:acme:error:malformed'
else:
error = 'urn:ietf:params:acme:error:unsupportedIdentifier'
self.logger.debug('Order._add() ended')
return (error, order_name, auth_dic, uts_to_date_utc(expires))