def _normalize_san(self, san): if san.startswith('IP Address:'): san = 'IP:' + san[len('IP Address:'):] if san.startswith('IP:'): ip = compat_ipaddress.ip_address(san[3:]) san = 'IP:{0}'.format(ip.compressed) return san
def _normalize_ip(ip): try: return to_native( compat_ipaddress.ip_address(to_text(ip)).compressed) except ValueError: # We don't want to error out on something IPAddress() can't parse return ip
def _normalize_san(self, san): # apparently openssl returns 'IP address' not 'IP' as specifier when converting the subjectAltName to string # although it won't accept this specifier when generating the CSR. (https://github.com/openssl/openssl/issues/4004) if san.startswith('IP Address:'): san = 'IP:' + san[len('IP Address:'):] if san.startswith('IP:'): ip = compat_ipaddress.ip_address(san[3:]) san = 'IP:{0}'.format(ip.compressed) return san
def get_validation_data(self, client, identifier_type, identifier): token = re.sub(r"[^A-Za-z0-9_\-]", "_", self.token) key_authorization = create_key_authorization(client, token) if self.type == 'http-01': # https://tools.ietf.org/html/rfc8555#section-8.3 return { 'resource': '.well-known/acme-challenge/{token}'.format(token=token), 'resource_value': key_authorization, } if self.type == 'dns-01': if identifier_type != 'dns': return None # https://tools.ietf.org/html/rfc8555#section-8.4 resource = '_acme-challenge' value = nopad_b64( hashlib.sha256(to_bytes(key_authorization)).digest()) record = (resource + identifier[1:]) if identifier.startswith( '*.') else '{0}.{1}'.format(resource, identifier) return { 'resource': resource, 'resource_value': value, 'record': record, } if self.type == 'tls-alpn-01': # https://www.rfc-editor.org/rfc/rfc8737.html#section-3 if identifier_type == 'ip': # IPv4/IPv6 address: use reverse mapping (RFC1034, RFC3596) resource = compat_ipaddress.ip_address( identifier).reverse_pointer if not resource.endswith('.'): resource += '.' else: resource = identifier value = base64.b64encode( hashlib.sha256(to_bytes(key_authorization)).digest()) return { 'resource': resource, 'resource_original': combine_identifier(identifier_type, identifier), 'resource_value': value, } # Unknown challenge type: ignore return None
def pyopenssl_normalize_name_attribute(san): # apparently openssl returns 'IP address' not 'IP' as specifier when converting the subjectAltName to string # although it won't accept this specifier when generating the CSR. (https://github.com/openssl/openssl/issues/4004) if san.startswith('IP Address:'): san = 'IP:' + san[len('IP Address:'):] if san.startswith('IP:'): ip = compat_ipaddress.ip_address(san[3:]) san = 'IP:{0}'.format(ip.compressed) if san.startswith('Registered ID:'): san = 'RID:' + san[len('Registered ID:'):] # Some versions of OpenSSL apparently forgot the colon. Happens in CI with Ubuntu 16.04 and FreeBSD 11.1 if san.startswith('Registered ID'): san = 'RID:' + san[len('Registered ID'):] return san
def _normalize_ipaddr(ipaddr): return ipaddress.ip_address(ipaddr).compressed