def to_json(self): """Prepare JSON serializable object.""" return { 'alg': self.alg, 'sig': jose.b64encode(self.sig), 'nonce': jose.b64encode(self.nonce), 'jwk': self.jwk, }
def setUp(self): refresh = 'https://example.com/refresh/Dr8eAwTVQfSS/' from letsencrypt.acme.messages import Certificate self.msg = Certificate(certificate=CERT, chain=[CERT], refresh=refresh) self.jmsg = { 'type': 'certificate', 'certificate': jose.b64encode(CERT.as_der()), 'chain': [jose.b64encode(CERT.as_der())], 'refresh': refresh, }
def setUp(self): refresh = 'https://example.com/refresh/Dr8eAwTVQfSS/' from letsencrypt.acme.messages import Certificate self.msg = Certificate( certificate=CERT, chain=[CERT], refresh=refresh) self.jmsg = { 'type': 'certificate', 'certificate': jose.b64encode(CERT.as_der()), 'chain': [jose.b64encode(CERT.as_der())], 'refresh': refresh, }
def setUp(self): jwk = jose.JWKRSA(key=KEY.publickey()) issuers = ( 'C=US, O=SuperT LLC, CN=SuperTrustworthy Public CA', 'O=LessTrustworthy CA Inc, CN=LessTrustworthy But StillSecure', ) cert_fingerprints = ( '93416768eb85e33adc4277f4c9acd63e7418fcfe', '16d95b7b63f1972b980b14c20291f3c0d1855d95', '48b46570d9fc6358108af43ad1649484def0debf', ) subject_key_identifiers = ('d0083162dcc4c8a23ecb8aecbd86120e56fd24e5') authorized_for = ('www.example.com', 'example.net') serial_numbers = (34234239832, 23993939911, 17) from letsencrypt.acme.challenges import ProofOfPossession self.msg = ProofOfPossession.Hints( jwk=jwk, issuers=issuers, cert_fingerprints=cert_fingerprints, certs=(CERT,), subject_key_identifiers=subject_key_identifiers, authorized_for=authorized_for, serial_numbers=serial_numbers) self.jmsg_to = { 'jwk': jwk, 'certFingerprints': cert_fingerprints, 'certs': (jose.b64encode(CERT.as_der()),), 'subjectKeyIdentifiers': subject_key_identifiers, 'serialNumbers': serial_numbers, 'issuers': issuers, 'authorizedFor': authorized_for, } self.jmsg_from = self.jmsg_to.copy() self.jmsg_from.update({'jwk': jwk.to_json()})
def dvsni_gen_cert(name, r_b64, nonce, key): """Generate a DVSNI cert and save it to filepath. :param str name: domain to validate :param str r_b64: jose base64 encoded dvsni r value :param str nonce: hex value of nonce :param key: Key to perform challenge :type key: :class:`letsencrypt.client.le_util.Key` :returns: tuple of (cert_pem, s) where cert_pem is the certificate in pem form s is the dvsni s value, jose base64 encoded :rtype: tuple """ # Generate S dvsni_s = Random.get_random_bytes(constants.S_SIZE) dvsni_r = jose.b64decode(r_b64) # Generate extension ext = _dvsni_gen_ext(dvsni_r, dvsni_s) cert_pem = crypto_util.make_ss_cert( key.pem, [nonce + constants.DVSNI_DOMAIN_SUFFIX, name, ext]) return cert_pem, jose.b64encode(dvsni_s)
def setUp(self): refresh = 'https://example.com/refresh/Dr8eAwTVQfSS/' from letsencrypt.acme.messages import Certificate self.msg = Certificate( certificate=CERT, chain=(CERT,), refresh=refresh) self.jmsg_to = { 'type': 'certificate', 'certificate': jose.b64encode(CERT.as_der()), 'chain': (jose.b64encode(CERT.as_der()),), 'refresh': refresh, } self.jmsg_from = self.jmsg_to.copy() # TODO: schema validation array tuples self.jmsg_from['chain'] = list(self.jmsg_from['chain'])
def setUp(self): refresh = 'https://example.com/refresh/Dr8eAwTVQfSS/' from letsencrypt.acme.messages import Certificate self.msg = Certificate( certificate=CERT, chain=(CERT,), refresh=refresh) self.jmsg_to = { 'type': 'certificate', 'certificate': jose.b64encode(CERT.as_der()), 'chain': (jose.b64encode(CERT.as_der()),), 'refresh': refresh, } self.jmsg_from = self.jmsg_to.copy() # TODO: schema validation array tuples self.jmsg_from['chain'] = list(self.jmsg_from['chain'])
def dvsni_gen_cert(name, r_b64, nonce, key): """Generate a DVSNI cert and save it to filepath. :param str name: domain to validate :param str r_b64: jose base64 encoded dvsni r value :param str nonce: hex value of nonce :param key: Key to perform challenge :type key: :class:`letsencrypt.client.le_util.Key` :returns: tuple of (cert_pem, s) where cert_pem is the certificate in pem form s is the dvsni s value, jose base64 encoded :rtype: tuple """ # Generate S dvsni_s = Random.get_random_bytes(constants.S_SIZE) dvsni_r = jose.b64decode(r_b64) # Generate extension ext = _dvsni_gen_ext(dvsni_r, dvsni_s) cert_pem = crypto_util.make_ss_cert( key.pem, [nonce + constants.DVSNI_DOMAIN_SUFFIX, name, ext]) return cert_pem, jose.b64encode(dvsni_s)
def _fields_to_json(self): fields = { "sessionID": self.session_id, "nonce": jose.b64encode(self.nonce), "challenges": self.challenges, } if self.combinations: fields["combinations"] = self.combinations return fields
def _fields_to_json(self): fields = { "sessionID": self.session_id, "nonce": jose.b64encode(self.nonce), "challenges": self.challenges, } if self.combinations: fields["combinations"] = self.combinations return fields
def _fields_to_json(self): fields = { "sessionID": self.session_id, "nonce": jose.b64encode(self.nonce), "responses": self.responses, "signature": self.signature, } if self.contact: fields["contact"] = self.contact return fields
def _fields_to_json(self): fields = { "sessionID": self.session_id, "nonce": jose.b64encode(self.nonce), "responses": self.responses, "signature": self.signature, } if self.contact: fields["contact"] = self.contact return fields
def setUp(self): from letsencrypt.client.standalone_authenticator import \ StandaloneAuthenticator self.authenticator = StandaloneAuthenticator() name, r_b64 = "example.com", jose.b64encode("x" * 32) test_key = pkg_resources.resource_string(__name__, "testdata/rsa256_key.pem") nonce, key = "abcdef", le_util.Key("foo", test_key) self.cert = challenge_util.dvsni_gen_cert(name, r_b64, nonce, key)[0] private_key = OpenSSL.crypto.load_privatekey( OpenSSL.crypto.FILETYPE_PEM, key.pem) self.authenticator.private_key = private_key self.authenticator.tasks = {"abcdef.acme.invalid": self.cert} self.authenticator.child_pid = 12345
def test_standard(self): """Basic test for straightline code.""" domain = "example.com" dvsni_r = "r_value" r_b64 = jose.b64encode(dvsni_r) pem = pkg_resources.resource_string( __name__, os.path.join("testdata", "rsa256_key.pem")) key = le_util.Key("path", pem) nonce = "12345ABCDE" cert_pem, s_b64 = self._call(domain, r_b64, nonce, key) # pylint: disable=protected-access ext = challenge_util._dvsni_gen_ext(dvsni_r, jose.b64decode(s_b64)) self._standard_check_cert(cert_pem, domain, nonce, ext)
def test_standard(self): """Basic test for straightline code.""" domain = "example.com" dvsni_r = "r_value" r_b64 = jose.b64encode(dvsni_r) pem = pkg_resources.resource_string( __name__, os.path.join("testdata", "rsa256_key.pem")) key = le_util.Key("path", pem) nonce = "12345ABCDE" cert_pem, s_b64 = self._call(domain, r_b64, nonce, key) # pylint: disable=protected-access ext = challenge_util._dvsni_gen_ext( dvsni_r, jose.b64decode(s_b64)) self._standard_check_cert(cert_pem, domain, nonce, ext)
def setUp(self): signature = other.Signature( alg='RS256', jwk=jose.JWK(key=KEY.publickey()), sig='\x15\xed\x84\xaa:\xf2DO\x0e9 \xbcg\xf8\xc0\xcf\x87\x9a' '\x95\xeb\xffT[\x84[\xec\x85\x7f\x8eK\xe9\xc2\x12\xc8Q' '\xafo\xc6h\x07\xba\xa6\xdf\xd1\xa7"$\xba=Z\x13n\x14\x0b' 'k\xfe\xee\xb4\xe4\xc8\x05\x9a\x08\xa7', nonce='\xec\xd6\xf2oYH\xeb\x13\xd5#q\xe0\xdd\xa2\x92\xa9') from letsencrypt.acme.messages import CertificateRequest self.msg = CertificateRequest(csr=CSR, signature=signature) self.jmsg = { 'type': 'certificateRequest', 'csr': jose.b64encode(CSR.as_der()), 'signature': signature, }
def setUp(self): signature = other.Signature( alg='RS256', jwk=jose.JWK(key=KEY.publickey()), sig='\x15\xed\x84\xaa:\xf2DO\x0e9 \xbcg\xf8\xc0\xcf\x87\x9a' '\x95\xeb\xffT[\x84[\xec\x85\x7f\x8eK\xe9\xc2\x12\xc8Q' '\xafo\xc6h\x07\xba\xa6\xdf\xd1\xa7"$\xba=Z\x13n\x14\x0b' 'k\xfe\xee\xb4\xe4\xc8\x05\x9a\x08\xa7', nonce='\xec\xd6\xf2oYH\xeb\x13\xd5#q\xe0\xdd\xa2\x92\xa9') from letsencrypt.acme.messages import CertificateRequest self.msg = CertificateRequest(csr=CSR, signature=signature) self.jmsg = { 'type': 'certificateRequest', 'csr': jose.b64encode(CSR.as_der()), 'signature': signature, }
def setUp(self): self.sig_nonce = '\xec\xd6\xf2oYH\xeb\x13\xd5#q\xe0\xdd\xa2\x92\xa9' signature = other.Signature( alg='RS256', jwk=jose.JWK(key=KEY.publickey()), sig='eJ\xfe\x12"U\x87\x8b\xbf/ ,\xdeP\xb2\xdc1\xb00\xe5\x1dB' '\xfch<\xc6\x9eH@!\x1c\x16\xb2\x0b_\xc4\xddP\x89\xc8\xce?' '\x16g\x069I\xb9\xb3\x91\xb9\x0e$3\x9f\x87\x8e\x82\xca\xc5' 's\xd9\xd0\xe7', nonce=self.sig_nonce) from letsencrypt.acme.messages import RevocationRequest self.msg = RevocationRequest(certificate=CERT, signature=signature) self.jmsg = { 'type': 'revocationRequest', 'certificate': jose.b64encode(CERT.as_der()), 'signature': signature, }
def setUp(self): self.sig_nonce = '\xec\xd6\xf2oYH\xeb\x13\xd5#q\xe0\xdd\xa2\x92\xa9' signature = other.Signature( alg='RS256', jwk=jose.JWK(key=KEY.publickey()), sig='eJ\xfe\x12"U\x87\x8b\xbf/ ,\xdeP\xb2\xdc1\xb00\xe5\x1dB' '\xfch<\xc6\x9eH@!\x1c\x16\xb2\x0b_\xc4\xddP\x89\xc8\xce?' '\x16g\x069I\xb9\xb3\x91\xb9\x0e$3\x9f\x87\x8e\x82\xca\xc5' 's\xd9\xd0\xe7', nonce=self.sig_nonce) from letsencrypt.acme.messages import RevocationRequest self.msg = RevocationRequest(certificate=CERT, signature=signature) self.jmsg = { 'type': 'revocationRequest', 'certificate': jose.b64encode(CERT.as_der()), 'signature': signature, }
def setUp(self): jwk = jose.JWKRSA(key=KEY.publickey()) issuers = ( 'C=US, O=SuperT LLC, CN=SuperTrustworthy Public CA', 'O=LessTrustworthy CA Inc, CN=LessTrustworthy But StillSecure', ) cert_fingerprints = ( '93416768eb85e33adc4277f4c9acd63e7418fcfe', '16d95b7b63f1972b980b14c20291f3c0d1855d95', '48b46570d9fc6358108af43ad1649484def0debf', ) subject_key_identifiers = ('d0083162dcc4c8a23ecb8aecbd86120e56fd24e5') authorized_for = ('www.example.com', 'example.net') serial_numbers = (34234239832, 23993939911, 17) from letsencrypt.acme.challenges import ProofOfPossession self.msg = ProofOfPossession.Hints( jwk=jwk, issuers=issuers, cert_fingerprints=cert_fingerprints, certs=(CERT, ), subject_key_identifiers=subject_key_identifiers, authorized_for=authorized_for, serial_numbers=serial_numbers) self.jmsg_to = { 'jwk': jwk, 'certFingerprints': cert_fingerprints, 'certs': (jose.b64encode(CERT.as_der()), ), 'subjectKeyIdentifiers': subject_key_identifiers, 'serialNumbers': serial_numbers, 'issuers': issuers, 'authorizedFor': authorized_for, } self.jmsg_from = self.jmsg_to.copy() self.jmsg_from.update({'jwk': jwk.fully_serialize()})
def _call(cls, data): from letsencrypt.acme.jose import b64encode return b64encode(data)
def _encode_csr(cls, csr): return jose.b64encode(csr.as_der())
def _encode_cert(cls, cert): return jose.b64encode(cert.as_der())
def _call(cls, data): from letsencrypt.acme.jose import b64encode return b64encode(data)
def _encode_cert(cls, cert): return jose.b64encode(cert.as_der())
def _encode_csr(cls, csr): return jose.b64encode(csr.as_der())