def download_certificate(self):
self.logger.info("Downloading certificate to cert.pem")
r = util.acme_server_request(self, self.acme_certificate_url, "")
self.acme_certificate_str = r.content.decode("utf-8")
self.acme_certificate = crypto.pem_to_der_certificate(r.content)
crypto.write_certificate(r.content, 'cert.pem')
self.logger.debug(self.acme_certificate)
def http_01_challenge(self):
self.logger.info("Performing http-01 challenge")
for challenge in self.acme_challenges:
token = challenge["token"]
chall_url = challenge["url"]
key_auth = crypto.get_key_authorization(token, self.jwk)
zone = ". 60 IN A " + self.record_addr
resolver = DnsResolver(zone)
dns_server = DNSServer(resolver,
address=self.record_addr,
port=10053)
dns_server.start_thread()
challenge_server = ChallengeServer(token, key_auth,
self.record_addr)
challenge_server.start()
r_dict = util.acme_server_request(self, chall_url, {}).json()
self.logger.debug(r_dict)
_dict = util.poll_acme_server(self, challenge['auth_url'], "",
"valid")
self.logger.debug(r_dict)
challenge_server.terminate()
challenge_server.join()
dns_server.stop()
return
def dns_01_challenge(self):
self.logger.info("Performing dns-01 challenge")
for challenge in self.acme_challenges:
token = challenge["token"]
chall_url = challenge["url"]
key_auth = crypto.get_key_authorization(token, self.jwk)
hashed_key_auth = hashlib.sha256(key_auth.encode('utf-8')).digest()
hashed_key_auth = util.to_base64(hashed_key_auth)
zone = ". 300 IN TXT " + hashed_key_auth
resolver = DnsResolver(zone)
dns_server = DNSServer(resolver,
address=self.record_addr,
port=10053)
dns_server.start_thread()
r_dict = util.acme_server_request(self, chall_url, {}).json()
self.logger.debug(r_dict)
r_dict = util.poll_acme_server(self, challenge['auth_url'], "",
"valid")
self.logger.debug(r_dict)
dns_server.stop()
return
def get_challenges(self, challenge_type='http-01'):
self.logger.info("Fetching Challenges")
self.acme_challenges = []
for url in self.acme_authorization_urls:
r_dict = util.acme_server_request(self, url, "").json()
cur_challenge = util.extract_challenges_dict(
r_dict, url, challenge_type)
self.acme_challenges.append(cur_challenge)
self.logger.debug(self.acme_challenges)
def finalize_order(self):
self.logger.info("Finalizing Order!")
request = crypto.get_csr(self.domains, self.certificate_private_key)
payload = {'csr': request}
r = util.acme_server_request(self, self.acme_finalize_url, payload)
r_dict = r.json()
self.logger.debug(r_dict)
r_dict = util.poll_acme_server(self, self.acme_order_url, "", 'valid')
self.acme_certificate_url = r_dict['certificate']
self.logger.debug(r_dict)
def submit_order(self, order_domains):
self.logger.info("Submitting a new order")
url = self.acme_newOrder_url
identifiers = []
for domain in order_domains:
identifiers.append({"type": "dns", "value": domain})
payload = {"identifiers": identifiers}
r = util.acme_server_request(self, url, payload)
r_dict = r.json()
self.acme_authorization_urls = r_dict['authorizations']
self.acme_finalize_url = r_dict['finalize']
self.acme_order_url = r.headers['Location']
self.logger.debug(r_dict)
self.logger.debug(r.headers)
def revoke_certificate(self):
self.logger.info("Revoking Certificate")
cert = util.to_base64(self.acme_certificate)
payload = {'certificate': cert}
r = util.acme_server_request(self, self.acme_revokeCert_url, payload)
self.logger.debug(r.headers)