]>
git.siccegge.de Git - tooling/letool.git/blob - sicceggetools/acme/authorize.py
3 from functools
import partial
10 from acme
import messages
11 from acme
import challenges
14 def _authorize_dns01(san
, validation
):
15 logging
.info("Using DNS-01 for %s", san
)
16 ssh
= pexpect
.spawn("ssh _tls@ns1.siccegge.de acme")
17 ssh
.expect("Hostname:")
20 ssh
.sendline(validation
)
24 def _authorize_http01(san
, key_auth
):
25 logging
.info("Using HTTP-01 for %s", san
)
26 with
open(os
.path
.join('/srv/tls/http-01/', key_auth
.split('.')[0]), 'w') as fd
:
30 def _authorize_challenge(san
, thechallenges
, client
, settings
=None):
31 _
, acme_client
, account_key
= client
34 for challenge
in thechallenges
:
35 if settings
.use_method("HTTP01", san
, settings
) and isinstance(challenge
.chall
, challenges
.HTTP01
):
36 def _response(challenge
):
37 response
= challenges
.HTTP01Response(key_authorization
=challenge
.key_authorization(account_key
))
38 acme_client
.answer_challenge(challenge
, response
)
40 _authorize_http01(san
, challenge
.key_authorization(account_key
))
41 responsefun
= partial(_response
, challenge
)
43 elif settings
.use_method("DNS01", san
, settings
) and isinstance(challenge
.chall
, challenges
.DNS01
):
44 def _response(challenge
):
45 response
= challenges
.DNS01Response(key_authorization
=challenge
.key_authorization(account_key
))
46 acme_client
.answer_challenge(challenge
, response
)
48 _authorize_dns01(san
, challenge
.validation(account_key
))
49 responsefun
= partial(_response
, challenge
)
54 def authorize(sans
, client
, settings
=None):
55 registration
, acme_client
, _
= client
60 authzr
= acme_client
.request_challenges(
61 identifier
=messages
.Identifier(typ
=messages
.IDENTIFIER_FQDN
, value
=san
),
62 new_authzr_uri
=registration
.new_authzr_uri
)
63 authorizations
.append(authzr
)
65 result
= _authorize_challenge(san
, authzr
.body
.challenges
, client
, settings
)
67 logging
.warn("fallthrough")
69 responsefuns
.append(result
)
72 for respfun
in responsefuns
:
76 logging
.info("sleeping")
78 new_authorizations
= []
79 for authorization
in authorizations
:
80 new_auth
, _
= acme_client
.poll(authorization
)
81 new_authorizations
.append(new_auth
)
82 if new_auth
.body
.status
!= messages
.Status("valid"):
85 return new_authorizations