sicceggetools/acme/authorize.py

   1 #!/usr/bin/python
   2
   3 from functools import partial
   4 import logging
   5 import os.path
   6 import time
   7
   8 import pexpect
   9
  10 from acme import messages
  11 from acme import challenges
  12
  13
  14 def _authorize_dns01(san, validation):
  15     logging.info("Using DNS-01 for %s", san)
  16     ssh = pexpect.spawn("ssh _tls@ns1.siccegge.de acme")
  17     ssh.expect("Hostname:")
  18     ssh.sendline(san)
  19     ssh.expect("Value:")
  20     ssh.sendline(validation)
  21     ssh.expect("OK")
  22
  23
  24 def _authorize_http01(san, key_auth):
  25     logging.info("Using HTTP-01 for %s", san)
  26     with open(os.path.join('/srv/tls/http-01/', key_auth.split('.')[0]), 'w') as fd:
  27         fd.write(key_auth)
  28
  29
  30 def _authorize_challenge(san, thechallenges, client, settings=None):
  31     _, acme_client, account_key = client
  32     responsefun = None
  33
  34     for challenge in thechallenges:
  35         if settings.use_method("HTTP01", san, settings) and isinstance(challenge.chall, challenges.HTTP01):
  36             def _response(challenge):
  37                 response = challenges.HTTP01Response(key_authorization=challenge.key_authorization(account_key))
  38                 acme_client.answer_challenge(challenge, response)
  39
  40             _authorize_http01(san, challenge.key_authorization(account_key))
  41             responsefun = partial(_response, challenge)
  42
  43         elif settings.use_method("DNS01", san, settings) and isinstance(challenge.chall, challenges.DNS01):
  44             def _response(challenge):
  45                 response = challenges.DNS01Response(key_authorization=challenge.key_authorization(account_key))
  46                 acme_client.answer_challenge(challenge, response)
  47
  48             _authorize_dns01(san, challenge.validation(account_key))
  49             responsefun = partial(_response, challenge)
  50
  51     return responsefun
  52
  53
  54 def authorize(sans, client, settings=None):
  55     registration, acme_client, _ = client
  56     authorizations = []
  57     responsefuns = []
  58
  59     for san in sans:
  60         authzr = acme_client.request_challenges(
  61             identifier=messages.Identifier(typ=messages.IDENTIFIER_FQDN, value=san),
  62             new_authzr_uri=registration.new_authzr_uri)
  63         authorizations.append(authzr)
  64
  65         result = _authorize_challenge(san, authzr.body.challenges, client, settings)
  66         if result is None:
  67             logging.warn("fallthrough")
  68         else:
  69             responsefuns.append(result)
  70
  71     time.sleep(5)
  72     for respfun in responsefuns:
  73         respfun()
  74
  75     while True:
  76         logging.info("sleeping")
  77         time.sleep(5)
  78         new_authorizations = []
  79         for authorization in authorizations:
  80             new_auth, _ = acme_client.poll(authorization)
  81             new_authorizations.append(new_auth)
  82             if new_auth.body.status != messages.Status("valid"):
  83                 break
  84         else:
  85             return new_authorizations