sicceggetools/acme/client.py

   1 #!/usr/bin/python
   2
   3 import logging
   4 from socket import getfqdn
   5
   6
   7 from cryptography.hazmat.backends import default_backend
   8 from cryptography.hazmat.primitives import serialization
   9
  10 from acme import client
  11 from acme import jose
  12 from acme import messages
  13
  14 import OpenSSL
  15
  16 from .            import constants
  17 from .authorize   import authorize
  18 from .certificate import Certificate
  19
  20
  21
  22 class Client(object):
  23     def __init__(self, inventory, settings):
  24         self._inventory = inventory
  25         self._settings = settings
  26         self._client = None
  27
  28
  29     def _get_client(self):
  30         if self._client is None:
  31             logging.info("Loading account key")
  32             with open("data/account.key.pem", "rb") as keyfd:
  33                 private_key = serialization.load_pem_private_key(
  34                     keyfd.read(),
  35                     password=None,
  36                     backend=default_backend()
  37                     )
  38
  39             logging.info("Loading account registration")
  40             with open("data/registration.json", "rb") as regfd:
  41                 registration = messages.RegistrationResource.json_loads(regfd.read())
  42
  43             account_key = jose.JWKRSA(key=private_key)
  44             acme_client = client.Client(constants.DIRECTORY_URL, account_key)
  45             self._client = registration, acme_client, account_key
  46
  47         return self._client
  48
  49
  50     def get_certificate(self, cname, servicetype):
  51         sans = self._inventory.get_sans(getfqdn(), servicetype, cname)
  52
  53         _, acme_client, _ = self._get_client()
  54         authorizations = authorize(sans, self._get_client(), self._settings)
  55         certificate = Certificate(servicetype, cname, sans)
  56
  57         orequest = OpenSSL.crypto.load_certificate_request(
  58             OpenSSL.crypto.FILETYPE_PEM, certificate.asString())
  59
  60         jrequest = jose.util.ComparableX509(orequest)
  61         cert = acme_client.request_issuance(jrequest, authorizations)
  62         chain = acme_client.fetch_chain(cert)
  63
  64         certificate.save(cert, chain)
  65
  66         logging.info("CName: %s", cname)
  67         logging.info("SANs: %s", sans)