]>
git.siccegge.de Git - tooling/letool.git/blob - sicceggetools/acme/client.py
4 from socket
import getfqdn
7 from cryptography
.hazmat
.backends
import default_backend
8 from cryptography
.hazmat
.primitives
import serialization
10 from acme
import client
12 from acme
import messages
16 from . import constants
17 from .authorize
import authorize
18 from .certificate
import Certificate
23 def __init__(self
, inventory
, settings
):
24 self
._inventory
= inventory
25 self
._settings
= settings
29 def _get_client(self
):
30 if self
._client
is None:
31 logging
.info("Loading account key")
32 with
open("data/account.key.pem", "rb") as keyfd
:
33 private_key
= serialization
.load_pem_private_key(
36 backend
=default_backend()
39 logging
.info("Loading account registration")
40 with
open("data/registration.json", "rb") as regfd
:
41 registration
= messages
.RegistrationResource
.json_loads(regfd
.read())
43 account_key
= jose
.JWKRSA(key
=private_key
)
44 acme_client
= client
.Client(constants
.DIRECTORY_URL
, account_key
)
45 self
._client
= registration
, acme_client
, account_key
50 def get_certificate(self
, cname
, servicetype
):
51 sans
= self
._inventory
.get_sans(getfqdn(), servicetype
, cname
)
53 _
, acme_client
, _
= self
._get
_client
()
54 authorizations
= authorize(sans
, self
._get
_client
(), self
._settings
)
55 certificate
= Certificate(servicetype
, cname
, sans
)
57 orequest
= OpenSSL
.crypto
.load_certificate_request(
58 OpenSSL
.crypto
.FILETYPE_PEM
, certificate
.asString())
60 jrequest
= jose
.util
.ComparableX509(orequest
)
61 cert
= acme_client
.request_issuance(jrequest
, authorizations
)
62 chain
= acme_client
.fetch_chain(cert
)
64 certificate
.save(cert
, chain
)
66 logging
.info("CName: %s", cname
)
67 logging
.info("SANs: %s", sans
)