--- /dev/null
+#!/usr/bin/python
+
+from functools import partial
+import logging
+import os.path
+import time
+
+import pexpect
+
+from acme import messages
+from acme import challenges
+
+
+def _authorize_dns01(san, validation):
+ logging.info("Using DNS-01 for %s", san)
+ ssh = pexpect.spawn("ssh _tls@ns1.siccegge.de acme")
+ ssh.expect("Hostname:")
+ ssh.sendline(san)
+ ssh.expect("Value:")
+ ssh.sendline(validation)
+ ssh.expect("OK")
+
+
+def _authorize_http01(san, key_auth):
+ logging.info("Using HTTP-01 for %s", san)
+ with open(os.path.join('/srv/tls/http-01/', key_auth.split('.')[0]), 'w') as fd:
+ fd.write(key_auth)
+
+
+def _authorize_challenge(san, thechallenges, client, settings=None):
+ _, acme_client, account_key = client
+ responsefun = None
+
+ for challenge in thechallenges:
+ if settings.use_method("HTTP01", san, settings) and isinstance(challenge.chall, challenges.HTTP01):
+ def _response(challenge):
+ response = challenges.HTTP01Response(key_authorization=challenge.key_authorization(account_key))
+ acme_client.answer_challenge(challenge, response)
+
+ _authorize_http01(san, challenge.key_authorization(account_key))
+ responsefun = partial(_response, challenge)
+
+ elif settings.use_method("DNS01", san, settings) and isinstance(challenge.chall, challenges.DNS01):
+ def _response(challenge):
+ response = challenges.DNS01Response(key_authorization=challenge.key_authorization(account_key))
+ acme_client.answer_challenge(challenge, response)
+
+ _authorize_dns01(san, challenge.validation(account_key))
+ responsefun = partial(_response, challenge)
+
+ return responsefun
+
+
+def authorize(sans, client, settings=None):
+ registration, acme_client, _ = client
+ authorizations = []
+ responsefuns = []
+
+ for san in sans:
+ authzr = acme_client.request_challenges(
+ identifier=messages.Identifier(typ=messages.IDENTIFIER_FQDN, value=san),
+ new_authzr_uri=registration.new_authzr_uri)
+ authorizations.append(authzr)
+
+ result = _authorize_challenge(san, authzr.body.challenges, client, settings)
+ if result is None:
+ logging.warn("fallthrough")
+ else:
+ responsefuns.append(result)
+
+ time.sleep(5)
+ for respfun in responsefuns:
+ respfun()
+
+ while True:
+ logging.info("sleeping")
+ time.sleep(5)
+ new_authorizations = []
+ for authorization in authorizations:
+ new_auth, _ = acme_client.poll(authorization)
+ new_authorizations.append(new_auth)
+ if new_auth.body.status != messages.Status("valid"):
+ break
+ else:
+ return new_authorizations