X-Git-Url: https://git.siccegge.de//index.cgi?p=tooling%2Fletool.git;a=blobdiff_plain;f=sicceggetools%2Facme%2Fclient.py;fp=sicceggetools%2Facme%2Fclient.py;h=12b15fe14b9f3a0e5b8ceed7c5fa2e8bcf69ceac;hp=0000000000000000000000000000000000000000;hb=51cfaa176a021af7f611f3ffe024bafc99b696d0;hpb=e1de0bea6b56b5245178cedf4610f3d19e20f894

diff --git a/sicceggetools/acme/client.py b/sicceggetools/acme/client.py
new file mode 100644
index 0000000..12b15fe
--- /dev/null
+++ b/sicceggetools/acme/client.py
@@ -0,0 +1,67 @@
+#!/usr/bin/python
+
+import logging
+from socket import getfqdn
+
+
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import serialization
+
+from acme import client
+from acme import jose
+from acme import messages
+
+import OpenSSL
+
+from .            import constants
+from .authorize   import authorize
+from .certificate import Certificate
+
+
+
+class Client(object):
+    def __init__(self, inventory, settings):
+        self._inventory = inventory
+        self._settings = settings
+        self._client = None
+
+
+    def _get_client(self):
+        if self._client is None:
+            logging.info("Loading account key")
+            with open("data/account.key.pem", "rb") as keyfd:
+                private_key = serialization.load_pem_private_key(
+                    keyfd.read(),
+                    password=None,
+                    backend=default_backend()
+                    )
+    
+            logging.info("Loading account registration")
+            with open("data/registration.json", "rb") as regfd:
+                registration = messages.RegistrationResource.json_loads(regfd.read())
+    
+            account_key = jose.JWKRSA(key=private_key)
+            acme_client = client.Client(constants.DIRECTORY_URL, account_key)
+            self._client = registration, acme_client, account_key
+    
+        return self._client
+
+
+    def get_certificate(self, cname, servicetype):
+        sans = self._inventory.get_sans(getfqdn(), servicetype, cname)
+        
+        _, acme_client, _ = self._get_client()
+        authorizations = authorize(sans, self._get_client(), self._settings)
+        certificate = Certificate(servicetype, cname, sans)
+
+        orequest = OpenSSL.crypto.load_certificate_request(
+            OpenSSL.crypto.FILETYPE_PEM, certificate.asString())
+
+        jrequest = jose.util.ComparableX509(orequest)
+        cert = acme_client.request_issuance(jrequest, authorizations)
+        chain = acme_client.fetch_chain(cert)
+
+        certificate.save(cert, chain)
+
+        logging.info("CName: %s", cname)
+        logging.info("SANs: %s", sans)