Commit 48f6fa12 authored by Adrien Dorsaz's avatar Adrien Dorsaz
Browse files

raise error if not any response found on _send_signed_request

ensure the nonce is used only once.
parent 2467b3b1
......@@ -65,6 +65,7 @@ def get_crt(config, log=LOGGER):
payload64 = _base64(json.dumps(payload).encode("utf8"))
protected = copy.deepcopy(private_acme_signature)
protected["nonce"] = nonce or requests.get(acme_config["newNonce"]).headers['Replay-Nonce']
del nonce
protected["url"] = url
if url == acme_config["newAccount"]:
if "kid" in protected:
......@@ -84,12 +85,14 @@ def get_crt(config, log=LOGGER):
response = requests.post(url, json=jose, headers=joseheaders)
except requests.exceptions.RequestException as error:
response = error.response
finally:
if response:
nonce = response.headers['Replay-Nonce']
try:
return response, response.json()
except ValueError: # if body is empty or not JSON formatted
return response, json.loads("{}")
try:
return response, response.json()
except ValueError: # if body is empty or not JSON formatted
return response, json.loads("{}")
else:
raise RuntimeError("Unable to get response from ACME server.")
# main code
adtheaders = {'User-Agent': 'acme-dns-tiny/2.2',
......
......@@ -42,6 +42,7 @@ def account_deactivate(accountkeypath, acme_directory, log=LOGGER):
payload64 = _b64(json.dumps(payload).encode("utf8"))
protected = copy.deepcopy(private_acme_signature)
protected["nonce"] = nonce or requests.get(acme_config["newNonce"]).headers['Replay-Nonce']
del nonce
protected["url"] = url
if url == acme_config["newAccount"]:
if "kid" in protected:
......@@ -62,12 +63,14 @@ def account_deactivate(accountkeypath, acme_directory, log=LOGGER):
response = requests.post(url, json=jose, headers=joseheaders)
except requests.exceptions.RequestException as error:
response = error.response
finally:
if response:
nonce = response.headers['Replay-Nonce']
try:
return response, response.json()
except ValueError: # if body is empty or not JSON formatted
return response, json.dumps({})
try:
return response, response.json()
except ValueError: # if body is empty or not JSON formatted
return response, json.loads("{}")
else:
raise RuntimeError("Unable to get response from ACME server.")
# main code
adtheaders = {'User-Agent': 'acme-dns-tiny/2.2'}
......
......@@ -92,12 +92,14 @@ def account_rollover(old_accountkeypath, new_accountkeypath, acme_directory, log
response = requests.post(url, json=jose, headers=joseheaders)
except requests.exceptions.RequestException as error:
response = error.response
finally:
if response:
nonce = response.headers['Replay-Nonce']
try:
return response, response.json()
except ValueError: # if body is empty or not JSON formatted
return response, json.dumps({})
try:
return response, response.json()
except ValueError: # if body is empty or not JSON formatted
return response, json.dumps({})
else:
raise RuntimeError("Unable to get response from ACME server.")
# main code
adtheaders = {'User-Agent': 'acme-dns-tiny/2.2'}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment