Commit 48f6fa12 authored by Adrien Dorsaz's avatar Adrien Dorsaz
Browse files

raise error if not any response found on _send_signed_request

ensure the nonce is used only once.
parent 2467b3b1
...@@ -65,6 +65,7 @@ def get_crt(config, log=LOGGER): ...@@ -65,6 +65,7 @@ def get_crt(config, log=LOGGER):
payload64 = _base64(json.dumps(payload).encode("utf8")) payload64 = _base64(json.dumps(payload).encode("utf8"))
protected = copy.deepcopy(private_acme_signature) protected = copy.deepcopy(private_acme_signature)
protected["nonce"] = nonce or requests.get(acme_config["newNonce"]).headers['Replay-Nonce'] protected["nonce"] = nonce or requests.get(acme_config["newNonce"]).headers['Replay-Nonce']
del nonce
protected["url"] = url protected["url"] = url
if url == acme_config["newAccount"]: if url == acme_config["newAccount"]:
if "kid" in protected: if "kid" in protected:
...@@ -84,12 +85,14 @@ def get_crt(config, log=LOGGER): ...@@ -84,12 +85,14 @@ def get_crt(config, log=LOGGER):
response = requests.post(url, json=jose, headers=joseheaders) response = requests.post(url, json=jose, headers=joseheaders)
except requests.exceptions.RequestException as error: except requests.exceptions.RequestException as error:
response = error.response response = error.response
finally: if response:
nonce = response.headers['Replay-Nonce'] nonce = response.headers['Replay-Nonce']
try: try:
return response, response.json() return response, response.json()
except ValueError: # if body is empty or not JSON formatted except ValueError: # if body is empty or not JSON formatted
return response, json.loads("{}") return response, json.loads("{}")
else:
raise RuntimeError("Unable to get response from ACME server.")
# main code # main code
adtheaders = {'User-Agent': 'acme-dns-tiny/2.2', adtheaders = {'User-Agent': 'acme-dns-tiny/2.2',
......
...@@ -42,6 +42,7 @@ def account_deactivate(accountkeypath, acme_directory, log=LOGGER): ...@@ -42,6 +42,7 @@ def account_deactivate(accountkeypath, acme_directory, log=LOGGER):
payload64 = _b64(json.dumps(payload).encode("utf8")) payload64 = _b64(json.dumps(payload).encode("utf8"))
protected = copy.deepcopy(private_acme_signature) protected = copy.deepcopy(private_acme_signature)
protected["nonce"] = nonce or requests.get(acme_config["newNonce"]).headers['Replay-Nonce'] protected["nonce"] = nonce or requests.get(acme_config["newNonce"]).headers['Replay-Nonce']
del nonce
protected["url"] = url protected["url"] = url
if url == acme_config["newAccount"]: if url == acme_config["newAccount"]:
if "kid" in protected: if "kid" in protected:
...@@ -62,12 +63,14 @@ def account_deactivate(accountkeypath, acme_directory, log=LOGGER): ...@@ -62,12 +63,14 @@ def account_deactivate(accountkeypath, acme_directory, log=LOGGER):
response = requests.post(url, json=jose, headers=joseheaders) response = requests.post(url, json=jose, headers=joseheaders)
except requests.exceptions.RequestException as error: except requests.exceptions.RequestException as error:
response = error.response response = error.response
finally: if response:
nonce = response.headers['Replay-Nonce'] nonce = response.headers['Replay-Nonce']
try: try:
return response, response.json() return response, response.json()
except ValueError: # if body is empty or not JSON formatted except ValueError: # if body is empty or not JSON formatted
return response, json.dumps({}) return response, json.loads("{}")
else:
raise RuntimeError("Unable to get response from ACME server.")
# main code # main code
adtheaders = {'User-Agent': 'acme-dns-tiny/2.2'} adtheaders = {'User-Agent': 'acme-dns-tiny/2.2'}
......
...@@ -92,12 +92,14 @@ def account_rollover(old_accountkeypath, new_accountkeypath, acme_directory, log ...@@ -92,12 +92,14 @@ def account_rollover(old_accountkeypath, new_accountkeypath, acme_directory, log
response = requests.post(url, json=jose, headers=joseheaders) response = requests.post(url, json=jose, headers=joseheaders)
except requests.exceptions.RequestException as error: except requests.exceptions.RequestException as error:
response = error.response response = error.response
finally: if response:
nonce = response.headers['Replay-Nonce'] nonce = response.headers['Replay-Nonce']
try: try:
return response, response.json() return response, response.json()
except ValueError: # if body is empty or not JSON formatted except ValueError: # if body is empty or not JSON formatted
return response, json.dumps({}) return response, json.dumps({})
else:
raise RuntimeError("Unable to get response from ACME server.")
# main code # main code
adtheaders = {'User-Agent': 'acme-dns-tiny/2.2'} adtheaders = {'User-Agent': 'acme-dns-tiny/2.2'}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment