raise error if not any response found on _send_signed_request

ensure the nonce is used only once.

raise error if not any response found on _send_signed_request
ensure the nonce is used only once.
48f6fa12 · Adrien Dorsaz · 2467b3b1 · 48f6fa12 · 48f6fa12 · 48f6fa12
Commit 48f6fa12 authored Aug 23, 2021 by Adrien Dorsaz
--- a/acme_dns_tiny.py
+++ b/acme_dns_tiny.py
@@ -65,6 +65,7 @@ def get_crt(config, log=LOGGER):
            payload64 = _base64(json.dumps(payload).encode("utf8"))
        protected = copy.deepcopy(private_acme_signature)
        protected["nonce"] = nonce or requests.get(acme_config["newNonce"]).headers['Replay-Nonce']
+        del nonce
        protected["url"] = url
        if url == acme_config["newAccount"]:
            if "kid" in protected:
@@ -84,12 +85,14 @@ def get_crt(config, log=LOGGER):
            response = requests.post(url, json=jose, headers=joseheaders)
        except requests.exceptions.RequestException as error:
            response = error.response
-        finally:
+        if response:
            nonce = response.headers['Replay-Nonce']
-        try:
+            try:
-            return response, response.json()
+                return response, response.json()
-        except ValueError:  # if body is empty or not JSON formatted
+            except ValueError:  # if body is empty or not JSON formatted
-            return response, json.loads("{}")
+                return response, json.loads("{}")
+        else:
+          raise RuntimeError("Unable to get response from ACME server.")
    # main code
    adtheaders = {'User-Agent': 'acme-dns-tiny/2.2',

--- a/tools/acme_account_deactivate.py
+++ b/tools/acme_account_deactivate.py
@@ -42,6 +42,7 @@ def account_deactivate(accountkeypath, acme_directory, log=LOGGER):
            payload64 = _b64(json.dumps(payload).encode("utf8"))
        protected = copy.deepcopy(private_acme_signature)
        protected["nonce"] = nonce or requests.get(acme_config["newNonce"]).headers['Replay-Nonce']
+        del nonce
        protected["url"] = url
        if url == acme_config["newAccount"]:
            if "kid" in protected:
@@ -62,12 +63,14 @@ def account_deactivate(accountkeypath, acme_directory, log=LOGGER):
            response = requests.post(url, json=jose, headers=joseheaders)
        except requests.exceptions.RequestException as error:
            response = error.response
-        finally:
+        if response:
            nonce = response.headers['Replay-Nonce']
-        try:
+            try:
-            return response, response.json()
+                return response, response.json()
-        except ValueError:  # if body is empty or not JSON formatted
+            except ValueError:  # if body is empty or not JSON formatted
-            return response, json.dumps({})
+                return response, json.loads("{}")
+        else:
+          raise RuntimeError("Unable to get response from ACME server.")
    # main code
    adtheaders = {'User-Agent': 'acme-dns-tiny/2.2'}

--- a/tools/acme_account_rollover.py
+++ b/tools/acme_account_rollover.py
@@ -92,12 +92,14 @@ def account_rollover(old_accountkeypath, new_accountkeypath, acme_directory, log
            response = requests.post(url, json=jose, headers=joseheaders)
        except requests.exceptions.RequestException as error:
            response = error.response
-        finally:
+        if response:
            nonce = response.headers['Replay-Nonce']
-        try:
+            try:
-            return response, response.json()
+                return response, response.json()
-        except ValueError:  # if body is empty or not JSON formatted
+            except ValueError:  # if body is empty or not JSON formatted
-            return response, json.dumps({})
+                return response, json.dumps({})
+        else:
+          raise RuntimeError("Unable to get response from ACME server.")
    # main code
    adtheaders = {'User-Agent': 'acme-dns-tiny/2.2'}