Use of ACMEDirectory instead of CAUrl part 1/3

This commit update configuration constraints to use ACMEDirectory instead of CAUrl. Next part will use effectively this new configuration to do requests to ACME server.

Use of ACMEDirectory instead of CAUrl part 1/3
This commit update configuration constraints to use ACMEDirectory instead of CAUrl. Next part will use effectively this new configuration to do requests to ACME server.
5a53c425 · Adrien Dorsaz · 85355c11 · 5a53c425 · 5a53c425 · 5a53c425
Commit 5a53c425 authored Sep 08, 2016 by Adrien Dorsaz
Showing with 10 additions and 10 deletions

acme_dns_tiny.py acme_dns_tiny.py +4 -4

example.ini example.ini +2 -2

tests/acme_account_delete.py tests/acme_account_delete.py +2 -2

tests/config_maker.py tests/config_maker.py +2 -2

No files found.
--- a/acme_dns_tiny.py
+++ b/acme_dns_tiny.py
@@ -38,7 +38,7 @@ def get_crt(config, log=LOGGER):
    def _send_signed_request(url, payload):
        payload64 = _b64(json.dumps(payload).encode("utf8"))
        protected = copy.deepcopy(header)
-        protected["nonce"] = urlopen(config["acmednstiny"]["CAUrl"] + "/directory").headers["Replay-Nonce"]
+        protected["nonce"] = urlopen(config["acmednstiny"]["ACMEDirectory"]).headers["Replay-Nonce"]
        protected64 = _b64(json.dumps(protected).encode("utf8"))
        signature = _openssl("dgst", ["-sha256", "-sign", config["acmednstiny"]["AccountKeyFile"]],
                             "{0}.{1}".format(protected64, payload64).encode("utf8"))
@@ -240,12 +240,12 @@ def main(argv):
    args = parser.parse_args(argv)

    config = ConfigParser()
-    config.read_dict({"acmednstiny": {"CAUrl": "https://acme-staging.api.letsencrypt.org",
-                                       "CheckChallengeDelay": 2},
+    config.read_dict({"acmednstiny": {"ACMEDirectory": "https://acme-staging.api.letsencrypt.org/directory",
+                                      "CheckChallengeDelay": 2},
                      "DNS": {"Port": "53"}})
    config.read(args.configfile)

-    if (set(["accountkeyfile", "csrfile", "caurl", "checkchallengedelay"]) - set(config.options("acmednstiny"))
+    if (set(["accountkeyfile", "csrfile", "acmedirectory", "checkchallengedelay"]) - set(config.options("acmednstiny"))
        or set(["keyname", "keyvalue", "algorithm"]) - set(config.options("TSIGKeyring"))
        or set(["zone", "host", "port"]) - set(config.options("DNS"))):
        raise ValueError("Some required settings are missing.")

--- a/example.ini
+++ b/example.ini
@@ -2,9 +2,9 @@
 # Required readable ACME account key
 AccountKeyFile = account.key
 # Required readable CSR file
-# Optional CA url (default: https://acme-staging.api.letsencrypt.org)
-CAUrl = https://acme-staging.api.letsencrypt.org
 CSRFile = domain.csr
+# Optional ACME directory url (default: https://acme-staging.api.letsencrypt.org/directory)
+ACMEDirectory = https://acme-staging.api.letsencrypt.org/directory
 # Optional time in seconds to wait between DNS update and challenge check (default: 3)
 CheckChallengeDelay = 3


--- a/tests/acme_account_delete.py
+++ b/tests/acme_account_delete.py
 import subprocess, os, json, base64, binascii, re, copy, logging
 from urllib.request import urlopen

-CAURL = os.getenv("GITLABCI_CAURL", "https://acme-staging.api.letsencrypt.org")
+ACMEDirectory = os.getenv("GITLABCI_ACMEDIRECTORY", "https://acme-staging.api.letsencrypt.org/directory")

 LOGGER = logging.getLogger(__name__)
 LOGGER.addHandler(logging.StreamHandler())
@@ -26,7 +26,7 @@ def delete_account(accountkeypath, log=LOGGER):
    def _send_signed_request(url, payload):
        payload64 = _b64(json.dumps(payload).encode("utf8"))
        protected = copy.deepcopy(header)
-        protected["nonce"] = urlopen(CAURL + "/directory").headers["Replay-Nonce"]
+        protected["nonce"] = urlopen(ACMEDirectory).headers["Replay-Nonce"]
        protected64 = _b64(json.dumps(protected).encode("utf8"))
        signature = _openssl("dgst", ["-sha256", "-sign", accountkeypath],
                             "{0}.{1}".format(protected64, payload64).encode("utf8"))

--- a/tests/config_maker.py
+++ b/tests/config_maker.py
@@ -4,7 +4,7 @@ from subprocess import Popen

 # domain with server.py running on it for testing
 DOMAIN = os.getenv("GITLABCI_DOMAIN")
-CAURL = os.getenv("GITLABCI_CAURL", "https://acme-staging.api.letsencrypt.org")
+ACMEDIRECTORY = os.getenv("GITLABCI_ACMEDIRECTORY", "https://acme-staging.api.letsencrypt.org/directory")
 CHALLENGEDELAY = os.getenv("GITLABCI_CHALLENGEDELAY", "3")
 DNSHOST = os.getenv("GITLABCI_DNSHOST")
 DNSHOSTIP = os.getenv("GITLABCI_DNSHOSTIP")
@@ -48,7 +48,7 @@ def gen_config():
    # Default test configuration
    config = configparser.ConfigParser()
    config.read("./example.ini".format(DOMAIN))
-    config["acmednstiny"]["CAUrl"] = CAURL
+    config["acmednstiny"]["ACMEDirectory"] = ACMEDIRECTORY
    config["acmednstiny"]["CheckChallengeDelay"] = CHALLENGEDELAY
    config["TSIGKeyring"]["KeyName"] = TSIGKEYNAME
    config["TSIGKeyring"]["KeyValue"] = TSIGKEYVALUE