Commit 7fda2726 authored by Adrien Dorsaz's avatar Adrien Dorsaz

account rollover: update example and coding style

parent 77a2b69a
......@@ -118,7 +118,7 @@ def generate_acme_dns_tiny_config():
"accountcsr": account_csr
}
# generate account and domain keys
# generate two account keys to roll over them
def generate_acme_account_rollover_config():
# Old account key
old_account_key = NamedTemporaryFile()
......
......@@ -32,8 +32,8 @@ class TestACMEAccountRollover(unittest.TestCase):
def test_success_account_rollover(self):
""" Test success account key rollover """
tools.acme_account_rollover.main(["--current-account-key", self.configs['oldaccountkey'].name,
"--new-account-key", self.configs['newaccountkey'].name,
tools.acme_account_rollover.main(["--current", self.configs['oldaccountkey'].name,
"--new", self.configs['newaccountkey'].name,
"--acme-directory", ACMEDirectory])
self.assertLoggedInfo("Account keys rolled over !")
......
......@@ -65,7 +65,7 @@ def account_rollover(accountkeypath, new_accountkeypath, acme_directory, log=LOG
return resp.getcode(), resp.read(), resp.getheaders()
log.info("Parsing current account key...")
cur_jws_header = _jws_header(accountkeypath)
jws_header = _jws_header(accountkeypath)
log.info("Parsing new account key...")
new_jws_header = _jws_header(new_accountkeypath)
......@@ -76,7 +76,7 @@ def account_rollover(accountkeypath, new_accountkeypath, acme_directory, log=LOG
jws_nonce = None
log.info("Register account to get account URL.")
code, result, headers = _send_signed_request(accountkeypath, cur_jws_header, acme_config["new-reg"], {
code, result, headers = _send_signed_request(accountkeypath, jws_header, acme_config["new-reg"], {
"resource": "new-reg"
})
......@@ -90,7 +90,7 @@ def account_rollover(accountkeypath, new_accountkeypath, acme_directory, log=LOG
"account": account_url,
"newKey": new_jws_header["jwk"]})
outer_payload["resource"] = "key-change" # currently needed by boulder implementation
code, result, headers = _send_signed_request(accountkeypath, cur_jws_header, acme_config["key-change"], outer_payload)
code, result, headers = _send_signed_request(accountkeypath, jws_header, acme_config["key-change"], outer_payload)
if code != 200:
raise ValueError("Error rolling over account key: {0} {1}".format(code, result))
......@@ -107,17 +107,17 @@ PLEASE READ THROUGH IT!
It's around 150 lines, so it won't take long.
=== Example Usage ===
Remove account.key from staging Let's Encrypt:
python3 acme_account_delete.py --current-account-key account.key --new-account-key newaccount.key --acme-directory https://acme-staging.api.letsencrypt.org/directory"""
Rollover account.keys from account.key to newaccount.key:
python3 acme_account_rollover.py --current account.key --new newaccount.key --acme-directory https://acme-staging.api.letsencrypt.org/directory"""
)
parser.add_argument("--current-account-key", required = True, help="path to the current private account key")
parser.add_argument("--new-account-key", required = True, help="path to the newer private account key to register")
parser.add_argument("--current", required = True, help="path to the current private account key")
parser.add_argument("--new", required = True, help="path to the newer private account key to register")
parser.add_argument("--acme-directory", required = True, help="ACME directory URL of the ACME server where to remove the key")
parser.add_argument("--quiet", action="store_const", const=logging.ERROR, help="suppress output except for errors")
args = parser.parse_args(argv)
LOGGER.setLevel(args.quiet or LOGGER.level)
account_rollover(args.current_account_key, args.new_account_key, args.acme_directory)
account_rollover(args.current, args.new, args.acme_directory)
if __name__ == "__main__": # pragma: no cover
main(sys.argv[1:])
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment