Commit 86b18e09 authored by Adrien Dorsaz's avatar Adrien Dorsaz
Browse files

Use of ACMEDirectory instead of CAUrl part 2/3

This part use ACMEDirectory in requests to ACME server.
Next part will remove last remaining CAUrl code and enable dynamic agreement url.
parent 5a53c425
......@@ -52,6 +52,10 @@ def get_crt(config, log=LOGGER):
except IOError as e:
return getattr(e, "code", None), getattr(e, "read", e.__str__)(), None
# get ACME server configuration from the directory
directory = urlopen(config["acmednstiny"]["ACMEDirectory"])
acme_config = json.loads(directory.read().decode("utf8"))
# create DNS keyring and resolver
log.info("Prepare DNS tools...")
keyring = dns.tsigkeyring.from_text({config["TSIGKeyring"]["KeyName"]: config["TSIGKeyring"]["KeyValue"]})
......@@ -122,7 +126,7 @@ def get_crt(config, log=LOGGER):
log.info("Verifying {0}...".format(domain))
# get new challenge
code, result, headers = _send_signed_request(config["acmednstiny"]["CAUrl"] + "/acme/new-authz", {
code, result, headers = _send_signed_request(acme_config["new-authz"], {
"resource": "new-authz",
"identifier": {"type": "dns", "value": domain},
})
......@@ -194,7 +198,7 @@ def get_crt(config, log=LOGGER):
# get the new certificate
log.info("Signing certificate...")
csr_der = _openssl("req", ["-in", config["acmednstiny"]["CSRFile"], "-outform", "DER"])
code, result, headers = _send_signed_request(config["acmednstiny"]["CAUrl"] + "/acme/new-cert", {
code, result, headers = _send_signed_request(acme_config["new-cert"], {
"resource": "new-cert",
"csr": _b64(csr_der),
})
......
......@@ -57,9 +57,13 @@ def delete_account(accountkeypath, log=LOGGER):
},
}
# get ACME server configuration from the directory
directory = urlopen(ACMEDirectory)
acme_config = json.loads(directory.read().decode("utf8"))
# send request to delete account key
log.info("Delete account...")
code, result = _send_signed_request(CAURL + "/acme/new-reg", {
code, result = _send_signed_request(acme_config["new-reg"], {
"resource": "reg",
"delete": True,
})
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment