Commit b6e6d0bb authored by Adrien Dorsaz's avatar Adrien Dorsaz

Move acme_account_delete to tools directory

parent a07d43ae
......@@ -2,10 +2,12 @@ import unittest, sys
from subprocess import Popen, PIPE
from io import StringIO
import acme_dns_tiny
from .config_maker import gen_config
from .acme_account_delete import delete_account
from acme_dns_tiny.tests.config_maker import gen_config
from import delete_account
import logassert
ACMEDirectory = os.getenv("GITLABCI_ACMEDIRECTORY", "")
class TestModule(unittest.TestCase):
"Tests for acme_dns_tiny.get_crt()"
......@@ -18,7 +20,7 @@ class TestModule(unittest.TestCase):
def tearDownClass(self):
# delete account key registration at end of tests
delete_account(self.configs["accountkey"].name, ACMEDirectory)
# close temp files correctly
for tmpfile in self.configs:
import subprocess, os, json, base64, binascii, re, copy, logging
import argparse, subprocess, os, json, base64, binascii, re, copy, logging
from urllib.request import urlopen
from urllib.error import HTTPError
ACMEDirectory = os.getenv("GITLABCI_ACMEDIRECTORY", "")
LOGGER = logging.getLogger(__name__)
LOGGER = logging.getLogger("acme_account_delete")
def delete_account(accountkeypath, log=LOGGER):
def delete_account(accountkeypath, acme_directory, log=LOGGER):
# helper function base64 encode as defined in acme spec
def _b64(b):
return base64.urlsafe_b64encode(b).decode("utf8").rstrip("=")
......@@ -27,7 +25,7 @@ def delete_account(accountkeypath, log=LOGGER):
nonlocal jws_nonce
payload64 = _b64(json.dumps(payload).encode("utf8"))
protected = copy.deepcopy(header)
protected["nonce"] = jws_nonce or urlopen(ACMEDirectory).getheader("Replay-Nonce", None)
protected["nonce"] = jws_nonce or urlopen(acme_directory).getheader("Replay-Nonce", None)
protected64 = _b64(json.dumps(protected).encode("utf8"))
signature = _openssl("dgst", ["-sha256", "-sign", accountkeypath],
"{0}.{1}".format(protected64, payload64).encode("utf8"))
......@@ -61,7 +59,7 @@ def delete_account(accountkeypath, log=LOGGER):
# get ACME server configuration from the directory
directory = urlopen(ACMEDirectory)
directory = urlopen(acme_directory)
acme_config = json.loads("utf8"))
jws_nonce = None
......@@ -86,3 +84,31 @@ def delete_account(accountkeypath, log=LOGGER):
if code not in [200,202]:
raise ValueError("Error deleting account key: {0} {1}".format(code, result))"Account key deleted !")
def main(argv):
parser = argparse.ArgumentParser(
This script *deletes* your account from an ACME server.
It will need to have access to your private account key, so
It's around 150 lines, so it won't take long.
=== Example Usage ===
Remove account.key from staging Let's Encrypt:
python3 --account-key account.key --acme-directory
parser.add_argument("--account-key", required = True, help="path to the private account key to delete")
parser.add_argument("--acme-directory", required = True, help="ACME directory URL of the ACME server where to remove the key")
parser.add_argument("--quiet", action="store_const",
help="suppress output except for errors")
args = parser.parse_args(argv)
LOGGER.setLevel(args.quiet or LOGGER.level)
account_delete(args.account_key, args.acme_directory)
if __name__ == "__main__": # pragma: no cover
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment