Commit 0bf25874 authored by Adrien Dorsaz's avatar Adrien Dorsaz

as suggested in draft updates: replace thumbprint by jwk_thumbprint

parent 200d49b2
......@@ -102,7 +102,7 @@ def get_crt(config, log=LOGGER):
"kid": None,
}
accountkey_json = json.dumps(jws_header["jwk"], sort_keys=True, separators=(",", ":"))
thumbprint = _b64(hashlib.sha256(accountkey_json.encode("utf8")).digest())
jwk_thumbprint = _b64(hashlib.sha256(accountkey_json.encode("utf8")).digest())
jws_nonce = None
log.info("Read CSR to find domains to validate.")
......@@ -181,7 +181,7 @@ def get_crt(config, log=LOGGER):
log.info("Install DNS TXT resource for domain: {0}".format(domain))
challenge = [c for c in authorization["challenges"] if c["type"] == "dns-01"][0]
token = re.sub(r"[^A-Za-z0-9_\-]", "_", challenge["token"])
keyauthorization = "{0}.{1}".format(token, thumbprint)
keyauthorization = "{0}.{1}".format(token, jwk_thumbprint)
keydigest64 = _b64(hashlib.sha256(keyauthorization.encode("utf8")).digest())
dnsrr_domain = "_acme-challenge.{0}.".format(domain)
try: # a CNAME resource can be used for advanced TSIG configuration
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment