Commit 0bf25874 authored by Adrien Dorsaz's avatar Adrien Dorsaz

as suggested in draft updates: replace thumbprint by jwk_thumbprint

parent 200d49b2
...@@ -102,7 +102,7 @@ def get_crt(config, log=LOGGER): ...@@ -102,7 +102,7 @@ def get_crt(config, log=LOGGER):
"kid": None, "kid": None,
} }
accountkey_json = json.dumps(jws_header["jwk"], sort_keys=True, separators=(",", ":")) accountkey_json = json.dumps(jws_header["jwk"], sort_keys=True, separators=(",", ":"))
thumbprint = _b64(hashlib.sha256(accountkey_json.encode("utf8")).digest()) jwk_thumbprint = _b64(hashlib.sha256(accountkey_json.encode("utf8")).digest())
jws_nonce = None jws_nonce = None
log.info("Read CSR to find domains to validate.") log.info("Read CSR to find domains to validate.")
...@@ -181,7 +181,7 @@ def get_crt(config, log=LOGGER): ...@@ -181,7 +181,7 @@ def get_crt(config, log=LOGGER):
log.info("Install DNS TXT resource for domain: {0}".format(domain)) log.info("Install DNS TXT resource for domain: {0}".format(domain))
challenge = [c for c in authorization["challenges"] if c["type"] == "dns-01"][0] challenge = [c for c in authorization["challenges"] if c["type"] == "dns-01"][0]
token = re.sub(r"[^A-Za-z0-9_\-]", "_", challenge["token"]) token = re.sub(r"[^A-Za-z0-9_\-]", "_", challenge["token"])
keyauthorization = "{0}.{1}".format(token, thumbprint) keyauthorization = "{0}.{1}".format(token, jwk_thumbprint)
keydigest64 = _b64(hashlib.sha256(keyauthorization.encode("utf8")).digest()) keydigest64 = _b64(hashlib.sha256(keyauthorization.encode("utf8")).digest())
dnsrr_domain = "_acme-challenge.{0}.".format(domain) dnsrr_domain = "_acme-challenge.{0}.".format(domain)
try: # a CNAME resource can be used for advanced TSIG configuration try: # a CNAME resource can be used for advanced TSIG configuration
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment