Commit a07d43ae authored by Adrien Dorsaz's avatar Adrien Dorsaz

Merge branch '4-use-nonce-received-on-each-acme-response' into 'master'

Apply Nonce update to acme_account_delete script too

Closes #4

See merge request !7
parents a55f9979 dafa7f6d
Pipeline #102 failed with stage
in 17 seconds
......@@ -7,8 +7,7 @@ ACMEDirectory = os.getenv("GITLABCI_ACMEDIRECTORY", "https://acme-staging.api.le
LOGGER = logging.getLogger(__name__)
LOGGER.addHandler(logging.StreamHandler())
LOGGER.setLevel(logging.INFO)
def delete_account(accountkeypath, log=LOGGER):
# helper function base64 encode as defined in acme spec
def _b64(b):
......@@ -25,9 +24,10 @@ def delete_account(accountkeypath, log=LOGGER):
# helper function make signed requests
def _send_signed_request(url, payload):
nonlocal jws_nonce
payload64 = _b64(json.dumps(payload).encode("utf8"))
protected = copy.deepcopy(header)
protected["nonce"] = urlopen(ACMEDirectory).headers["Replay-Nonce"]
protected["nonce"] = jws_nonce or urlopen(ACMEDirectory).getheader("Replay-Nonce", None)
protected64 = _b64(json.dumps(protected).encode("utf8"))
signature = _openssl("dgst", ["-sha256", "-sign", accountkeypath],
"{0}.{1}".format(protected64, payload64).encode("utf8"))
......@@ -37,9 +37,11 @@ def delete_account(accountkeypath, log=LOGGER):
})
try:
resp = urlopen(url, data.encode("utf8"))
return resp.getcode(), resp.read(), resp.getheaders()
except HTTPError as httperror:
return httperror.getcode(), httperror.read(), httperror.getheaders()
resp = httperror
finally:
jws_nonce = resp.getheader("Replay-Nonce", None)
return resp.getcode(), resp.read(), resp.getheaders()
# parse account key to get public key
log.info("Parsing account key...")
......@@ -61,6 +63,7 @@ def delete_account(accountkeypath, log=LOGGER):
# get ACME server configuration from the directory
directory = urlopen(ACMEDirectory)
acme_config = json.loads(directory.read().decode("utf8"))
jws_nonce = None
log.info("Register account to get account URL.")
code, result, headers = _send_signed_request(acme_config["new-reg"], {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment