Commit a4560594 authored by Adrien Dorsaz's avatar Adrien Dorsaz

adt: _send_signed_request return list has been simplified and use it to run POST-as-GET

parent cccebaa2
...@@ -131,42 +131,38 @@ def get_crt(config, log=LOGGER): ...@@ -131,42 +131,38 @@ def get_crt(config, log=LOGGER):
if account_request["contact"] == "": if account_request["contact"] == "":
del account_request["contact"] del account_request["contact"]
code, result, headers = _send_signed_request(acme_config["newAccount"], account_request) http_response, account_info = _send_signed_request(acme_config["newAccount"], account_request)
account_info = {} if http_response.status_code == 201:
if code == 201: jws_header["kid"] = http_response.headers['Location']
jws_header["kid"] = headers['Location']
log.info(" - Registered a new account: '{0}'".format(jws_header["kid"])) log.info(" - Registered a new account: '{0}'".format(jws_header["kid"]))
account_info = result elif http_response.status_code == 200:
elif code == 200: jws_header["kid"] = http_response.headers['Location']
jws_header["kid"] = headers['Location']
log.debug(" - Account is already registered: '{0}'".format(jws_header["kid"])) log.debug(" - Account is already registered: '{0}'".format(jws_header["kid"]))
code, result, headers = _send_signed_request(jws_header["kid"], {}) http_response, account_info = _send_signed_request(jws_header["kid"], {})
account_info = result
else: else:
raise ValueError("Error registering account: {0} {1}".format(code, result)) raise ValueError("Error registering account: {0} {1}".format(http_response.status_code, account_info))
log.info("Update contact information if needed.") log.info("Update contact information if needed.")
if (set(account_request["contact"]) != set(account_info["contact"])): if (set(account_request["contact"]) != set(account_info["contact"])):
code, result, headers = _send_signed_request(jws_header["kid"], account_request) http_response, result = _send_signed_request(jws_header["kid"], account_request)
if code == 200: if http_response.status_code == 200:
log.debug(" - Account updated with latest contact informations.") log.debug(" - Account updated with latest contact informations.")
else: else:
raise ValueError("Error registering updates for the account: {0} {1}".format(code, result)) raise ValueError("Error registering updates for the account: {0} {1}".format(http_response.status_code, result))
# new order # new order
log.info("Request to the ACME server an order to validate domains.") log.info("Request to the ACME server an order to validate domains.")
new_order = { "identifiers": [{"type": "dns", "value": domain} for domain in domains]} new_order = { "identifiers": [{"type": "dns", "value": domain} for domain in domains]}
code, result, headers = _send_signed_request(acme_config["newOrder"], new_order) http_response, order = _send_signed_request(acme_config["newOrder"], new_order)
order = result if http_response.status_code == 201:
if code == 201: order_location = http_response.headers['Location']
order_location = headers['Location']
log.debug(" - Order received: {0}".format(order_location)) log.debug(" - Order received: {0}".format(order_location))
if order["status"] != "pending": if order["status"] != "pending":
raise ValueError("Order status is not pending, we can't use it: {0}".format(order)) raise ValueError("Order status is not pending, we can't use it: {0}".format(order))
elif (code == 403 elif (http_response.status_code == 403
and order["type"] == "urn:ietf:params:acme:error:userActionRequired"): and order["type"] == "urn:ietf:params:acme:error:userActionRequired"):
raise ValueError("Order creation failed ({0}). Read Terms of Service ({1}), then follow your CA instructions: {2}".format(order["detail"], headers['Link'], order["instance"])) raise ValueError("Order creation failed ({0}). Read Terms of Service ({1}), then follow your CA instructions: {2}".format(order["detail"], http_response.headers['Link'], order["instance"]))
else: else:
raise ValueError("Error getting new Order: {0} {1}".format(code, result)) raise ValueError("Error getting new Order: {0} {1}".format(code, result))
...@@ -175,10 +171,9 @@ def get_crt(config, log=LOGGER): ...@@ -175,10 +171,9 @@ def get_crt(config, log=LOGGER):
log.info("Process challenge for authorization: {0}".format(authz)) log.info("Process challenge for authorization: {0}".format(authz))
# get new challenge # get new challenge
resp = requests.get(authz, headers=adtheaders) http_response, authorization = _send_signed_request(authz, "")
authorization = resp.json() if http_response.status_code != 200:
if resp.status_code != 200: raise ValueError("Error fetching challenges: {0} {1}".format(http_response.status_code, authorization))
raise ValueError("Error fetching challenges: {0} {1}".format(resp.status_code, authorization))
domain = authorization["identifier"]["value"] domain = authorization["identifier"]["value"]
log.info("Install DNS TXT resource for domain: {0}".format(domain)) log.info("Install DNS TXT resource for domain: {0}".format(domain))
...@@ -219,17 +214,15 @@ def get_crt(config, log=LOGGER): ...@@ -219,17 +214,15 @@ def get_crt(config, log=LOGGER):
time.sleep(config["DNS"].getint("TTL")) time.sleep(config["DNS"].getint("TTL"))
log.info("Asking ACME server to validate challenge.") log.info("Asking ACME server to validate challenge.")
code, result, headers = _send_signed_request(challenge["url"], {"keyAuthorization": keyauthorization}) http_response, result = _send_signed_request(challenge["url"], {"keyAuthorization": keyauthorization})
if code != 200: if http_response.status_code != 200:
raise ValueError("Error triggering challenge: {0} {1}".format(code, result)) raise ValueError("Error triggering challenge: {0} {1}".format(http_response.status_code, result))
try: try:
while True: while True:
try: http_response, challenge_status = _send_signed_request(challenge["url"], "")
resp = requests.get(challenge["url"], headers=adtheaders) if http_response.status_code != 200:
challenge_status = resp.json()
except requests.exceptions.RequestException as error:
raise ValueError("Error during challenge validation: {0} {1}".format( raise ValueError("Error during challenge validation: {0} {1}".format(
error.response.status_code, error.response.text())) http_response.status_code, challenge_status))
if challenge_status["status"] == "pending": if challenge_status["status"] == "pending":
time.sleep(2) time.sleep(2)
elif challenge_status["status"] == "valid": elif challenge_status["status"] == "valid":
...@@ -243,22 +236,16 @@ def get_crt(config, log=LOGGER): ...@@ -243,22 +236,16 @@ def get_crt(config, log=LOGGER):
log.info("Request to finalize the order (all chalenge have been completed)") log.info("Request to finalize the order (all chalenge have been completed)")
csr_der = _b64(_openssl("req", ["-in", config["acmednstiny"]["CSRFile"], "-outform", "DER"])) csr_der = _b64(_openssl("req", ["-in", config["acmednstiny"]["CSRFile"], "-outform", "DER"]))
code, result, headers = _send_signed_request(order["finalize"], {"csr": csr_der}) http_response, result = _send_signed_request(order["finalize"], {"csr": csr_der})
if code != 200: if http_response.status_code != 200:
raise ValueError("Error while sending the CSR: {0} {1}".format(code, result)) raise ValueError("Error while sending the CSR: {0} {1}".format(code, result))
while True: while True:
try: http_response, order = _send_signed_request(order_location, "")
resp = requests.get(order_location, headers=adtheaders)
resp.raise_for_status()
order = resp.json()
except requests.exceptions.RequestException as error:
raise ValueError("Error finalizing order: {0} {1}".format(
error.response.status_code, error.response.text()))
if order["status"] == "processing": if order["status"] == "processing":
if resp.headers["Retry-After"]: if http_response.headers["Retry-After"]:
time.sleep(resp.headers["Retry-After"]) time.sleep(http_response.headers["Retry-After"])
else: else:
time.sleep(2) time.sleep(2)
elif order["status"] == "valid": elif order["status"] == "valid":
...@@ -268,14 +255,12 @@ def get_crt(config, log=LOGGER): ...@@ -268,14 +255,12 @@ def get_crt(config, log=LOGGER):
raise ValueError("Finalizing order {0} got errors: {1}".format( raise ValueError("Finalizing order {0} got errors: {1}".format(
domain, order)) domain, order))
resp = requests.get(order["certificate"], headers=adtheaders) http_response, result = _send_signed_request(order["certificate"], "")
if resp.status_code != 200: if http_response.status_code != 200:
raise ValueError("Finalizing order {0} got errors: {1}".format( raise ValueError("Finalizing order {0} got errors: {1}".format(code, result))
resp.status_code, resp.json()))
certchain = resp.text
log.info("Certificate signed and chain received: {0}".format(order["certificate"])) log.info("Certificate signed and chain received: {0}".format(order["certificate"]))
return certchain return http_response.text
def main(argv): def main(argv):
parser = argparse.ArgumentParser( parser = argparse.ArgumentParser(
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment