This repository has been archived by the owner on Feb 5, 2025. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathappacme.py
69 lines (56 loc) · 2.04 KB
/
appacme.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
from os import getenv
from app.acme_directory_configuration import ACMEDirectoryConfiguration
from .acme import Acme
class ACME:
_DEFAULT_ACME_ACCOUNT_EMAIL = "[email protected]"
nonce = None
jwt_token = ""
client = None
status = None
challengeurl = None
challenges = [{}, {}, {}, {}]
tokens = ["", "", "", ""]
def __init__(
self,
directory_config: ACMEDirectoryConfiguration,
):
self.client = Acme(directory_config)
"""
Get the first nonce.
"""
self.client.get_nonce()
"""
Generate a key for the acme instance. This is a key used only for
the acme session. No real requirements except not to leak it
during (and after) the session.
"""
self.client.gen_key()
"""
Create an account. As per acme standard an email needs
to be provided.
"""
account_email: str = getenv("ACME_ACCOUNT_EMAIL", self._DEFAULT_ACME_ACCOUNT_EMAIL)
areq = {
"termsOfServiceAgreed": True,
"contact": [f"mailto:{account_email}"],
}
self.client.account_request(areq)
def order(self, keynum):
order = {"identifiers": [{"type": "jwt", "value": "42-unused"}]}
self.challengeurl = self.client.create_order(keynum, order)
def getchallenge(self, num):
challenges, self.status = self.client.challenge(self.challengeurl)
challenge = challenges[0]
print("Key challange", num)
self.challenges[num] = challenge
self.tokens[num] = challenge["token"]
return challenge
def gettoken(self):
return self.jwt_token
def send_request(self, hw_attest, uzi_jwt, num, f9cert):
self.client.send_challenge_jwt(self.challenges[num], hw_attest, uzi_jwt, f9cert)
def wait(self, num):
self.status, _url = self.client.notify(self.challenges[num]["url"])
def final(self, keynum, hw_csr, jwt: str):
self.client.final(keynum, hw_csr, jwt)
return self.client.getcert()