certbot/tools/deactivate.py

"""
Given an ACME account key as input, deactivate the account.

This can be useful if you created an account with a non-Certbot client and now
want to deactivate it.

Private key should be in PKCS#8 PEM form.

To provide the URL for the ACME server you want to use, set it in the $DIRECTORY
environment variable, e.g.:

DIRECTORY=https://acme-staging.api.letsencrypt.org/directory python \
    deactivate.py private_key.pem
"""
import os
import sys

from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import serialization
import josepy as jose

from acme import client as acme_client
from acme import errors as acme_errors
from acme import messages

DIRECTORY = os.getenv('DIRECTORY', 'http://localhost:4000/directory')

if len(sys.argv) != 2:
    print("Usage: python deactivate.py private_key.pem")
    sys.exit(1)

data = open(sys.argv[1], "r").read()
key = jose.JWKRSA(key=serialization.load_pem_private_key(
    data, None, default_backend()))

net = acme_client.ClientNetwork(key, verify_ssl=False,
                                user_agent="acme account deactivator")

client = acme_client.Client(DIRECTORY, key=key, net=net)
try:
    # We expect this to fail and give us a Conflict response with a Location
    # header pointing at the account's URL.
    client.register()
except acme_errors.ConflictError as e:
    location = e.location
if location is None:
    raise "Key was not previously registered (but now is)."
client.deactivate_registration(messages.RegistrationResource(uri=location))
Add an account deactivate utility script. (#4254) * Add an account deactivate utility script. This is handy if you created an account with a tool other than Certbot, and want to deactivate the account. * Move deactivate.py to tools. * Add test for ConflictError. * Fix lint error. * Document how to set server. 2017-05-17 17:24:59 -04:00			`"""`
			`Given an ACME account key as input, deactivate the account.`

			`This can be useful if you created an account with a non-Certbot client and now`
			`want to deactivate it.`

			`Private key should be in PKCS#8 PEM form.`

			`To provide the URL for the ACME server you want to use, set it in the $DIRECTORY`
			`environment variable, e.g.:`

			`DIRECTORY=https://acme-staging.api.letsencrypt.org/directory python \`
			`deactivate.py private_key.pem`
			`"""`
			`import os`
			`import sys`

			`from cryptography.hazmat.backends import default_backend`
			`from cryptography.hazmat.primitives.asymmetric import rsa`
			`from cryptography.hazmat.primitives import serialization`
Update test-everything (#5397) * Use josepy instead of acme.jose. (#5203) * Parse variables without whitespace separator correctly in CentOS family of distributions (#5318) * Pin josepy in letsencrypt-auto (#5321) * pin josepy in le-auto * Put pinned versions in sorted order * Pin dependencies in oldest tests (#5316) * Add tools/merge_requirements.py * Revert "Fix oldest tests by pinning Google DNS deps (#5000)" This reverts commit f68fba2be2fc342dd72deaaf048ab79e5a8fc2be. * Add tools/oldest_constraints.txt * Remove oldest constraints from tox.ini * Rename dev constraints file * Update tools/pip_install.sh * Update install_and_test.sh * Fix pip_install.sh * Don't cat when you can cp * Add ng-httpsclient to dev constraints for oldest tests * Bump tested setuptools version * Update dev_constraints comment * Better document oldest dependencies * test against oldest versions we say we require * Update dev constraints * Properly handle empty lines * Update constraints gen in pip_install * Remove duplicated zope.component * Reduce pyasn1-modules dependency * Remove blank line * pin back google-api-python-client * pin back uritemplate * pin josepy for oldest tests * Undo changes to install_and_test.sh * Update install_and_test.sh description * use split instead of partition * More pip dependency resolution workarounds (#5339) * remove pyopenssl and six deps * remove outdated tox.ini dep requirement * Fix auto_tests on systems with new bootstrappers (#5348) * Fix pytest on macOS in Travis (#5360) * Add tools/pytest.sh * pass TRAVIS through in tox.ini * Use tools/pytest.sh to run pytest * Add quiet to pytest.ini * ignore pytest cache * print as a string (#5359) * Use apache2ctl modules for Gentoo systems. (#5349) * Do not call Apache binary for module reset in cleanup() * Use apache2ctl modules for Gentoo * Broader git ignore for pytest cache files (#5361) Make gitignore take pytest cache directories in to account, even if they reside in subdirectories. If pytest is run for a certain module, ie. `pytest certbot-apache` the cache directory is created under `certbot-apache` directory. * Fix letsencrypt-auto name and long forms of -n (#5375) * Deprecate Python2.6 by using Python3 on CentOS/RHEL 6 (#5329) * If there's no python or there's only python2.6 on red hat systems, install python3 * Always check for python2.6 * address style, documentation, nits * factor out all initialization code * fix up python version return value when no python installed * add no python error and exit * document DeterminePythonVersion parameters * build letsencrypt-auto * close brace * build leauto * fix syntax errors * set USE_PYTHON_3 for all cases * rip out NOCRASH * replace NOCRASH, update LE_PYTHON set logic * use built-in venv for py3 * switch to LE_PYTHON not affecting bootstrap selection and not overwriting LE_PYTHON * python3ify fetch.py * get fetch.py working with python2 and 3 * don't verify server certificates in fetch.py HttpsGetter * Use SSLContext and an environment variable so that our tests continue to never verify server certificates. * typo * build * remove commented out code * address review comments * add documentation for YES_FLAG and QUIET_FLAG * Add tests to centos6 Dockerfile to make sure we install python3 if and only if appropriate to do so. * Allow non-interactive revocation without deleting certificates (#5386) * Add --delete-after-revoke flags * Use delete_after_revoke value * Add delete_after_revoke unit tests * Add integration tests for delete-after-revoke. * Have letsencrypt-auto do a real upgrade in leauto-upgrades option 2 (#5390) * Make leauto_upgrades do a real upgrade * Cleanup vars and output * Sleep until the server is ready * add simple_http_server.py * Use a randomly assigned port * s/realpath/readlink * wait for server before getting port * s/localhost/all interfaces * update Apache ciphersuites (#5383) * Fix macOS builds for Python2.7 in Travis (#5378) * Add OSX Python2 tests * Make sure python2 is originating from homebrew on macOS * Upgrade the already installed python2 instead of trying to reinstall 2018-01-09 20:24:14 -05:00			`import josepy as jose`
Add an account deactivate utility script. (#4254) * Add an account deactivate utility script. This is handy if you created an account with a tool other than Certbot, and want to deactivate the account. * Move deactivate.py to tools. * Add test for ConflictError. * Fix lint error. * Document how to set server. 2017-05-17 17:24:59 -04:00
			`from acme import client as acme_client`
			`from acme import errors as acme_errors`
			`from acme import messages`

			`DIRECTORY = os.getenv('DIRECTORY', 'http://localhost:4000/directory')`

			`if len(sys.argv) != 2:`
			`print("Usage: python deactivate.py private_key.pem")`
			`sys.exit(1)`

			`data = open(sys.argv[1], "r").read()`
			`key = jose.JWKRSA(key=serialization.load_pem_private_key(`
			`data, None, default_backend()))`

			`net = acme_client.ClientNetwork(key, verify_ssl=False,`
			`user_agent="acme account deactivator")`

			`client = acme_client.Client(DIRECTORY, key=key, net=net)`
			`try:`
			`# We expect this to fail and give us a Conflict response with a Location`
			`# header pointing at the account's URL.`
			`client.register()`
			`except acme_errors.ConflictError as e:`
			`location = e.location`
			`if location is None:`
			`raise "Key was not previously registered (but now is)."`
			`client.deactivate_registration(messages.RegistrationResource(uri=location))`