certbot/acme/examples/example_client.py

"""Example script showing how to use acme client API."""
import logging
import os
import pkg_resources

from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import rsa
import OpenSSL

from acme import client
from acme import messages
from acme import jose


logging.basicConfig(level=logging.DEBUG)


DIRECTORY_URL = 'https://acme-staging.api.letsencrypt.org/directory'
BITS = 2048  # minimum for Boulder
DOMAIN = 'example1.com'  # example.com is ignored by Boulder

# generate_private_key requires cryptography>=0.5
key = jose.JWKRSA(key=rsa.generate_private_key(
    public_exponent=65537,
    key_size=BITS,
    backend=default_backend()))
acme = client.Client(DIRECTORY_URL, key)

regr = acme.register()
logging.info('Auto-accepting TOS: %s', regr.terms_of_service)
acme.agree_to_tos(regr)
logging.debug(regr)

authzr = acme.request_challenges(
    identifier=messages.Identifier(typ=messages.IDENTIFIER_FQDN, value=DOMAIN))
logging.debug(authzr)

authzr, authzr_response = acme.poll(authzr)

csr = OpenSSL.crypto.load_certificate_request(
    OpenSSL.crypto.FILETYPE_ASN1, pkg_resources.resource_string(
        'acme', os.path.join('testdata', 'csr.der')))
try:
    acme.request_issuance(jose.util.ComparableX509(csr), (authzr,))
except messages.Error as error:
    print ("This script is doomed to fail as no authorization "
           "challenges are ever solved. Error from server: {0}".format(error))
Update restified example script and rename to acme_client.py 2015-06-18 07:07:20 -04:00			`"""Example script showing how to use acme client API."""`
			`import logging`
			`import os`
			`import pkg_resources`

acme: drop PyCrypto and use cryptography instead. - Use cryptography in acme.jose.jwa/jwk. - Change Crypto.Random to os.urandom, c.f. https://cryptography.io/en/latest/random-numbers/?highlight=urandom 2015-07-05 09:11:33 -04:00			`from cryptography.hazmat.backends import default_backend`
			`from cryptography.hazmat.primitives.asymmetric import rsa`
acme: M2Crypto -> pyOpenSSL 2015-05-13 03:59:13 -04:00			`import OpenSSL`
Update restified example script and rename to acme_client.py 2015-06-18 07:07:20 -04:00
			`from acme import client`
			`from acme import messages`
			`from acme import jose`


			`logging.basicConfig(level=logging.DEBUG)`


Update example ACME client to work with Boulder 2015-10-28 03:26:52 -04:00			`DIRECTORY_URL = 'https://acme-staging.api.letsencrypt.org/directory'`
Update restified example script and rename to acme_client.py 2015-06-18 07:07:20 -04:00			`BITS = 2048 # minimum for Boulder`
			`DOMAIN = 'example1.com' # example.com is ignored by Boulder`

acme: drop PyCrypto and use cryptography instead. - Use cryptography in acme.jose.jwa/jwk. - Change Crypto.Random to os.urandom, c.f. https://cryptography.io/en/latest/random-numbers/?highlight=urandom 2015-07-05 09:11:33 -04:00			`# generate_private_key requires cryptography>=0.5`
Use ComparableRSAKey autowrap throughout the code base. 2015-07-08 08:07:05 -04:00			`key = jose.JWKRSA(key=rsa.generate_private_key(`
acme: drop PyCrypto and use cryptography instead. - Use cryptography in acme.jose.jwa/jwk. - Change Crypto.Random to os.urandom, c.f. https://cryptography.io/en/latest/random-numbers/?highlight=urandom 2015-07-05 09:11:33 -04:00			`public_exponent=65537,`
Actually use BITS constant in example client 2015-10-27 15:04:20 -04:00			`key_size=BITS,`
Use ComparableRSAKey autowrap throughout the code base. 2015-07-08 08:07:05 -04:00			`backend=default_backend()))`
Update example ACME client to work with Boulder 2015-10-28 03:26:52 -04:00			`acme = client.Client(DIRECTORY_URL, key)`
Update restified example script and rename to acme_client.py 2015-06-18 07:07:20 -04:00
Accept new_reg in acme.client.Client.register. 2015-07-04 02:22:11 -04:00			`regr = acme.register()`
Update restified example script and rename to acme_client.py 2015-06-18 07:07:20 -04:00			`logging.info('Auto-accepting TOS: %s', regr.terms_of_service)`
Simplify the ACME example client by using an existing method 2015-12-12 14:50:26 -05:00			`acme.agree_to_tos(regr)`
Update restified example script and rename to acme_client.py 2015-06-18 07:07:20 -04:00			`logging.debug(regr)`

			`authzr = acme.request_challenges(`
Remove Link rel=next for authzs and new-certs. (#4303) An early version of the spec indicated that clients should process issuance sequentially, following Link rel=next from an account URL to an authz URL, to a new-cert URL. However, the spec has long since moved to putting these URLs in the directory. Certbot nominally supports either; This change consolidates on always using the directory, simplifying things and making the transition to the latest ACME spec easier. * Revert "Revert "Remove Link rel=next for authzs and new-certs." (#4277)" This reverts commit 11ec1eb91148f6420e10d2296b8a507c90337792. * Save new_authzr_uri with account for older clients. * Add test that new_authzr_uri exists in regr. * Restore backwards compatibility for new_authzr_uri. * Fix account_test. * Add test for deprecated URI argument to request_challenges. * Review feedback. * Fix test * Add omitempty to new_cert_uri. 2017-03-15 00:44:57 -04:00			`identifier=messages.Identifier(typ=messages.IDENTIFIER_FQDN, value=DOMAIN))`
Update restified example script and rename to acme_client.py 2015-06-18 07:07:20 -04:00			`logging.debug(authzr)`

			`authzr, authzr_response = acme.poll(authzr)`

acme: M2Crypto -> pyOpenSSL 2015-05-13 03:59:13 -04:00			`csr = OpenSSL.crypto.load_certificate_request(`
			`OpenSSL.crypto.FILETYPE_ASN1, pkg_resources.resource_string(`
Fix CSR loading in ACME example client script. 2015-07-12 07:39:37 -04:00			`'acme', os.path.join('testdata', 'csr.der')))`
Update restified example script and rename to acme_client.py 2015-06-18 07:07:20 -04:00			`try:`
wrap csr in ComparableX509 2016-02-16 12:00:11 -05:00			`acme.request_issuance(jose.util.ComparableX509(csr), (authzr,))`
Update restified example script and rename to acme_client.py 2015-06-18 07:07:20 -04:00			`except messages.Error as error:`
			`print ("This script is doomed to fail as no authorization "`
			`"challenges are ever solved. Error from server: {0}".format(error))`