diff --git a/tools/deactivate.py b/tools/deactivate.py deleted file mode 100644 index 214c0595c..000000000 --- a/tools/deactivate.py +++ /dev/null @@ -1,48 +0,0 @@ -""" -Given an ACME account key as input, deactivate the account. - -This can be useful if you created an account with a non-Certbot client and now -want to deactivate it. - -Private key should be in PKCS#8 PEM form. - -To provide the URL for the ACME server you want to use, set it in the $DIRECTORY -environment variable, e.g.: - -DIRECTORY=https://acme-staging.api.letsencrypt.org/directory python \ - deactivate.py private_key.pem -""" -import os -import sys - -from cryptography.hazmat.backends import default_backend -from cryptography.hazmat.primitives import serialization -import josepy as jose - -from acme import client as acme_client -from acme import errors as acme_errors -from acme import messages - -DIRECTORY = os.getenv('DIRECTORY', 'http://localhost:4000/directory') - -if len(sys.argv) != 2: - print("Usage: python deactivate.py private_key.pem") - sys.exit(1) - -data = open(sys.argv[1], "r").read() -key = jose.JWKRSA(key=serialization.load_pem_private_key( - data, None, default_backend())) - -net = acme_client.ClientNetwork(key, verify_ssl=False, - user_agent="acme account deactivator") - -client = acme_client.Client(DIRECTORY, key=key, net=net) -try: - # We expect this to fail and give us a Conflict response with a Location - # header pointing at the account's URL. - client.register() -except acme_errors.ConflictError as e: - location = e.location -if location is None: - raise "Key was not previously registered (but now is)." -client.deactivate_registration(messages.RegistrationResource(uri=location)) diff --git a/tools/half-sign.c b/tools/half-sign.c deleted file mode 100644 index e56bc397c..000000000 --- a/tools/half-sign.c +++ /dev/null @@ -1,123 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include - -// This program can be used to perform RSA public key signatures given only -// the hash of the file to be signed as input. - -// To compile: -// gcc half-sign.c -lssl -lcrypto -o half-sign - -// Sign with SHA256 -#define HASH_SIZE 32 - -void usage() { - printf("half-sign [binary hash file]\n"); - printf("\n"); - printf(" Computes and prints a binary RSA signature over data given the SHA256 hash of\n"); - printf(" the data as input.\n"); - printf("\n"); - printf(" should be PEM encoded.\n"); - printf("\n"); - printf(" The input SHA256 hash should be %d bytes in length. If no binary hash file is\n", HASH_SIZE); - printf(" specified, it will be read from stdin.\n"); - exit(1); -} - -void sign_hashed_data(EVP_PKEY *signing_key, unsigned char *md, size_t mdlen) { - // cribbed from the openssl EVP_PKEY_sign man page - EVP_PKEY_CTX *ctx; - unsigned char *sig; - size_t siglen; - - /* NB: assumes signing_key, md and mdlen are already set up - * and that signing_key is an RSA private key - */ - ctx = EVP_PKEY_CTX_new(signing_key, NULL); - if ((!ctx) - || (EVP_PKEY_sign_init(ctx) <= 0) - || (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) - || (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)) { - fprintf(stderr, "Failure establishing ctx for signature\n"); - exit(1); - } - - /* Determine buffer length */ - if (EVP_PKEY_sign(ctx, NULL, &siglen, md, mdlen) <= 0) { - fprintf(stderr, "Unable to determine buffer length for signature\n"); - exit(1); - } - - sig = OPENSSL_malloc(siglen); - - if (!sig) { - fprintf(stderr, "Malloc failed\n"); - exit(1); - } - - if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0) { - fprintf(stderr, "Signature error\n"); - exit(1); - } - - /* Signature is siglen bytes written to buffer sig */ - fwrite(sig, siglen, 1, stdout); -} - -EVP_PKEY *read_private_key(char *filename) { - FILE *keyfile; - EVP_PKEY *privkey; - keyfile = fopen(filename, "r"); - if (!keyfile) { - fprintf(stderr, "Failed to open private key.pem file %s\n", filename); - exit(1); - } - privkey = PEM_read_PrivateKey(keyfile, NULL, NULL, NULL); - if (!privkey) { - fprintf(stderr, "Failed to read PEM private key from %s\n", filename); - exit(1); - } - if (EVP_PKEY_type(privkey->type) != EVP_PKEY_RSA) { - fprintf(stderr, "%s was a non-RSA key\n", filename); - exit(1); - } - return privkey; -} - -int main(int argc, char *argv[]) { - FILE *input; - unsigned char *buffer; - int test; - EVP_PKEY *privkey; - if (argc > 3 || argc < 2) - usage(); - if (argc < 3 || strcmp(argv[2],"-") == 0) - input = stdin; - else { - input = fopen(argv[2], "r"); - if (!input) usage(); - } - privkey = read_private_key(argv[1]); - buffer = malloc(HASH_SIZE); - if (!buffer) { - fprintf(stderr, "Argh, malloc failed\n"); - exit(1); - } - if (fread(buffer, HASH_SIZE, 1, input) != 1) { - perror("half-sign: Failed to read SHA256 from input\n"); - exit(1); - } - - test = fgetc(input); - if (test != EOF && test != '\n') { - fprintf(stderr,"Error, more than %d bytes fed to half-sign\n", HASH_SIZE); - fprintf(stderr,"Last byte was :%d\n" , (int) test); - exit(1); - } - sign_hashed_data(privkey, buffer, HASH_SIZE); - return 0; -} diff --git a/tools/simple_http_server.py b/tools/simple_http_server.py deleted file mode 100755 index 32f35ec69..000000000 --- a/tools/simple_http_server.py +++ /dev/null @@ -1,31 +0,0 @@ -#!/usr/bin/env python3 -"""A version of Python's SimpleHTTPServer that flushes its output.""" -import sys - -try: - from http.server import HTTPServer, SimpleHTTPRequestHandler -except ImportError: - from BaseHTTPServer import HTTPServer - from SimpleHTTPServer import SimpleHTTPRequestHandler - - -def serve_forever(port=0): - """Spins up an HTTP server on all interfaces and the given port. - - A message is printed to stdout specifying the address and port being used - by the server. - - :param int port: port number to use. - - """ - server = HTTPServer(('', port), SimpleHTTPRequestHandler) - print('Serving HTTP on {0} port {1} ...'.format(*server.server_address)) - sys.stdout.flush() - server.serve_forever() - - -if __name__ == '__main__': - kwargs = {} - if len(sys.argv) > 1: - kwargs['port'] = int(sys.argv[1]) - serve_forever(**kwargs)