1. Advisor
  2. acme
  3. functions
  4. acme.crypto_util
View all acme analysis

How to use the acme.crypto_util function in acme

To help you get started, we’ve selected a few acme examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github letsencrypt / boulder / test / chisel2.py View on Github external
def make_csr(domains):
    key = OpenSSL.crypto.PKey()
    key.generate_key(OpenSSL.crypto.TYPE_RSA, 2048)
    pem = OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM, key)
    return acme_crypto_util.make_csr(pem, domains, False)
github EFForg / starttls-everywhere / certbot / acme / acme / challenges.py View on Github external
def verify_cert(self, cert):
        """Verify tls-sni-01 challenge certificate.

        :param OpensSSL.crypto.X509 cert: Challenge certificate.

        :returns: Whether the certificate was successfully verified.
        :rtype: bool

        """
        # pylint: disable=protected-access
        sans = crypto_util._pyopenssl_cert_or_req_san(cert)
        logging.debug('Certificate %s. SANs: %s', cert.digest('sha1'), sans)
        return self.z_domain.decode() in sans
github certbot / certbot / acme / acme / challenges.py View on Github external
"""Probe tls-sni-01 challenge certificate.

        :param unicode domain:

        """
        # TODO: domain is not necessary if host is provided
        if "host" not in kwargs:
            host = socket.gethostbyname(domain)
            logging.debug('%s resolved to %s', domain, host)
            kwargs["host"] = host

        kwargs.setdefault("port", self.PORT)
        kwargs["name"] = self.z_domain
        # TODO: try different methods?
        # pylint: disable=protected-access
        return crypto_util.probe_sni(**kwargs)
github certbot / certbot / acme / acme / standalone.py View on Github external
def _wrap_sock(self):
        self.socket = crypto_util.SSLSocket(
            self.socket, certs=self.certs, method=self.method)
github certbot / certbot / acme / acme / challenges.py View on Github external
def verify_cert(self, cert):
        """Verify tls-sni-01 challenge certificate.

        :param OpensSSL.crypto.X509 cert: Challenge certificate.

        :returns: Whether the certificate was successfully verified.
        :rtype: bool

        """
        # pylint: disable=protected-access
        sans = crypto_util._pyopenssl_cert_or_req_san(cert)
        logger.debug('Certificate %s. SANs: %s', cert.digest('sha256'), sans)
        return self.z_domain.decode() in sans
github certbot / certbot / certbot / crypto_util.py View on Github external
"""Initialize a CSR with the given private key.

    :param privkey: Key to include in the CSR
    :type privkey: :class:`certbot.util.Key`

    :param set names: `str` names to include in the CSR

    :param str path: Certificate save directory.

    :returns: CSR
    :rtype: :class:`certbot.util.CSR`

    """
    config = zope.component.getUtility(interfaces.IConfig)

    csr_pem = acme_crypto_util.make_csr(
        privkey.pem, names, must_staple=config.must_staple)

    # Save CSR
    util.make_or_verify_dir(path, 0o755, os.geteuid(),
                               config.strict_permissions)
    csr_f, csr_filename = util.unique_file(
        os.path.join(path, "csr-certbot.pem"), 0o644, "wb")
    with csr_f:
        csr_f.write(csr_pem)
    logger.debug("Creating CSR: %s", csr_filename)

    return util.CSR(csr_filename, csr_pem, "pem")
github certbot / certbot / acme / acme / challenges.py View on Github external
def verify_cert(self, domain, cert):
        """Verify tls-alpn-01 challenge certificate.

        :param unicode domain: Domain name being validated.
        :param OpensSSL.crypto.X509 cert: Challenge certificate.

        :returns: Whether the certificate was successfully verified.
        :rtype: bool

        """
        # pylint: disable=protected-access
        names = crypto_util._pyopenssl_cert_or_req_all_names(cert)
        logger.debug('Certificate %s. SANs: %s', cert.digest('sha256'), names)
        if len(names) != 1 or names[0].lower() != domain.lower():
            return False

        for i in range(cert.get_extension_count()):
            ext = cert.get_extension(i)
            # FIXME: assume this is the ACME extension. Currently there is no
            # way to get full OID of an unknown extension from pyopenssl.
            if ext.get_short_name() == b'UNDEF':
                data = ext.get_data()
                return data == self.h

        return False
github certbot / certbot / acme / acme / challenges.py View on Github external
def probe_cert(self, domain, host=None, port=None):
        """Probe tls-alpn-01 challenge certificate.

        :param unicode domain: domain being validated, required.
        :param string host: IP address used to probe the certificate.
        :param int port: Port used to probe the certificate.

        """
        if host is None:
            host = socket.gethostbyname(domain)
            logger.debug('%s resolved to %s', domain, host)
        if port is None:
            port = self.PORT

        return crypto_util.probe_sni(host=host, port=port, name=domain,
                alpn_protocols=[self.ACME_TLS_1_PROTOCOL])

acme

ACME protocol implementation in Python

GitHub
Apache-2.0
Latest version published 3 days ago

Package Health Score

97 / 100
Full package analysis

Popular acme functions

Similar packages