Deduplicate chain/certificate extraction

2020-11-11 08:46:55 +01:00 · 2020-11-11 08:46:55 +01:00 · 6e5aa4e979
parent 5cdd88e033
commit 6e5aa4e979
2 changed files with 11 additions and 19 deletions
--- a/lemur/plugins/lemur_acme/acme_handlers.py
+++ b/lemur/plugins/lemur_acme/acme_handlers.py
@ -111,10 +111,18 @@ class AcmeHandler(object):
            f"Successfully resolved Acme order: {order.uri}", exc_info=True
        )

+        pem_certificate, pem_certificate_chain = self.extract_cert_and_chain(orderr.fullchain_pem)
+
+        current_app.logger.debug(
+            "{0} {1}".format(type(pem_certificate), type(pem_certificate_chain))
+        )
+        return pem_certificate, pem_certificate_chain
+
+    def extract_cert_and_chain(self, fullchain_pem):
        pem_certificate = OpenSSL.crypto.dump_certificate(
            OpenSSL.crypto.FILETYPE_PEM,
            OpenSSL.crypto.load_certificate(
-                OpenSSL.crypto.FILETYPE_PEM, orderr.fullchain_pem
+                OpenSSL.crypto.FILETYPE_PEM, fullchain_pem
            ),
        ).decode()

@ -123,11 +131,8 @@ class AcmeHandler(object):
                current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA_EXPIRATION_DATE", "17/03/21"), '%d/%m/%y'):
            pem_certificate_chain = current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA")
        else:
-            pem_certificate_chain = orderr.fullchain_pem[len(pem_certificate):].lstrip()
+            pem_certificate_chain = fullchain_pem[len(pem_certificate):].lstrip()

-        current_app.logger.debug(
-            "{0} {1}".format(type(pem_certificate), type(pem_certificate_chain))
-        )
        return pem_certificate, pem_certificate_chain

    @retry(stop_max_attempt_number=5, wait_fixed=5000)
--- a/lemur/plugins/lemur_acme/challenge_types.py
+++ b/lemur/plugins/lemur_acme/challenge_types.py
@ -10,7 +10,6 @@
 import datetime
 import json

-import OpenSSL
 from acme import challenges
 from acme.messages import errors, STATUS_VALID, ERROR_CODES
 from flask import current_app
@ -131,19 +130,7 @@ class AcmeHttpChallenge(AcmeChallenge):
                                                                                         ERROR_CODES[chall.error.code]))
            raise Exception('Validation error occured, can\'t complete challenges. See logs for more information.')

-        pem_certificate = OpenSSL.crypto.dump_certificate(
-            OpenSSL.crypto.FILETYPE_PEM,
-            OpenSSL.crypto.load_certificate(
-                OpenSSL.crypto.FILETYPE_PEM, finalized_orderr.fullchain_pem
-            ),
-        ).decode()
-
-        if current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA", False) \
-                and datetime.datetime.now() < datetime.datetime.strptime(
-                current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA_EXPIRATION_DATE", "17/03/21"), '%d/%m/%y'):
-            pem_certificate_chain = current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA")
-        else:
-            pem_certificate_chain = finalized_orderr.fullchain_pem[len(pem_certificate):].lstrip()
+        pem_certificate, pem_certificate_chain = self.acme.extract_cert_and_chain(finalized_orderr.fullchain_pem)

        if len(deployed_challenges) != 0:
            for token_path in deployed_challenges: