From 6e5aa4e979f7579718790c82695b5455323d88d1 Mon Sep 17 00:00:00 2001 From: Mathias Petermann Date: Wed, 11 Nov 2020 08:46:55 +0100 Subject: [PATCH] Deduplicate chain/certificate extraction --- lemur/plugins/lemur_acme/acme_handlers.py | 15 ++++++++++----- lemur/plugins/lemur_acme/challenge_types.py | 15 +-------------- 2 files changed, 11 insertions(+), 19 deletions(-) diff --git a/lemur/plugins/lemur_acme/acme_handlers.py b/lemur/plugins/lemur_acme/acme_handlers.py index 6d0ac5f4..c1ab5281 100644 --- a/lemur/plugins/lemur_acme/acme_handlers.py +++ b/lemur/plugins/lemur_acme/acme_handlers.py @@ -111,10 +111,18 @@ class AcmeHandler(object): f"Successfully resolved Acme order: {order.uri}", exc_info=True ) + pem_certificate, pem_certificate_chain = self.extract_cert_and_chain(orderr.fullchain_pem) + + current_app.logger.debug( + "{0} {1}".format(type(pem_certificate), type(pem_certificate_chain)) + ) + return pem_certificate, pem_certificate_chain + + def extract_cert_and_chain(self, fullchain_pem): pem_certificate = OpenSSL.crypto.dump_certificate( OpenSSL.crypto.FILETYPE_PEM, OpenSSL.crypto.load_certificate( - OpenSSL.crypto.FILETYPE_PEM, orderr.fullchain_pem + OpenSSL.crypto.FILETYPE_PEM, fullchain_pem ), ).decode() @@ -123,11 +131,8 @@ class AcmeHandler(object): current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA_EXPIRATION_DATE", "17/03/21"), '%d/%m/%y'): pem_certificate_chain = current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA") else: - pem_certificate_chain = orderr.fullchain_pem[len(pem_certificate):].lstrip() + pem_certificate_chain = fullchain_pem[len(pem_certificate):].lstrip() - current_app.logger.debug( - "{0} {1}".format(type(pem_certificate), type(pem_certificate_chain)) - ) return pem_certificate, pem_certificate_chain @retry(stop_max_attempt_number=5, wait_fixed=5000) diff --git a/lemur/plugins/lemur_acme/challenge_types.py b/lemur/plugins/lemur_acme/challenge_types.py index 36eddf8f..538ec236 100644 --- a/lemur/plugins/lemur_acme/challenge_types.py +++ b/lemur/plugins/lemur_acme/challenge_types.py @@ -10,7 +10,6 @@ import datetime import json -import OpenSSL from acme import challenges from acme.messages import errors, STATUS_VALID, ERROR_CODES from flask import current_app @@ -131,19 +130,7 @@ class AcmeHttpChallenge(AcmeChallenge): ERROR_CODES[chall.error.code])) raise Exception('Validation error occured, can\'t complete challenges. See logs for more information.') - pem_certificate = OpenSSL.crypto.dump_certificate( - OpenSSL.crypto.FILETYPE_PEM, - OpenSSL.crypto.load_certificate( - OpenSSL.crypto.FILETYPE_PEM, finalized_orderr.fullchain_pem - ), - ).decode() - - if current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA", False) \ - and datetime.datetime.now() < datetime.datetime.strptime( - current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA_EXPIRATION_DATE", "17/03/21"), '%d/%m/%y'): - pem_certificate_chain = current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA") - else: - pem_certificate_chain = finalized_orderr.fullchain_pem[len(pem_certificate):].lstrip() + pem_certificate, pem_certificate_chain = self.acme.extract_cert_and_chain(finalized_orderr.fullchain_pem) if len(deployed_challenges) != 0: for token_path in deployed_challenges: