Infra
/
lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Deduplicate chain/certificate extraction

This commit is contained in:
Mathias Petermann 2020-11-11 08:46:55 +01:00
parent 5cdd88e033
commit 6e5aa4e979
2 changed files with 11 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
lemur/plugins/lemur_acme/acme_handlers.py
View File

@ -111,10 +111,18 @@ class AcmeHandler(object):
f"Successfully resolved Acme order: {order.uri}", exc_info=True f"Successfully resolved Acme order: {order.uri}", exc_info=True
) )
pem_certificate, pem_certificate_chain = self.extract_cert_and_chain(orderr.fullchain_pem)
current_app.logger.debug(
"{0} {1}".format(type(pem_certificate), type(pem_certificate_chain))
)
return pem_certificate, pem_certificate_chain
def extract_cert_and_chain(self, fullchain_pem):
pem_certificate = OpenSSL.crypto.dump_certificate( pem_certificate = OpenSSL.crypto.dump_certificate(
OpenSSL.crypto.FILETYPE_PEM, OpenSSL.crypto.FILETYPE_PEM,
OpenSSL.crypto.load_certificate( OpenSSL.crypto.load_certificate(
OpenSSL.crypto.FILETYPE_PEM, orderr.fullchain_pem OpenSSL.crypto.FILETYPE_PEM, fullchain_pem
), ),
).decode() ).decode()
@ -123,11 +131,8 @@ class AcmeHandler(object):
current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA_EXPIRATION_DATE", "17/03/21"), '%d/%m/%y'): current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA_EXPIRATION_DATE", "17/03/21"), '%d/%m/%y'):
pem_certificate_chain = current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA") pem_certificate_chain = current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA")
else: else:
pem_certificate_chain = orderr.fullchain_pem[len(pem_certificate):].lstrip() pem_certificate_chain = fullchain_pem[len(pem_certificate):].lstrip()
current_app.logger.debug(
"{0} {1}".format(type(pem_certificate), type(pem_certificate_chain))
)
return pem_certificate, pem_certificate_chain return pem_certificate, pem_certificate_chain
@retry(stop_max_attempt_number=5, wait_fixed=5000) @retry(stop_max_attempt_number=5, wait_fixed=5000)

15
lemur/plugins/lemur_acme/challenge_types.py
View File

@ -10,7 +10,6 @@
import datetime import datetime
import json import json
import OpenSSL
from acme import challenges from acme import challenges
from acme.messages import errors, STATUS_VALID, ERROR_CODES from acme.messages import errors, STATUS_VALID, ERROR_CODES
from flask import current_app from flask import current_app
@ -131,19 +130,7 @@ class AcmeHttpChallenge(AcmeChallenge):
ERROR_CODES[chall.error.code])) ERROR_CODES[chall.error.code]))
raise Exception('Validation error occured, can\'t complete challenges. See logs for more information.') raise Exception('Validation error occured, can\'t complete challenges. See logs for more information.')
pem_certificate = OpenSSL.crypto.dump_certificate( pem_certificate, pem_certificate_chain = self.acme.extract_cert_and_chain(finalized_orderr.fullchain_pem)
OpenSSL.crypto.FILETYPE_PEM,
OpenSSL.crypto.load_certificate(
OpenSSL.crypto.FILETYPE_PEM, finalized_orderr.fullchain_pem
),
).decode()
if current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA", False) \
and datetime.datetime.now() < datetime.datetime.strptime(
current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA_EXPIRATION_DATE", "17/03/21"), '%d/%m/%y'):
pem_certificate_chain = current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA")
else:
pem_certificate_chain = finalized_orderr.fullchain_pem[len(pem_certificate):].lstrip()
if len(deployed_challenges) != 0: if len(deployed_challenges) != 0:
for token_path in deployed_challenges: for token_path in deployed_challenges: