Fixes for using ACME with Route53 (#986)

* Changes required for functional Route53 operations * Changes required for functional ACME operations with Route53 * Changes required for functional ACME operations with Route53, need external ID
2017-11-13 12:19:54 -06:00 · 2017-11-13 12:19:54 -06:00 · 7e2c16ee38
parent 041f3a22fa
commit 7e2c16ee38
2 changed files with 11 additions and 8 deletions
--- a/lemur/plugins/lemur_acme/plugin.py
+++ b/lemur/plugins/lemur_acme/plugin.py
@ -87,8 +87,8 @@ def request_certificate(acme_client, authorizations, csr):
    cert_response, _ = acme_client.poll_and_request_issuance(
        jose.util.ComparableX509(
            OpenSSL.crypto.load_certificate_request(
-                OpenSSL.crypto.FILETYPE_ASN1,
-                csr.public_bytes(serialization.Encoding.DER),
+                OpenSSL.crypto.FILETYPE_PEM,
+                csr
            )
        ),
        authzrs=[authz_record.authz for authz_record in authorizations],
@ -96,12 +96,13 @@ def request_certificate(acme_client, authorizations, csr):

    pem_certificate = OpenSSL.crypto.dump_certificate(
        OpenSSL.crypto.FILETYPE_PEM, cert_response.body
-    )
+    ).decode('utf-8')

-    pem_certificate_chain = "\n".join(
+    # https://github.com/alex/letsencrypt-aws/commit/853ea7f93f141fe18d9ef12aee6b3388f98b4830
+    pem_certificate_chain = b"\n".join(
        OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, cert)
        for cert in acme_client.fetch_chain(cert_response)
-    )
+    ).decode('utf-8')

    return pem_certificate, pem_certificate_chain

@ -133,7 +134,7 @@ def get_domains(options):
    domains = [options['common_name']]
    if options.get('extensions'):
        for name in options['extensions']['sub_alt_names']['names']:
-            domains.append(name)
+            domains.append(name.value)
    return domains


@ -194,7 +195,8 @@ class ACMEIssuerPlugin(IssuerPlugin):
        domains = get_domains(issuer_options)
        authorizations = get_authorizations(acme_client, account_number, domains)
        pem_certificate, pem_certificate_chain = request_certificate(acme_client, authorizations, csr)
-        return pem_certificate, pem_certificate_chain
+        # TODO add external ID (if possible)
+        return pem_certificate, pem_certificate_chain, None

    @staticmethod
    def create_authority(options):
--- a/lemur/plugins/lemur_acme/route53.py
+++ b/lemur/plugins/lemur_acme/route53.py
@ -27,6 +27,7 @@ def find_zone_id(domain, client=None):
        raise ValueError(
            "Unable to find a Route53 hosted zone for {}".format(domain)
        )
+    return zones[0][1]


@sts_client('route53')
@ -54,7 +55,7 @@ def change_txt_record(action, zone_id, domain, value, client=None):
    return response["ChangeInfo"]["Id"]


-def create_txt_record(account_number, host, value):
+def create_txt_record(host, value, account_number):
    zone_id = find_zone_id(host, account_number=account_number)
    change_id = change_txt_record(
        "CREATE",