From 7e2c16ee38a0d6998284dc352c9fdc3b53412701 Mon Sep 17 00:00:00 2001
From: Daniel Pramann <praymann@users.noreply.github.com>
Date: Mon, 13 Nov 2017 12:19:54 -0600
Subject: [PATCH] Fixes for using ACME with Route53 (#986)

* Changes required for functional Route53 operations

* Changes required for functional ACME operations with Route53

* Changes required for functional ACME operations with Route53, need external ID
---
 lemur/plugins/lemur_acme/plugin.py  | 16 +++++++++-------
 lemur/plugins/lemur_acme/route53.py |  3 ++-
 2 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/lemur/plugins/lemur_acme/plugin.py b/lemur/plugins/lemur_acme/plugin.py
index 152ecd61..6ab53553 100644
--- a/lemur/plugins/lemur_acme/plugin.py
+++ b/lemur/plugins/lemur_acme/plugin.py
@@ -87,8 +87,8 @@ def request_certificate(acme_client, authorizations, csr):
     cert_response, _ = acme_client.poll_and_request_issuance(
         jose.util.ComparableX509(
             OpenSSL.crypto.load_certificate_request(
-                OpenSSL.crypto.FILETYPE_ASN1,
-                csr.public_bytes(serialization.Encoding.DER),
+                OpenSSL.crypto.FILETYPE_PEM,
+                csr
             )
         ),
         authzrs=[authz_record.authz for authz_record in authorizations],
@@ -96,12 +96,13 @@ def request_certificate(acme_client, authorizations, csr):
 
     pem_certificate = OpenSSL.crypto.dump_certificate(
         OpenSSL.crypto.FILETYPE_PEM, cert_response.body
-    )
+    ).decode('utf-8')
 
-    pem_certificate_chain = "\n".join(
+    # https://github.com/alex/letsencrypt-aws/commit/853ea7f93f141fe18d9ef12aee6b3388f98b4830
+    pem_certificate_chain = b"\n".join(
         OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, cert)
         for cert in acme_client.fetch_chain(cert_response)
-    )
+    ).decode('utf-8')
 
     return pem_certificate, pem_certificate_chain
 
@@ -133,7 +134,7 @@ def get_domains(options):
     domains = [options['common_name']]
     if options.get('extensions'):
         for name in options['extensions']['sub_alt_names']['names']:
-            domains.append(name)
+            domains.append(name.value)
     return domains
 
 
@@ -194,7 +195,8 @@ class ACMEIssuerPlugin(IssuerPlugin):
         domains = get_domains(issuer_options)
         authorizations = get_authorizations(acme_client, account_number, domains)
         pem_certificate, pem_certificate_chain = request_certificate(acme_client, authorizations, csr)
-        return pem_certificate, pem_certificate_chain
+        # TODO add external ID (if possible)
+        return pem_certificate, pem_certificate_chain, None
 
     @staticmethod
     def create_authority(options):
diff --git a/lemur/plugins/lemur_acme/route53.py b/lemur/plugins/lemur_acme/route53.py
index 052e0379..f7a9c594 100644
--- a/lemur/plugins/lemur_acme/route53.py
+++ b/lemur/plugins/lemur_acme/route53.py
@@ -27,6 +27,7 @@ def find_zone_id(domain, client=None):
         raise ValueError(
             "Unable to find a Route53 hosted zone for {}".format(domain)
         )
+    return zones[0][1]
 
 
 @sts_client('route53')
@@ -54,7 +55,7 @@ def change_txt_record(action, zone_id, domain, value, client=None):
     return response["ChangeInfo"]["Id"]
 
 
-def create_txt_record(account_number, host, value):
+def create_txt_record(host, value, account_number):
     zone_id = find_zone_id(host, account_number=account_number)
     change_id = change_txt_record(
         "CREATE",