Infra
/
lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

adding required variables (#611)

This commit is contained in:
kevgliss 2016-12-18 18:21:22 -08:00 committed by GitHub
parent 51c7216b70
commit c7fdb2acd7
1 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
lemur/plugins/lemur_acme/plugin.py
View File

@ -23,6 +23,7 @@ from cryptography.hazmat.primitives import serialization
import OpenSSL.crypto import OpenSSL.crypto
from lemur.common.utils import validate_conf
from lemur.plugins.bases import IssuerPlugin from lemur.plugins.bases import IssuerPlugin
from lemur.plugins import lemur_acme as acme from lemur.plugins import lemur_acme as acme
@ -58,6 +59,7 @@ def start_dns_challenge(acme_client, host):
dns_challenge.validation(acme_client.key), dns_challenge.validation(acme_client.key),
) )
return AuthorizationRecord( return AuthorizationRecord(
host, host,
authz, authz,
@ -76,6 +78,7 @@ def complete_dns_challenge(acme_client, authz_record):
authz_record.host, authz_record.host,
acme_client.key.public_key() acme_client.key.public_key()
) )
if not verified: if not verified:
raise ValueError("Failed verification") raise ValueError("Failed verification")
@ -92,13 +95,16 @@ def request_certificate(acme_client, authorizations, csr):
), ),
authzrs=[authz_record.authz for authz_record in authorizations], authzrs=[authz_record.authz for authz_record in authorizations],
) )
pem_certificate = OpenSSL.crypto.dump_certificate( pem_certificate = OpenSSL.crypto.dump_certificate(
OpenSSL.crypto.FILETYPE_PEM, cert_response.body OpenSSL.crypto.FILETYPE_PEM, cert_response.body
) )
pem_certificate_chain = "\n".join( pem_certificate_chain = "\n".join(
OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, cert) OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, cert)
for cert in acme_client.fetch_chain(cert_response) for cert in acme_client.fetch_chain(cert_response)
) )
return pem_certificate, pem_certificate_chain return pem_certificate, pem_certificate_chain
@ -112,6 +118,7 @@ def setup_acme_client():
key = serialization.load_pem_private_key( key = serialization.load_pem_private_key(
key, password=None, backend=default_backend() key, password=None, backend=default_backend()
) )
return acme_client_for_private_key(acme_directory_url, key) return acme_client_for_private_key(acme_directory_url, key)
@ -128,6 +135,7 @@ def register(email):
registration = acme_client.register( registration = acme_client.register(
messages.NewRegistration.from_data(email=email) messages.NewRegistration.from_data(email=email)
) )
acme_client.agree_to_tos(registration) acme_client.agree_to_tos(registration)
return private_key return private_key
@ -175,6 +183,15 @@ class ACMEIssuerPlugin(IssuerPlugin):
author_url = 'https://github.com/netflix/lemur.git' author_url = 'https://github.com/netflix/lemur.git'
def __init__(self, *args, **kwargs): def __init__(self, *args, **kwargs):
required_vars = [
'ACME_DIRECTORY_URL',
'ACME_TEL',
'ACME_EMAIL',
'ACME_PRIVATE_KEY',
'ACME_ROOT'
]
validate_conf(current_app, required_vars)
super(ACMEIssuerPlugin, self).__init__(*args, **kwargs) super(ACMEIssuerPlugin, self).__init__(*args, **kwargs)
def create_certificate(self, csr, issuer_options): def create_certificate(self, csr, issuer_options):