diff --git a/acertmgr/authority/v1.py b/acertmgr/authority/v1.py index 330aa77..9e0da9a 100644 --- a/acertmgr/authority/v1.py +++ b/acertmgr/authority/v1.py @@ -18,13 +18,6 @@ from cryptography.hazmat.primitives import hashes, serialization from cryptography.hazmat.primitives.asymmetric import padding from acertmgr import tools -from acertmgr.tools import byte_string_format - -try: - from urllib.request import urlopen # Python 3 -except ImportError: - from urllib2 import urlopen # Python 2 - from acertmgr.authority.acme import ACMEAuthority as AbstractACMEAuthority @@ -45,9 +38,9 @@ class ACMEAuthority(AbstractACMEAuthority): header = { "alg": "RS256", "jwk": { - "e": tools.to_json_base64(byte_string_format(numbers.e)), + "e": tools.to_json_base64(tools.byte_string_format(numbers.e)), "kty": "RSA", - "n": tools.to_json_base64(byte_string_format(numbers.n)), + "n": tools.to_json_base64(tools.byte_string_format(numbers.n)), }, } return header @@ -60,7 +53,7 @@ class ACMEAuthority(AbstractACMEAuthority): def _send_signed(self, url, header, payload): payload64 = tools.to_json_base64(json.dumps(payload).encode('utf8')) protected = copy.deepcopy(header) - protected["nonce"] = urlopen(self.ca + "/directory").headers['Replay-Nonce'] + protected["nonce"] = tools.get_url(self.ca + "/directory").headers['Replay-Nonce'] protected64 = tools.to_json_base64(json.dumps(protected).encode('utf8')) # @todo check why this padding is not working # pad = padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH) @@ -71,7 +64,7 @@ class ACMEAuthority(AbstractACMEAuthority): "payload": payload64, "signature": tools.to_json_base64(out), }) try: - resp = urlopen(url, data.encode('utf8')) + resp = tools.get_url(url, data.encode('utf8')) return resp.getcode(), resp.read() except IOError as e: return getattr(e, "code", None), getattr(e, "read", e.__str__)() @@ -154,7 +147,7 @@ class ACMEAuthority(AbstractACMEAuthority): # wait for challenge to be verified while True: try: - resp = urlopen(challenges[domain]['uri']) + resp = tools.get_url(challenges[domain]['uri']) challenge_status = json.loads(resp.read().decode('utf8')) except IOError as e: raise ValueError("Error checking challenge: {0} {1}".format( diff --git a/acertmgr/authority/v2.py b/acertmgr/authority/v2.py index c988ea7..b91a2b0 100644 --- a/acertmgr/authority/v2.py +++ b/acertmgr/authority/v2.py @@ -18,12 +18,6 @@ from cryptography.hazmat.primitives.asymmetric import padding from acertmgr import tools from acertmgr.authority.acme import ACMEAuthority as AbstractACMEAuthority -from acertmgr.tools import byte_string_format - -try: - from urllib.request import urlopen, Request # Python 3 -except ImportError: - from urllib2 import urlopen, Request # Python 2 class ACMEAuthority(AbstractACMEAuthority): @@ -62,8 +56,8 @@ class ACMEAuthority(AbstractACMEAuthority): "alg": self.algorithm, "jwk": { "kty": "RSA", - "e": tools.to_json_base64(byte_string_format(numbers.e)), - "n": tools.to_json_base64(byte_string_format(numbers.n)), + "e": tools.to_json_base64(tools.byte_string_format(numbers.e)), + "n": tools.to_json_base64(tools.byte_string_format(numbers.n)), }, } self.account_id = None # will be updated to correct value during account registration @@ -74,7 +68,7 @@ class ACMEAuthority(AbstractACMEAuthority): if data: data = data.encode('utf-8') - resp = urlopen(Request(url, data=data, headers=header)) + resp = tools.get_url(url, data, header) # Store next Replay-Nonce if it is in the header if 'Replay-Nonce' in resp.headers: diff --git a/acertmgr/modes/webdir.py b/acertmgr/modes/webdir.py index a69a4a1..a093138 100644 --- a/acertmgr/modes/webdir.py +++ b/acertmgr/modes/webdir.py @@ -7,14 +7,9 @@ import datetime import os - +from acertmgr import tools from acertmgr.modes.abstract import AbstractChallengeHandler -try: - from urllib.request import urlopen # Python 3 -except ImportError: - from urllib2 import urlopen # Python 2 - class ChallengeHandler(AbstractChallengeHandler): def __init__(self, config): @@ -36,7 +31,7 @@ class ChallengeHandler(AbstractChallengeHandler): # check that the file is in place wellknown_url = "http://{0}/.well-known/acme-challenge/{1}".format(domain, token) try: - resp = urlopen(wellknown_url) + resp = tools.get_url(wellknown_url) resp_data = resp.read().decode('utf8').strip() if resp_data != keyauthorization: raise ValueError("keyauthorization and response data do NOT match") diff --git a/acertmgr/tools.py b/acertmgr/tools.py index b1494f6..29199d4 100644 --- a/acertmgr/tools.py +++ b/acertmgr/tools.py @@ -20,15 +20,20 @@ from cryptography.hazmat.primitives.asymmetric import rsa from cryptography.x509.oid import NameOID, ExtensionOID try: - from urllib.request import urlopen # Python 3 + from urllib.request import urlopen, Request # Python 3 except ImportError: - from urllib2 import urlopen # Python 2 + from urllib2 import urlopen, Request # Python 2 class InvalidCertificateError(Exception): pass +# @brief wrapper for downloading an url +def get_url(url, data=None, headers=None): + return urlopen(Request(url, data=data, headers={} if headers is None else headers)) + + # @brief retrieve notBefore and notAfter dates of a certificate file # @param cert_file the path to the certificate # @return the tuple of dates: (notBefore, notAfter) @@ -116,7 +121,7 @@ def download_issuer_ca(cert): raise Exception("Could not determine issuer CA for given certificate: {}".format(cert)) print("Downloading CA certificate from {}".format(ca_issuers)) - cadata = urlopen(ca_issuers).read() + cadata = get_url(ca_issuers).read() return x509.load_der_x509_certificate(cadata, default_backend())