Showing preview only (6,740K chars total). Download the full file or copy to clipboard to get everything.
Repository: grindsa/acme2certifier
Branch: master
Commit: e226dd5741c9
Files: 490
Total size: 6.3 MB
Directory structure:
gitextract_wrrzvmdn/
├── .dockerignore
├── .gitattributes
├── .github/
│ ├── .codecov.yml
│ ├── Caddyfile
│ ├── FUNDING.yml
│ ├── a2c.psql
│ ├── actions/
│ │ ├── acme_clients/
│ │ │ └── action.yml
│ │ ├── acmeshell/
│ │ │ └── action.yml
│ │ ├── cert_gen/
│ │ │ └── action.yml
│ │ ├── container_build/
│ │ │ └── action.yml
│ │ ├── container_build_upload/
│ │ │ └── action.yml
│ │ ├── container_check/
│ │ │ └── action.yml
│ │ ├── container_down/
│ │ │ └── action.yml
│ │ ├── container_load/
│ │ │ └── action.yml
│ │ ├── container_prep/
│ │ │ └── action.yml
│ │ ├── container_run/
│ │ │ └── action.yml
│ │ ├── container_up/
│ │ │ └── action.yml
│ │ ├── deb_build/
│ │ │ └── action.yml
│ │ ├── deb_build_upload/
│ │ │ └── action.yml
│ │ ├── deb_prep/
│ │ │ └── action.yml
│ │ ├── download_artifact/
│ │ │ └── action.yml
│ │ ├── dump-secrets-to-json/
│ │ │ └── action.yml
│ │ ├── mailserver_install/
│ │ │ └── action.yml
│ │ ├── mariadb_prep/
│ │ │ └── action.yml
│ │ ├── mssql_prep/
│ │ │ └── action.yml
│ │ ├── parse-json-secret/
│ │ │ └── action.yml
│ │ ├── psql_prep/
│ │ │ └── action.yml
│ │ ├── rpm_build/
│ │ │ └── action.yml
│ │ ├── rpm_build_upload/
│ │ │ └── action.yml
│ │ ├── rpm_prep/
│ │ │ └── action.yml
│ │ └── wf_specific/
│ │ ├── acme_ca_handler/
│ │ │ ├── compare_profile_info/
│ │ │ │ └── action.yml
│ │ │ ├── compare_renewal_info/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_acmeprofile/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_dns/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_dns_wc/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_eab_acmeprofile/
│ │ │ │ └── action.yml
│ │ │ ├── enrollment_profiling/
│ │ │ │ └── action.yml
│ │ │ ├── le-sim_prep/
│ │ │ │ └── action.yml
│ │ │ └── smallstep_prep/
│ │ │ └── action.yml
│ │ ├── acme_sh/
│ │ │ └── enroll/
│ │ │ └── action.yml
│ │ ├── ari/
│ │ │ └── enroll/
│ │ │ └── action.yml
│ │ ├── asa_ca_handler/
│ │ │ ├── enroll_acmeprofile/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_eab_acmeprofile/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_eab_w_headerinfo/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_eab_wo_headerinfo/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_headerinfo/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_profile_1/
│ │ │ │ └── action.yml
│ │ │ └── enroll_profile_2/
│ │ │ └── action.yml
│ │ ├── certifier_ca_handler/
│ │ │ ├── enroll_101_profile/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_102_profile/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_acmeprofile/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_eab_w_acmeprofile/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_eab_w_headerinfo/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_eab_wo_headerinfo/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_headerinfo/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_no_profile/
│ │ │ │ └── action.yml
│ │ │ └── tunnel_setup/
│ │ │ └── action.yml
│ │ ├── digicert_ca_handler/
│ │ │ ├── enroll_acmeprofile/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_eab/
│ │ │ │ └── action.yml
│ │ │ └── enroll_eab_acmeprofile/
│ │ │ └── action.yml
│ │ ├── disable_challengevalidation/
│ │ │ ├── dehydrated_install/
│ │ │ │ └── action.yml
│ │ │ ├── enroll/
│ │ │ │ └── action.yml
│ │ │ └── enroll_eabprofile/
│ │ │ └── action.yml
│ │ ├── eab/
│ │ │ ├── enroll_unknown_credentials/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_wo_credentials/
│ │ │ │ └── action.yml
│ │ │ └── enroll_wrong_credentials/
│ │ │ └── action.yml
│ │ ├── ejbca_ca_handler/
│ │ │ ├── ejbca_prep/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_acmeprofile/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_eab_acmeprofile/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_eab_w_headerinfo/
│ │ │ │ └── action.yml
│ │ │ └── enroll_eab_wo_headerinfo/
│ │ │ └── action.yml
│ │ ├── emailreply_challengevalidation/
│ │ │ └── acme_email_enroll/
│ │ │ └── action.yml
│ │ ├── enrollment_timeout/
│ │ │ └── enroll/
│ │ │ └── action.yml
│ │ ├── entrust_ca_handler/
│ │ │ ├── enroll/
│ │ │ │ └── action.yml
│ │ │ └── enroll_eab/
│ │ │ └── action.yml
│ │ ├── error_tests/
│ │ │ ├── account_checks/
│ │ │ │ └── action.yml
│ │ │ ├── acmeshell_install/
│ │ │ │ └── action.yml
│ │ │ └── order_checks/
│ │ │ └── action.yml
│ │ ├── harica/
│ │ │ └── acme_enroll/
│ │ │ └── action.yml
│ │ ├── hooks/
│ │ │ └── enroll/
│ │ │ └── action.yml
│ │ ├── manual/
│ │ │ └── setup/
│ │ │ └── action.yml
│ │ ├── ms_ca_handler/
│ │ │ ├── enroll_acmeprofile/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_allowed_domain_list/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_default_headerinfo/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_eab/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_eab_acmeprofile/
│ │ │ │ └── action.yml
│ │ │ └── tunnel_setup/
│ │ │ └── action.yml
│ │ ├── nclm_ca_handler/
│ │ │ └── tunnel_setup/
│ │ │ └── action.yml
│ │ ├── openssl_ca_handler/
│ │ │ ├── enroll_adjust_cert_validity/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_cn_enforce/
│ │ │ │ └── action.yml
│ │ │ └── enroll_w_teamplate/
│ │ │ └── action.yml
│ │ ├── openxpki_ca_handler/
│ │ │ ├── enroll_acmeprofile/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_eab_acmeprofile/
│ │ │ │ └── action.yml
│ │ │ └── openxpki_prep/
│ │ │ └── action.yml
│ │ ├── upgrade/
│ │ │ ├── cleanup/
│ │ │ │ └── action.yml
│ │ │ ├── enroll/
│ │ │ │ └── action.yml
│ │ │ └── renew/
│ │ │ └── action.yml
│ │ ├── vault_ca_handler/
│ │ │ ├── enroll_acmeprofile/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_eab_acmeprofile/
│ │ │ │ └── action.yml
│ │ │ └── vault_prep/
│ │ │ └── action.yml
│ │ └── xca_ca_handler/
│ │ ├── enroll_acmeprofile/
│ │ │ └── action.yml
│ │ ├── enroll_eab/
│ │ │ └── action.yml
│ │ ├── enroll_eab_acmeprofile/
│ │ │ └── action.yml
│ │ ├── enroll_eab_sp/
│ │ │ └── action.yml
│ │ ├── enroll_headerinfo/
│ │ │ └── action.yml
│ │ ├── enroll_no_template/
│ │ │ └── action.yml
│ │ └── enroll_template/
│ │ └── action.yml
│ ├── django_db.sqlite3
│ ├── django_settings.py
│ ├── django_settings_mariadb.py
│ ├── django_settings_mssql.py
│ ├── django_settings_psql.py
│ ├── dns_test.sh
│ ├── dnsmasq.conf
│ ├── dnsmasq.yml
│ ├── est_handler.patch
│ ├── k8s-acme-srv.yml
│ ├── k8s-cert-mgr-dns-01.yml
│ ├── k8s-cert-mgr-http-01.yml
│ ├── mlc_config.json
│ ├── openssl_ca_handler.py_acme_srv_choosen_handler.cfg
│ ├── openssl_ca_handler.py_acme_srv_default_handler.cfg
│ ├── openssl_ca_handler.py_acme_srv_default_handler_dns.cfg
│ ├── openssl_ca_handler_v16.py
│ ├── pgpass
│ ├── pycodestyle
│ ├── pylintrc
│ ├── traefik-matrix.yml
│ └── workflows/
│ ├── app-acme-sh.yml
│ ├── app-caddy.yml
│ ├── app-certbot.yml
│ ├── app-certmanager.yml
│ ├── app-lego.yml
│ ├── app-traeffik.yml
│ ├── app-winacme.yml
│ ├── cahandler-acme.yml
│ ├── cahandler-asa.yml
│ ├── cahandler-certifier.yml
│ ├── cahandler-cmp.yml
│ ├── cahandler-digicert.yml
│ ├── cahandler-dogtag.yml
│ ├── cahandler-ejbca.yml
│ ├── cahandler-est.yml
│ ├── cahandler-freeipa.yml
│ ├── cahandler-harica.yml
│ ├── cahandler-legacy.yml
│ ├── cahandler-msca.yml
│ ├── cahandler-nclm.yml
│ ├── cahandler-openssl.yml
│ ├── cahandler-openxpki.yml
│ ├── cahandler-pkcs7soap.yml
│ ├── cahandler-vault.yml
│ ├── cahandler-xca.yml
│ ├── deployment-arm.yml
│ ├── deployment-django.yml
│ ├── deployment-ha.yml
│ ├── deployment-manual-install.yml
│ ├── deployment-push-images-to-dockerhub.yml
│ ├── deployment-upgrade.yml
│ ├── deployment-wsgi.yml
│ ├── deplyoment-container.yml
│ ├── deplyoment-debian.yml
│ ├── feaature-disablechallengevalidation.yml
│ ├── feature-alpn-challenge.yml
│ ├── feature-ari.yml
│ ├── feature-dns-challenge.yml
│ ├── feature-dryrun.yml
│ ├── feature-eab.yml
│ ├── feature-emailreply-challenge.yml
│ ├── feature-enrollment-timeout.yml
│ ├── feature-headerinfo.yml
│ ├── feature-hooks.yml
│ ├── feature-idempotent-finalize.yml
│ ├── feature-ipaddress-identifier.yml
│ ├── feature-ipv6.yml
│ ├── feature-proxy.yml
│ ├── feature-tnauth.yml
│ ├── helper-dump-secrets.yml
│ ├── main-build.yml
│ ├── main-create-release.yml
│ ├── main-dispatch-broker.yml
│ ├── quality-codescanner.yml
│ ├── quality-error.yml
│ ├── quality-markdown.yml
│ ├── quality-python.yml
│ └── quality-wiki-update.yml
├── .gitignore
├── .pre-commit-config.yaml
├── CHANGES.md
├── LICENSE
├── README.md
├── SECURITY.md
├── acme_srv/
│ ├── __init__.py
│ ├── account.py
│ ├── acmechallenge.py
│ ├── authorization.py
│ ├── certificate.py
│ ├── certificate_business_logic.py
│ ├── certificate_manager.py
│ ├── certificate_repository.py
│ ├── challenge.py
│ ├── challenge_business_logic.py
│ ├── challenge_error_handling.py
│ ├── challenge_registry_setup.py
│ ├── challenge_validators/
│ │ ├── __init__.py
│ │ ├── base.py
│ │ ├── dns_validator.py
│ │ ├── email_reply_validator.py
│ │ ├── http_validator.py
│ │ ├── registry.py
│ │ ├── source_address_validator.py
│ │ ├── tkauth_validator.py
│ │ └── tls_alpn_validator.py
│ ├── directory.py
│ ├── email_handler.py
│ ├── error.py
│ ├── helper.py
│ ├── helpers/
│ │ ├── __init__.py
│ │ ├── certificates.py
│ │ ├── config.py
│ │ ├── crypto.py
│ │ ├── csr.py
│ │ ├── datetime_utils.py
│ │ ├── domain_utils.py
│ │ ├── eab.py
│ │ ├── encoding.py
│ │ ├── global_variables.py
│ │ ├── logging_utils.py
│ │ ├── network.py
│ │ ├── plugin_loader.py
│ │ ├── utils.py
│ │ └── validation.py
│ ├── housekeeping.py
│ ├── message.py
│ ├── monkey_patches.py
│ ├── nonce.py
│ ├── order.py
│ ├── renewalinfo.py
│ ├── signature.py
│ ├── threadwithreturnvalue.py
│ ├── trigger.py
│ └── version.py
├── docs/
│ ├── CONTRIBUTING.md
│ ├── __init__.py
│ ├── a2c-alma-loadbalancing.md
│ ├── a2c-ubuntu-loadbalancing.md
│ ├── acme-clients.md
│ ├── acme_ca.md
│ ├── acme_profiling.md
│ ├── acme_srv.md
│ ├── architecture/
│ │ ├── account-architecture.md
│ │ ├── authorization-architecture.md
│ │ ├── certificate-architecture.md
│ │ ├── challenge-architecture.md
│ │ ├── directory-architecture.md
│ │ ├── order-architecture.md
│ │ └── renewalinfo-architecture.md
│ ├── asa.md
│ ├── async_mode.md
│ ├── ca_handler.md
│ ├── cert-mgr.md
│ ├── certifier.md
│ ├── cmp.md
│ ├── digicert.md
│ ├── eab.md
│ ├── eab_profiling.md
│ ├── ejbca.md
│ ├── entrust.md
│ ├── est.md
│ ├── external_database_support.md
│ ├── header_info.md
│ ├── hooks.md
│ ├── housekeeping.md
│ ├── install_apache2_wsgi.md
│ ├── install_deb.md
│ ├── install_docker.md
│ ├── install_nginx_wsgi.md
│ ├── install_nginx_wsgi_ub22.md
│ ├── install_rpm.md
│ ├── manual_installation.md
│ ├── mscertsrv.md
│ ├── mswcce.md
│ ├── nclm.md
│ ├── openssl.md
│ ├── openxpki.md
│ ├── pkcs7_soap_ca.md
│ ├── poll.md
│ ├── prevalidated_domainlist.md
│ ├── proxy_support.md
│ ├── rfc8823_email_identifier.md
│ ├── tnauthlist.md
│ ├── trigger.md
│ ├── upgrading.md
│ ├── vault.md
│ └── xca.md
├── examples/
│ ├── Docker/
│ │ ├── .env
│ │ ├── .gitignore
│ │ ├── README.md
│ │ ├── almalinux-systemd/
│ │ │ ├── Dockerfile
│ │ │ ├── django_tester.sh
│ │ │ ├── rpm_tester.sh
│ │ │ └── script_tester.sh
│ │ ├── apache2/
│ │ │ ├── django/
│ │ │ │ ├── Dockerfile
│ │ │ │ └── docker-entrypoint.sh
│ │ │ └── wsgi/
│ │ │ ├── Dockerfile
│ │ │ └── docker-entrypoint.sh
│ │ ├── docker-compose.yml
│ │ ├── nginx/
│ │ │ ├── django/
│ │ │ │ ├── Dockerfile
│ │ │ │ └── docker-entrypoint.sh
│ │ │ └── wsgi/
│ │ │ ├── Dockerfile
│ │ │ └── docker-entrypoint.sh
│ │ ├── soap-srv/
│ │ │ ├── Dockerfile
│ │ │ └── docker-entrypoint.sh
│ │ ├── soap_srv.yml
│ │ ├── ubuntu-systemd/
│ │ │ ├── deb_tester.sh
│ │ │ └── django_tester.sh
│ │ └── vault/
│ │ ├── compose.yaml
│ │ └── config.hcl
│ ├── acme2certifier_wsgi.py
│ ├── acme_srv.cfg
│ ├── acme_srv.db.example
│ ├── apache2/
│ │ ├── apache_django.conf
│ │ ├── apache_django_ssl.conf
│ │ ├── apache_wsgi.conf
│ │ └── apache_wsgi_ssl.conf
│ ├── ca_handler/
│ │ ├── __init__.py
│ │ ├── acme_ca_handler.py
│ │ ├── asa_ca_handler.py
│ │ ├── certifier_ca_handler.py
│ │ ├── certsrv.py
│ │ ├── cmp_ca_handler.py
│ │ ├── digicert_ca_handler.py
│ │ ├── ejbca_ca_handler.py
│ │ ├── entrust_ca_handler.py
│ │ ├── est_ca_handler.py
│ │ ├── ms_wcce/
│ │ │ ├── __init__.py
│ │ │ ├── errors.py
│ │ │ ├── request.py
│ │ │ ├── rpc.py
│ │ │ └── target.py
│ │ ├── mscertsrv_ca_handler.py
│ │ ├── mswcce_ca_handler.py
│ │ ├── nclm_ca_handler.py
│ │ ├── openssl_ca_handler.py
│ │ ├── openxpki_ca_handler.py
│ │ ├── pkcs7_soap_ca_handler.py
│ │ ├── skeleton_ca_handler.py
│ │ ├── vault_ca_handler.py
│ │ └── xca_ca_handler.py
│ ├── db_handler/
│ │ ├── __init__.py
│ │ ├── django_handler.py
│ │ └── wsgi_handler.py
│ ├── django/
│ │ ├── acme2certifier/
│ │ │ ├── __init__.py
│ │ │ ├── settings.py
│ │ │ ├── urls.py
│ │ │ └── wsgi.py
│ │ ├── acme_srv/
│ │ │ ├── __init__.py
│ │ │ ├── a2c_response.py
│ │ │ ├── admin.py
│ │ │ ├── fixture/
│ │ │ │ ├── __init__.py
│ │ │ │ └── status.yaml
│ │ │ ├── migrations/
│ │ │ │ └── __init__.py
│ │ │ ├── models.py
│ │ │ ├── tests.py
│ │ │ ├── urls.py
│ │ │ └── views.py
│ │ └── manage.py
│ ├── eab_handler/
│ │ ├── file_handler.py
│ │ ├── json_handler.py
│ │ ├── key_file.csv
│ │ ├── key_file.json
│ │ ├── kid_profile_handler.py
│ │ ├── kid_profiles.json
│ │ ├── kid_profiles.yml
│ │ ├── skeleton_eab_handler.py
│ │ └── sql_handler.py
│ ├── ejbca/
│ │ ├── certprofile_acmeca1-673448746.xml
│ │ ├── certprofile_acmeca2-83252423.xml
│ │ └── entityprofile_acmeca-1535885215.xml
│ ├── hooks/
│ │ ├── cn_dump_hooks.py
│ │ ├── email_hooks.py
│ │ ├── exception_test_hooks.py
│ │ └── skeleton_hooks.py
│ ├── install_scripts/
│ │ ├── a2c-centos9-nginx.sh
│ │ ├── a2c-ubuntu22-apache2.sh
│ │ ├── a2c-ubuntu22-nginx.sh
│ │ ├── debian/
│ │ │ ├── acme2certifier.install
│ │ │ ├── changelog
│ │ │ ├── conffiles
│ │ │ ├── control
│ │ │ ├── copyright
│ │ │ ├── postinst
│ │ │ └── rules
│ │ └── rpm/
│ │ └── acme2certifier.spec
│ ├── nginx/
│ │ ├── acme2certifier.ini
│ │ ├── acme2certifier.te
│ │ ├── nginx_acme_srv.conf
│ │ ├── nginx_acme_srv_ssl.conf
│ │ ├── supervisord.conf
│ │ └── uwsgi.service
│ ├── reports/
│ │ ├── account_report.csv
│ │ ├── account_report.json
│ │ ├── account_report_nested.json
│ │ ├── acme_srv.db.example
│ │ ├── cert_report.csv
│ │ └── cert_report.json
│ ├── soap/
│ │ ├── mock_signer.py
│ │ ├── mock_soap_srv.py
│ │ └── soap_srv.cfg
│ └── trigger/
│ └── certifier_trigger.sh
├── pyproject.toml
├── requirements.txt
├── setup.py
├── sonar-project.properties
├── test/
│ ├── __init__.py
│ ├── ca/
│ │ ├── acme2certifier-clean.xdb
│ │ ├── certs.p7b
│ │ ├── certs.pem
│ │ ├── certs_der.p7b
│ │ ├── certsrv_ca_certs.pem
│ │ ├── csr.der
│ │ ├── fr1.txt
│ │ ├── fr2.txt
│ │ ├── root-ca-cert.pem
│ │ ├── root-ca-client.pem
│ │ ├── root-ca-client.txt
│ │ ├── sub-ca-cert.pem
│ │ ├── sub-ca-client.pem
│ │ ├── sub-ca-client.txt
│ │ ├── sub-ca-crl.pem
│ │ └── sub-ca-key.pem
│ ├── test_account.py
│ ├── test_acme_ca_handler.py
│ ├── test_acmechallenge.py
│ ├── test_asa_ca_handler.py
│ ├── test_authorization.py
│ ├── test_certificate.py
│ ├── test_certificate_business_logic.py
│ ├── test_certificate_manager.py
│ ├── test_certificate_repository.py
│ ├── test_certifier_handler.py
│ ├── test_challenge.py
│ ├── test_challenge_business_logic.py
│ ├── test_challenge_error_handling.py
│ ├── test_challenge_registry_setup.py
│ ├── test_challenge_validators.py
│ ├── test_cli.py
│ ├── test_cmp_ca_handler.py
│ ├── test_digicert.py
│ ├── test_directory.py
│ ├── test_django_update.py
│ ├── test_eabfile_handler.py
│ ├── test_eabjson_handler.py
│ ├── test_eabkid_profile_handler.py
│ ├── test_eabsql_handler.py
│ ├── test_ejbca_handler.py
│ ├── test_email_handler.py
│ ├── test_email_hooks.py
│ ├── test_entrust.py
│ ├── test_error.py
│ ├── test_est_ca_handler.py
│ ├── test_helper.py
│ ├── test_housekeeping.py
│ ├── test_message.py
│ ├── test_msca_handler.py
│ ├── test_mswcce_ca_handler.py
│ ├── test_nclm_ca_handler.py
│ ├── test_nonce.py
│ ├── test_openssl_ca_handler.py
│ ├── test_openxpki_ca_handler.py
│ ├── test_order.py
│ ├── test_pkcs7_soap_ca_handler.py
│ ├── test_renewalinfo.py
│ ├── test_signature.py
│ ├── test_trigger.py
│ ├── test_vault_handler.py
│ ├── test_wsgi_acme2certifier.py
│ ├── test_wsgi_handler.py
│ └── test_xca_ca_handler.py
└── tools/
├── a2c_cli.py
├── cert_poll.py
├── cliuser_mgmt.py
├── db_update.py
├── django_secret_keygen.py
├── django_update.py
├── eab_chk.py
├── entrust_mgr.py
├── invalidator.py
├── mswcce_connection_test.py
└── report_generator.py
================================================
FILE CONTENTS
================================================
================================================
FILE: .dockerignore
================================================
.gitattributes
.gitignore
.github
.git
docs
Dockerfile
*.md
docker-compose.yml
**/venv
**/env
local/bin
*.pyc
*.swp
.pre-commit-config.yaml
.dockerignore
dpkg.log
templates.dat
test
examples/install_scripts
examples/reports
examples/soap
examples/ejbca
examples/trigger
sonar-project.properties
cn_dump_hooks.py
exception_test_hooks.py
tests.py
acme_srv.db.example
================================================
FILE: .gitattributes
================================================
# Auto detect text files and perform LF normalization
* text=auto
# all python files should be lf
*.py text eol=lf
================================================
FILE: .github/.codecov.yml
================================================
ignore:
- "examples/ca_handler/skeleton_ca_handler.py"
- "examples/ca_handler/certsrv.py"
- "examples/ca_handler/ms_wcce"
- "examples/eab_handler/skeleton_eab_handler.py"
- "examples/hooks"
- "docs/__init__.py"
- "acme_srv/monkey_patches.py"
- "acme_srv/threadwithreturnvalue.py"
- 'tools/mswcce_connection_test.py'
- "setup.py"
- "test"
================================================
FILE: .github/Caddyfile
================================================
{
email grindsa@foo.local
acme_ca https://acme-srv.acme/acme/directory
acme_ca_root /tmp/acme2certifier_cabundle.pem
debug
}
caddy.acme {
root * /usr/share/caddy
file_server browse
}
================================================
FILE: .github/FUNDING.yml
================================================
# These are supported funding model platforms
github: grindsa
custom: https://www.paypal.me/Gindsa
patreon: GrindSa
open_collective: acme2certifier
================================================
FILE: .github/a2c.psql
================================================
DROP DATABASE IF EXISTS acme2certifier;
CREATE DATABASE acme2certifier;
CREATE USER acme2certifier WITH PASSWORD '1mmSvDFl';
ALTER ROLE acme2certifier SET client_encoding TO 'utf8';
ALTER ROLE acme2certifier SET default_transaction_isolation TO 'read committed';
ALTER ROLE acme2certifier SET timezone TO 'UTC';
GRANT ALL PRIVILEGES ON DATABASE acme2certifier TO acme2certifier;
GRANT ALL ON schema public TO acme2certifier;
GRANT USAGE ON schema public TO acme2certifier;
GRANT postgres TO acme2certifier;
================================================
FILE: .github/actions/acme_clients/action.yml
================================================
name: "acme_clients - enroll, renew and revoke certificates"
description: "Test if acme.sh, certbot and lego can enroll, renew and certificates"
inputs:
ACME_SERVER:
description: "ACME server URL"
required: true
default: "acme-srv"
REVOCATION:
description: "Revocation method"
required: true
default: "true"
RENEWAL:
description: "Renewal method"
required: true
default: "true"
VERIFY_CERT:
description: "Verify certificate"
required: true
default: "true"
USE_CERTBOT:
description: "Use certbot"
required: true
default: "true"
USE_RSA:
description: "Use RSA"
required: true
default: "false"
HTTP_PORT:
description: "HTTP port"
required: true
default: "80"
HTTPS_PORT:
description: "HTTPS port"
required: true
default: "443"
HOSTNAME_SUFFIX:
description: "Hostname suffix"
required: true
NAME_SPACE:
description: "Namespace"
required: true
default: "acme"
TEST_ADL:
description: "Test allowed_domainlist feature"
required: true
default: "false"
runs:
using: "composite"
steps:
- name: "Create directories"
run: |
mkdir -p acme-sh/
sudo mkdir -p certbot/
sudo mkdir -p lego/ca
sudo cp .github/acme2certifier_cabundle.pem certbot/
sudo cp .github/acme2certifier_cabundle.pem lego/
if [ -f cert-2.pem ]; then
echo "delete cert-2.pem"
rm -f cert-2.pem
fi
if [ -f cert-1.pem ]; then
echo "delete cert-1.pem"
rm -f cert-1.pem
fi
shell: bash
- name: "Sleep for 5s"
uses: juliangruber/sleep-action@v2.0.3
with:
time: 5s
- name: "Test if http://acme-srv/directory is accessible"
run: docker run -i --rm --network $NAME_SPACE curlimages/curl -f http://$ACME_SERVER:$HTTP_PORT/directory
shell: bash
env:
ACME_SERVER: ${{ inputs.ACME_SERVER }}
HTTP_PORT: ${{ inputs.HTTP_PORT }}
HTTPS_PORT: ${{ inputs.HTTPS_PORT }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "Test if https://acme-srv/directory is accessible"
run: docker run -i --rm --network $NAME_SPACE curlimages/curl --insecure -f https://$ACME_SERVER:$HTTPS_PORT/directory
shell: bash
env:
ACME_SERVER: ${{ inputs.ACME_SERVER }}
HTTP_PORT: ${{ inputs.HTTP_PORT }}
HTTPS_PORT: ${{ inputs.HTTPS_PORT }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "HTTPS - Enroll lego"
run: |
echo "##### HTTP - Enroll lego #####"
if [ "$USE_RSA" == "false" ]; then
echo "use ECC"
docker run -i --rm -e LEGO_CA_CERTIFICATES=.lego/acme2certifier_cabundle.pem -v $PWD/lego:/.lego/ --name lego$HOSTNAME_SUFFIX --network $NAME_SPACE goacme/lego --tls-skip-verify -s https://$ACME_SERVER:$HTTPS_PORT -a --email "lego@example.com" -d lego$HOSTNAME_SUFFIX.$NAME_SPACE --tls run
else
echo "use RSA"
docker run -i --rm -e LEGO_CA_CERTIFICATES=.lego/acme2certifier_cabundle.pem -v $PWD/lego:/.lego/ --name lego$HOSTNAME_SUFFIX --network $NAME_SPACE goacme/lego --tls-skip-verify -s https://$ACME_SERVER:$HTTPS_PORT -a --email "lego@example.com" --key-type=rsa2048 -d lego$HOSTNAME_SUFFIX.$NAME_SPACE --tls run
fi
shell: bash
env:
ACME_SERVER: ${{ inputs.ACME_SERVER }}
HTTP_PORT: ${{ inputs.HTTP_PORT }}
HTTPS_PORT: ${{ inputs.HTTPS_PORT }}
USE_RSA: ${{ inputs.USE_RSA }}
HOSTNAME_SUFFIX: ${{ inputs.HOSTNAME_SUFFIX }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "HTTPS - Revoke lego"
if: ${{ inputs.REVOCATION == 'true' }}
run: |
echo "#### HTTP - Revoke lego"
docker run -i -v $PWD/lego:/.lego/ --rm --name lego$HOSTNAME_SUFFIX --network $NAME_SPACE goacme/lego --tls-skip-verify -s https://$ACME_SERVER:$HTTPS_PORT -a --email "lego@example.com" -d lego$HOSTNAME_SUFFIX.$NAME_SPACE revoke
shell: bash
env:
ACME_SERVER: ${{ inputs.ACME_SERVER }}
HTTP_PORT: ${{ inputs.HTTP_PORT }}
HTTPS_PORT: ${{ inputs.HTTPS_PORT }}
HOSTNAME_SUFFIX: ${{ inputs.HOSTNAME_SUFFIX }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "HTTPS - Enroll acme.sh"
run: |
echo "##### HTTPS - Enroll acme.sh #####"
if [ "$USE_RSA" == "false" ]; then
echo "use ECC"
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network $NAME_SPACE --name acme-sh$HOSTNAME_SUFFIX neilpang/acme.sh:latest --issue --server https://$ACME_SERVER:$HTTPS_PORT --accountemail 'acme-sh@example.com' -d acme-sh$HOSTNAME_SUFFIX.$NAME_SPACE --alpn --standalone --debug 1 --output-insecure --insecure
ECC="_ecc"
else
echo "use RSA"
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network $NAME_SPACE --name acme-sh$HOSTNAME_SUFFIX neilpang/acme.sh:latest --issue --server https://$ACME_SERVER:$HTTPS_PORT --accountemail 'acme-sh@example.com' -d acme-sh$HOSTNAME_SUFFIX.$NAME_SPACE --alpn --standalone --keylength 2048 --debug 1 --output-insecure --insecure
fi
awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert-" c ".pem"}' < acme-sh/acme-sh$HOSTNAME_SUFFIX.$NAME_SPACE${ECC}/ca.cer
if [ "$VERIFY_CERT" == "true" ]; then
if [ -f cert-2.pem ]; then
echo "Multiple CA certs"
openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh$HOSTNAME_SUFFIX.$NAME_SPACE${ECC}/acme-sh$HOSTNAME_SUFFIX.$NAME_SPACE.cer
else
echo "Single Root ca"
openssl verify -CAfile cert-1.pem acme-sh/acme-sh$HOSTNAME_SUFFIX.$NAME_SPACE${ECC}/acme-sh$HOSTNAME_SUFFIX.$NAME_SPACE.cer
fi
fi
shell: bash
env:
VERIFY_CERT: ${{ inputs.VERIFY_CERT }}
ACME_SERVER: ${{ inputs.ACME_SERVER }}
HTTP_PORT: ${{ inputs.HTTP_PORT }}
HTTPS_PORT: ${{ inputs.HTTPS_PORT }}
USE_RSA: ${{ inputs.USE_RSA }}
HOSTNAME_SUFFIX: ${{ inputs.HOSTNAME_SUFFIX }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "HTTPS - Renew acme.sh"
if: ${{ inputs.RENEWAL == 'true' }}
run: |
echo "##### HTTPS - Renew acme.sh #####"
if [ "$USE_RSA" == "false" ]; then
echo "use ECC"
ECC="_ecc"
else
echo "use RSA"
fi
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network $NAME_SPACE --name acme-sh$HOSTNAME_SUFFIX neilpang/acme.sh:latest --renew --server https://$ACME_SERVER:$HTTPS_PORT --force --accountemail 'acme-sh@example.com' -d acme-sh$HOSTNAME_SUFFIX.$NAME_SPACE --alpn --standalone --debug 1 --output-insecure --insecure
awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert-" c ".pem"}' < acme-sh/acme-sh$HOSTNAME_SUFFIX.$NAME_SPACE${ECC}/ca.cer
if [ "$VERIFY_CERT" == "true" ]; then
if [ -f cert-2.pem ]; then
echo "Multiple CA certs"
openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh$HOSTNAME_SUFFIX.$NAME_SPACE${ECC}/acme-sh$HOSTNAME_SUFFIX.$NAME_SPACE.cer
else
echo "Single Root ca"
openssl verify -CAfile cert-1.pem acme-sh/acme-sh$HOSTNAME_SUFFIX.$NAME_SPACE${ECC}/acme-sh$HOSTNAME_SUFFIX.$NAME_SPACE.cer
fi
fi
shell: bash
env:
VERIFY_CERT: ${{ inputs.VERIFY_CERT }}
ACME_SERVER: ${{ inputs.ACME_SERVER }}
HTTP_PORT: ${{ inputs.HTTP_PORT }}
HTTPS_PORT: ${{ inputs.HTTPS_PORT }}
USE_RSA: ${{ inputs.USE_RSA }}
HOSTNAME_SUFFIX: ${{ inputs.HOSTNAME_SUFFIX }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "HTTPS - Revoke HTTP-01 single domain acme.sh"
if: ${{ inputs.REVOCATION == 'true' }}
run: |
echo "##### HTTPS - Revoke HTTP-01 single domain acme.sh #####"
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --name acme-sh$HOSTNAME_SUFFIX --network $NAME_SPACE neilpang/acme.sh:latest --revoke --server https://$ACME_SERVER:$HTTPS_PORT --revoke -d acme-sh$HOSTNAME_SUFFIX.$NAME_SPACE --standalone --debug 2 --output-insecure --insecure
shell: bash
env:
ACME_SERVER: ${{ inputs.ACME_SERVER }}
HTTP_PORT: ${{ inputs.HTTP_PORT }}
HTTPS_PORT: ${{ inputs.HTTPS_PORT }}
HOSTNAME_SUFFIX: ${{ inputs.HOSTNAME_SUFFIX }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "HTTPS - Decativate acme.sh #####"
run: |
echo "##### HTTPS - Decativate acme.sh"
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --name acme-sh$HOSTNAME_SUFFIX --network $NAME_SPACE neilpang/acme.sh:latest --deactivate-account --server https://$ACME_SERVER:$HTTPS_PORT --debug 2 --output-insecure --insecure
shell: bash
env:
ACME_SERVER: ${{ inputs.ACME_SERVER }}
HTTP_PORT: ${{ inputs.HTTP_PORT }}
HTTPS_PORT: ${{ inputs.HTTPS_PORT }}
HOSTNAME_SUFFIX: ${{ inputs.HOSTNAME_SUFFIX }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "HTTP - Enroll acme.sh"
run: |
echo "##### HTTP - Enroll acme.sh #####"
sudo rm -rf acme-sh/*
if [ "$USE_RSA" == "false" ]; then
echo "use ECC"
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network $NAME_SPACE --name acme-sh$HOSTNAME_SUFFIX neilpang/acme.sh:latest --issue --server http://$ACME_SERVER:$HTTP_PORT --accountemail 'acme-sh@example.com' -d acme-sh$HOSTNAME_SUFFIX.$NAME_SPACE --standalone --debug 1 --output-insecure --insecure
ECC="_ecc"
else
echo "use RSA"
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network $NAME_SPACE --name acme-sh$HOSTNAME_SUFFIX neilpang/acme.sh:latest --issue --server http://$ACME_SERVER:$HTTP_PORT --accountemail 'acme-sh@example.com' -d acme-sh$HOSTNAME_SUFFIX.$NAME_SPACE --standalone --keylength 2048 --debug 1 --output-insecure --insecure
fi
awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert-" c ".pem"}' < acme-sh/acme-sh$HOSTNAME_SUFFIX.$NAME_SPACE${ECC}/ca.cer
if [ "$VERIFY_CERT" == "true" ]; then
if [ -f cert-2.pem ]; then
openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh$HOSTNAME_SUFFIX.$NAME_SPACE${ECC}/acme-sh$HOSTNAME_SUFFIX.$NAME_SPACE.cer
else
echo "single root ca"
openssl verify -CAfile cert-1.pem acme-sh/acme-sh$HOSTNAME_SUFFIX.$NAME_SPACE${ECC}/acme-sh$HOSTNAME_SUFFIX.$NAME_SPACE.cer
fi
fi
shell: bash
env:
VERIFY_CERT: ${{ inputs.VERIFY_CERT }}
ACME_SERVER: ${{ inputs.ACME_SERVER }}
HTTP_PORT: ${{ inputs.HTTP_PORT }}
HTTPS_PORT: ${{ inputs.HTTPS_PORT }}
USE_RSA: ${{ inputs.USE_RSA }}
HOSTNAME_SUFFIX: ${{ inputs.HOSTNAME_SUFFIX }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "HTTP - Renew acme.sh"
if: ${{ inputs.RENEWAL == 'true' }}
run: |
echo "##### HTTP - Renew acme.sh #####"
if [ "$USE_RSA" == "false" ]; then
echo "use ECC"
ECC="_ecc"
else
echo "use RSA"
fi
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network $NAME_SPACE --name acme-sh$HOSTNAME_SUFFIX neilpang/acme.sh:latest --renew --server http://$ACME_SERVER:$HTTP_PORT --force --accountemail 'acme-sh@example.com' -d acme-sh$HOSTNAME_SUFFIX.$NAME_SPACE --standalone --debug 1 --output-insecure --insecure
awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert-" c ".pem"}' < acme-sh/acme-sh$HOSTNAME_SUFFIX.$NAME_SPACE${ECC}/ca.cer
if [ "$VERIFY_CERT" == "true" ]; then
if [ -f cert-2.pem ]; then
openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh$HOSTNAME_SUFFIX.$NAME_SPACE${ECC}/acme-sh$HOSTNAME_SUFFIX.$NAME_SPACE.cer
else
echo "single root ca"
openssl verify -CAfile cert-1.pem acme-sh/acme-sh$HOSTNAME_SUFFIX.$NAME_SPACE${ECC}/acme-sh$HOSTNAME_SUFFIX.$NAME_SPACE.cer
fi
fi
shell: bash
env:
VERIFY_CERT: ${{ inputs.VERIFY_CERT }}
ACME_SERVER: ${{ inputs.ACME_SERVER }}
HTTP_PORT: ${{ inputs.HTTP_PORT }}
HTTPS_PORT: ${{ inputs.HTTPS_PORT }}
USE_RSA: ${{ inputs.USE_RSA }}
HOSTNAME_SUFFIX: ${{ inputs.HOSTNAME_SUFFIX }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "HTTP - Revoke HTTP-01 single domain acme.sh"
if: ${{ inputs.REVOCATION == 'true' }}
run: |
echo "##### HTTP - Revoke HTTP-01 single domain acme.sh #####"
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --name acme-sh$HOSTNAME_SUFFIX --network $NAME_SPACE neilpang/acme.sh:latest --revoke --server http://$ACME_SERVER:$HTTP_PORT --revoke -d acme-sh$HOSTNAME_SUFFIX.$NAME_SPACE --standalone --debug 2 --output-insecure --insecure
shell: bash
env:
ACME_SERVER: ${{ inputs.ACME_SERVER }}
HTTP_PORT: ${{ inputs.HTTP_PORT }}
HTTPS_PORT: ${{ inputs.HTTPS_PORT }}
HOSTNAME_SUFFIX: ${{ inputs.HOSTNAME_SUFFIX }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "HTTP - Decativate acme.sh"
run: |
echo "##### HTTP - Decativate acme.sh #####"
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --name acme-sh$HOSTNAME_SUFFIX --network $NAME_SPACE neilpang/acme.sh:latest --deactivate-account --server http://$ACME_SERVER:$HTTP_PORT --debug 2 --output-insecure --insecure
shell: bash
env:
ACME_SERVER: ${{ inputs.ACME_SERVER }}
HTTP_PORT: ${{ inputs.HTTP_PORT }}
HTTPS_PORT: ${{ inputs.HTTPS_PORT }}
HOSTNAME_SUFFIX: ${{ inputs.HOSTNAME_SUFFIX }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "HTTPS - Enroll certbot"
if: ${{ inputs.USE_CERTBOT == 'true' }}
run: |
echo "##### HTTPS - Enroll certbot #####"
if [ "$USE_RSA" == "false" ]; then
docker run -i --rm --name certbot$HOSTNAME_SUFFIX --network $NAME_SPACE -v $PWD/certbot:/etc/letsencrypt/ certbot/certbot certonly --server https://$ACME_SERVER:$HTTPS_PORT --standalone --preferred-challenges http --no-verify-ssl --agree-tos -m 'certbot@example.com' -d certbot$HOSTNAME_SUFFIX.$NAME_SPACE --cert-name certbot --issuance-timeout 120
else
docker run -i --rm --name certbot$HOSTNAME_SUFFIX --network $NAME_SPACE -v $PWD/certbot:/etc/letsencrypt/ certbot/certbot certonly --server https://$ACME_SERVER:$HTTPS_PORT --standalone --preferred-challenges http --no-verify-ssl --agree-tos -m 'certbot@example.com' --key-type rsa -d certbot$HOSTNAME_SUFFIX.$NAME_SPACE --cert-name certbot --issuance-timeout 120
fi
if [ "$VERIFY_CERT" == "true" ]; then
if [ -f cert-2.pem ]; then
sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem certbot/live/certbot/cert.pem
else
echo "single root ca"
sudo openssl verify -CAfile cert-1.pem certbot/live/certbot/cert.pem
fi
fi
shell: bash
env:
VERIFY_CERT: ${{ inputs.VERIFY_CERT }}
ACME_SERVER: ${{ inputs.ACME_SERVER }}
HTTPS_PORT: ${{ inputs.HTTPS_PORT }}
USE_RSA: ${{ inputs.USE_RSA }}
HOSTNAME_SUFFIX: ${{ inputs.HOSTNAME_SUFFIX }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "HTTPS - Revoke certbot"
if: ${{ (inputs.USE_CERTBOT == 'true') && (inputs.REVOCATION == 'true') }}
run: |
echo "##### HTTPS - Revoke certbot #####"
docker run -i --rm --name certbot$HOSTNAME_SUFFIX --network $NAME_SPACE -v $PWD/certbot:/etc/letsencrypt/ certbot/certbot revoke --server https://$ACME_SERVER:$HTTPS_PORT --no-verify-ssl --delete-after-revoke --cert-name certbot
shell: bash
env:
ACME_SERVER: ${{ inputs.ACME_SERVER }}
HTTP_PORT: ${{ inputs.HTTP_PORT }}
HTTPS_PORT: ${{ inputs.HTTPS_PORT }}
HOSTNAME_SUFFIX: ${{ inputs.HOSTNAME_SUFFIX }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "HTTP - Enroll certbot #####"
if: ${{ inputs.USE_CERTBOT == 'true' }}
run: |
echo "##### HTTP - Enroll certbot #####"
sudo rm -rf certbot/*
if [ "$USE_RSA" == "false" ]; then
docker run -i --rm --name certbot$HOSTNAME_SUFFIX --network $NAME_SPACE -v $PWD/certbot:/etc/letsencrypt/ certbot/certbot certonly --server http://$ACME_SERVER:$HTTP_PORT --standalone --preferred-challenges http --agree-tos -m 'certbot@example.com' -d certbot$HOSTNAME_SUFFIX.$NAME_SPACE --cert-name certbot --issuance-timeout 120
else
docker run -i --rm --name certbot$HOSTNAME_SUFFIX --network $NAME_SPACE -v $PWD/certbot:/etc/letsencrypt/ certbot/certbot certonly --server http://$ACME_SERVER:$HTTP_PORT --standalone --preferred-challenges http --agree-tos -m 'certbot@example.com' --key-type rsa -d certbot$HOSTNAME_SUFFIX.$NAME_SPACE --cert-name certbot --issuance-timeout 120
fi
if [ "$VERIFY_CERT" == "true" ]; then
if [ -f cert-2.pem ]; then
sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem certbot/live/certbot/cert.pem
else
echo "single root ca"
sudo openssl verify -CAfile cert-1.pem certbot/live/certbot/cert.pem
fi
fi
shell: bash
env:
VERIFY_CERT: ${{ inputs.VERIFY_CERT }}
ACME_SERVER: ${{ inputs.ACME_SERVER }}
HTTP_PORT: ${{ inputs.HTTP_PORT }}
HTTPS_PORT: ${{ inputs.HTTPS_PORT }}
USE_RSA: ${{ inputs.USE_RSA }}
HOSTNAME_SUFFIX: ${{ inputs.HOSTNAME_SUFFIX }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "HTTP - Revoke certbot"
if: ${{ (inputs.USE_CERTBOT == 'true') && (inputs.REVOCATION == 'true') }}
run: |
echo "##### HTTP - Revoke certbot #####"
docker run -i --rm --name certbot$HOSTNAME_SUFFIX --network $NAME_SPACE -v $PWD/certbot:/etc/letsencrypt/ certbot/certbot revoke --server http://$ACME_SERVER:$HTTP_PORT --delete-after-revoke --cert-name certbot
shell: bash
env:
ACME_SERVER: ${{ inputs.ACME_SERVER }}
HTTP_PORT: ${{ inputs.HTTP_PORT }}
HTTPS_PORT: ${{ inputs.HTTPS_PORT }}
HOSTNAME_SUFFIX: ${{ inputs.HOSTNAME_SUFFIX }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "HTTPS - Enroll lego"
run: |
echo "##### HTTPS - Enroll lego #####"
if [ "$USE_RSA" == "false" ]; then
echo "use ECC"
docker run -i --rm -e LEGO_CA_CERTIFICATES=.lego/acme2certifier_cabundle.pem -v $PWD/lego:/.lego/ --name lego$HOSTNAME_SUFFIX --network $NAME_SPACE goacme/lego -s https://$ACME_SERVER:$HTTPS_PORT --tls-skip-verify -a --email "lego@example.com" -d lego$HOSTNAME_SUFFIX.$NAME_SPACE --tls run
else
echo "use RSA"
docker run -i --rm -e LEGO_CA_CERTIFICATES=.lego/acme2certifier_cabundle.pem -v $PWD/lego:/.lego/ --name lego$HOSTNAME_SUFFIX --network $NAME_SPACE goacme/lego -s https://$ACME_SERVER:$HTTPS_PORT --tls-skip-verify -a --email "lego@example.com" --key-type=rsa2048 -d lego$HOSTNAME_SUFFIX.$NAME_SPACE --tls run
fi
if [ "$VERIFY_CERT" == "true" ]; then
if [ -f cert-2.pem ]; then
sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem lego/certificates/lego$HOSTNAME_SUFFIX.$NAME_SPACE.crt
else
echo "single root ca"
sudo openssl verify -CAfile cert-1.pem lego/certificates/lego$HOSTNAME_SUFFIX.$NAME_SPACE.crt
fi
fi
shell: bash
env:
VERIFY_CERT: ${{ inputs.VERIFY_CERT }}
ACME_SERVER: ${{ inputs.ACME_SERVER }}
HTTP_PORT: ${{ inputs.HTTP_PORT }}
HTTPS_PORT: ${{ inputs.HTTPS_PORT }}
USE_RSA: ${{ inputs.USE_RSA }}
HOSTNAME_SUFFIX: ${{ inputs.HOSTNAME_SUFFIX }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "HTTPS - Revoke lego"
if: ${{ inputs.REVOCATION == 'true' }}
run: |
echo "##### HTTPS - Revoke lego #####"
docker run -i --rm -e LEGO_CA_CERTIFICATES=.lego/acme2certifier_cabundle.pem -v $PWD/lego:/.lego/ --name lego$HOSTNAME_SUFFIX --network $NAME_SPACE goacme/lego -s https://$ACME_SERVER:$HTTPS_PORT --tls-skip-verify -a --email "lego@example.com" -d lego$HOSTNAME_SUFFIX.$NAME_SPACE revoke
shell: bash
env:
ACME_SERVER: ${{ inputs.ACME_SERVER }}
HTTP_PORT: ${{ inputs.HTTP_PORT }}
HTTPS_PORT: ${{ inputs.HTTPS_PORT }}
HOSTNAME_SUFFIX: ${{ inputs.HOSTNAME_SUFFIX }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "Allowed domainlist feature - Enroll lego (fail)"
continue-on-error: true
id: legofail01
if: ${{ inputs.TEST_ADL == 'true' }}
run: |
echo "##### HTTP - Enroll lego to test allowed domainlist feature #####"
if [ "$USE_RSA" == "false" ]; then
echo "use ECC"
docker run -i --rm -v $PWD/lego:/.lego/ --name lego$HOSTNAME_SUFFIX --network $NAME_SPACE goacme/lego --tls-skip-verify -s https://$ACME_SERVER --tls-skip-verify -a --email "lego@example.com" -d lego$HOSTNAME_SUFFIX --tls run
else
echo "use RSA"
docker run -i --rm -v $PWD/lego:/.lego/ --name lego$HOSTNAME_SUFFIX --network $NAME_SPACE goacme/lego --tls-skip-verify -s https://$ACME_SERVER --tls-skip-verify -a --email "lego@example.com" --key-type=rsa2048 -d lego$HOSTNAME_SUFFIX --tls run
fi
shell: bash
env:
ACME_SERVER: ${{ inputs.ACME_SERVER }}
HTTP_PORT: ${{ inputs.HTTP_PORT }}
HTTPS_PORT: ${{ inputs.HTTPS_PORT }}
USE_RSA: ${{ inputs.USE_RSA }}
HOSTNAME_SUFFIX: ${{ inputs.HOSTNAME_SUFFIX }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "Allowed domainlist feature - check result "
if: ${{ (inputs.TEST_ADL == 'true') && steps.legofail01.outcome != 'failure' }}
run: |
echo "legofail outcome is ${{steps.legofail01.outcome }}"
exit 1
shell: bash
- name: "Delete acme-sh, letsencypt and lego folders"
run: |
sudo rm -rf lego/*
sudo rm -rf acme-sh/*
sudo rm -rf certbot/*
shell: bash
- name: "Sleep for 5s"
uses: juliangruber/sleep-action@v2.0.3
with:
time: 5s
================================================
FILE: .github/actions/acmeshell/action.yml
================================================
name: "acme_clients - enroll, renew and revoke certificates"
description: "Test if acme.sh, certbot and lego can enroll, renew and certificates"
inputs:
ACME_SERVER:
description: "ACME server URL"
required: true
default: "acme-srv"
ALMA_START:
description: "Start alma container"
required: true
default: "false"
RENEWAL:
description: "Renewal method"
required: true
default: "true"
HOSTNAME_SUFFIX:
description: "Hostname suffix"
required: true
NAME_SPACE:
description: "Namespace"
required: true
default: "acme"
IDEMPOTENT_FINALIZE:
description: "Enable idempotent finalize testing"
required: true
default: "false"
runs:
using: "composite"
steps:
- name: "Create directories"
run: |
mkdir -p acmeshell/
shell: bash
- name: "Sleep for 10s"
uses: juliangruber/sleep-action@v2.0.3
with:
time: 10s
- name: "Test if http://acme-srv/directory is accessible"
run: docker run -i --rm --network $NAME_SPACE curlimages/curl -f http://$ACME_SERVER:$HTTP_PORT/directory
shell: bash
env:
ACME_SERVER: ${{ inputs.ACME_SERVER }}
HTTP_PORT: ${{ inputs.HTTP_PORT }}
HTTPS_PORT: ${{ inputs.HTTPS_PORT }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "Install acmeshell"
if: ${{ inputs.ALMA_START == 'true' }}
run: |
wget -c https://github.com/cpu/acmeshell/releases/download/v0.0.2-rc4/acmeshell_0.0.2-rc4_Linux_x86_64.tar.gz -O - | tar -xz
mv acmeshell_0.0.2-rc4_Linux_x86_64/acmeshell acmeshell/
chmod +x acmeshell/acmeshell
ls -la acmeshell/
shell: bash
env:
VERIFY_CERT: ${{ inputs.VERIFY_CERT }}
ACME_SERVER: ${{ inputs.ACME_SERVER }}
HTTP_PORT: ${{ inputs.HTTP_PORT }}
HTTPS_PORT: ${{ inputs.HTTPS_PORT }}
USE_RSA: ${{ inputs.USE_RSA }}
HOSTNAME_SUFFIX: ${{ inputs.HOSTNAME_SUFFIX }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "Prepare shellfile including multiple finalize commands"
if: ${{ inputs.ALMA_START == 'true' }}
working-directory: acmeshell
run: |
echo "newAccount -contacts=foo@bar.local" > commands.shell
echo "newOrder -identifiers=acmeshell.acme" >> commands.shell
echo "getOrder -order 0" >> commands.shell
echo "getAuthz -order=0 -identifier=acmeshell.acme" >> commands.shell
echo "getChall -order=0 -identifier=acmeshell.acme -type=http-01" >> commands.shell
echo "solve -order=0 -identifier=acmeshell.acme -challengeType=http-01" >> commands.shell
echo "finalize -order=0" >> commands.shell
echo "finalize -order=0" >> commands.shell
shell: bash
- name: "Run alma container"
if: ${{ inputs.ALMA_START == 'true' }}
run: |
docker run -id --name alma --network $NAME_SPACE -v $(pwd)/acmeshell:/acmeshell almalinux/9-minimal
sleep 5
docker ps
docker exec alma ls -la /acmeshell
shell: bash
env:
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "Run acmeshell enroll"
working-directory: acmeshell
run: |
rm -f acmeshell.enroll.log
ls -la .
docker exec alma bash -c 'curl -f http://acme-srv/directory'
docker exec alma bash -c '/acmeshell/acmeshell -directory http://acme-srv -postAsGet=true -printResponses -printRequests -contact=grindsa@foo.bar -in /acmeshell/commands.shell &> /acmeshell/acmeshell.enroll.log'
shell: bash
env:
ACME_SERVER: ${{ inputs.ACME_SERVER }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "Check acmeshell enroll log without idempotent finalize option"
working-directory: acmeshell
id: acmeshell01
continue-on-error: true
run: |
ls -la .
grep "urn:ietf:params:acme:error:orderNotReady" acmeshell.enroll.log
shell: bash
- name: "Check result "
if: ${{ (inputs.IDEMPOTENT_FINALIZE == 'false') && (steps.acmeshell01.outcome != 'success')}}
run: |
echo "legofail outcome is ${{steps.acmeshell01.outcome }}"
exit 1
shell: bash
- name: "Check result "
if: ${{ (inputs.IDEMPOTENT_FINALIZE == 'true') && (steps.acmeshell01.outcome != 'failure')}}
run: |
echo "legofail outcome is ${{steps.acmeshell01.outcome }}"
exit 1
shell: bash
================================================
FILE: .github/actions/cert_gen/action.yml
================================================
name: "cert_gen"
description: "Generate Certificates"
inputs:
ISSUING_CA_KEY:
description: "Path to the Issuing-CA private key"
required: true
default: "test/ca/sub-ca-key.pem"
ISSUING_CA_CERT:
description: "Path to the CA certificate"
required: true
default: "test/ca/sub-ca-cert.pem"
ISSUING_CA_PASSPHRASE:
description: "Passphrase for the private key"
required: true
default: "Test1234"
ROOT_CA_CERT:
description: "Path to the root CA certificate"
required: true
default: "test/ca/root-ca-cert.pem"
DESTINATION_PATH:
description: "Path for key and certificates"
required: false
default: ".github"
EE_KEY:
description: "Path to the end-entity private key"
required: true
default: "acme2certifier_key.pem"
EE_CERT:
description: "Path to the end-entity certificate"
required: true
default: "acme2certifier_cert.pem"
EE_CSR:
description: "Path to the end-entity certificate signing request"
required: true
default: "acme2certifier_csr.pem"
EE_BUNDLE:
description: "Path to the end-entity certificate bundle"
required: true
default: "acme2certifier.pem"
CA_BUNDLE:
description: "Path to the CA bundle"
required: true
default: "acme2certifier_cabundle.pem"
OS:
description: "Operating System"
required: true
default: "Linux"
runs:
using: "composite"
steps:
- name: "generate keys and certificates"
if: ${{ inputs.OS == 'Linux' }}
working-directory: ${{ inputs.DOCKER_COMPOSE_FILE_PATH }}
run: |
openssl req -nodes -newkey rsa:2048 -keyout $DESTINATION_PATH/$EE_KEY -out $DESTINATION_PATH/$EE_CSR -batch -subj "/CN=acme_srv" -addext "subjectAltName=DNS:acme_srv,DNS:acme_srv.acme,DNS:localhost,DNS:acme-srv,DNS:acme-srv.acme" -addext "keyUsage = digitalSignature, keyEncipherment, dataEncipherment" -addext "extendedKeyUsage = serverAuth" -addext "basicConstraints=CA:false"
openssl x509 -req -in $DESTINATION_PATH/$EE_CSR -CA $ISSUING_CA_CERT -CAkey $ISSUING_CA_KEY -CAcreateserial -out $DESTINATION_PATH/$EE_CERT -copy_extensions copy -days 30 -sha256 --passin pass:$ISSUING_CA_PASSPHRASE
cp $DESTINATION_PATH/$EE_KEY $DESTINATION_PATH/$EE_BUNDLE
cat $DESTINATION_PATH/$EE_CERT >> $DESTINATION_PATH/$EE_BUNDLE
cat test/ca/sub-ca-cert.pem >> $DESTINATION_PATH/$EE_BUNDLE
cat test/ca/root-ca-cert.pem >> $DESTINATION_PATH/$EE_BUNDLE
cp test/ca/sub-ca-cert.pem $DESTINATION_PATH/$CA_BUNDLE
cat test/ca/root-ca-cert.pem >> $DESTINATION_PATH/$CA_BUNDLE
shell: bash
env:
ISSUING_CA_KEY: ${{ inputs.ISSUING_CA_KEY }}
ISSUING_CA_CERT: ${{ inputs.ISSUING_CA_CERT }}
ROOT_CA_CERT: ${{ inputs.ROOT_CA_CERT }}
ISSUING_CA_PASSPHRASE: ${{ inputs.ISSUING_CA_PASSPHRASE }}
DESTINATION_PATH: ${{ inputs.DESTINATION_PATH }}
EE_KEY: ${{ inputs.EE_KEY }}
EE_CERT: ${{ inputs.EE_CERT }}
EE_CSR: ${{ inputs.EE_CSR }}
EE_BUNDLE: ${{ inputs.EE_BUNDLE }}
CA_BUNDLE: ${{ inputs.CA_BUNDLE }}
- name: "generate keys and certificates"
if: ${{ inputs.OS == 'Windows' }}
working-directory: ${{ inputs.DOCKER_COMPOSE_FILE_PATH }}
run: |
openssl req -nodes -newkey rsa:2048 -keyout $DESTINATION_PATH/$EE_KEY -out $DESTINATION_PATH/$EE_CSR -batch -subj "//CN=acme_srv" -addext "subjectAltName=DNS:acme_srv,DNS:acme_srv.acme,DNS:localhost,DNS:acme-srv,DNS:acme-srv.acme" -addext "keyUsage = digitalSignature, keyEncipherment, dataEncipherment" -addext "extendedKeyUsage = serverAuth" -addext "basicConstraints=CA:false"
openssl x509 -req -in $DESTINATION_PATH/$EE_CSR -CA $ISSUING_CA_CERT -CAkey $ISSUING_CA_KEY -CAcreateserial -out $DESTINATION_PATH/$EE_CERT -copy_extensions copy -days 30 -sha256 --passin pass:$ISSUING_CA_PASSPHRASE
cp $DESTINATION_PATH/$EE_KEY $DESTINATION_PATH/$EE_BUNDLE
cat $DESTINATION_PATH/$EE_CERT >> $DESTINATION_PATH/$EE_BUNDLE
cat test/ca/sub-ca-cert.pem >> $DESTINATION_PATH/$EE_BUNDLE
cat test/ca/root-ca-cert.pem >> $DESTINATION_PATH/$EE_BUNDLE
cp test/ca/sub-ca-cert.pem $DESTINATION_PATH/$CA_BUNDLE
cat test/ca/root-ca-cert.pem >> $DESTINATION_PATH/$CA_BUNDLE
shell: bash
env:
ISSUING_CA_KEY: ${{ inputs.ISSUING_CA_KEY }}
ISSUING_CA_CERT: ${{ inputs.ISSUING_CA_CERT }}
ROOT_CA_CERT: ${{ inputs.ROOT_CA_CERT }}
ISSUING_CA_PASSPHRASE: ${{ inputs.ISSUING_CA_PASSPHRASE }}
DESTINATION_PATH: ${{ inputs.DESTINATION_PATH }}
EE_KEY: ${{ inputs.EE_KEY }}
EE_CERT: ${{ inputs.EE_CERT }}
EE_CSR: ${{ inputs.EE_CSR }}
EE_BUNDLE: ${{ inputs.EE_BUNDLE }}
CA_BUNDLE: ${{ inputs.CA_BUNDLE }}
- name: "Generate Django secret key and update settings files"
run: |
# Generate a new Django secret key
DJANGO_SECRET=$(python3 -c "import secrets; print(secrets.token_urlsafe(50))")
echo "Generated Django secret key"
# Add the secret key to all three Django settings files
echo "" >> .github/django_settings.py
echo "# SECURITY WARNING: keep the secret key used in production secret!" >> .github/django_settings.py
echo "SECRET_KEY = \"$DJANGO_SECRET\"" >> .github/django_settings.py
echo "" >> .github/django_settings_mariadb.py
echo "# SECURITY WARNING: keep the secret key used in production secret!" >> .github/django_settings_mariadb.py
echo "SECRET_KEY = \"$DJANGO_SECRET\"" >> .github/django_settings_mariadb.py
sed -i "s/\"XXX\": \"XXX\"/\"PASSWORD\": \"1mmSvDFl\"/g" .github/django_settings_mariadb.py
echo "" >> .github/django_settings_psql.py
echo "# SECURITY WARNING: keep the secret key used in production secret!" >> .github/django_settings_psql.py
echo "SECRET_KEY = \"$DJANGO_SECRET\"" >> .github/django_settings_psql.py
sed -i "s/\"XXX\": \"XXX\"/\"PASSWORD\": \"1mmSvDFl\"/g" .github/django_settings_psql.py
echo "" >> .github/django_settings_mssql.py
echo "# SECURITY WARNING: keep the secret key used in production secret!" >> .github/django_settings_mssql.py
echo "SECRET_KEY = \"$DJANGO_SECRET\"" >> .github/django_settings_mssql.py
sed -i "s/\"XXX\": \"XXX\"/\"PASSWORD\": \"1mmSvDFl\"/g" .github/django_settings_mssql.py
echo "Django secret key added to all settings files"
shell: bash
================================================
FILE: .github/actions/container_build/action.yml
================================================
name: "container_build"
description: "Build Container"
inputs:
DB_HANDLER:
description: "Database handler"
required: true
default: "wsgi"
WEB_SRV:
description: "Web server"
required: true
default: "apache2"
DOCKER_COMPOSE_FILE_PATH:
description: "Path to the docker compose file"
required: false
default: "examples/Docker/"
runs:
using: "composite"
steps:
- name: "Build docker compose (${{ inputs.WEB_SRV }}_${{ inputs.DB_HANDLER }})"
working-directory: ${{ inputs.DOCKER_COMPOSE_FILE_PATH }}
run: |
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --batch --yes --no-tty --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt update
sudo apt install -y docker-compose-plugin
sed -i "s/wsgi/$DB_HANDLER/g" .env
sed -i "s/apache2/$WEB_SRV/g" .env
# cat .env
docker compose build
shell: bash
env:
WEB_SRV: ${{ inputs.WEB_SRV }}
DB_HANDLER: ${{ inputs.DB_HANDLER }}
================================================
FILE: .github/actions/container_build_upload/action.yml
================================================
name: "container_build_upload"
description: "Build and Upload Container"
inputs:
DB_HANDLER:
description: "Database handler"
required: true
default: "wsgi"
WEB_SRV:
description: "Web server"
required: true
default: "apache2"
runs:
using: "composite"
steps:
- name: "Build container"
uses: ./.github/actions/container_build
with:
DB_HANDLER: ${{ inputs.DB_HANDLER }}
WEB_SRV: ${{ inputs.WEB_SRV }}
- name: "Save container"
run: |
docker images
mkdir -p /tmp/a2c
docker save acme2certifier/$DB_HANDLER > /tmp/a2c/a2c-${{ github.run_id }}.$WEB_SRV.$DB_HANDLER.tar
gzip /tmp/a2c/a2c-${{ github.run_id }}.$WEB_SRV.$DB_HANDLER.tar
shell: bash
env:
DB_HANDLER: ${{ inputs.DB_HANDLER }}
WEB_SRV: ${{ inputs.WEB_SRV }}
- name: "Upload container package"
uses: actions/upload-artifact@v7
with:
name: a2c-${{ github.run_id }}.${{ inputs.WEB_SRV }}.${{ inputs.DB_HANDLER }}.tar.gz
path: /tmp/a2c
================================================
FILE: .github/actions/container_check/action.yml
================================================
name: "container_check"
description: "Check container configuration"
inputs:
DB_HANDLER:
description: "Database handler"
required: true
default: "wsgi"
WEB_SRV:
description: "Web server"
required: true
default: "apache2"
DOCKER_COMPOSE_FILE_PATH:
description: "Path to the docker compose file"
required: false
default: "examples/Docker/"
runs:
using: "composite"
steps:
- name: "Logs"
working-directory: ${{ inputs.DOCKER_COMPOSE_FILE_PATH }}
run: |
docker compose logs | grep -i $WEB_SRV
if [ "$DB_HANDLER" == "django" ]; then
docker compose logs | grep -i migrations
else
docker compose logs | grep -i $DB_HANDLER
fi
env:
WEB_SRV: ${{ inputs.WEB_SRV }}
DB_HANDLER: ${{ inputs.DB_HANDLER }}
shell: bash
================================================
FILE: .github/actions/container_down/action.yml
================================================
name: "container_down"
description: "Stop a2c container"
inputs:
DB_HANDLER:
description: "Database handler"
required: true
default: "wsgi"
WEB_SRV:
description: "Web server"
required: true
default: "apache2"
DOCKER_COMPOSE_FILE_PATH:
description: "Path to the docker compose file"
required: false
default: "examples/Docker/"
NAME_SPACE:
description: "namespace"
required: true
default: "acme"
runs:
using: "composite"
steps:
- name: "Stop a2c instance (${{ inputs.WEB_SRV }}_${{ inputs.DB_HANDLER }})"
working-directory: ${{ inputs.DOCKER_COMPOSE_FILE_PATH }}
run: |
# sed -i "s/name: acme/name: $NAME_SPACE/g" docker-compose.yml
docker compose down
env:
NAME_SPACE: ${{ inputs.NAME_SPACE }}
shell: bash
================================================
FILE: .github/actions/container_load/action.yml
================================================
name: "container_load"
description: "Download and import container image"
inputs:
RUN_ID:
description: "The run ID of the workflow run that produced the artifact"
required: true
ARTIFACT_NAME:
description: "The name of the artifact to download"
required: true
DESTINATION_PATH:
description: "The path to download the artifact to"
required: false
default: "./"
TOKEN:
description: "GitHub token with permissions to access the artifact"
required: false
default: ""
REPO:
description: "The repository in the format owner/repo. Defaults to the current repository."
required: false
default: ""
OS:
description: "Operating System"
required: true
default: "Linux"
runs:
using: "composite"
steps:
- name: "Download container"
uses: ./.github/actions/download_artifact
with:
RUN_ID: ${{ inputs.RUN_ID }}
ARTIFACT_NAME: ${{ inputs.ARTIFACT_NAME }}.gz
DESTINATION_PATH: ${{ inputs.DESTINATION_PATH }}
TOKEN: ${{ inputs.TOKEN }}
REPO: ${{ inputs.REPO }}
- name: "Import container"
run: |
cd $DESTINATION_PATH
gunzip -f $ARTIFACT_NAME.gz
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --batch --yes --no-tty --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt update
sudo apt install -y docker-compose-plugin
docker load -i $ARTIFACT_NAME
docker images
shell: bash
env:
DESTINATION_PATH: ${{ inputs.DESTINATION_PATH }}
ARTIFACT_NAME: ${{ inputs.ARTIFACT_NAME }}
================================================
FILE: .github/actions/container_prep/action.yml
================================================
name: "container_prep"
description: "Prepare environment for container installation"
inputs:
DB_HANDLER:
description: "Database handler"
required: true
default: "wsgi"
WEB_SRV:
description: "Web server"
required: true
default: "apache2"
DJANGO_DB:
description: "Django database"
required: false
CONTAINER_BUILD:
description: "Build container"
required: true
default: "true"
NAME_SPACE:
description: "namespace"
required: true
default: "acme"
IPV6:
description: "IPv6"
required: true
default: "false"
runs:
using: "composite"
steps:
- name: "Generate keys and certificates"
uses: ./.github/actions/cert_gen
- name: "Setup environment"
run: |
echo "IPv6 is $IPV6"
if [ "$IPV6" == "false" ]; then
echo "create v4 namespace"
docker network create $NAME_SPACE
else
echo "create v6 namespace"
docker network create $NAME_SPACE --ipv6 --subnet "fdbb:6445:65b4:0a60::/64"
fi
sudo mkdir -p examples/Docker/data
sudo cp .github/acme2certifier.pem examples/Docker/data/acme2certifier.pem
sudo cp .github/acme2certifier_cert.pem examples/Docker/data/acme2certifier_cert.pem
sudo cp .github/acme2certifier_key.pem examples/Docker/data/acme2certifier_key.pem
if [ -z "$DJANGO_DB" ]; then
sudo cp .github/django_settings.py examples/Docker/data/settings.py
else
if [ "$DJANGO_DB" != "sqlite3" ]; then
echo "Using $DJANGO_DB as django database"
sudo cp .github/django_settings_$DJANGO_DB.py examples/Docker/data/settings.py
else
echo "Using sqlite3 as django database"
sudo cp .github/django_settings.py examples/Docker/data/settings.py
fi
fi
env:
DJANGO_DB: ${{ inputs.DJANGO_DB }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
IPV6: ${{ inputs.IPV6 }}
shell: bash
- name: "Build docker compose (${{ inputs.WEB_SRV }}_${{ inputs.DB_HANDLER }})"
if: inputs.CONTAINER_BUILD == 'true'
uses: ./.github/actions/container_build
with:
WEB_SRV: ${{ inputs.WEB_SRV }}
DB_HANDLER: ${{ inputs.DB_HANDLER }}
- name: "Prepare container environment file (${{ inputs.WEB_SRV }}_${{ inputs.DB_HANDLER }})"
if: inputs.CONTAINER_BUILD != 'true'
working-directory: examples/Docker/
run: |
sed -i "s/wsgi/$DB_HANDLER/g" .env
sed -i "s/apache2/$WEB_SRV/g" .env
env:
WEB_SRV: ${{ inputs.WEB_SRV }}
DB_HANDLER: ${{ inputs.DB_HANDLER }}
shell: bash
- name: "Spin-up a2c instance (${{ inputs.WEB_SRV }}_${{ inputs.DB_HANDLER }})"
if: inputs.CONTAINER_BUILD == 'true'
uses: ./.github/actions/container_up
with:
WEB_SRV: ${{ inputs.WEB_SRV }}
DB_HANDLER: ${{ inputs.DB_HANDLER }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "Instanciate Mariadb"
if: inputs.DJANGO_DB == 'mariadb'
uses: ./.github/actions/mariadb_prep
with:
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "Instanciate Postgres"
if: inputs.DJANGO_DB == 'psql'
uses: ./.github/actions/psql_prep
with:
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "Instanciate MSSQL"
if: inputs.DJANGO_DB == 'mssql'
uses: ./.github/actions/mssql_prep
with:
NAME_SPACE: ${{ inputs.NAME_SPACE }}
================================================
FILE: .github/actions/container_run/action.yml
================================================
name: "container_up"
description: "instanciate a2c container"
inputs:
DB_HANDLER:
description: "Database handler"
required: true
default: "wsgi"
WEB_SRV:
description: "Web server"
required: true
default: "apache2"
DOCKER_COMPOSE_FILE_PATH:
description: "Path to the docker compose file"
required: false
default: "examples/Docker"
NAME_SPACE:
description: "namespace"
required: true
default: "acme"
VERSION:
description: "a2c version"
required: false
default: "latest"
runs:
using: "composite"
steps:
- name: "Spin-up a2c instance (${{ inputs.WEB_SRV }}_${{ inputs.DB_HANDLER }})"
working-directory: ${{ inputs.DOCKER_COMPOSE_FILE_PATH }}
run: |
docker run -d -p 80:80 -p 443:443 --rm -id --network $NAME_SPACE --name=acme-srv -v "$(pwd)/data":/var/www/acme2certifier/volume/ grindsa/acme2certifier:$VERSION-$WEBSRV-$DBHANDLER
docker logs acme-srv
env:
NAME_SPACE: ${{ inputs.NAME_SPACE }}
WORKING_DIRECTORY: ${{ inputs.DOCKER_COMPOSE_FILE_PATH }}
WEBSRV: ${{ inputs.WEB_SRV }}
DBHANDLER: ${{ inputs.DB_HANDLER }}
VERSION: ${{ inputs.VERSION }}
shell: bash
================================================
FILE: .github/actions/container_up/action.yml
================================================
name: "container_up"
description: "instanciate a2c container"
inputs:
DB_HANDLER:
description: "Database handler"
required: true
default: "wsgi"
WEB_SRV:
description: "Web server"
required: true
default: "apache2"
DOCKER_COMPOSE_FILE_PATH:
description: "Path to the docker compose file"
required: false
default: "examples/Docker/"
NAME_SPACE:
description: "namespace"
required: true
default: "acme"
runs:
using: "composite"
steps:
- name: "Spin-up a2c instance (${{ inputs.WEB_SRV }}_${{ inputs.DB_HANDLER }})"
working-directory: ${{ inputs.DOCKER_COMPOSE_FILE_PATH }}
run: |
sed -i "s/name: acme/name: $NAME_SPACE/g" docker-compose.yml
docker compose up -d --no-build
env:
NAME_SPACE: ${{ inputs.NAME_SPACE }}
shell: bash
================================================
FILE: .github/actions/deb_build/action.yml
================================================
name: "deb_build"
description: "Build deb package"
outputs:
deb_file_name:
description: "Name of the debian package file"
value: acme2certifier_${{ env.TAG_NAME }}-1_all.deb
runs:
using: "composite"
steps:
- name: Retrieve Version from version.py
run: |
echo TAG_NAME=$(cat acme_srv/version.py | grep -i __version__ | head -n 1 | sed 's/__version__ = //g' | sed s/\"//g) >> $GITHUB_ENV
shell: bash
- run: echo "Latest tag is ${{ env.TAG_NAME }}"
shell: bash
- name: "Install Firefox from Mozilla"
run: |
sudo apt-get update
sudo install -d -m 0755 /etc/apt/keyrings
wget -q https://packages.mozilla.org/apt/repo-signing-key.gpg -O- | sudo tee /etc/apt/keyrings/packages.mozilla.org.asc > /dev/null
echo "deb [signed-by=/etc/apt/keyrings/packages.mozilla.org.asc] https://packages.mozilla.org/apt mozilla main" | sudo tee -a /etc/apt/sources.list.d/mozilla.list > /dev/null
echo '
Package: *
Pin: origin packages.mozilla.org
Pin-Priority: 1000
' | sudo tee /etc/apt/preferences.d/mozilla
sudo apt update && sudo apt install -y firefox --allow-downgrades
shell: bash
- name: "Prepare environment to build deb package"
run: |
sudo apt-get update && sudo apt-get -y upgrade
sudo apt-get -y install build-essential fakeroot dpkg-dev devscripts debhelper --allow-downgrades
rm setup.py
rm -f examples/ngnix/acme2certifier.te
rm -f examples/nginx/supervisord.conf
rm -f examples/nginx/uwsgi.service
sed -i "s/run\/uwsgi\/acme.sock/var\/www\/acme2certifier\/acme.sock/g" examples/nginx/nginx_acme_srv.conf
sed -i "s/run\/uwsgi\/acme.sock/var\/www\/acme2certifier\/acme.sock/g" examples/nginx/nginx_acme_srv_ssl.conf
sed -i "s/\/run\/uwsgi\/acme.sock/acme.sock/g" examples/nginx/acme2certifier.ini
sed -i "s/nginx/www-data/g" examples/nginx/acme2certifier.ini
echo "plugins=python3" >> examples/nginx/acme2certifier.ini
cat <<EOT > examples/nginx/acme2certifier.service
[Unit]
Description=uWSGI instance to serve acme2certifier
After=network.target
[Service]
User=www-data
Group=www-data
WorkingDirectory=/var/www/acme2certifier
Environment="PATH=/var/www/acme2certifier"
ExecStart=uwsgi --ini /var/www/acme2certifier/acme2certifier.ini
[Install]
WantedBy=multi-user.target
EOT
cp -R examples/install_scripts/debian ./
sudo sed -i "s/__version__/${{ env.TAG_NAME }}/g" debian/changelog
cd ../
tar cvfz ../acme2certifier_${{ env.TAG_NAME }}.orig.tar.gz ./
shell: bash
- name: "Build debian package"
run: |
dpkg-buildpackage -uc -us
dpkg -c ../acme2certifier_${{ env.TAG_NAME }}-1_all.deb
shell: bash
================================================
FILE: .github/actions/deb_build_upload/action.yml
================================================
name: "deb_build_upload"
description: "Build and Upload package"
inputs:
NO_VERSION:
description: "If true, do not append version to package"
required: false
default: "false"
outputs:
deb_file_name:
description: "Name of the DEB package file"
value: acme2certifier_${{ env.TAG_NAME }}-${{ github.run_id }}-1_all.deb
runs:
using: "composite"
steps:
- name: "Build deb package"
id: deb_build
uses: ./.github/actions/deb_build
- name: "Rename deb package"
if: ${{ inputs.NO_VERSION != 'false' }}
run: |
sudo mv ../acme2certifier_${{ env.TAG_NAME }}-1_all.deb ./acme2certifier-${{ github.run_id }}-1_all.deb
shell: bash
- name: "Upload deb package"
if: ${{ inputs.NO_VERSION != 'false' }}
uses: actions/upload-artifact@v7
with:
name: acme2certifier-${{ github.run_id }}-1_all.deb
path: acme2certifier-${{ github.run_id }}-1_all.deb
- name: "Rename deb package"
if: ${{ inputs.NO_VERSION == 'false' }}
run: |
sudo mv ../acme2certifier_${{ env.TAG_NAME }}-1_all.deb ./acme2certifier_${{ env.TAG_NAME }}-${{ github.run_id }}-1_all.deb
shell: bash
- name: "Upload deb package"
if: ${{ inputs.NO_VERSION == 'false' }}
uses: actions/upload-artifact@v7
with:
name: acme2certifier_${{ env.TAG_NAME }}-${{ github.run_id }}-1_all.deb
path: acme2certifier_${{ env.TAG_NAME }}-${{ github.run_id }}-1_all.deb
================================================
FILE: .github/actions/deb_prep/action.yml
================================================
name: "deb_prep"
description: "Prepare environment for deb installation"
inputs:
GH_USER:
description: "GIT user for SBOM repo"
required: true
GH_SBOM_REPO_TOKEN:
description: "GIT token for SBOM repo"
required: true
DJANGO_DB:
description: "Django database"
DEB_BUILD:
description: "Build DEB"
required: true
default: "true"
NAME_SPACE:
description: "Name space"
required: true
default: "acme"
IPV6:
description: "IPv6"
required: true
default: "false"
runs:
using: "composite"
steps:
- name: "Build deb package"
if: inputs.DEB_BUILD == 'true'
id: deb_build
uses: ./.github/actions/deb_build
- name: "Generate keys and certificates"
uses: ./.github/actions/cert_gen
- name: "Setup environment for ubuntu installation"
run: |
echo "IPv6 is $IPV6"
if [ "$IPV6" == "false" ]; then
echo "create v4 namespace"
docker network create $NAME_SPACE
else
echo "create v6 namespace"
docker network create $NAME_SPACE --ipv6 --subnet "fdbb:6445:65b4:0a60::/64"
fi
sudo mkdir -p data/volume/acme2certifier
sudo mkdir -p data/nginx
sudo chmod -R 777 data
sudo cp examples/Docker/ubuntu-systemd/deb_tester.sh data
sudo cp examples/Docker/ubuntu-systemd/django_tester.sh data
sudo cp .github/acme2certifier_cert.pem data/volume/acme2certifier_cert.pem
sudo cp .github/acme2certifier_key.pem data/volume/acme2certifier_key.pem
sudo cp .github/acme2certifier.pem data/volume/acme2certifier.pem
if [ -z "$DJANGO_DB" ] || [ "$DJANGO_DB" == "sqlite3" ]; then
echo "Using default django settings for sqlite3"
sudo cp .github/django_settings.py data/volume/acme2certifier/settings.py
else
sudo cp .github/django_settings_$DJANGO_DB.py data/volume/acme2certifier/settings.py
fi
env:
DJANGO_DB: ${{ inputs.DJANGO_DB }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
IPV6: ${{ inputs.IPV6 }}
shell: bash
- name: "Generate keys and certificates"
uses: ./.github/actions/cert_gen
with:
DESTINATION_PATH: ".github"
EE_KEY: "acme2certifier_key.pem"
EE_CERT: "acme2certifier_cert.pem"
EE_CSR: "acme2certifier_csr.pem"
EE_BUNDLE: "acme2certifier.pem"
CA_BUNDLE: "acme2certifier_cabundle.pem"
ISSUING_CA_KEY: "test/ca/sub-ca-key.pem"
ISSUING_CA_CERT: "test/ca/sub-ca-cert.pem"
ISSUING_CA_PASSPHRASE: "Test1234"
ROOT_CA_CERT: "test/ca/root-ca-cert.pem"
- name: "Instanciate Mariadb"
if: inputs.DJANGO_DB == 'mariadb'
uses: ./.github/actions/mariadb_prep
with:
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "Instanciate Postgres"
if: inputs.DJANGO_DB == 'psql'
uses: ./.github/actions/psql_prep
with:
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "Prepare addditional environment for MSSQL"
if: inputs.DJANGO_DB == 'mssql'
run: |
echo "Download Microsoft repository configuration package"
curl https://packages.microsoft.com/config/ubuntu/24.04/packages-microsoft-prod.deb --output data/packages-microsoft-prod.deb
ls -la data/
env:
DJANGO_DB: ${{ inputs.DJANGO_DB }}
VERSION: ${{ inputs.RH_VERSION }}
shell: bash
- name: "Instanciate MSSQL"
if: inputs.DJANGO_DB == 'mssql'
uses: ./.github/actions/mssql_prep
with:
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "Instanciate Ubuntu 24.04"
run: |
docker run -d --name acme-srv --network $NAME_SPACE -p 22280:80 --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:rw --cgroupns=host -v "$(pwd)/data":/tmp/acme2certifier jrei/systemd-ubuntu:24.04
shell: bash
env:
NAME_SPACE: ${{ inputs.NAME_SPACE }}
================================================
FILE: .github/actions/download_artifact/action.yml
================================================
name: "download artifact"
description: "download an artifact from a workflow run"
inputs:
RUN_ID:
description: "The run ID of the workflow run that produced the artifact"
required: true
ARTIFACT_NAME:
description: "The name of the artifact to download"
required: true
DESTINATION_PATH:
description: "The path to download the artifact to"
required: false
default: "./"
TOKEN:
description: "GitHub token with permissions to access the artifact"
required: false
default: ""
REPO:
description: "The repository in the format owner/repo. Defaults to the current repository."
required: false
default: ""
runs:
using: "composite"
steps:
- name: "Get artifact"
run: |
mkdir -p $DESTINATION_PATH && cd $DESTINATION_PATH
ART_ID=$(gh api repos/$REPO/actions/runs/$RUN_ID/artifacts --jq '.artifacts[] | select(.name=="'$ARTIFACT_NAME'") | .id')
if [ -z "$ART_ID" ]; then
echo "Artifact $ARTIFACT_NAME not found in run $RUN_ID" >&2
exit 1
fi
gh api repos/$REPO/actions/artifacts/$ART_ID/zip > "$ARTIFACT_NAME.zip"
unzip -o "$ARTIFACT_NAME.zip"
rm -f "$ARTIFACT_NAME.zip"
shell: bash
env:
DESTINATION_PATH: ${{ inputs.DESTINATION_PATH }}
GH_TOKEN: ${{ inputs.TOKEN }}
REPO: ${{ inputs.REPO }}
RUN_ID: ${{ inputs.RUN_ID }}
ARTIFACT_NAME: ${{ inputs.ARTIFACT_NAME }}
================================================
FILE: .github/actions/dump-secrets-to-json/action.yml
================================================
name: 'Dump Secrets to JSON'
description: 'Dumps a list of secrets into a JSON structure with secret names as keys and content as values'
inputs:
secret_names:
description: 'Comma-separated list of secret names to dump'
required: true
output_file:
description: 'Output file path for the JSON structure'
required: false
default: 'secrets.json'
mask_values:
description: 'Whether to mask secret values in logs (true/false)'
required: false
default: 'true'
outputs:
json_file:
description: 'Path to the generated JSON file'
value: ${{ steps.create-json.outputs.json_file }}
secret_count:
description: 'Number of secrets processed'
value: ${{ steps.create-json.outputs.secret_count }}
runs:
using: 'composite'
steps:
- name: Create secrets JSON
id: create-json
shell: bash
env:
SECRET_NAMES: ${{ inputs.secret_names }}
OUTPUT_FILE: ${{ inputs.output_file }}
MASK_VALUES: ${{ inputs.mask_values }}
run: |
# Initialize JSON object
echo "{" > "$OUTPUT_FILE"
# Convert comma-separated list to array
IFS=',' read -ra SECRETS <<< "$SECRET_NAMES"
secret_count=0
total_secrets=${#SECRETS[@]}
echo "Processing $total_secrets secrets..."
for i in "${!SECRETS[@]}"; do
secret_name=$(echo "${SECRETS[$i]}" | xargs) # Trim whitespace
secret_count=$((secret_count + 1))
# Get the secret value from environment
secret_value="${!secret_name}"
if [ -n "$secret_value" ]; then
# Escape JSON special characters in the secret value
escaped_value=$(echo "$secret_value" | sed 's/\\/\\\\/g; s/"/\\"/g; s/\t/\\t/g; s/\r/\\r/g; s/\n/\\n/g')
# Add comma if not the first entry
if [ $i -gt 0 ]; then
echo "," >> "$OUTPUT_FILE"
fi
# Add the key-value pair
echo -n " \"$secret_name\": \"$escaped_value\"" >> "$OUTPUT_FILE"
if [ "$MASK_VALUES" = "true" ]; then
echo "✓ Added secret: $secret_name (value masked)"
else
echo "✓ Added secret: $secret_name"
fi
else
echo "⚠️ Warning: Secret '$secret_name' is empty or not found"
# Add comma if not the first entry
if [ $i -gt 0 ]; then
echo "," >> "$OUTPUT_FILE"
fi
# Add null value for missing secrets
echo -n " \"$secret_name\": null" >> "$OUTPUT_FILE"
fi
done
# Close JSON object
echo "" >> "$OUTPUT_FILE"
echo "}" >> "$OUTPUT_FILE"
echo "json_file=$OUTPUT_FILE" >> $GITHUB_OUTPUT
echo "secret_count=$secret_count" >> $GITHUB_OUTPUT
echo "JSON file created: $OUTPUT_FILE"
echo "Secrets processed: $secret_count"
# Show file size
file_size=$(wc -c < "$OUTPUT_FILE")
echo "File size: $file_size bytes"
# Validate JSON syntax
if command -v jq >/dev/null 2>&1; then
if jq empty "$OUTPUT_FILE" 2>/dev/null; then
echo "✓ JSON syntax is valid"
else
echo "❌ JSON syntax is invalid"
exit 1
fi
else
echo "⚠️ jq not available, skipping JSON validation"
fi
================================================
FILE: .github/actions/mailserver_install/action.yml
================================================
name: "mailserver_install"
description: "mailserver_install"
inputs:
NAME_SPACE:
description: "Namespace"
required: true
default: "acme"
MAILSERVER_CERT:
description: "Mailserver Certificate"
required: true
default: "None"
runs:
using: "composite"
steps:
- name: "Install mailserver"
run: |
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --batch --yes --no-tty --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt update
sudo apt install -y docker-compose-plugin
mkdir -p mailserver/docker-data/certs
DMS_GITHUB_URL="https://raw.githubusercontent.com/docker-mailserver/docker-mailserver/master"
curl ${DMS_GITHUB_URL}/compose.yaml -o mailserver/docker-compose.yaml
curl ${DMS_GITHUB_URL}/mailserver.env -o mailserver/mailserver.env
shell: bash
- name: "Modify downloaded files to reflect test-setup"
run: |
echo -e "networks:\n default:\n external:\n name: ${NAME_SPACE}" >> mailserver/docker-compose.yaml
sudo sed -i "s/hostname: mail.example.com/hostname: mailserver.${NAME_SPACE}/g" mailserver/docker-compose.yaml
sudo sed -i "s/- .\/docker-data\/dms\/config\/:\/tmp\/docker-mailserver/- .\/docker-data\/dms\/config\/:\/tmp\/docker-mailserver\n - .\/docker-data\/certs:\/etc\/certs/g" mailserver/docker-compose.yaml
sudo sed -i "s/ENABLE_OPENDKIM=1/ENABLE_OPENDKIM=0/g" mailserver/mailserver.env
sudo sed -i "s/ENABLE_OPENDMARC=1/ENABLE_OPENDMARC=0/g" mailserver/mailserver.env
sudo sed -i "s/ENABLE_POLICYD_SPF=1/ENABLE_POLICYD_SPF=0/g" mailserver/mailserver.env
sudo sed -i "s/RSPAMD_HFILTER=1/RSPAMD_HFILTER=0/g" mailserver/mailserver.env
sudo sed -i "s/ENABLE_AMAVIS=1/ENABLE_AMAVIS=0/g" mailserver/mailserver.env
sudo sed -i "s/SSL_TYPE=/SSL_TYPE=manual/g" mailserver/mailserver.env
sudo sed -i "s/SSL_CERT_PATH=/SSL_CERT_PATH=\/etc\/certs\/mailserver_crt.pem/g" mailserver/mailserver.env
sudo sed -i "s/SSL_KEY_PATH=/SSL_KEY_PATH=\/etc\/certs\/mailserver_key.pem/g" mailserver/mailserver.env
cat mailserver/docker-compose.yaml
echo ${MAILSERVER_CERT} | base64 -d > mailserver/docker-data/certs/mailserver_crt.pkcs12
openssl pkcs12 -in mailserver/docker-data/certs/mailserver_crt.pkcs12 -nodes -nocerts -out mailserver/docker-data/certs/mailserver_key.pem -passin pass:
openssl pkcs12 -in mailserver/docker-data/certs/mailserver_crt.pkcs12 -clcerts -nokeys -out mailserver/docker-data/certs/mailserver_crt.pem -passin pass:
shell: bash
env:
NAME_SPACE: ${{ inputs.NAME_SPACE }}
MAILSERVER_CERT: ${{ inputs.MAILSERVER_CERT }}
- name: "Start and configure mailserver"
working-directory: mailserver
run: |
docker compose up -d
sleep 20
docker exec mailserver grep mydestination /etc/postfix/main.cf
docker exec mailserver sh -c "sed -i 's/mydestination\s=\s\$myhostname,\slocalhost\.\$mydomain,\slocalhost/mydestination=localhost.\$mydomain,localhost/g' /etc/postfix/main.cf"
docker exec mailserver grep mydestination /etc/postfix/main.cf
docker exec mailserver setup email add postmaster@mailserver.acme pOstmAster
docker exec mailserver setup email add a2c@mailserver.acme a2cstarter
docker exec mailserver setup email add jum@mailserver.acme jumstarter
docker exec mailserver setup email add ulme@mailserver.acme ulmestarter
shell: bash
================================================
FILE: .github/actions/mariadb_prep/action.yml
================================================
name: "maria_prep"
description: "bring up and configure mariadb instance"
inputs:
NAME_SPACE:
description: "Name space"
required: true
default: "acme"
INSTANCIATE:
description: "Instanciate mariadb"
required: true
default: "true"
RH_VERSION:
description: "Red Hat version"
required: false
default: "9"
runs:
using: "composite"
steps:
- name: "Instanciate Mariadb"
if: inputs.INSTANCIATE == 'true' && inputs.RH_VERSION != '8'
run: |
echo "Instanciate mariadb for RH_VERSION $RH_VERSION"
docker run --name mariadbsrv --network acme -e MARIADB_ROOT_PASSWORD=foobar -d mariadb
shell: bash
env:
NAME_SPACE: ${{ inputs.NAME_SPACE }}
RH_VERSION: ${{ inputs.RH_VERSION }}
- name: "Instanciate Mariadb for RHEL8"
if: inputs.INSTANCIATE == 'true' && inputs.RH_VERSION == '8'
run: |
echo "Instanciate mariadb 10 for RH_VERSION $RH_VERSION"
docker run --name mariadbsrv --network acme -e MARIADB_ROOT_PASSWORD=foobar -d mariadb:10.6-ubi9
shell: bash
env:
NAME_SPACE: ${{ inputs.NAME_SPACE }}
RH_VERSION: ${{ inputs.RH_VERSION }}
- name: "Sleep for 10s"
if: inputs.INSTANCIATE == 'true'
uses: juliangruber/sleep-action@v2.0.3
with:
time: 10s
- name: "Configure mariadb"
working-directory: examples/Docker/
run: |
docker exec mariadbsrv mariadb -u root --password=foobar -e"DROP DATABASE IF EXISTS acme2certifier;"
docker exec mariadbsrv mariadb -u root --password=foobar -e"CREATE DATABASE acme2certifier CHARACTER SET UTF8;"
docker exec mariadbsrv mariadb -u root --password=foobar -e"GRANT ALL PRIVILEGES ON acme2certifier.* TO 'acme2certifier'@'%' IDENTIFIED BY '1mmSvDFl';"
docker exec mariadbsrv mariadb -u root --password=foobar -e"FLUSH PRIVILEGES;"
shell: bash
- name: "Sleep for 5s"
uses: juliangruber/sleep-action@v2.0.3
with:
time: 5s
================================================
FILE: .github/actions/mssql_prep/action.yml
================================================
name: "mssql_prep"
description: "bring up and configure mssql instance"
inputs:
NAME_SPACE:
description: "Name space"
required: true
default: "acme"
INSTANCIATE:
description: "Instanciate mssql"
required: true
default: "true"
RH_VERSION:
description: "Red Hat version"
required: false
default: "9"
ROOT_PWD:
description: "MSSQL root password"
required: false
default: "Mssqlpassw0rd"
runs:
using: "composite"
steps:
- name: "Instanciate MSSQL"
if: inputs.INSTANCIATE == 'true'
run: |
docker pull mcr.microsoft.com/mssql/server:2022-latest
docker run --rm -d --network ${NAME_SPACE} -e "ACCEPT_EULA=Y" -e "MSSQL_SA_PASSWORD=$ROOT_PWD" -p 1433:1433 --name ms-sql --hostname ms-sql mcr.microsoft.com/mssql/server:2022-latest
shell: bash
env:
NAME_SPACE: ${{ inputs.NAME_SPACE }}
RH_VERSION: ${{ inputs.RH_VERSION }}
ROOT_PWD: ${{ inputs.ROOT_PWD }}
- name: "Sleep for 10s"
if: inputs.INSTANCIATE == 'true'
uses: juliangruber/sleep-action@v2.0.3
with:
time: 10s
- name: "Configure mssql"
working-directory: examples/Docker/
run: |
docker exec ms-sql /opt/mssql-tools18/bin/sqlcmd -No -S localhost -U SA -P $ROOT_PWD -Q "IF EXISTS (SELECT name FROM sys.databases WHERE name = 'acme2certifier') DROP DATABASE acme2certifier;"
docker exec ms-sql /opt/mssql-tools18/bin/sqlcmd -No -S localhost -U SA -P $ROOT_PWD -Q "CREATE DATABASE acme2certifier;"
docker exec ms-sql /opt/mssql-tools18/bin/sqlcmd -S localhost -No -U SA -P $ROOT_PWD -Q "CREATE LOGIN acme2certifier_user WITH PASSWORD = '$USER_PWD';"
docker exec ms-sql /opt/mssql-tools18/bin/sqlcmd -S localhost -No -U SA -P $ROOT_PWD -Q "USE acme2certifier; CREATE USER acme2certifier_user FOR LOGIN acme2certifier_user; ALTER ROLE db_owner ADD MEMBER acme2certifier_user;"
shell: bash
env:
ROOT_PWD: ${{ inputs.ROOT_PWD }}
USER_PWD: 1mmSvDFl
RH_VERSION: ${{ inputs.RH_VERSION }}
- name: "Sleep for 5s"
uses: juliangruber/sleep-action@v2.0.3
with:
time: 5s
================================================
FILE: .github/actions/parse-json-secret/action.yml
================================================
name: 'Parse JSON Secret'
description: 'Parse one or more JSON secrets and create environment variables for each key-value pair'
author: 'grindsa'
inputs:
json_secret:
description: 'The JSON secret(s) to parse. Can be a single JSON secret or multiple comma-separated JSON secrets'
required: true
prefix:
description: 'Optional prefix for environment variable names'
required: false
default: ''
uppercase:
description: 'Convert keys to uppercase'
required: false
default: 'true'
outputs:
variable_count:
description: 'Number of variables created'
value: ${{ steps.parse.outputs.variable_count }}
variable_names:
description: 'Comma-separated list of variable names created'
value: ${{ steps.parse.outputs.variable_names }}
runs:
using: 'composite'
steps:
- name: Parse JSON secret to environment variables
id: parse
shell: bash
env:
JSON_SECRET: ${{ inputs.json_secret }}
INPUT_PREFIX: ${{ inputs.prefix }}
INPUT_UPPERCASE: ${{ inputs.uppercase }}
run: |
# Validate inputs
if [ -z "$JSON_SECRET" ]; then
echo "❌ Error: json_secret input is required"
exit 1
fi
# Validate JSON
if ! echo "$JSON_SECRET" | jq empty 2>/dev/null; then
echo "❌ Error: Invalid JSON provided"
exit 1
fi
echo "🔧 Parsing JSON secret..."
# Determine prefix
PREFIX="$INPUT_PREFIX"
if [ -n "$PREFIX" ]; then
PREFIX="${PREFIX}_"
fi
# Parse JSON and create environment variables
# First, get variable names and count for outputs
if [ "$INPUT_UPPERCASE" = "true" ]; then
VARIABLE_NAMES=$(echo "$JSON_SECRET" | jq -r --arg prefix "$PREFIX" '
[to_entries[] | "\($prefix)\(.key | ascii_upcase)"] | join(",")
')
else
VARIABLE_NAMES=$(echo "$JSON_SECRET" | jq -r --arg prefix "$PREFIX" '
[to_entries[] | "\($prefix)\(.key)"] | join(",")
')
fi
# Process each key-value pair individually to handle multi-line values
if [ "$INPUT_UPPERCASE" = "true" ]; then
echo "$JSON_SECRET" | jq -r --arg prefix "$PREFIX" '
to_entries[] |
["\($prefix)\(.key | ascii_upcase)", .value] | @tsv
' | while IFS=$'\t' read -r var_name var_value; do
# Use GitHub's multi-line environment variable syntax
EOF_TOKEN=$(openssl rand -hex 8)
echo "${var_name}<<${EOF_TOKEN}" >> $GITHUB_ENV
# Use printf with %b to properly interpret escape sequences like \n
printf '%b\n' "$var_value" >> $GITHUB_ENV
echo "${EOF_TOKEN}" >> $GITHUB_ENV
done
else
echo "$JSON_SECRET" | jq -r --arg prefix "$PREFIX" '
to_entries[] |
["\($prefix)\(.key)", .value] | @tsv
' | while IFS=$'\t' read -r var_name var_value; do
# Use GitHub's multi-line environment variable syntax
EOF_TOKEN=$(openssl rand -hex 8)
echo "${var_name}<<${EOF_TOKEN}" >> $GITHUB_ENV
# Use printf with %b to properly interpret escape sequences like \n
printf '%b\n' "$var_value" >> $GITHUB_ENV
echo "${EOF_TOKEN}" >> $GITHUB_ENV
done
fi
# Count variables
VARIABLE_COUNT=$(echo "$JSON_SECRET" | jq '. | length')
# Set outputs (avoid exposing variable names that might contain sensitive info)
echo "variable_count=$VARIABLE_COUNT" >> $GITHUB_OUTPUT
# Only output variable count, not names to avoid potential exposure
echo "variable_names=***" >> $GITHUB_OUTPUT
echo "✅ Created $VARIABLE_COUNT environment variables"
echo "📋 Variables created successfully (names hidden for security)"
================================================
FILE: .github/actions/psql_prep/action.yml
================================================
name: "psql_prep"
description: "bring up and configure psql instance"
inputs:
NAME_SPACE:
description: "Name space"
required: true
default: "acme"
INSTANCIATE:
description: "Instanciate mariadb"
required: true
default: "true"
runs:
using: "composite"
steps:
- name: "postgres environment"
if: inputs.INSTANCIATE == 'true'
run: |
sudo mkdir -p /tmp/data/pgsql
sudo cp .github/a2c.psql /tmp/data/pgsql/a2c.psql
sudo cp .github/pgpass /tmp//data/pgsql/pgpass
sudo chmod 600 /tmp/data/pgsql/pgpass
shell: bash
- name: "Install postgres"
if: inputs.INSTANCIATE == 'true'
working-directory: /tmp
run: |
docker run --name postgresdbsrv --network $NAME_SPACE -e POSTGRES_PASSWORD=foobar -d postgres
shell: bash
env:
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "Sleep for 10s"
if: inputs.INSTANCIATE == 'true'
uses: juliangruber/sleep-action@v2.0.3
with:
time: 10s
- name: "Configure postgres"
if: inputs.INSTANCIATE == 'true'
working-directory: /tmp
run: |
docker run -v "$(pwd)/data/pgsql/a2c.psql":/tmp/a2c.psql -v "$(pwd)/data/pgsql/pgpass:/root/.pgpass" --rm --network $NAME_SPACE postgres psql -U postgres -h postgresdbsrv -f /tmp/a2c.psql
shell: bash
env:
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "Reset postgres"
if: inputs.INSTANCIATE == 'false'
working-directory: /tmp
run: |
docker cp $(pwd)/data/pgsql/a2c.psql postgresdbsrv:/tmp/a2c.psql
docker exec postgresdbsrv psql -U postgres -f /tmp/a2c.psql
shell: bash
env:
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "Sleep for 5s"
uses: juliangruber/sleep-action@v2.0.3
with:
time: 5s
================================================
FILE: .github/actions/rpm_build/action.yml
================================================
name: "rpm_build"
description: "Build RPM package"
outputs:
rpm_dir_path:
description: "Path to the directory containing the RPM package"
value: ${{ steps.rpm.outputs.rpm_dir_path }}
rpm_file_name:
description: "Name of the RPM package file"
value: acme2certifier-${{ env.TAG_NAME }}-1.0.noarch.rpm
runs:
using: "composite"
steps:
- name: "Retrieve Version from version.py"
run: |
echo TAG_NAME=$(cat acme_srv/version.py | grep -i __version__ | head -n 1 | sed 's/__version__ = //g' | sed s/\"//g) >> $GITHUB_ENV
shell: bash
- run: echo "Latest tag is ${{ env.TAG_NAME }}"
shell: bash
- name: "Update version number in spec file and path in nginx ssl config"
run: |
sudo sed -i "s/__version__/${{ env.TAG_NAME }}/g" examples/install_scripts/rpm/acme2certifier.spec
sudo sed -i "s/\/var\/www\/acme2certifier\/volume/\/etc\/nginx/g" examples/nginx/nginx_acme_srv_ssl.conf
git config --global user.email "grindelsack@gmail.com"
git config --global user.name "rpm update"
git add examples/nginx
git commit -a -m "rpm update"
shell: bash
- name: "Build RPM package"
id: rpm
uses: grindsa/rpmbuild@alma9
with:
spec_file: "examples/install_scripts/rpm/acme2certifier.spec"
- run: echo "path is ${{ steps.rpm.outputs.rpm_dir_path }}"
shell: bash
================================================
FILE: .github/actions/rpm_build_upload/action.yml
================================================
name: "rpm_build_upload"
description: "Build and Upload package"
outputs:
rpm_file_name:
description: "Name of the RPM package file"
value: acme2certifier-${{ github.run_id }}.noarch.rpm
runs:
using: "composite"
steps:
- name: "Build rpm package"
id: rpm_build
uses: ./.github/actions/rpm_build
- name: "Rename rpm package"
run: |
sudo mv ${{ steps.rpm_build.outputs.rpm_dir_path }}/noarch/acme2certifier-*.noarch.rpm ${{ steps.rpm_build.outputs.rpm_dir_path }}/noarch/acme2certifier-${{ github.run_id }}.noarch.rpm
shell: bash
- name: "Upload RPM package"
uses: actions/upload-artifact@v7
with:
name: acme2certifier-${{ github.run_id }}.noarch.rpm
path: ${{ steps.rpm_build.outputs.rpm_dir_path }}/noarch/
================================================
FILE: .github/actions/rpm_prep/action.yml
================================================
name: "rpm_prep"
description: "Prepare environment for RPM installation"
inputs:
GH_USER:
description: "GIT user for SBOM repo"
required: true
GH_SBOM_REPO_TOKEN:
description: "GIT token for SBOM repo"
required: true
RH_VERSION:
description: "RHEL version"
required: true
DJANGO_DB:
description: "Django database"
RPM_BUILD:
description: "Build RPM"
required: true
default: "true"
NAME_SPACE:
description: "Name space"
required: true
default: "acme"
IPV6:
description: "IPv6"
required: true
default: "false"
runs:
using: "composite"
steps:
- name: "Build rpm package"
if: inputs.RPM_BUILD == 'true'
id: rpm_build
uses: ./.github/actions/rpm_build
- name: "Generate keys and certificates"
uses: ./.github/actions/cert_gen
- name: "Setup environment for alma installation"
run: |
echo "IPv6 is $IPV6"
if [ "$IPV6" == "false" ]; then
echo "create v4 namespace"
docker network create $NAME_SPACE
else
echo "create v6 namespace"
docker network create $NAME_SPACE --ipv6 --subnet "fdbb:6445:65b4:0a60::/64"
fi
sudo mkdir -p data/volume
sudo mkdir -p data/acme2certifier
sudo mkdir -p data/nginx
sudo chmod -R 777 data
sudo cp examples/Docker/almalinux-systemd/django_tester.sh data
sudo cp examples/Docker/almalinux-systemd/rpm_tester.sh data
sudo cp .github/acme2certifier_cert.pem data/nginx/acme2certifier_cert.pem
sudo cp .github/acme2certifier_key.pem data/nginx/acme2certifier_key.pem
if [ -f ${{ steps.rpm_build.outputs.rpm_dir_path }}noarch/acme2certifier-${{ env.TAG_NAME }}-1.0.noarch.rpm ]; then
echo "RPM exists"
sudo cp ${{ steps.rpm_build.outputs.rpm_dir_path }}noarch/acme2certifier-${{ env.TAG_NAME }}-1.0.noarch.rpm data
else
echo "RPM does not exist"
fi
if [ -z "$DJANGO_DB" ] || [ "$DJANGO_DB" == "sqlite3" ]; then
sudo cp .github/django_settings.py data/acme2certifier/settings.py
else
#if [ "$RH_VERSION" == '8' ] && [ "$DJANGO_DB" == 'mariadb' ]; then
# echo "Using psql as django database on RHEL8"
# sudo cp .github/django_settings_psql.py data/acme2certifier/settings.py
#else
sudo cp .github/django_settings_$DJANGO_DB.py data/acme2certifier/settings.py
#fi
fi
sudo sed -i "s/\/var\/www\//\/opt\//g" data/acme2certifier/settings.py
sudo sed -i "s/USE_I18N = True/USE_I18N = False/g" data/acme2certifier/settings.py
env:
DJANGO_DB: ${{ inputs.DJANGO_DB }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
IPV6: ${{ inputs.IPV6 }}
RH_VERSION: ${{ inputs.RH_VERSION }}
shell: bash
- run: echo "RH_VERSION is $RH_VERSION"
env:
RH_VERSION: ${{ inputs.RH_VERSION }}
shell: bash
- name: "Retrieve rpm from SBOM repo"
run: |
git clone https://$GH_USER:$GH_SBOM_REPO_TOKEN@github.com/$GH_USER/sbom /tmp/sbom
cp /tmp/sbom/rpm-repo/RPMs/rhel$RH_VERSION/*.rpm data
env:
GH_USER: ${{ inputs.GH_USER }}
GH_SBOM_REPO_TOKEN: ${{ inputs.GH_SBOM_REPO_TOKEN }}
RH_VERSION: ${{ inputs.RH_VERSION }}
shell: bash
- name: "Spin-up alma instance"
run: |
docker run -d -id --privileged --network $NAME_SPACE -p 22280:80 --name=acme-srv -v "$(pwd)/data":/tmp/acme2certifier almalinux/$RH_VERSION-init
env:
RH_VERSION: ${{ inputs.RH_VERSION }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
shell: bash
- name: "Instanciate Mariadb"
if: inputs.DJANGO_DB == 'mariadb'
uses: ./.github/actions/mariadb_prep
with:
NAME_SPACE: ${{ inputs.NAME_SPACE }}
RH_VERSION: ${{ inputs.RH_VERSION }}
- name: "Instanciate Postgres"
if: inputs.DJANGO_DB == 'psql'
uses: ./.github/actions/psql_prep
with:
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "Prepare addditional environment for MSSQL"
if: inputs.DJANGO_DB == 'mssql'
run: |
echo "Download Microsoft repository configuration package"
curl https://packages.microsoft.com/config/rhel/$VERSION/packages-microsoft-prod.rpm --output data/packages-microsoft-prod.rpm
env:
DJANGO_DB: ${{ inputs.DJANGO_DB }}
VERSION: ${{ inputs.RH_VERSION }}
shell: bash
- name: "Instanciate MSSQL"
if: inputs.DJANGO_DB == 'mssql'
uses: ./.github/actions/mssql_prep
with:
NAME_SPACE: ${{ inputs.NAME_SPACE }}
================================================
FILE: .github/actions/wf_specific/acme_ca_handler/compare_profile_info/action.yml
================================================
name: "compare_profile_info"
description: "compare_profile_info"
inputs:
NAME_SPACE:
description: "Namespace for the test"
required: true
default: "acme"
runs:
using: "composite"
steps:
- name: "Sleep for 5s"
uses: juliangruber/sleep-action@v2.0.3
with:
time: 5s
- name: "Trigger fetch sync of profile information from LE"
run: |
docker run -i --rm --network $NAME_SPACE curlimages/curl -f http://acme-srv/directory --insecure
shell: bash
env:
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "Sleep for 5s"
uses: juliangruber/sleep-action@v2.0.3
with:
time: 5s
- name: "Get and compare profile information"
run: |
LE_OUTPUT=$(docker run -i --rm --network $NAME_SPACE curlimages/curl -f https://acme-staging-v02.api.letsencrypt.org/directory --insecure)
A2C_OUTPUT=$(docker run -i --rm --network $NAME_SPACE curlimages/curl -f http://acme-srv/directory --insecure)
# Parse LE_OUTPUT for .meta.profiles using jq
LE_PROFILES=$(echo "$LE_OUTPUT" | jq '.meta.profiles // empty')
A2C_PROFILES=$(echo "$A2C_OUTPUT" | jq '.meta.profiles // empty')
echo "LE_PROFILES: $LE_PROFILES"
echo "A2C_PROFILES: $A2C_PROFILES"
if [ "$LE_PROFILES" != "$A2C_PROFILES" ]; then
echo "Profile information does not match!"
exit 1
else
echo "Profile information matches."
fi
shell: bash
env:
NAME_SPACE: ${{ inputs.NAME_SPACE }}
================================================
FILE: .github/actions/wf_specific/acme_ca_handler/compare_renewal_info/action.yml
================================================
name: "compare_profile_info"
description: "compare_profile_info"
inputs:
NAME_SPACE:
description: "Namespace for the test"
required: true
default: "acme"
CERTIFICATE_FILE:
description: "Path to certificate file"
required: false
default: "/tmp/cert.pem"
HTTPS_PORT:
description: "HTTPS port"
required: true
default: "443"
HOSTNAME_SUFFIX:
description: "Hostname suffix"
ACME_SERVER:
description: "ACME server URL"
required: true
default: "acme-srv"
CERT_TIMEOUT:
description: "Certificate timeout"
required: true
default: "120"
runs:
using: "composite"
steps:
- name: "Sleep for 5s"
uses: juliangruber/sleep-action@v2.0.3
with:
time: 5s
- name: "HTTPS - Enroll lego"
run: |
echo "##### HTTP - Enroll lego #####"
docker run -i --rm -v $PWD/lego:/.lego/ --name lego$HOSTNAME_SUFFIX --network $NAME_SPACE goacme/lego -s https://$ACME_SERVER:$HTTPS_PORT --tls-skip-verify --a --email "lego@example.com" -d lego$HOSTNAME_SUFFIX.$NAME_SPACE --cert.timeout $CERT_TIMEOUT --tls run
shell: bash
env:
ACME_SERVER: ${{ inputs.ACME_SERVER }}
HTTPS_PORT: ${{ inputs.HTTPS_PORT }}
HOSTNAME_SUFFIX: ${{ inputs.HOSTNAME_SUFFIX }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
CERT_TIMEOUT: ${{ inputs.CERT_TIMEOUT }}
- name: "Construct renewal info string"
id: construct_renewal_info
run: |
AKI_HEX=$(sudo openssl x509 -in "$CERT" -noout -text | awk '/Authority Key Identifier/{getline; print}' | sed 's/ *keyid://;s/://g')
SERIAL_HEX=$(sudo openssl x509 -in "$CERT" -noout -serial | cut -d'=' -f2)
echo "$AKI_HEX" | xxd -r -p > /tmp/aki.bin
echo "$SERIAL_HEX" | xxd -r -p > /tmp/serial.bin
AKI_B64=$(openssl base64 -A -in /tmp/aki.bin | tr '+/' '-_' | tr -d '=')
SERIAL_B64=$(openssl base64 -A -in /tmp/serial.bin | tr '+/' '-_' | tr -d '=')
RENEWAL_INFO="${AKI_B64}.${SERIAL_B64}"
echo "RENEWAL_INFO=$RENEWAL_INFO" >> $GITHUB_OUTPUT
shell: bash
env:
NAME_SPACE: ${{ inputs.NAME_SPACE }}
CERT: ${{ inputs.CERTIFICATE_FILE }}
- name: "Get and compare renewal strings from a2c and LE"
run: |
echo "LEGO RENEWAL INFO: $RENEWAL_INFO"
LE_RENEWAL_OUTPUT=$(docker run -i --rm --network $NAME_SPACE curlimages/curl --insecure -f https://acme-staging-v02.api.letsencrypt.org/acme/renewal-info/$RENEWAL_INFO)
A2C_RENEWAL_OUTPUT=$(docker run -i --rm --network $NAME_SPACE curlimages/curl --insecure -f https://$ACME_SERVER:$HTTPS_PORT/acme/renewal-info/$RENEWAL_INFO)
LE_RENEWAL_INFO=$(echo "$LE_RENEWAL_OUTPUT" | jq | sha224sum)
A2C_RENEWAL_INFO=$(echo "$A2C_RENEWAL_OUTPUT" | jq | sha224sum)
echo "LE_RENEWAL: $LE_RENEWAL_INFO"
echo "A2C_RENEWAL: $A2C_RENEWAL_INFO"
if [ -z "$LE_RENEWAL_INFO" ] || [ -z "$A2C_RENEWAL_INFO" ]; then
echo "One of the renewal info values is empty (None)!"
exit 1
fi
if [ "$LE_RENEWAL_INFO" != "$A2C_RENEWAL_INFO" ]; then
echo "Renewal information does not match!"
exit 1
else
echo "Renewal information matches."
fi
shell: bash
env:
ACME_SERVER: ${{ inputs.ACME_SERVER }}
HTTPS_PORT: ${{ inputs.HTTPS_PORT }}
HOSTNAME_SUFFIX: ${{ inputs.HOSTNAME_SUFFIX }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
RENEWAL_INFO: ${{ steps.construct_renewal_info.outputs.RENEWAL_INFO }}
- name: "HTTPS - Revoke lego"
if: ${{ inputs.REVOCATION == 'true' }}
run: |
echo "#### HTTPS - Revoke lego"
docker run -i -v $PWD/lego:/.lego/ --rm --name lego$HOSTNAME_SUFFIX --network $NAME_SPACE goacme/lego -s https://$ACME_SERVER:$HTTPS_PORT --tls-skip-verify -a --email "lego@example.com" -d lego$HOSTNAME_SUFFIX.$NAME_SPACE revoke
shell: bash
env:
ACME_SERVER: ${{ inputs.ACME_SERVER }}
HTTPS_PORT: ${{ inputs.HTTPS_PORT }}
HOSTNAME_SUFFIX: ${{ inputs.HOSTNAME_SUFFIX }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "Sleep for 5s"
uses: juliangruber/sleep-action@v2.0.3
with:
time: 5s
- name: "Get and compare profile information"
run: |
echo "$RENEWAL_INFO"
#if [ "$LE_PROFILES" != "$A2C_PROFILES" ]; then
# echo "Profile information does not match!"
# exit 1
#else
# echo "Profile information matches."
#fi
shell: bash
env:
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "Delete lego folders"
run: |
sudo rm -rf lego/*
shell: bash
================================================
FILE: .github/actions/wf_specific/acme_ca_handler/enroll_acmeprofile/action.yml
================================================
name: "enroll_acmeprofile"
description: "enroll_acmeprofile‚"
inputs:
DEPLOYMENT_TYPE:
description: "Deployment type"
required: true
default: "rpm"
runs:
using: "composite"
steps:
- name: "Sleep for 5s"
uses: juliangruber/sleep-action@v2.0.3
with:
time: 5s
- name: "EAB - Test http://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
shell: bash
- name: "EAB - Test if https://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl --insecure -f https://acme-srv/directory
shell: bash
- name: "ACME Profile - 01 - Enroll lego with without template"
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" -d lego.acme --http run
sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem lego/certificates/lego.acme.crt
sudo openssl x509 -in lego/certificates/lego.acme.crt -text -noout
shell: bash
- name: "ACME Profile - 01 - Clear logs"
working-directory: examples/Docker/
run: |
if [ "$DEPLOYMENT_TYPE" == "container" ]; then
sudo truncate -s 0 $(docker inspect --format='{{.LogPath}}' acme2certifier-acme-srv-1)
fi
shell: bash
env:
DEPLOYMENT_TYPE: ${{ inputs.DEPLOYMENT_TYPE }}
- name: "ACME Profile - 02 - Enroll lego with a unknown template_name"
id: legofail01
continue-on-error: true
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" -d lego.acme --http run --profile unknown
shell: bash
- name: "ACME Profile - 02 - check result "
if: steps.legofail01.outcome != 'failure'
run: |
echo "legofail outcome is ${{steps.legofail01.outcome }}"
exit 1
shell: bash
- name: "Sleep for 5s"
uses: juliangruber/sleep-action@v2.0.3
with:
time: 5s
- name: "ACME Profile - 02 - Check logs"
working-directory: examples/Docker/
run: |
if [ "$DEPLOYMENT_TYPE" == "container" ]; then
docker compose logs | grep "unknown"
sudo truncate -s 0 $(docker inspect --format='{{.LogPath}}' acme2certifier-acme-srv-1)
elif [ "$DEPLOYMENT_TYPE" == "rpm" ]; then
docker exec -i acme-srv tail -n 500 /var/log/messages | grep unknown
fi
shell: bash
env:
DEPLOYMENT_TYPE: ${{ inputs.DEPLOYMENT_TYPE }}
- name: "ACME Profile - 03 - Enroll lego with am allowed template_name"
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" -d lego.acme --http run --profile profile2
sudo openssl x509 -in lego/certificates/lego.acme.crt -ext extendedKeyUsage -noout
sudo openssl x509 -in lego/certificates/lego.acme.crt -issuer --noout
sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem lego/certificates/lego.acme.crt
shell: bash
- name: "Sleep for 5s"
uses: juliangruber/sleep-action@v2.0.3
with:
time: 5s
- name: "ACME Profile - 03 - Check logs"
working-directory: examples/Docker/
run: |
if [ "$DEPLOYMENT_TYPE" == "container" ]; then
docker compose logs | grep "profile: profile2"
sudo truncate -s 0 $(docker inspect --format='{{.LogPath}}' acme2certifier-acme-srv-1)
elif [ "$DEPLOYMENT_TYPE" == "rpm" ]; then
docker exec -i acme-srv tail -n 500 /var/log/messages | grep "profile: profile2"
fi
shell: bash
env:
DEPLOYMENT_TYPE: ${{ inputs.DEPLOYMENT_TYPE }}
================================================
FILE: .github/actions/wf_specific/acme_ca_handler/enroll_dns/action.yml
================================================
name: "acme_clients - enroll, renew and revoke certificates"
description: "Test if acme.sh, certbot and lego can enroll, renew and certificates"
inputs:
ACME_SERVER:
description: "ACME server URL"
required: true
default: "acme-srv"
REVOCATION:
description: "Revocation method"
required: true
default: "true"
RENEWAL:
description: "Renewal method"
required: true
default: "true"
VERIFY_CERT:
description: "Verify certificate"
required: true
default: "true"
USE_CERTBOT:
description: "Use certbot"
required: true
default: "true"
USE_RSA:
description: "Use RSA"
required: true
default: "false"
HTTP_PORT:
description: "HTTP port"
required: true
default: "80"
HTTPS_PORT:
description: "HTTPS port"
required: true
default: "443"
HOSTNAME_SUFFIX:
description: "Hostname suffix"
required: true
NAME_SPACE:
description: "Namespace"
required: true
default: "acme"
TEST_ADL:
description: "Test allowed_domainlist feature"
required: true
default: "false"
CERT_TIMEOUT:
description: "Certificate timeout"
required: true
default: "120"
runs:
using: "composite"
steps:
- name: "Create directories"
run: |
mkdir -p acme-sh/
sudo mkdir -p certbot/
sudo mkdir -p lego/ca
sudo cp .github/acme2certifier_cabundle.pem certbot/
sudo cp .github/acme2certifier_cabundle.pem lego/
if [ -f cert-2.pem ]; then
echo "delete cert-2.pem"
rm -f cert-2.pem
fi
if [ -f cert-1.pem ]; then
echo "delete cert-1.pem"
rm -f cert-1.pem
fi
shell: bash
- name: "Sleep for 5s"
uses: juliangruber/sleep-action@v2.0.3
with:
time: 5s
- name: "Test if http://acme-srv/directory is accessible"
run: docker run -i --rm --network $NAME_SPACE curlimages/curl -f http://$ACME_SERVER:$HTTP_PORT/directory
shell: bash
env:
ACME_SERVER: ${{ inputs.ACME_SERVER }}
HTTP_PORT: ${{ inputs.HTTP_PORT }}
HTTPS_PORT: ${{ inputs.HTTPS_PORT }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "Test if https://acme-srv/directory is accessible"
run: docker run -i --rm --network $NAME_SPACE curlimages/curl --insecure -f https://$ACME_SERVER:$HTTPS_PORT/directory
shell: bash
env:
ACME_SERVER: ${{ inputs.ACME_SERVER }}
HTTP_PORT: ${{ inputs.HTTP_PORT }}
HTTPS_PORT: ${{ inputs.HTTPS_PORT }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "HTTPS - Enroll lego"
run: |
echo "##### HTTP - Enroll lego #####"
if [ "$USE_RSA" == "false" ]; then
echo "use ECC"
docker run -i --rm -e LEGO_CA_CERTIFICATES=.lego/acme2certifier_cabundle.pem -v $PWD/lego:/.lego/ --name lego$HOSTNAME_SUFFIX --network $NAME_SPACE goacme/lego -s https://$ACME_SERVER:$HTTPS_PORT --tls-skip-verify --a --email "lego@example.com" -d lego$HOSTNAME_SUFFIX.$NAME_SPACE --cert.timeout $CERT_TIMEOUT --tls run
else
echo "use RSA"
docker run -i --rm -e LEGO_CA_CERTIFICATES=.lego/acme2certifier_cabundle.pem -v $PWD/lego:/.lego/ --name lego$HOSTNAME_SUFFIX --network $NAME_SPACE goacme/lego -s https://$ACME_SERVER:$HTTPS_PORT --tls-skip-verify --a --email "lego@example.com" --key-type=rsa2048 -d lego$HOSTNAME_SUFFIX.$NAME_SPACE --cert.timeout $CERT_TIMEOUT --tls run
fi
shell: bash
env:
ACME_SERVER: ${{ inputs.ACME_SERVER }}
HTTP_PORT: ${{ inputs.HTTP_PORT }}
HTTPS_PORT: ${{ inputs.HTTPS_PORT }}
USE_RSA: ${{ inputs.USE_RSA }}
HOSTNAME_SUFFIX: ${{ inputs.HOSTNAME_SUFFIX }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
CERT_TIMEOUT: ${{ inputs.CERT_TIMEOUT }}
- name: "HTTPS - Revoke lego"
if: ${{ inputs.REVOCATION == 'true' }}
run: |
echo "#### HTTPS - Revoke lego"
docker run -i -v $PWD/lego:/.lego/ --rm --name lego$HOSTNAME_SUFFIX --network $NAME_SPACE goacme/lego -s https://$ACME_SERVER:$HTTPS_PORT --tls-skip-verify -a --email "lego@example.com" -d lego$HOSTNAME_SUFFIX.$NAME_SPACE revoke
shell: bash
env:
ACME_SERVER: ${{ inputs.ACME_SERVER }}
HTTP_PORT: ${{ inputs.HTTP_PORT }}
HTTPS_PORT: ${{ inputs.HTTPS_PORT }}
HOSTNAME_SUFFIX: ${{ inputs.HOSTNAME_SUFFIX }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "HTTPS - Enroll certbot"
if: ${{ inputs.USE_CERTBOT == 'true' }}
run: |
echo "##### HTTPS - Enroll certbot #####"
if [ "$USE_RSA" == "false" ]; then
docker run -i --rm --name certbot$HOSTNAME_SUFFIX --network $NAME_SPACE -v $PWD/certbot:/etc/letsencrypt/ certbot/certbot certonly --server https://$ACME_SERVER:$HTTPS_PORT --standalone --preferred-challenges http --no-verify-ssl --agree-tos -m 'certbot@example.com' -d certbot$HOSTNAME_SUFFIX.$NAME_SPACE --cert-name certbot --issuance-timeout $CERT_TIMEOUT
else
docker run -i --rm --name certbot$HOSTNAME_SUFFIX --network $NAME_SPACE -v $PWD/certbot:/etc/letsencrypt/ certbot/certbot certonly --server https://$ACME_SERVER:$HTTPS_PORT --standalone --preferred-challenges http --no-verify-ssl --agree-tos -m 'certbot@example.com' --key-type rsa -d certbot$HOSTNAME_SUFFIX.$NAME_SPACE --cert-name certbot --issuance-timeout $CERT_TIMEOUT
fi
if [ "$VERIFY_CERT" == "true" ]; then
if [ -f cert-2.pem ]; then
sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem certbot/live/certbot/cert.pem
else
echo "single root ca"
sudo openssl verify -CAfile cert-1.pem certbot/live/certbot/cert.pem
fi
fi
shell: bash
env:
VERIFY_CERT: ${{ inputs.VERIFY_CERT }}
ACME_SERVER: ${{ inputs.ACME_SERVER }}
HTTPS_PORT: ${{ inputs.HTTPS_PORT }}
USE_RSA: ${{ inputs.USE_RSA }}
HOSTNAME_SUFFIX: ${{ inputs.HOSTNAME_SUFFIX }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
CERT_TIMEOUT: ${{ inputs.CERT_TIMEOUT }}
- name: "HTTPS - Revoke certbot"
if: ${{ (inputs.USE_CERTBOT == 'true') && (inputs.REVOCATION == 'true') }}
run: |
echo "##### HTTPS - Revoke certbot #####"
docker run -i --rm --name certbot$HOSTNAME_SUFFIX --network $NAME_SPACE -v $PWD/certbot:/etc/letsencrypt/ certbot/certbot revoke --server https://$ACME_SERVER:$HTTPS_PORT --no-verify-ssl --delete-after-revoke --cert-name certbot
shell: bash
env:
ACME_SERVER: ${{ inputs.ACME_SERVER }}
HTTP_PORT: ${{ inputs.HTTP_PORT }}
HTTPS_PORT: ${{ inputs.HTTPS_PORT }}
HOSTNAME_SUFFIX: ${{ inputs.HOSTNAME_SUFFIX }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "Allowed domainlist feature - Enroll lego (fail)"
continue-on-error: true
id: legofail01
if: ${{ inputs.TEST_ADL == 'true' }}
run: |
echo "##### HTTP - Enroll lego to test allowed domainlist feature #####"
if [ "$USE_RSA" == "false" ]; then
echo "use ECC"
docker run -i --rm -v $PWD/lego:/.lego/ --name lego$HOSTNAME_SUFFIX --network $NAME_SPACE goacme/lego -s https://$ACME_SERVER:$HTTPS_PORT --tls-skip-verify -a --email "lego@example.com" -d lego$HOSTNAME_SUFFIX --tls run
else
echo "use RSA"
docker run -i --rm -v $PWD/lego:/.lego/ --name lego$HOSTNAME_SUFFIX --network $NAME_SPACE goacme/lego -s https://$ACME_SERVER:$HTTPS_PORT --tls-skip-verify -a --email "lego@example.com" --key-type=rsa2048 -d lego$HOSTNAME_SUFFIX --tls run
fi
shell: bash
env:
ACME_SERVER: ${{ inputs.ACME_SERVER }}
HTTP_PORT: ${{ inputs.HTTP_PORT }}
HTTPS_PORT: ${{ inputs.HTTPS_PORT }}
USE_RSA: ${{ inputs.USE_RSA }}
HOSTNAME_SUFFIX: ${{ inputs.HOSTNAME_SUFFIX }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "Allowed domainlist feature - check result "
if: ${{ (inputs.TEST_ADL == 'true') && steps.legofail01.outcome != 'failure' }}
run: |
echo "legofail outcome is ${{steps.legofail01.outcome }}"
exit 1
shell: bash
- name: "Delete acme-sh, letsencypt and lego folders"
run: |
sudo rm -rf lego/*
sudo rm -rf acme-sh/*
sudo rm -rf certbot/*
shell: bash
- name: "Sleep for 5s"
uses: juliangruber/sleep-action@v2.0.3
with:
time: 5s
================================================
FILE: .github/actions/wf_specific/acme_ca_handler/enroll_dns_wc/action.yml
================================================
name: "acme_clients - enroll, renew and revoke certificates"
description: "Test if acme.sh, certbot and lego can enroll, renew and certificates"
inputs:
ACME_SERVER:
description: "ACME server URL"
required: true
default: "acme-srv"
REVOCATION:
description: "Revocation method"
required: true
default: "true"
RENEWAL:
description: "Renewal method"
required: true
default: "true"
VERIFY_CERT:
description: "Verify certificate"
required: true
default: "true"
USE_CERTBOT:
description: "Use certbot"
required: true
default: "true"
USE_RSA:
description: "Use RSA"
required: true
default: "false"
HTTP_PORT:
description: "HTTP port"
required: true
default: "80"
HTTPS_PORT:
description: "HTTPS port"
required: true
default: "443"
HOSTNAME_SUFFIX:
description: "Hostname suffix"
required: true
NAME_SPACE:
description: "Namespace"
required: true
default: "acme"
TEST_ADL:
description: "Test allowed_domainlist feature"
required: true
default: "false"
CERT_TIMEOUT:
description: "Certificate timeout"
required: true
default: "120"
runs:
using: "composite"
steps:
- name: "Create directories"
run: |
mkdir -p acme-sh/
sudo mkdir -p certbot/
sudo mkdir -p lego/ca
sudo cp .github/acme2certifier_cabundle.pem certbot/
sudo cp .github/acme2certifier_cabundle.pem lego/
if [ -f cert-2.pem ]; then
echo "delete cert-2.pem"
rm -f cert-2.pem
fi
if [ -f cert-1.pem ]; then
echo "delete cert-1.pem"
rm -f cert-1.pem
fi
shell: bash
- name: "Sleep for 5s"
uses: juliangruber/sleep-action@v2.0.3
with:
time: 5s
- name: "Test if http://acme-srv/directory is accessible"
run: docker run -i --rm --network $NAME_SPACE curlimages/curl -f http://$ACME_SERVER:$HTTP_PORT/directory
shell: bash
env:
ACME_SERVER: ${{ inputs.ACME_SERVER }}
HTTP_PORT: ${{ inputs.HTTP_PORT }}
HTTPS_PORT: ${{ inputs.HTTPS_PORT }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "Test if https://acme-srv/directory is accessible"
run: docker run -i --rm --network $NAME_SPACE curlimages/curl --insecure -f https://$ACME_SERVER:$HTTPS_PORT/directory
shell: bash
env:
ACME_SERVER: ${{ inputs.ACME_SERVER }}
HTTP_PORT: ${{ inputs.HTTP_PORT }}
HTTPS_PORT: ${{ inputs.HTTPS_PORT }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "HTTPS - Enroll lego"
run: |
echo "##### HTTP - Enroll lego #####"
if [ "$USE_RSA" == "false" ]; then
echo "use ECC"
docker run -i --rm -e LEGO_CA_CERTIFICATES=.lego/acme2certifier_cabundle.pem -v $PWD/lego:/.lego/ --name lego$HOSTNAME_SUFFIX --network $NAME_SPACE goacme/lego -s https://$ACME_SERVER:$HTTPS_PORT --tls-skip-verify -a --email "lego@example.com" -d *.$NAME_SPACE --cert.timeout $CERT_TIMEOUT --tls run
else
echo "use RSA"
docker run -i --rm -e LEGO_CA_CERTIFICATES=.lego/acme2certifier_cabundle.pem -v $PWD/lego:/.lego/ --name lego$HOSTNAME_SUFFIX --network $NAME_SPACE goacme/lego -s https://$ACME_SERVER:$HTTPS_PORT --tls-skip-verify -a --email "lego@example.com" --key-type=rsa2048 -d *.$NAME_SPACE --cert.timeout $CERT_TIMEOUT --tls run
fi
shell: bash
env:
ACME_SERVER: ${{ inputs.ACME_SERVER }}
HTTP_PORT: ${{ inputs.HTTP_PORT }}
HTTPS_PORT: ${{ inputs.HTTPS_PORT }}
USE_RSA: ${{ inputs.USE_RSA }}
HOSTNAME_SUFFIX: ${{ inputs.HOSTNAME_SUFFIX }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
CERT_TIMEOUT: ${{ inputs.CERT_TIMEOUT }}
- name: "HTTPS - Revoke lego"
if: ${{ inputs.REVOCATION == 'true' }}
run: |
echo "#### HTTPS - Revoke lego"
docker run -i -v $PWD/lego:/.lego/ --rm --name lego$HOSTNAME_SUFFIX --network $NAME_SPACE goacme/lego -s https://$ACME_SERVER:$HTTPS_PORT --tls-skip-verify -a --email "lego@example.com" -d *.$NAME_SPACE revoke
shell: bash
env:
ACME_SERVER: ${{ inputs.ACME_SERVER }}
HTTP_PORT: ${{ inputs.HTTP_PORT }}
HTTPS_PORT: ${{ inputs.HTTPS_PORT }}
HOSTNAME_SUFFIX: ${{ inputs.HOSTNAME_SUFFIX }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "Sleep for 5s"
uses: juliangruber/sleep-action@v2.0.3
with:
time: 5s
================================================
FILE: .github/actions/wf_specific/acme_ca_handler/enroll_eab_acmeprofile/action.yml
================================================
name: "eab_acmeprofile"
description: "eab_acmeprofile"
inputs:
DEPLOYMENT_TYPE:
description: "Deployment type"
required: true
default: "rpm"
runs:
using: "composite"
steps:
- name: "Sleep for 10s"
uses: juliangruber/sleep-action@v2.0.3
with:
time: 10s
- name: "Test http://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
shell: bash
- name: "EAB - 01 - Enroll lego without profile"
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" --eab --kid keyid_00 --hmac V2VfbmVlZF9hbm90aGVyX3ZlcnkfX2xvbmdfaG1hY190b19jaGVja19lYWJfZm9yX2tleWlkXzAwX2FzX2xlZ29fZW5mb3JjZXNfYW5faG1hY19sb25nZXJfdGhhbl8yNTZfYml0cw -d lego.acme --http run
shell: bash
- name: "Check logs"
working-directory: examples/Docker/
run: |
if [ "$DEPLOYMENT_TYPE" == "container" ]; then
docker compose logs | grep "profile: profile_1"
sudo truncate -s 0 $(docker inspect --format='{{.LogPath}}' acme2certifier-acme-srv-1)
elif [ "$DEPLOYMENT_TYPE" == "rpm" ]; then
docker exec -i acme-srv tail -n 500 /var/log/messages | grep "profile: profile_1"
fi
shell: bash
env:
DEPLOYMENT_TYPE: ${{ inputs.DEPLOYMENT_TYPE }}
- name: "EAB with ACME profile - 02a - Enroll lego with a profile taken NOT included in kid.json (to fail)"
id: legofail01
continue-on-error: true
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" --eab --kid keyid_00 --hmac V2VfbmVlZF9hbm90aGVyX3ZlcnkfX2xvbmdfaG1hY190b19jaGVja19lYWJfZm9yX2tleWlkXzAwX2FzX2xlZ29fZW5mb3JjZXNfYW5faG1hY19sb25nZXJfdGhhbl8yNTZfYml0cw -d lego.acme --http run --profile unknown
shell: bash
- name: "EAB with ACME profile - 02a - check result "
if: steps.legofail01.outcome != 'failure'
run: |
echo "legofail outcome is ${{steps.legofail01.outcome }}"
exit 1
shell: bash
- name: "EAB with ACME profile - 02b - Enroll lego with a profile included in kid.json"
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" --eab --kid keyid_00 --hmac V2VfbmVlZF9hbm90aGVyX3ZlcnkfX2xvbmdfaG1hY190b19jaGVja19lYWJfZm9yX2tleWlkXzAwX2FzX2xlZ29fZW5mb3JjZXNfYW5faG1hY19sb25nZXJfdGhhbl8yNTZfYml0cw -d lego.acme --http run --profile profile_2
shell: bash
- name: "Check logs"
working-directory: examples/Docker/
run: |
if [ "$DEPLOYMENT_TYPE" == "container" ]; then
echo "container deployment"
docker compose logs | grep "profile: profile_2"
sudo truncate -s 0 $(docker inspect --format='{{.LogPath}}' acme2certifier-acme-srv-1)
elif [ "$DEPLOYMENT_TYPE" == "rpm" ]; then
docker exec -i acme-srv tail -n 500 /var/log/messages | grep "profile: profile_2"
fi
shell: bash
env:
DEPLOYMENT_TYPE: ${{ inputs.DEPLOYMENT_TYPE }}
- name: "EAB with ACME profile - 03 - Enroll lego with a profile/ca_name taken from kid.json"
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" --eab --kid keyid_01 --hmac YW5vdXRoZXJfdmVyeV9sb25nX2htYWNfZm9yX2tleWlkXzAxX3doaWNoIHdpbGxfYmUgdXNlZF9kdXJpbmcgcmVncmVzc2lvbg -k rsa2048 -d lego.acme --http run
shell: bash
- name: "Check logs"
working-directory: examples/Docker/
run: |
if [ "$DEPLOYMENT_TYPE" == "container" ]; then
docker compose logs | grep "profile: profile_2"
sudo truncate -s 0 $(docker inspect --format='{{.LogPath}}' acme2certifier-acme-srv-1)
elif [ "$DEPLOYMENT_TYPE" == "rpm" ]; then
docker exec -i acme-srv tail -n 500 /var/log/messages | grep "profile: profile_2"
fi
shell: bash
env:
DEPLOYMENT_TYPE: ${{ inputs.DEPLOYMENT_TYPE }}
- name: "EAB with ACME profile - 04 - Enroll lego with a not allowed fqdn in kid.json (to fail)"
id: legofail02
continue-on-error: true
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" --eab --kid keyid_02 --hmac dGhpc19pc19hX3ZlcnlfbG9uZ19obWFjX3RvX21ha2Vfc3VyZV90aGF0X2l0c19tb3JlX3RoYW5fMjU2X2JpdHM -k rsa2048 -d lego.acme --http run
shell: bash
- name: "EAB with ACME profile - 04a - check result "
if: steps.legofail02.outcome != 'failure'
run: |
echo "legofail outcome is ${{steps.legofail02.outcome }}"
exit 1
shell: bash
- name: "EAB with ACME profile - 05 - Enroll lego with default values from acme.cfg"
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" --eab --kid keyid_03 --hmac YW5kX2ZpbmFsbHlfdGhlX2xhc3RfaG1hY19rZXlfd2hpY2hfaXNfbG9uZ2VyX3RoYW5fMjU2X2JpdHNfYW5kX3Nob3VsZF93b3Jr -k rsa2048 -d lego.acme --http run
sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem lego/certificates/lego.acme.crt
sudo openssl x509 -in lego/certificates/lego.acme.crt -text -noout
sudo openssl x509 -in lego/certificates/lego.acme.crt -issuer --noout | grep -i sub-ca
shell: bash
- name: "Check logs"
working-directory: examples/Docker/
run: |
if [ "$DEPLOYMENT_TYPE" == "container" ]; then
docker compose logs | grep "profile: profile_1"
sudo truncate -s 0 $(docker inspect --format='{{.LogPath}}' acme2certifier-acme-srv-1)
elif [ "$DEPLOYMENT_TYPE" == "rpm" ]; then
docker exec -i acme-srv tail -n 500 /var/log/messages | grep "profile: profile_1"
fi
shell: bash
env:
DEPLOYMENT_TYPE: ${{ inputs.DEPLOYMENT_TYPE }}
================================================
FILE: .github/actions/wf_specific/acme_ca_handler/enrollment_profiling/action.yml
================================================
name: "enrollment_profiling"
description: "le-enrollment_profiling"
runs:
using: "composite"
steps:
- name: "Sleep for 10s"
uses: juliangruber/sleep-action@v2.0.3
with:
time: 10s
- name: "Test http://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
shell: bash
- name: "EAB - 01 - Enroll acme.sh without acme_url"
run: |
sudo rm -rf acme-sh/*
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --register-account --server http://acme-srv --accountemail 'acme-sh@example.com' --eab-kid keyid_00 --eab-hmac-key V2VfbmVlZF9hbm90aGVyX3ZlcnkfX2xvbmdfaG1hY190b19jaGVja19lYWJfZm9yX2tleWlkXzAwX2FzX2xlZ29fZW5mb3JjZXNfYW5faG1hY19sb25nZXJfdGhhbl8yNTZfYml0cw --debug 3
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv -d acme-sh.acme --standalone --debug 3 --output-insecure
openssl x509 -in acme-sh/acme-sh.acme_ecc/acme-sh.acme.cer -issuer --noout | grep -i root-ca
shell: bash
- name: "EAB - 01 - Enroll lego without acme_url"
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" --eab --kid keyid_00 --hmac V2VfbmVlZF9hbm90aGVyX3ZlcnkfX2xvbmdfaG1hY190b19jaGVja19lYWJfZm9yX2tleWlkXzAwX2FzX2xlZ29fZW5mb3JjZXNfYW5faG1hY19sb25nZXJfdGhhbl8yNTZfYml0cw -d lego.acme --http run
sudo openssl x509 -in lego/certificates/lego.acme.crt -issuer --noout | grep -i root-ca
shell: bash
- name: "EAB with headerinfo - 02a - Enroll acme with a template_name taken from header_info NOT included in kid.json (to fail)"
id: acmefail01
continue-on-error: true
run: |
sudo rm -rf acme-sh/*
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --register-account --server http://acme-srv --accountemail 'acme-sh@example.com' --eab-kid keyid_00 --eab-hmac-key V2VfbmVlZF9hbm90aGVyX3ZlcnkfX2xvbmdfaG1hY190b19jaGVja19lYWJfZm9yX2tleWlkXzAwX2FzX2xlZ29fZW5mb3JjZXNfYW5faG1hY19sb25nZXJfdGhhbl8yNTZfYml0cw --debug 3
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --useragent acme_url=http://foo.bar -d acme-sh.acme --standalone --debug 3 --output-insecure
shell: bash
- name: "EAB with headerinfo - 02a - check result "
if: steps.acmefail01.outcome != 'failure'
run: |
echo "acmefail outcome is ${{steps.acmefail01.outcome }}"
exit 1
shell: bash
- name: "EAB with headerinfo - 02b - Enroll acme with a template_name taken from header_info included in kid.json"
run: |
sudo rm -rf acme-sh/*
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --register-account --server http://acme-srv --accountemail 'acme-sh@example.com' --eab-kid keyid_00 --eab-hmac-key V2VfbmVlZF9hbm90aGVyX3ZlcnkfX2xvbmdfaG1hY190b19jaGVja19lYWJfZm9yX2tleWlkXzAwX2FzX2xlZ29fZW5mb3JjZXNfYW5faG1hY19sb25nZXJfdGhhbl8yNTZfYml0cw --debug 3
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --useragent acme_url=http://acme-le-sim-1.acme -d acme-sh.acme --standalone --debug 3 --output-insecure
awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert-" c ".pem"}' < acme-sh/acme-sh.acme_ecc/ca.cer
openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.acme_ecc/acme-sh.acme.cer
openssl x509 -in acme-sh/acme-sh.acme_ecc/acme-sh.acme.cer -text -noout
openssl x509 -in acme-sh/acme-sh.acme_ecc/acme-sh.acme.cer -issuer --noout | grep -i sub-ca
shell: bash
- name: "EAB with headerinfo - 02a - Enroll lego with a template_name taken from header_info NOT included in kid.json (to fail)"
id: legofail01
continue-on-error: true
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" --eab --kid keyid_00 --hmac V2VfbmVlZF9hbm90aGVyX3ZlcnkfX2xvbmdfaG1hY190b19jaGVja19lYWJfZm9yX2tleWlkXzAwX2FzX2xlZ29fZW5mb3JjZXNfYW5faG1hY19sb25nZXJfdGhhbl8yNTZfYml0cw --user-agent acme_url=http://foo.bar -d lego.acme --http run
shell: bash
- name: "EAB with headerinfo - 02a - check result "
if: steps.legofail01.outcome != 'failure'
run: |
echo "legofail outcome is ${{steps.legofail01.outcome }}"
exit 1
shell: bash
- name: "EAB with headerinfo - 02b - Enroll lego with a template_name taken from header_info included in kid.json"
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" --eab --kid keyid_00 --hmac V2VfbmVlZF9hbm90aGVyX3ZlcnkfX2xvbmdfaG1hY190b19jaGVja19lYWJfZm9yX2tleWlkXzAwX2FzX2xlZ29fZW5mb3JjZXNfYW5faG1hY19sb25nZXJfdGhhbl8yNTZfYml0cw --user-agent acme_url=http://acme-le-sim-1.acme -d lego.acme --http run
sudo openssl x509 -in lego/certificates/lego.acme.crt -ext extendedKeyUsage -noout
sudo openssl x509 -in lego/certificates/lego.acme.crt -issuer --noout
sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem lego/certificates/lego.acme.crt
sudo openssl x509 -in lego/certificates/lego.acme.crt -issuer --noout | grep -i sub-ca
shell: bash
- name: "EAB - 03 - Enroll acme with a acme_url and key taken from kid.json"
run: |
sudo rm -rf acme-sh/*
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --register-account --server http://acme-srv --accountemail 'acme-sh@example.com' --eab-kid keyid_01 --eab-hmac-key YW5vdXRoZXJfdmVyeV9sb25nX2htYWNfZm9yX2tleWlkXzAxX3doaWNoIHdpbGxfYmUgdXNlZF9kdXJpbmcgcmVncmVzc2lvbg --debug 3
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv -d acme-sh.acme --standalone --debug 3 --output-insecure
openssl x509 -in acme-sh/acme-sh.acme_ecc/acme-sh.acme.cer -text -noout
openssl x509 -in acme-sh/acme-sh.acme_ecc/acme-sh.acme.cer -issuer --noout | grep -i root-ca
shell: bash
- name: "EAB without headerinfo - 03 - Enroll lego with a profile_name/ca_name taken from kid.json"
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" --eab --kid keyid_01 --hmac YW5vdXRoZXJfdmVyeV9sb25nX2htYWNfZm9yX2tleWlkXzAxX3doaWNoIHdpbGxfYmUgdXNlZF9kdXJpbmcgcmVncmVzc2lvbg -k rsa2048 -d lego.acme --http run
sudo openssl x509 -in lego/certificates/lego.acme.crt -text -noout
sudo openssl x509 -in lego/certificates/lego.acme.crt -issuer --noout | grep -i root-ca
shell: bash
- name: "EAB with headerinfo - 04 - Enroll acme with a not allowed fqdn in kid.json (to fail)"
id: acmefail02
continue-on-error: true
run: |
sudo rm -rf acme-sh/*
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --register-account --server http://acme-srv --accountemail 'acme-sh@example.com' --eab-kid keyid_02 --eab-hmac-key dGhpc19pc19hX3ZlcnlfbG9uZ19obWFjX3RvX21ha2Vfc3VyZV90aGF0X2l0c19tb3JlX3RoYW5fMjU2X2JpdHM --debug 3
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv -d acme-sh. --standalone --keylength 2048 --debug 3 --output-insecure
shell: bash
- name: "EAB with headerinfo - 04 - check result "
if: steps.acmefail02.outcome != 'failure'
run: |
echo "acmefail outcome is ${{steps.acmefail02.outcome }}"
exit 1
shell: bash
- name: "EAB with headerinfo - 04 - Enroll lego with a not allowed fqdn in kid.json (to fail)"
id: legofail02
continue-on-error: true
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" --eab --kid keyid_02 --hmac dGhpc19pc19hX3ZlcnlfbG9uZ19obWFjX3RvX21ha2Vfc3VyZV90aGF0X2l0c19tb3JlX3RoYW5fMjU2X2JpdHM -k rsa2048 -d lego.acme --http run
shell: bash
- name: "EAB with headerinfo - 04a - check result "
if: steps.legofail02.outcome != 'failure'
run: |
echo "legofail outcome is ${{steps.legofail02.outcome }}"
exit 1
shell: bash
- name: "EAB with headerinfo - 05 - Enroll acme with default values from acme.cfg"
run: |
sudo rm -rf acme-sh/*
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --register-account --server http://acme-srv --accountemail 'acme-sh@example.com' --eab-kid keyid_03 --eab-hmac-key YW5kX2ZpbmFsbHlfdGhlX2xhc3RfaG1hY19rZXlfd2hpY2hfaXNfbG9uZ2VyX3RoYW5fMjU2X2JpdHNfYW5kX3Nob3VsZF93b3Jr --debug 3
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv -d acme-sh.acme --standalone --keylength 2048 --debug 3 --output-insecure
awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert-" c ".pem"}' < acme-sh/acme-sh.acme/ca.cer
openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.acme/acme-sh.acme.cer
openssl x509 -in acme-sh/acme-sh.acme/acme-sh.acme.cer -text -noout
openssl x509 -in acme-sh/acme-sh.acme/acme-sh.acme.cer -issuer --noout | grep -i sub-ca
shell: bash
- name: "EAB with headerinfo - 05 - Enroll lego with default values from acme.cfg"
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" --eab --kid keyid_03 --hmac YW5kX2ZpbmFsbHlfdGhlX2xhc3RfaG1hY19rZXlfd2hpY2hfaXNfbG9uZ2VyX3RoYW5fMjU2X2JpdHNfYW5kX3Nob3VsZF93b3Jr -k rsa2048 -d lego.acme --http run
sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem lego/certificates/lego.acme.crt
sudo openssl x509 -in lego/certificates/lego.acme.crt -text -noout
sudo openssl x509 -in lego/certificates/lego.acme.crt -issuer --noout | grep -i sub-ca
shell: bash
================================================
FILE: .github/actions/wf_specific/acme_ca_handler/le-sim_prep/action.yml
================================================
name: "le-sim_prep"
description: "le-sim_prep"
inputs:
LESIM_NAME:
description: "Name of the le-sim"
required: true
default: "acme-le-sim"
NAME_SPACE:
description: "Name space of the le-sim"
required: true
default: "acme"
SECTIGO_SIM:
description: "Sectigo sim"
required: true
default: "false"
runs:
using: "composite"
steps:
- name: "Setup le-sim"
run: |
sudo mkdir -p "$LESIM_NAME/acme_ca/certs"
sudo cp examples/ca_handler/openssl_ca_handler.py "$LESIM_NAME/ca_handler.py"
sudo cp test/ca/sub-ca-key.pem test/ca/sub-ca-crl.pem test/ca/sub-ca-cert.pem test/ca/root-ca-cert.pem "$LESIM_NAME/acme_ca/"
sudo cp .github/openssl_ca_handler.py_acme_srv_choosen_handler.cfg "$LESIM_NAME/acme_srv.cfg"
sudo chmod 777 "$LESIM_NAME/acme_srv.cfg"
if [ "$SECTIGO_SIM" == "true" ]; then
echo "Sectigo sim enabled"
sudo sed -i "s/challenge_validation_disable: False/challenge_validation_disable: True\nsectigo_sim: True/g" "$LESIM_NAME/acme_srv.cfg"
fi
sudo sed -i "s/challenge_validation_disable: False/challenge_validation_disable: True/g" "$LESIM_NAME/acme_srv.cfg"
docker run -d --rm -id --network "$NAME_SPACE" --name="$LESIM_NAME" -v "$(pwd)/$LESIM_NAME":/var/www/acme2certifier/volume/ grindsa/acme2certifier:apache2-wsgi
cat "$LESIM_NAME/acme_srv.cfg"
shell: bash
env:
LESIM_NAME: ${{ inputs.LESIM_NAME }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
SECTIGO_SIM: ${{ inputs.SECTIGO_SIM }}
- name: "Sleep for 10s"
uses: juliangruber/sleep-action@v2.0.3
with:
time: 10s
- name: "Test http://acme-le-sim/directory is accessible"
run: docker run -i --rm --network "$NAME_SPACE" curlimages/curl -f http://"$LESIM_NAME"/directory
shell: bash
env:
NAME_SPACE: ${{ inputs.NAME_SPACE }}
LESIM_NAME: ${{ inputs.LESIM_NAME }}
- name: "Enroll from le-sim"
run: |
mkdir -p acme-sh/
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://"$LESIM_NAME" --accountemail 'acme-sh@example.com' -d acme-sh.acme --standalone --debug 3 --output-insecure --force
awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert-" c ".pem"}' < acme-sh/acme-sh.acme_ecc/ca.cer
openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.acme_ecc/acme-sh.acme.cer
sudo rm -rf acme-sh/*
shell: bash
env:
LESIM_NAME: ${{ inputs.LESIM_NAME }}
================================================
FILE: .github/actions/wf_specific/acme_ca_handler/smallstep_prep/action.yml
================================================
name: "smallstep_prep"
description: "smallstep_prep"
runs:
using: "composite"
steps:
- name: "Setup smallstep"
run: |
sudo mkdir -p step
sudo chmod -R 777 step
docker run -d -v "$(pwd)/step":/home/step \
-p 9000:9000 -p 443:443 \
--network acme \
--name step-ca \
-e "DOCKER_STEPCA_INIT_NAME=Smallstep" \
-e "DOCKER_STEPCA_INIT_DNS_NAMES=localhost,$(hostname -f)" \
smallstep/step-ca
shell: bash
- name: "Sleep for 20s"
uses: juliangruber/sleep-action@v2.0.3
with:
time: 20s
- name: "Configure smallstep"
run: |
docker ps
docker exec -i step-ca step ca provisioner add acme --type ACME
docker exec -i step-ca step ca provisioner update acme --remove-challenge=tls-alpn-01
docker exec -i step-ca step ca provisioner update acme --remove-challenge=dns-01
docker restart step-ca
shell: bash
- name: "Sleep for 20s"
uses: juliangruber/sleep-action@v2.0.3
with:
time: 20s
- name: "Test https://step-ca.acme/acme/acme/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl -f https://step-ca:9000/acme/acme/directory --insecure
shell: bash
- name: "Enroll from smallstep using acme-sh"
run: |
mkdir -p acme-sh
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server https://step-ca:9000/acme/acme/directory --accountemail 'acme-sh@example.com' -d acme-sh.acme --standalone --debug 3 --insecure --output-insecure --force
sudo rm -rf acme-sh/*
shell: bash
================================================
FILE: .github/actions/wf_specific/acme_sh/enroll/action.yml
================================================
name: "acme_clients - enroll, renew and revoke certificates"
description: "Test if acme.sh, certbot and lego can enroll, renew and certificates"
inputs:
ACME_SERVER:
description: "ACME server URL"
required: true
default: "acme-srv"
KEYLENGTH:
description: "Key length to use for the certificate"
required: true
default: "2048"
ACCOUNTKEYLENGTH:
description: "Account key length to use for the certificate"
required: true
default: "2048"
CA_PATH:
description: "Path to CA certificates"
required: false
default: "examples/Docker/data/acme_ca/"
runs:
using: "composite"
steps:
- name: "Sleep for 10s"
uses: juliangruber/sleep-action@v2.0.3
with:
time: 10s
- name: "Create folders"
run: |
mkdir acme-sh
shell: bash
- name: "Test http://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl -f http://$ACME_SERVER/directory
shell: bash
env:
ACME_SERVER: ${{ inputs.ACME_SERVER }}
- name: "Test if https://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl --insecure -f https://$ACME_SERVER/directory
shell: bash
env:
ACME_SERVER: ${{ inputs.ACME_SERVER }}
- name: "Prepare acme.sh container"
run: |
docker run --rm -id -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest daemon
shell: bash
- name: "Enroll HTTP-01 single domain acme.sh"
run: |
docker exec -i acme-sh acme.sh --server http://$ACME_SERVER --keylength $KEYLENGTH --accountkeylength $ACCOUNTKEYLENGTH --accountemail 'acme-sh@example.com' --issue -d acme-sh.acme --standalone --debug 3 --output-insecure
if ([ "$KEYLENGTH" == "ec-256" ] || [ "$KEYLENGTH" == "ec-384" ] || [ "$KEYLENGTH" == "ec-521" ]) ; then
ECC="_ecc"
fi
openssl verify -CAfile $CA_PATH/root-ca-cert.pem -untrusted $CA_PATH/sub-ca-cert.pem acme-sh/acme-sh.acme${ECC}/acme-sh.acme.cer
shell: bash
env:
ACME_SERVER: ${{ inputs.ACME_SERVER }}
KEYLENGTH: ${{ inputs.KEYLENGTH }}
ACCOUNTKEYLENGTH: ${{ inputs.ACCOUNTKEYLENGTH }}
CA_PATH: ${{ inputs.CA_PATH }}
- name: "Renew HTTP-01 single domain acme.sh"
run: |
if ([ "$KEYLENGTH" == "ec-256" ] || [ "$KEYLENGTH" == "ec-384" ] || [ "$KEYLENGTH" == "ec-521" ]) ; then
ECC="--ecc"
fi
docker exec -i acme-sh acme.sh --server http://$ACME_SERVER --keylength $KEYLENGTH --renew --force ${ECC} -d acme-sh.acme --standalone --debug 3 --output-insecure
if ([ "$KEYLENGTH" == "ec-256" ] || [ "$KEYLENGTH" == "ec-384" ] || [ "$KEYLENGTH" == "ec-521" ]) ; then
ECC="_ecc"
fi
openssl verify -CAfile $CA_PATH/root-ca-cert.pem -untrusted $CA_PATH/sub-ca-cert.pem acme-sh/acme-sh.acme${ECC}/acme-sh.acme.cer
shell: bash
env:
ACME_SERVER: ${{ inputs.ACME_SERVER }}
KEYLENGTH: ${{ inputs.KEYLENGTH }}
CA_PATH: ${{ inputs.CA_PATH }}
- name: "Revoke HTTP-01 single domain acme.sh"
run: |
if ([ "$KEYLENGTH" == "ec-256" ] || [ "$KEYLENGTH" == "ec-384" ] || [ "$KEYLENGTH" == "ec-521" ]) ; then
ECC="--ecc"
fi
docker exec -i acme-sh acme.sh --server http://$ACME_SERVER --revoke ${ECC} -d acme-sh.acme --standalone --debug 2 --output-insecure
shell: bash
env:
ACME_SERVER: ${{ inputs.ACME_SERVER }}
KEYLENGTH: ${{ inputs.KEYLENGTH }}
- name: "Enroll HTTP-01 2x domain acme.sh"
run: |
docker exec -i acme-sh acme.sh --server http://$ACME_SERVER --keylength $KEYLENGTH --issue -d acme-sh.acme -d acme-sh. --standalone --debug 3 --output-insecure
if ([ "$KEYLENGTH" == "ec-256" ] || [ "$KEYLENGTH" == "ec-384" ] || [ "$KEYLENGTH" == "ec-521" ]) ; then
ECC="_ecc"
fi
openssl verify -CAfile $CA_PATH/root-ca-cert.pem -untrusted $CA_PATH/sub-ca-cert.pem acme-sh/acme-sh.acme${ECC}/acme-sh.acme.cer
shell: bash
env:
ACME_SERVER: ${{ inputs.ACME_SERVER }}
KEYLENGTH: ${{ inputs.KEYLENGTH }}
CA_PATH: ${{ inputs.CA_PATH }}
- name: "Renew HTTP-01 2x domain acme.sh"
run: |
if ([ "$KEYLENGTH" == "ec-256" ] || [ "$KEYLENGTH" == "ec-384" ] || [ "$KEYLENGTH" == "ec-521" ]) ; then
ECC="--ecc"
fi
docker exec -i acme-sh acme.sh --server http://$ACME_SERVER --keylength $KEYLENGTH --renew --force ${ECC} -d acme-sh.acme -d acme-sh. --standalone --debug 3 --output-insecure
if ([ "$KEYLENGTH" == "ec-256" ] || [ "$KEYLENGTH" == "ec-384" ] || [ "$KEYLENGTH" == "ec-521" ]) ; then
ECC="_ecc"
fi
openssl verify -CAfile $CA_PATH/root-ca-cert.pem -untrusted $CA_PATH/sub-ca-cert.pem acme-sh/acme-sh.acme${ECC}/acme-sh.acme.cer
shell: bash
env:
ACME_SERVER: ${{ inputs.ACME_SERVER }}
KEYLENGTH: ${{ inputs.KEYLENGTH }}
CA_PATH: ${{ inputs.CA_PATH }}
- name: "Revoke HTTP-01 2x domain acme.sh"
run: |
if ([ "$KEYLENGTH" == "ec-256" ] || [ "$KEYLENGTH" == "ec-384" ] || [ "$KEYLENGTH" == "ec-521" ]) ; then
ECC="--ecc"
fi
docker exec -i acme-sh acme.sh --server http://$ACME_SERVER --revoke ${ECC} -d acme-sh.acme -d acme-sh. --standalone --debug 3 --output-insecure
shell: bash
env:
ACME_SERVER: ${{ inputs.ACME_SERVER }}
KEYLENGTH: ${{ inputs.KEYLENGTH }}
- name: "Deactivate acme.sh"
run: |
docker exec -i acme-sh acme.sh --server http://$ACME_SERVER --deactivate-account --debug 2 --output-insecure
shell: bash
env:
ACME_SERVER: ${{ inputs.ACME_SERVER }}
================================================
FILE: .github/actions/wf_specific/ari/enroll/action.yml
================================================
name: "ari tests - enroll acme clients"
description: "Test ARI feature - enroll acme clients against acme-srv using acme.sh"
inputs:
ACME_SERVER:
description: "ACME server URL"
required: true
default: "acme-srv"
CA_PATH:
description: "Path to CA certificates"
required: false
default: "examples/Docker/data/acme_ca/"
runs:
using: "composite"
steps:
- name: "Sleep for 10s"
uses: juliangruber/sleep-action@v2.0.3
with:
time: 10s
- name: "Create lego folder"
run: |
mkdir lego
shell: bash
- name: "Test http://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl -f http://$ACME_SERVER/directory
shell: bash
env:
ACME_SERVER: ${{ inputs.ACME_SERVER }}
- name: "Test if https://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl --insecure -f https://$ACME_SERVER/directory
shell: bash
env:
ACME_SERVER: ${{ inputs.ACME_SERVER }}
- name: "Enroll lego"
run: |
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://$ACME_SERVER -a --email "lego@example.com" -d lego.acme --http run
sudo openssl verify -CAfile $CA_PATH/root-ca-cert.pem -untrusted $CA_PATH/sub-ca-cert.pem lego/certificates/lego.acme.crt
shell: bash
env:
ACME_SERVER: ${{ inputs.ACME_SERVER }}
CA_PATH: ${{ inputs.CA_PATH }}
- name: "Renew lego"
run: |
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://$ACME_SERVER -a --email "lego@example.com" -d lego.acme --http renew --no-random-sleep 2> ari.txt
grep "renewalInfo endpoint indicates that renewal is needed" ari.txt
cat ari.txt
sudo openssl verify -CAfile $CA_PATH/root-ca-cert.pem -untrusted $CA_PATH/sub-ca-cert.pem lego/certificates/lego.acme.crt
shell: bash
env:
ACME_SERVER: ${{ inputs.ACME_SERVER }}
CA_PATH: ${{ inputs.CA_PATH }}
================================================
FILE: .github/actions/wf_specific/asa_ca_handler/enroll_acmeprofile/action.yml
================================================
name: "enroll_102_profile"
description: "wf enrollment 102 profile"
inputs:
ASA_PROFILE1:
description: "ASA Profile 1"
required: true
ASA_PROFILE2:
description: "ASA Profile 2"
required: true
runs:
using: "composite"
steps:
- name: "Sleep for 10s"
uses: juliangruber/sleep-action@v2.0.3
with:
time: 10s
- name: "ACME Profiling - Test http://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
shell: bash
- name: "ACME Profiling - Test if https://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl --insecure -f https://acme-srv/directory
shell: bash
- name: "ACME Profiling - 01 - Enroll lego with Profile 1"
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" -d lego.acme --key-type rsa2048 --http run --profile "$ASA_PROFILE1"
sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem lego/certificates/lego.acme.crt
# sudo openssl x509 -in lego/certificates/lego.acme.crt -text -noout
sudo openssl x509 -in lego/certificates/lego.acme.crt -ext keyUsage -noout | grep "Digital Signature"
env:
ASA_PROFILE1: ${{ inputs.ASA_PROFILE1 }}
shell: bash
- name: "ACME Profiling - 02 - Enroll lego with Profile 2"
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" -d lego.acme --key-type rsa2048 --http run --profile "$ASA_PROFILE2"
sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem lego/certificates/lego.acme.crt
# sudo openssl x509 -in lego/certificates/lego.acme.crt -text -noout
sudo openssl x509 -in lego/certificates/lego.acme.crt -ext keyUsage -noout | grep "Key Encipherment, Data Encipherment"
env:
ASA_PROFILE2: ${{ inputs.ASA_PROFILE2 }}
shell: bash
================================================
FILE: .github/actions/wf_specific/asa_ca_handler/enroll_eab_acmeprofile/action.yml
================================================
name: "enroll_w_headerinfo"
description: "enroll_w_headerinfo"
inputs:
ASA_CA_NAME1:
description: "ASA CA 1"
required: true
ASA_CA_NAME2:
description: "ASA CA 2"
required: true
ASA_PROFILE1:
description: "ASA Profile 1"
required: true
runs:
using: "composite"
steps:
- name: "EAB ACME Profiling - Sleep for 10s"
uses: juliangruber/sleep-action@v2.0.3
with:
time: 10s
- name: "EAB ACME Profiling - Test http://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
shell: bash
- name: "EAB ACME Profiling - Test if https://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl --insecure -f https://acme-srv/directory
shell: bash
- name: "EAB ACME Profiling - 01 - Enroll lego without profile_name"
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" --eab --kid keyid_00 --hmac V2VfbmVlZF9hbm90aGVyX3ZlcnkfX2xvbmdfaG1hY190b19jaGVja19lYWJfZm9yX2tleWlkXzAwX2FzX2xlZ29fZW5mb3JjZXNfYW5faG1hY19sb25nZXJfdGhhbl8yNTZfYml0cw -k rsa2048 -d lego.acme --http run
# sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem lego/certificates/lego.acme.crt
sudo openssl x509 -in lego/certificates/lego.acme.crt -text -noout
sudo openssl x509 -in lego/certificates/lego.acme.crt -issuer --noout | grep -i "$ASA_CA_NAME1"
sudo openssl x509 -in lego/certificates/lego.acme.crt -ext keyUsage -noout | grep -i "Key Encipherment, Data Encipherment"
shell: bash
env:
ASA_CA_NAME1: ${{ inputs.ASA_CA_NAME1 }}
- name: "EAB ACME Profiling - 02a - Enroll lego with a profile_name NOT included in kid.json (to fail)"
id: legofail01
continue-on-error: true
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" --eab --kid keyid_00 --hmac V2VfbmVlZF9hbm90aGVyX3ZlcnkfX2xvbmdfaG1hY190b19jaGVja19lYWJfZm9yX2tleWlkXzAwX2FzX2xlZ29fZW5mb3JjZXNfYW5faG1hY19sb25nZXJfdGhhbl8yNTZfYml0cw -k rsa2048 -d lego.acme --http run --profile unknown
shell: bash
- name: "EAB ACME Profiling - 02a - check result "
if: steps.legofail01.outcome != 'failure'
run: |
echo "legofail outcome is ${{steps.legofail01.outcome }}"
exit 1
shell: bash
- name: "EAB ACME Profiling - 02b - Enroll lego with a profile_name included in kid.json"
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" --eab --kid keyid_00 --hmac V2VfbmVlZF9hbm90aGVyX3ZlcnkfX2xvbmdfaG1hY190b19jaGVja19lYWJfZm9yX2tleWlkXzAwX2FzX2xlZ29fZW5mb3JjZXNfYW5faG1hY19sb25nZXJfdGhhbl8yNTZfYml0cw -k rsa2048 -d lego.acme --http run --profile "$ASA_PROFILE1"
# sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem lego/certificates/lego.acme.crt
sudo openssl x509 -in lego/certificates/lego.acme.crt -text -noout
sudo openssl x509 -in lego/certificates/lego.acme.crt -issuer --noout | grep -i "$ASA_CA_NAME1"
sudo openssl x509 -in lego/certificates/lego.acme.crt -ext keyUsage -noout | grep "Digital Signature"
shell: bash
env:
ASA_PROFILE1: ${{ inputs.ASA_PROFILE1 }}
ASA_CA_NAME1: ${{ inputs.ASA_CA_NAME1 }}
- name: "EAB ACME Profiling - 03 - Enroll lego with a profile_name/ca_name taken from kid.json"
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" --eab --kid keyid_01 --hmac YW5vdXRoZXJfdmVyeV9sb25nX2htYWNfZm9yX2tleWlkXzAxX3doaWNoIHdpbGxfYmUgdXNlZF9kdXJpbmcgcmVncmVzc2lvbg -k rsa2048 -d lego.acme --http run
# sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem lego/certificates/lego.acme.crt
sudo openssl x509 -in lego/certificates/lego.acme.crt -text -noout
sudo openssl x509 -in lego/certificates/lego.acme.crt -issuer --noout | grep -i "$ASA_CA_NAME2"
sudo openssl x509 -in lego/certificates/lego.acme.crt -text -ext keyUsage | grep -i "Digital Signature"
shell: bash
env:
ASA_CA_NAME2: ${{ inputs.ASA_CA_NAME2 }}
- name: "EAB ACME Profiling - 03 - Revoke lego with a profile_name/ca_name taken from kid.json"
run: |
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" --eab --kid keyid_01 --hmac YW5vdXRoZXJfdmVyeV9sb25nX2htYWNfZm9yX2tleWlkXzAxX3doaWNoIHdpbGxfYmUgdXNlZF9kdXJpbmcgcmVncmVzc2lvbg -k rsa2048 -d lego.acme revoke
shell: bash
- name: "EAB ACME Profiling - 04 - Enroll lego with a not allowed fqdn in kid.json (to fail)"
id: legofail021
continue-on-error: true
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" --eab --kid keyid_02 --hmac dGhpc19pc19hX3ZlcnlfbG9uZ19obWFjX3RvX21ha2Vfc3VyZV90aGF0X2l0c19tb3JlX3RoYW5fMjU2X2JpdHM -k rsa2048 -d lego.acme --http run
shell: bash
- name: "EAB ACME Profiling - 04a - check result "
if: steps.legofail021.outcome != 'failure'
run: |
echo "legofail outcome is ${{steps.legofail021.outcome }}"
exit 1
shell: bash
- name: "EAB ACME Profiling - 05 - Enroll lego with default values from acme.cfg"
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" --eab --kid keyid_03 --hmac YW5kX2ZpbmFsbHlfdGhlX2xhc3RfaG1hY19rZXlfd2hpY2hfaXNfbG9uZ2VyX3RoYW5fMjU2X2JpdHNfYW5kX3Nob3VsZF93b3Jr -k rsa2048 -d lego.acme --http run
# sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem lego/certificates/lego.acme.crt
sudo openssl x509 -in lego/certificates/lego.acme.crt -text -noout
sudo openssl x509 -in lego/certificates/lego.acme.crt -issuer --noout | grep -i "$ASA_CA_NAME1"
sudo openssl x509 -in lego/certificates/lego.acme.crt -text -ext keyUsage | grep "Digital Signature"
shell: bash
env:
ASA_CA_NAME1: ${{ inputs.ASA_CA_NAME1 }}
- name: "EAB ACME Profiling - 06 - Enroll lego with not allowed headerinfo-field (should fail)"
id: legofail03
continue-on-error: true
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" --eab --kid keyid_02 --hmac dGhpc19pc19hX3ZlcnlfbG9uZ19obWFjX3RvX21ha2Vfc3VyZV90aGF0X2l0c19tb3JlX3RoYW5fMjU2X2JpdHM -k rsa2048 -d lego.acme --http run --profile unknown
shell: bash
- name: "EAB ACME Profiling - 06 - check result "
if: steps.legofail03.outcome != 'failure'
run: |
echo "legofail outcome is ${{steps.legofail03.outcome }}"
exit 1
shell: bash
================================================
FILE: .github/actions/wf_specific/asa_ca_handler/enroll_eab_w_headerinfo/action.yml
================================================
name: "enroll_w_headerinfo"
description: "enroll_w_headerinfo"
inputs:
ASA_CA_NAME1:
description: "ASA CA 1"
required: true
ASA_CA_NAME2:
description: "ASA CA 2"
required: true
runs:
using: "composite"
steps:
- name: "EAB with headerinfo - Sleep for 10s"
uses: juliangruber/sleep-action@v2.0.3
with:
time: 10s
- name: "EAB with headerinfo - Test http://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
shell: bash
- name: "EAB with headerinfo - Test if https://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl --insecure -f https://acme-srv/directory
shell: bash
- name: "EAB with headerinfo - 01 - Enroll acme.sh without profile_name"
run: |
sudo rm -rf acme-sh/*
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --register-account --server http://acme-srv --accountemail 'acme-sh@example.com' --eab-kid keyid_00 --eab-hmac-key V2VfbmVlZF9hbm90aGVyX3ZlcnkfX2xvbmdfaG1hY190b19jaGVja19lYWJfZm9yX2tleWlkXzAwX2FzX2xlZ29fZW5mb3JjZXNfYW5faG1hY19sb25nZXJfdGhhbl8yNTZfYml0cw --debug 3
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv -d acme-sh.acme --standalone --keylength 2048 --debug 3 --output-insecure
awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert-" c ".pem"}' < acme-sh/acme-sh.acme/ca.cer
openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.acme/acme-sh.acme.cer
openssl x509 -in acme-sh/acme-sh.acme/acme-sh.acme.cer -text -noout
openssl x509 -in acme-sh/acme-sh.acme/acme-sh.acme.cer -issuer --noout | grep -i "$ASA_CA_NAME1"
openssl x509 -in acme-sh/acme-sh.acme/acme-sh.acme.cer -ext keyUsage -noout | grep -i "Key Encipherment, Data Encipherment"
shell: bash
env:
ASA_CA_NAME1: ${{ inputs.ASA_CA_NAME1 }}
- name: "EAB with headerinfo - 01 - Enroll lego without profile_name"
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" --eab --kid keyid_00 --hmac V2VfbmVlZF9hbm90aGVyX3ZlcnkfX2xvbmdfaG1hY190b19jaGVja19lYWJfZm9yX2tleWlkXzAwX2FzX2xlZ29fZW5mb3JjZXNfYW5faG1hY19sb25nZXJfdGhhbl8yNTZfYml0cw -k rsa2048 -d lego.acme --http run
sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem lego/certificates/lego.acme.crt
sudo openssl x509 -in lego/certificates/lego.acme.crt -text -noout
sudo openssl x509 -in lego/certificates/lego.acme.crt -issuer --noout | grep -i "$ASA_CA_NAME1"
sudo openssl x509 -in lego/certificates/lego.acme.crt -ext keyUsage -noout | grep -i "Key Encipherment, Data Encipherment"
shell: bash
env:
ASA_CA_NAME1: ${{ inputs.ASA_CA_NAME1 }}
- name: "EAB with headerinfo - 02a - Enroll acme with a profile_name taken from header_info NOT included in kid.json (to fail)"
id: acmefail01
continue-on-error: true
run: |
sudo rm -rf acme-sh/*
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --register-account --server http://acme-srv --accountemail 'acme-sh@example.com' --eab-kid keyid_00 --eab-hmac-key V2VfbmVlZF9hbm90aGVyX3ZlcnkfX2xvbmdfaG1hY190b19jaGVja19lYWJfZm9yX2tleWlkXzAwX2FzX2xlZ29fZW5mb3JjZXNfYW5faG1hY19sb25nZXJfdGhhbl8yNTZfYml0cw --debug 3
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --useragent profile_name=unknown -d acme-sh.acme --standalone --keylength 2048 --debug 3 --output-insecure
shell: bash
- name: "EAB with headerinfo - 02a - check result "
if: steps.acmefail01.outcome != 'failure'
run: |
echo "acmefail outcome is ${{steps.acmefail01.outcome }}"
exit 1
shell: bash
- name: "EAB with headerinfo - 02b - Enroll acme with a profile_name taken from header_info included in kid.json"
run: |
sudo rm -rf acme-sh/*
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --register-account --server http://acme-srv --accountemail 'acme-sh@example.com' --eab-kid keyid_00 --eab-hmac-key V2VfbmVlZF9hbm90aGVyX3ZlcnkfX2xvbmdfaG1hY190b19jaGVja19lYWJfZm9yX2tleWlkXzAwX2FzX2xlZ29fZW5mb3JjZXNfYW5faG1hY19sb25nZXJfdGhhbl8yNTZfYml0cw --debug 3
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --useragent profile_name=ACME -d acme-sh.acme --standalone --keylength 2048 --debug 3 --output-insecure
awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert-" c ".pem"}' < acme-sh/acme-sh.acme/ca.cer
openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.acme/acme-sh.acme.cer
openssl x509 -in acme-sh/acme-sh.acme/acme-sh.acme.cer -text -noout
openssl x509 -in acme-sh/acme-sh.acme/acme-sh.acme.cer -issuer --noout | grep -i "$ASA_CA_NAME1"
openssl x509 -in acme-sh/acme-sh.acme/acme-sh.acme.cer -ext keyUsage -noout | grep "Digital Signature"
shell: bash
env:
ASA_CA_NAME1: ${{ inputs.ASA_CA_NAME1 }}
- name: "EAB with headerinfo - 02a - Enroll lego with a profile_name taken from header_info NOT included in kid.json (to fail)"
id: legofail01
continue-on-error: true
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" --eab --kid keyid_00 --hmac V2VfbmVlZF9hbm90aGVyX3ZlcnkfX2xvbmdfaG1hY190b19jaGVja19lYWJfZm9yX2tleWlkXzAwX2FzX2xlZ29fZW5mb3JjZXNfYW5faG1hY19sb25nZXJfdGhhbl8yNTZfYml0cw --user-agent profile_name=unknown -k rsa2048 -d lego.acme --http run
shell: bash
- name: "EAB with headerinfo - 02a - check result "
if: steps.legofail01.outcome != 'failure'
run: |
echo "legofail outcome is ${{steps.legofail01.outcome }}"
exit 1
shell: bash
- name: "EAB with headerinfo - 02b - Enroll lego with a profile_name taken from header_info included in kid.json"
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" --eab --kid keyid_00 --hmac V2VfbmVlZF9hbm90aGVyX3ZlcnkfX2xvbmdfaG1hY190b19jaGVja19lYWJfZm9yX2tleWlkXzAwX2FzX2xlZ29fZW5mb3JjZXNfYW5faG1hY19sb25nZXJfdGhhbl8yNTZfYml0cw --user-agent profile_name=ACME -k rsa2048 -d lego.acme --http run
sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem lego/certificates/lego.acme.crt
sudo openssl x509 -in lego/certificates/lego.acme.crt -text -noout
sudo openssl x509 -in lego/certificates/lego.acme.crt -issuer --noout | grep -i "$ASA_CA_NAME1"
sudo openssl x509 -in lego/certificates/lego.acme.crt -ext keyUsage -noout | grep "Digital Signature"
shell: bash
env:
ASA_CA_NAME1: ${{ inputs.ASA_CA_NAME1 }}
- name: "EAB with headerinfo - 03 - Enroll acme with a profile_name/ca_name taken from kid.json"
run: |
sudo rm -rf acme-sh/*
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --register-account --server http://acme-srv --accountemail 'acme-sh@example.com' --eab-kid keyid_01 --eab-hmac-key YW5vdXRoZXJfdmVyeV9sb25nX2htYWNfZm9yX2tleWlkXzAxX3doaWNoIHdpbGxfYmUgdXNlZF9kdXJpbmcgcmVncmVzc2lvbg --debug 3
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv -d acme-sh.acme --standalone --keylength 2048 --debug 3 --output-insecure
awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert-" c ".pem"}' < acme-sh/acme-sh.acme/ca.cer
openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.acme/acme-sh.acme.cer
openssl x509 -in acme-sh/acme-sh.acme/acme-sh.acme.cer -text -noout
openssl x509 -in acme-sh/acme-sh.acme/acme-sh.acme.cer -issuer --noout | grep -i "$ASA_CA_NAME2"
openssl x509 -in acme-sh/acme-sh.acme/acme-sh.acme.cer -ext keyUsage -noout | grep -i "Digital Signature"
shell: bash
env:
ASA_CA_NAME2: ${{ inputs.ASA_CA_NAME2 }}
- name: "EAB with headerinfo - 03 - Enroll lego with a profile_name/ca_name taken from kid.json"
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" --eab --kid keyid_01 --hmac YW5vdXRoZXJfdmVyeV9sb25nX2htYWNfZm9yX2tleWlkXzAxX3doaWNoIHdpbGxfYmUgdXNlZF9kdXJpbmcgcmVncmVzc2lvbg -k rsa2048 -d lego.acme --http run
sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem lego/certificates/lego.acme.crt
sudo openssl x509 -in lego/certificates/lego.acme.crt -text -noout
sudo openssl x509 -in lego/certificates/lego.acme.crt -issuer --noout | grep -i "$ASA_CA_NAME2"
sudo openssl x509 -in lego/certificates/lego.acme.crt -text -ext keyUsage | grep -i "Digital Signature"
shell: bash
env:
ASA_CA_NAME2: ${{ inputs.ASA_CA_NAME2 }}
- name: "EAB with headerinfo - 04 - Enroll acme with a not allowed fqdn in kid.json (to fail)"
id: acmefail021
continue-on-error: true
run: |
sudo rm -rf acme-sh/*
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --register-account --server http://acme-srv --accountemail 'acme-sh@example.com' --eab-kid keyid_02 --eab-hmac-key dGhpc19pc19hX3ZlcnlfbG9uZ19obWFjX3RvX21ha2Vfc3VyZV90aGF0X2l0c19tb3JlX3RoYW5fMjU2X2JpdHM --debug 3
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv -d acme-sh.acme --standalone --keylength 2048 --debug 3 --output-insecure
shell: bash
- name: "EAB with headerinfo - 04 - check result "
if: steps.acmefail021.outcome != 'failure'
run: |
echo "acmefail outcome is ${{steps.acmefail021.outcome }}"
exit 1
shell: bash
- name: "EAB with headerinfo - 04 - Enroll lego with a not allowed fqdn in kid.json (to fail)"
id: legofail021
continue-on-error: true
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" --eab --kid keyid_02 --hmac dGhpc19pc19hX3ZlcnlfbG9uZ19obWFjX3RvX21ha2Vfc3VyZV90aGF0X2l0c19tb3JlX3RoYW5fMjU2X2JpdHM -k rsa2048 -d lego.acme --http run
shell: bash
- name: "EAB with headerinfo - 04a - check result "
if: steps.legofail021.outcome != 'failure'
run: |
echo "legofail outcome is ${{steps.legofail021.outcome }}"
exit 1
shell: bash
- name: "EAB with headerinfo - 05 - Enroll acme with default values from acme.cfg"
run: |
sudo rm -rf acme-sh/*
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --register-account --server http://acme-srv --accountemail 'acme-sh@example.com' --eab-kid keyid_03 --eab-hmac-key YW5kX2ZpbmFsbHlfdGhlX2xhc3RfaG1hY19rZXlfd2hpY2hfaXNfbG9uZ2VyX3RoYW5fMjU2X2JpdHNfYW5kX3Nob3VsZF93b3Jr --debug 3
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv -d acme-sh.acme --standalone --keylength 2048 --debug 3 --output-insecure
awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert-" c ".pem"}' < acme-sh/acme-sh.acme/ca.cer
openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.acme/acme-sh.acme.cer
openssl x509 -in acme-sh/acme-sh.acme/acme-sh.acme.cer -text -noout
openssl x509 -in acme-sh/acme-sh.acme/acme-sh.acme.cer -issuer --noout | grep -i "$ASA_CA_NAME1"
openssl x509 -in acme-sh/acme-sh.acme/acme-sh.acme.cer -ext keyUsage -noout | grep "Digital Signature"
shell: bash
env:
ASA_CA_NAME1: ${{ inputs.ASA_CA_NAME1 }}
- name: "EAB with headerinfo - 05 - Enroll lego with default values from acme.cfg"
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" --eab --kid keyid_03 --hmac YW5kX2ZpbmFsbHlfdGhlX2xhc3RfaG1hY19rZXlfd2hpY2hfaXNfbG9uZ2VyX3RoYW5fMjU2X2JpdHNfYW5kX3Nob3VsZF93b3Jr -k rsa2048 -d lego.acme --http run
sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem lego/certificates/lego.acme.crt
sudo openssl x509 -in lego/certificates/lego.acme.crt -text -noout
sudo openssl x509 -in lego/certificates/lego.acme.crt -issuer --noout | grep -i "$ASA_CA_NAME1"
sudo openssl x509 -in lego/certificates/lego.acme.crt -text -ext keyUsage | grep "Digital Signature"
shell: bash
env:
ASA_CA_NAME1: ${{ inputs.ASA_CA_NAME1 }}
- name: "EAB with headerinfo - 06 - Enroll acme with not allowed headerinfo-field (should fail)"
id: acmefail03
continue-on-error: true
run: |
sudo rm -rf acme-sh/*
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --register-account --server http://acme-srv --accountemail 'acme-sh@example.com' --eab-kid keyid_02 --eab-hmac-key dGhpc19pc19hX3ZlcnlfbG9uZ19obWFjX3RvX21ha2Vfc3VyZV90aGF0X2l0c19tb3JlX3RoYW5fMjU2X2JpdHM --debug 3
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --useragent profile_id=101 -d acme-sh.acme --keylength 2048 --standalone --debug 3 --output-insecure
shell: bash
- name: "EAB with headerinfo - 06 - check result "
if: steps.acmefail03.outcome != 'failure'
run: |
echo "acmefail outcome is ${{steps.acmefail03.outcome }}"
exit 1
shell: bash
- name: "EAB with headerinfo - 06 - Enroll lego with not allowed headerinfo-field (should fail)"
id: legofail03
continue-on-error: true
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" --eab --kid keyid_02 --hmac dGhpc19pc19hX3ZlcnlfbG9uZ19obWFjX3RvX21ha2Vfc3VyZV90aGF0X2l0c19tb3JlX3RoYW5fMjU2X2JpdHM --user-agent profile_id=101 -k rsa2048 -d lego.acme --http run
shell: bash
- name: "EAB with headerinfo - 06 - check result "
if: steps.legofail03.outcome != 'failure'
run: |
echo "legofail outcome is ${{steps.legofail03.outcome }}"
exit 1
shell: bash
================================================
FILE: .github/actions/wf_specific/asa_ca_handler/enroll_eab_wo_headerinfo/action.yml
================================================
name: "enroll_wo_headerinfo"
description: "enroll_wo_headerinfo"
inputs:
ASA_CA_NAME1:
description: "ASA CA 1"
required: true
ASA_CA_NAME2:
description: "ASA CA 2"
required: true
runs:
using: "composite"
steps:
- name: "EAB without headerinfo - Sleep for 10s"
uses: juliangruber/sleep-action@v2.0.3
with:
time: 10s
- name: "EAB without headerinfo - Test http://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
shell: bash
- name: "EAB without headerinfo - Test if https://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl --insecure -f https://acme-srv/directory
shell: bash
- name: "EAB without headerinfo - 01 - Enroll acme.sh without profile_name"
run: |
sudo rm -rf acme-sh/*
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --register-account --server http://acme-srv --accountemail 'acme-sh@example.com' --eab-kid keyid_00 --eab-hmac-key V2VfbmVlZF9hbm90aGVyX3ZlcnkfX2xvbmdfaG1hY190b19jaGVja19lYWJfZm9yX2tleWlkXzAwX2FzX2xlZ29fZW5mb3JjZXNfYW5faG1hY19sb25nZXJfdGhhbl8yNTZfYml0cw --debug 3
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv -d acme-sh.acme --standalone --keylength 2048 --debug 3 --output-insecure
awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert-" c ".pem"}' < acme-sh/acme-sh.acme/ca.cer
openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.acme/acme-sh.acme.cer
openssl x509 -in acme-sh/acme-sh.acme/acme-sh.acme.cer -text -noout
openssl x509 -in acme-sh/acme-sh.acme/acme-sh.acme.cer -issuer --noout | grep -i "$ASA_CA_NAME1"
openssl x509 -in acme-sh/acme-sh.acme/acme-sh.acme.cer -ext keyUsage -noout | grep -i "Key Encipherment, Data Encipherment"
shell: bash
env:
ASA_CA_NAME1: ${{ inputs.ASA_CA_NAME1 }}
- name: "EAB without headerinfo - 01 - Enroll lego without profile_name"
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" --eab --kid keyid_00 --hmac V2VfbmVlZF9hbm90aGVyX3ZlcnkfX2xvbmdfaG1hY190b19jaGVja19lYWJfZm9yX2tleWlkXzAwX2FzX2xlZ29fZW5mb3JjZXNfYW5faG1hY19sb25nZXJfdGhhbl8yNTZfYml0cw -k rsa2048 -d lego.acme --http run
sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem lego/certificates/lego.acme.crt
sudo openssl x509 -in lego/certificates/lego.acme.crt -text -noout
sudo openssl x509 -in lego/certificates/lego.acme.crt -issuer --noout | grep -i "$ASA_CA_NAME1"
sudo openssl x509 -in lego/certificates/lego.acme.crt -ext keyUsage -noout | grep -i "Key Encipherment, Data Encipherment"
shell: bash
env:
ASA_CA_NAME1: ${{ inputs.ASA_CA_NAME1 }}
- name: "EAB without headerinfo - 02 - Enroll acme with a profile_name taken from header_info NOT included in kid.json (to be ignored)"
run: |
sudo rm -rf acme-sh/*
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --register-account --server http://acme-srv --accountemail 'acme-sh@example.com' --eab-kid keyid_00 --eab-hmac-key V2VfbmVlZF9hbm90aGVyX3ZlcnkfX2xvbmdfaG1hY190b19jaGVja19lYWJfZm9yX2tleWlkXzAwX2FzX2xlZ29fZW5mb3JjZXNfYW5faG1hY19sb25nZXJfdGhhbl8yNTZfYml0cw --debug 3
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --useragent profile_name=unknown -d acme-sh.acme --standalone --keylength 2048 --debug 3 --output-insecure
openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.acme/acme-sh.acme.cer
openssl x509 -in acme-sh/acme-sh.acme/acme-sh.acme.cer -text -noout
openssl x509 -in acme-sh/acme-sh.acme/acme-sh.acme.cer -issuer --noout | grep -i "$ASA_CA_NAME1"
openssl x509 -in acme-sh/acme-sh.acme/acme-sh.acme.cer -ext keyUsage -noout | grep -i "Key Encipherment, Data Encipherment"
shell: bash
env:
ASA_CA_NAME1: ${{ inputs.ASA_CA_NAME1 }}
- name: "EAB without headerinfo - 02 - Enroll lego with a profile_name taken from header_info NOT included in kid.json (to be ignored)"
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" --eab --kid keyid_00 --hmac V2VfbmVlZF9hbm90aGVyX3ZlcnkfX2xvbmdfaG1hY190b19jaGVja19lYWJfZm9yX2tleWlkXzAwX2FzX2xlZ29fZW5mb3JjZXNfYW5faG1hY19sb25nZXJfdGhhbl8yNTZfYml0cw --user-agent profile_name=unknown -k rsa2048 -d lego.acme --http run
sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem lego/certificates/lego.acme.crt
sudo openssl x509 -in lego/certificates/lego.acme.crt -text -noout
sudo openssl x509 -in lego/certificates/lego.acme.crt -issuer --noout | grep -i "$ASA_CA_NAME1"
sudo openssl x509 -in lego/certificates/lego.acme.crt -ext keyUsage -noout | grep "Key Encipherment, Data Encipherment"
shell: bash
env:
ASA_CA_NAME1: ${{ inputs.ASA_CA_NAME1 }}
- name: "EAB without headerinfo - 03 - Enroll acme with a profile_name/ca_name taken from kid.json"
run: |
sudo rm -rf acme-sh/*
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --register-account --server http://acme-srv --accountemail 'acme-sh@example.com' --eab-kid keyid_01 --eab-hmac-key YW5vdXRoZXJfdmVyeV9sb25nX2htYWNfZm9yX2tleWlkXzAxX3doaWNoIHdpbGxfYmUgdXNlZF9kdXJpbmcgcmVncmVzc2lvbg --debug 3
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv -d acme-sh.acme --standalone --keylength 2048 --debug 3 --output-insecure
awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert-" c ".pem"}' < acme-sh/acme-sh.acme/ca.cer
openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.acme/acme-sh.acme.cer
openssl x509 -in acme-sh/acme-sh.acme/acme-sh.acme.cer -text -noout
openssl x509 -in acme-sh/acme-sh.acme/acme-sh.acme.cer -issuer --noout | grep -i "$ASA_CA_NAME2"
openssl x509 -in acme-sh/acme-sh.acme/acme-sh.acme.cer -ext keyUsage -noout | grep -i "Digital Signature"
shell: bash
env:
ASA_CA_NAME2: ${{ inputs.ASA_CA_NAME2 }}
- name: "EAB without headerinfo - 03 - Enroll lego with a profile_name/ca_name taken from kid.json"
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" --eab --kid keyid_01 --hmac YW5vdXRoZXJfdmVyeV9sb25nX2htYWNfZm9yX2tleWlkXzAxX3doaWNoIHdpbGxfYmUgdXNlZF9kdXJpbmcgcmVncmVzc2lvbg -k rsa2048 -d lego.acme --http run
sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem lego/certificates/lego.acme.crt
sudo openssl x509 -in lego/certificates/lego.acme.crt -text -noout
sudo openssl x509 -in lego/certificates/lego.acme.crt -issuer --noout | grep -i "$ASA_CA_NAME2"
sudo openssl x509 -in lego/certificates/lego.acme.crt -text -ext keyUsage | grep -i "Digital Signature"
shell: bash
env:
ASA_CA_NAME2: ${{ inputs.ASA_CA_NAME2 }}
- name: "EAB without headerinfo - 04 - Enroll acme with a not allowed fqdn in kid.json (to fail)"
id: acmefail02
continue-on-error: true
run: |
sudo rm -rf acme-sh/*
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --register-account --server http://acme-srv --accountemail 'acme-sh@example.com' --eab-kid keyid_02 --eab-hmac-key dGhpc19pc19hX3ZlcnlfbG9uZ19obWFjX3RvX21ha2Vfc3VyZV90aGF0X2l0c19tb3JlX3RoYW5fMjU2X2JpdHM --debug 3
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv -d acme-sh.acme --standalone --keylength 2048 --debug 3 --output-insecure
shell: bash
- name: "EAB without headerinfo - 04 - check result "
if: steps.acmefail02.outcome != 'failure'
run: |
echo "acmefail outcome is ${{steps.acmefail02.outcome }}"
exit 1
shell: bash
- name: "EAB without headerinfo - 04 - Enroll lego with a not allowed fqdn in kid.json (to fail)"
id: legofail02
continue-on-error: true
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" --eab --kid keyid_02 --hmac dGhpc19pc19hX3ZlcnlfbG9uZ19obWFjX3RvX21ha2Vfc3VyZV90aGF0X2l0c19tb3JlX3RoYW5fMjU2X2JpdHM -k rsa2048 -d lego.acme --http run
shell: bash
- name: "EAB without headerinfo - 04a - check result "
if: steps.legofail02.outcome != 'failure'
run: |
echo "legofail outcome is ${{steps.legofail02.outcome }}"
exit 1
shell: bash
- name: "EAB without headerinfo - 05 - Enroll acme with default values from acme.cfg"
run: |
sudo rm -rf acme-sh/*
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --register-account --server http://acme-srv --accountemail 'acme-sh@example.com' --eab-kid keyid_03 --eab-hmac-key YW5kX2ZpbmFsbHlfdGhlX2xhc3RfaG1hY19rZXlfd2hpY2hfaXNfbG9uZ2VyX3RoYW5fMjU2X2JpdHNfYW5kX3Nob3VsZF93b3Jr --debug 3
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv -d acme-sh.acme --standalone --keylength 2048 --debug 3 --output-insecure
awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert-" c ".pem"}' < acme-sh/acme-sh.acme/ca.cer
openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.acme/acme-sh.acme.cer
openssl x509 -in acme-sh/acme-sh.acme/acme-sh.acme.cer -text -noout
openssl x509 -in acme-sh/acme-sh.acme/acme-sh.acme.cer -issuer --noout | grep -i "$ASA_CA_NAME1"
openssl x509 -in acme-sh/acme-sh.acme/acme-sh.acme.cer -ext keyUsage -noout | grep "Digital Signature"
shell: bash
env:
ASA_CA_NAME1: ${{ inputs.ASA_CA_NAME1 }}
- name: "EAB without headerinfo - 05 - Enroll lego with default values from acme.cfg"
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" --eab --kid keyid_03 --hmac YW5kX2ZpbmFsbHlfdGhlX2xhc3RfaG1hY19rZXlfd2hpY2hfaXNfbG9uZ2VyX3RoYW5fMjU2X2JpdHNfYW5kX3Nob3VsZF93b3Jr -k rsa2048 -d lego.acme --http run
sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem lego/certificates/lego.acme.crt
sudo openssl x509 -in lego/certificates/lego.acme.crt -text -noout
sudo openssl x509 -in lego/certificates/lego.acme.crt -issuer --noout | grep -i "$ASA_CA_NAME1"
sudo openssl x509 -in lego/certificates/lego.acme.crt -text -ext keyUsage | grep "Digital Signature"
shell: bash
env:
ASA_CA_NAME1: ${{ inputs.ASA_CA_NAME1 }}
================================================
FILE: .github/actions/wf_specific/asa_ca_handler/enroll_headerinfo/action.yml
================================================
name: "enroll_102_profile"
description: "wf enrollment 102 profile"
inputs:
ASA_PROFILE1:
description: "ASA Profile 1"
required: true
ASA_PROFILE2:
description: "ASA Profile 2"
required: true
runs:
using: "composite"
steps:
- name: "Sleep for 10s"
uses: juliangruber/sleep-action@v2.0.3
with:
time: 10s
- name: "Header-info - Test http://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
shell: bash
- name: "Header-info - Test if https://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl --insecure -f https://acme-srv/directory
shell: bash
- name: "Header-info - 01 - Enroll acme.sh with Profile 1"
run: |
sudo rm -rf acme-sh/*
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail 'acme-sh@example.com' --useragent "profile_name=$ASA_PROFILE1" -d acme-sh.acme --alpn --standalone --keylength 2048 --debug 3 --output-insecure
awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert-" c ".pem"}' < acme-sh/acme-sh.acme/ca.cer
openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.acme/acme-sh.acme.cer
openssl x509 -in acme-sh/acme-sh.acme/acme-sh.acme.cer -texte -noout
openssl x509 -in acme-sh/acme-sh.acme/acme-sh.acme.cer -ext keyUsage -noout | grep "Digital Signature"
shell: bash
env:
ASA_PROFILE1: ${{ inputs.ASA_PROFILE1 }}
- name: "Header-info - 01 - Enroll lego with Profile 1"
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" --user-agent "profile_name=$ASA_PROFILE1" -d lego.acme --key-type rsa2048 --http run
sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem lego/certificates/lego.acme.crt
sudo openssl x509 -in lego/certificates/lego.acme.crt -text -noout
sudo openssl x509 -in lego/certificates/lego.acme.crt -ext keyUsage -noout | grep "Digital Signature"
shell: bash
env:
ASA_PROFILE1: ${{ inputs.ASA_PROFILE1 }}
- name: "Header-info - 02 - Enroll acme.sh with Profile 2"
run: |
sudo rm -rf acme-sh/*
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail 'acme-sh@example.com' --useragent profile_name="$ASA_PROFILE2" -d acme-sh.acme --alpn --standalone --keylength 2048 --debug 3 --output-insecure
awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert-" c ".pem"}' < acme-sh/acme-sh.acme/ca.cer
openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.acme/acme-sh.acme.cer
openssl x509 -in acme-sh/acme-sh.acme/acme-sh.acme.cer -texte -noout
openssl x509 -in acme-sh/acme-sh.acme/acme-sh.acme.cer -ext keyUsage -noout | grep "Key Encipherment, Data Encipherment"
env:
ASA_PROFILE2: ${{ inputs.ASA_PROFILE2 }}
shell: bash
- name: "Header-info - 02 - Enroll lego with Profile 2"
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" --user-agent profile_name="$ASA_PROFILE2" -d lego.acme --key-type rsa2048 --http run
sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem lego/certificates/lego.acme.crt
# sudo openssl x509 -in lego/certificates/lego.acme.crt -text -noout
sudo openssl x509 -in lego/certificates/lego.acme.crt -ext keyUsage -noout | grep "Key Encipherment, Data Encipherment"
env:
ASA_PROFILE2: ${{ inputs.ASA_PROFILE2 }}
shell: bash
================================================
FILE: .github/actions/wf_specific/asa_ca_handler/enroll_profile_1/action.yml
================================================
name: "enroll_profile_1"
description: "wf enroll_profile_1"
runs:
using: "composite"
steps:
- name: "Profile 1 - Sleep for 10s"
uses: juliangruber/sleep-action@v2.0.3
with:
time: 10s
- name: "Profile 1 - Test http://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
shell: bash
- name: "Profile 1 - Test if https://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl --insecure -f https://acme-srv/directory
shell: bash
- name: "Profile 1 - Enroll acme.sh"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail 'acme-sh@example.com' -d acme-sh.acme --alpn --standalone --keylength 2048 --debug 3 --output-insecure
awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert-" c ".pem"}' < acme-sh/acme-sh.acme/ca.cer
openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.acme/acme-sh.acme.cer
openssl x509 -in acme-sh/acme-sh.acme/acme-sh.acme.cer -ext keyUsage -noout | grep "Digital Signature"
shell: bash
- name: "Profile 1 - Revoke via acme.sh"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --revoke --server http://acme-srv -d acme-sh.acme --standalone --debug 3 --output-insecure
shell: bash
#- name: "Profile 1 - Register certbot"
# run: |
# docker run -i --rm --name certbot --network acme -v $PWD/certbot:/etc/letsencrypt/ certbot/certbot register --agree-tos -m 'certbot@example.com' --server http://acme-srv --no-eff-email
# shell: bash
#- name: "Profile 1 - Enroll HTTP-01 single domain certbot"
# run: |
# docker run -i --rm --name certbot --network acme -v $PWD/certbot:/etc/letsencrypt/ certbot/certbot certonly --server http://acme-srv --standalone --preferred-challenges http -d certbot.acme --cert-name certbot --key-type rsa --rsa-key-size 2048
# sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem certbot/live/certbot/cert.pem
# sudo openssl x509 -in certbot/live/certbot/cert.pem -ext keyUsage -noout | grep "Digital Signature"
# # sudo openssl x509 -in certbot/live/certbot/cert.pem -text -noout
# shell: bash
#- name: "Profile 1 - Revoke HTTP-01 single domain certbot"
# run: |
# docker run -i --rm --name certbot --network acme -v $PWD/certbot:/etc/letsencrypt/ certbot/certbot revoke --delete-after-revoke --server http://acme-srv -d certbot.acme --cert-name certbot
# shell: bash
- name: "Profile 1 - Enroll lego"
run: |
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" -d lego.acme --key-type rsa2048 --http run
sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem lego/certificates/lego.acme.crt
sudo openssl x509 -in lego/certificates/lego.acme.crt -ext keyUsage -noout | grep "Digital Signature"
# sudo openssl x509 -in lego/certificates/lego.acme.crt -text -noout
shell: bash
- name: "Profile 1 - revoke HTTP-01 single domain lego"
run: |
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" -d lego.acme revoke
shell: bash
- name: "Allowed domainlist feature - Enroll lego (fail)"
continue-on-error: true
id: legofail01
run: |
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" -d lego --key-type rsa2048 --http run
shell: bash
env:
ACME_SERVER: ${{ inputs.ACME_SERVER }}
HTTP_PORT: ${{ inputs.HTTP_PORT }}
HTTPS_PORT: ${{ inputs.HTTPS_PORT }}
USE_RSA: ${{ inputs.USE_RSA }}
HOSTNAME_SUFFIX: ${{ inputs.HOSTNAME_SUFFIX }}
NAME_SPACE: ${{ inputs.NAME_SPACE }}
- name: "Allowed domainlist feature - check result "
if: ${{ steps.legofail01.outcome != 'failure' }}
run: |
echo "legofail outcome is ${{steps.legofail01.outcome }}"
exit 1
shell: bash
- name: "Sleep for 5s"
uses: juliangruber/sleep-action@v2.0.3
with:
time: 5s
================================================
FILE: .github/actions/wf_specific/asa_ca_handler/enroll_profile_2/action.yml
================================================
name: "enroll_2_profile"
description: "wf enrollment 2 profile"
runs:
using: "composite"
steps:
- name: "Profile 2 - Sleep for 10s"
uses: juliangruber/sleep-action@v2.0.3
with:
time: 10s
- name: "Profile 2 - create letsencrypt and lego folder"
run: |
sudo rm -rf certbot/*
sudo rm -rf lego/*
sudo rm -rf acme-sh/*
shell: bash
- name: "Profile 2 - Enroll acme.sh"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail 'acme-sh@example.com' -d acme-sh.acme --alpn --standalone --keylength 2048 --debug 3 --output-insecure
awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert-" c ".pem"}' < acme-sh/acme-sh.acme/ca.cer
openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.acme/acme-sh.acme.cer
openssl x509 -in acme-sh/acme-sh.acme/acme-sh.acme.cer -ext keyUsage -noout | grep "Key Encipherment, Data Encipherment"
shell: bash
- name: "Profile 2 - Revoke via acme.sh"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --revoke --server http://acme-srv -d acme-sh.acme --standalone --debug 3 --output-insecure
shell: bash
#- name: "Profile 2 - Register certbot"
# run: |
# docker run -i --rm --name certbot --network acme -v $PWD/certbot:/etc/letsencrypt/ certbot/certbot register --agree-tos -m 'certbot@example.com' --server http://acme-srv --no-eff-email
# shell: bash
#- name: "Profile 2 - Enroll HTTP-01 single domain certbot"
# run: |
# docker run -i --rm --name certbot --network acme -v $PWD/certbot:/etc/letsencrypt/ certbot/certbot certonly --server http://acme-srv --standalone --preferred-challenges http -d certbot.acme --cert-name certbot --force-renewal --key-type rsa --rsa-key-size 2048
# sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem certbot/live/certbot/cert.pem
# sudo openssl x509 -in certbot/live/certbot/cert.pem -ext keyUsage -noout | grep "Key Encipherment, Data Encipherment"
# shell: bash
#- name: "Profile 2 - Revoke HTTP-01 single domain certbot"
# run: |
# docker run -i --rm --name certbot --network acme -v $PWD/certbot:/etc/letsencrypt/ certbot/certbot revoke --delete-after-revoke --server http://acme-srv -d certbot.acme --cert-name certbot
# shell: bash
- name: "Profile 2 - Enroll lego"
run: |
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" -d lego.acme --key-type rsa2048 --http run
sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem lego/certificates/lego.acme.crt
sudo openssl x509 -in lego/certificates/lego.acme.crt -ext keyUsage -noout | grep "Key Encipherment, Data Encipherment"
shell: bash
- name: "Profile 2 - Revoke HTTP-01 single domain lego"
run: |
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" -d lego.acme revoke
shell: bash
================================================
FILE: .github/actions/wf_specific/certifier_ca_handler/enroll_101_profile/action.yml
================================================
name: "enroll_101_profile"
description: "wf enrollment 101 profile"
runs:
using: "composite"
steps:
- name: "Profile 101 - Sleep for 10s"
uses: juliangruber/sleep-action@v2.0.3
with:
time: 10s
- name: "Profile 101 - Test http://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
shell: bash
- name: "Profile 101 - Test if https://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl --insecure -f https://acme-srv/directory
shell: bash
- name: "Profile 101 - Enroll acme.sh"
run: |
sudo rm -rf acme-sh/*
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail 'acme-sh@example.com' -d acme-sh.acme --alpn --standalone --debug 3 --output-insecure
awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert-" c ".pem"}' < acme-sh/acme-sh.acme_ecc/ca.cer
openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.acme_ecc/acme-sh.acme.cer
shell: bash
- name: "Profile 101 - Revoke via acme.sh"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --revoke --server http://acme-srv -d acme-sh.acme --standalone --debug 3 --output-insecure
shell: bash
- name: "Profile 101 - Register certbot"
run: |
sudo rm -rf certbot/*
docker run -i --rm --name certbot --network acme -v $PWD/certbot:/etc/letsencrypt/ certbot/certbot register --agree-tos -m 'certbot@example.com' --server http://acme-srv --no-eff-email
shell: bash
- name: "Profile 101 - Enroll HTTP-01 single domain certbot"
run: |
docker run -i --rm --name certbot --network acme -v $PWD/certbot:/etc/letsencrypt/ certbot/certbot certonly --server http://acme-srv --standalone --preferred-challenges http -d certbot.acme --cert-name certbot
sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem certbot/live/certbot/cert.pem
sudo openssl x509 -in certbot/live/certbot/cert.pem -ext extendedKeyUsage -noout | grep -i "TLS Web Client"
shell: bash
- name: "Profile 101 - Revoke HTTP-01 single domain certbot"
run: |
docker run -i --rm --name certbot --network acme -v $PWD/certbot:/etc/letsencrypt/ certbot/certbot revoke --delete-after-revoke --server http://acme-srv -d certbot.acme --cert-name certbot
shell: bash
- name: "Profile 101 - Enroll lego"
run: |
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" -d lego.acme --http run
sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem lego/certificates/lego.acme.crt
sudo openssl x509 -in lego/certificates/lego.acme.crt -ext extendedKeyUsage -noout | grep -i "TLS Web Client"
shell: bash
- name: "Profile 101 - Revoke HTTP-01 single domain lego"
run: |
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" -d lego.acme revoke
shell: bash
================================================
FILE: .github/actions/wf_specific/certifier_ca_handler/enroll_102_profile/action.yml
================================================
name: "enroll_102_profile"
description: "wf enrollment 102 profile"
runs:
using: "composite"
steps:
- name: "Profile 102 - Sleep for 10s"
uses: juliangruber/sleep-action@v2.0.3
with:
time: 10s
- name: "Profile 102 - Test http://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
shell: bash
- name: "Profile 102 - Test if https://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl --insecure -f https://acme-srv/directory
shell: bash
- name: "Profile 102 - Enroll acme.sh"
run: |
sudo rm -rf acme-sh/*
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --issue --server http://acme-srv --accountemail 'acme-sh@example.com' -d acme-sh.acme --alpn --standalone --debug 3 --output-insecure
awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert-" c ".pem"}' < acme-sh/acme-sh.acme_ecc/ca.cer
openssl verify -CAfile cert-2.pem -untrusted cert-1.pem acme-sh/acme-sh.acme_ecc/acme-sh.acme.cer
shell: bash
- name: "Profile 102 - Revoke via acme.sh"
run: |
docker run --rm -i -v "$(pwd)/acme-sh":/acme.sh --network acme --name=acme-sh neilpang/acme.sh:latest --revoke --server http://acme-srv -d acme-sh.acme --standalone --debug 3 --output-insecure
shell: bash
- name: "Profile 102 - Register certbot"
run: |
sudo rm -rf certbot/*
docker run -i --rm --name certbot --network acme -v $PWD/certbot:/etc/letsencrypt/ certbot/certbot register --agree-tos -m 'certbot@example.com' --server http://acme-srv --no-eff-email
shell: bash
- name: "Profile 102 - Enroll HTTP-01 single domain certbot"
run: |
docker run -i --rm --name certbot --network acme -v $PWD/certbot:/etc/letsencrypt/ certbot/certbot certonly --server http://acme-srv --standalone --preferred-challenges http -d certbot.acme --cert-name certbot
sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem certbot/live/certbot/cert.pem
sudo openssl x509 -in certbot/live/certbot/cert.pem -ext extendedKeyUsage -noout | grep -i "TLS Web Server"
shell: bash
- name: "Profile 102 - Revoke HTTP-01 single domain certbot"
run: |
docker run -i --rm --name certbot --network acme -v $PWD/certbot:/etc/letsencrypt/ certbot/certbot revoke --delete-after-revoke --server http://acme-srv -d certbot.acme --cert-name certbot
shell: bash
- name: "Profile 102 - Enroll lego"
run: |
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" -d lego.acme --http run
sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem lego/certificates/lego.acme.crt
sudo openssl x509 -in lego/certificates/lego.acme.crt -ext extendedKeyUsage -noout | grep -i "TLS Web Server"
shell: bash
- name: "Profile 102 - Revoke HTTP-01 single domain lego"
run: |
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" -d lego.acme revoke
shell: bash
================================================
FILE: .github/actions/wf_specific/certifier_ca_handler/enroll_acmeprofile/action.yml
================================================
name: "enroll_102_profile"
description: "wf enrollment 102 profile"
runs:
using: "composite"
steps:
- name: "Sleep for 10s"
uses: juliangruber/sleep-action@v2.0.3
with:
time: 10s
- name: "ACME Profile - Test http://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
shell: bash
- name: "ACME Profile - Test if https://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl --insecure -f https://acme-srv/directory
shell: bash
- name: "ACME Profile - 01 - Enroll lego with profile_id 101"
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" -d lego.acme --http run --profile 101
# sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem lego/certificates/lego.acme.crt
sudo openssl x509 -in lego/certificates/lego.acme.crt -ext extendedKeyUsage -noout | grep -i "TLS Web Client"
shell: bash
- name: "ACME Profile - 02 - Enroll lego with profile_id 102"
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" -d lego.acme --http run --profile 102
# sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem lego/certificates/lego.acme.crt
sudo openssl x509 -in lego/certificates/lego.acme.crt -ext extendedKeyUsage -noout | grep -i "TLS Web Server"
shell: bash
- name: "ACME Profile - 03 - Enroll lego with unknown profile_id"
id: legoprofilefail01
continue-on-error: true
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "lego@example.com" -d lego.acme --http run --profile unknown
# sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem lego/certificates/lego.acme.crt
# sudo openssl x509 -in lego/certificates/lego.acme.crt -ext extendedKeyUsage -noout | grep -i "TLS Web Server"
shell: bash
- name: "EAB - 03 - check result "
if: steps.legoprofilefail01.outcome != 'failure'
run: |
echo "acmefail outcome is ${{steps.legoprofilefail01.outcome }}"
exit 1
shell: bash
================================================
FILE: .github/actions/wf_specific/certifier_ca_handler/enroll_eab_w_acmeprofile/action.yml
================================================
name: "enroll_acme_profile"
description: "wf enrollment acme profile"
inputs:
RECONFIGURE:
description: "Reconfigure the workflow"
required: true
default: "false"
DEPLOYMENT_TYPE:
description: "Deployment type"
required: true
default: "rpm"
runs:
using: "composite"
steps:
- name: "EAB with ACME Profile - Sleep for 10s"
uses: juliangruber/sleep-action@v2.0.3
with:
time: 10s
- name: "EAB with ACME Profile - Test http://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl -f http://acme-srv/directory
shell: bash
- name: "EAB with ACME Profile - Test if https://acme-srv/directory is accessible"
run: docker run -i --rm --network acme curlimages/curl --insecure -f https://acme-srv/directory
shell: bash
- name: "EAB with ACME Profile - 01 - Enroll lego without profile_id"
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego -s https://acme-srv --tls-skip-verify -a --email "lego@example.com" --eab --kid keyid_00 --hmac V2VfbmVlZF9hbm90aGVyX3ZlcnkfX2xvbmdfaG1hY190b19jaGVja19lYWJfZm9yX2tleWlkXzAwX2FzX2xlZ29fZW5mb3JjZXNfYW5faG1hY19sb25nZXJfdGhhbl8yNTZfYml0cw -d lego.acme --http run
# sudo openssl verify -CAfile cert-2.pem -untrusted cert-1.pem lego/certificates/lego.acme.crt
sudo openssl x509 -in lego/certificates/lego.acme.crt -text -noout
sudo openssl x509 -in lego/certificates/lego.acme.crt -ext extendedKeyUsage -noout | grep -i "TLS Web Server Authentication"
shell: bash
- name: "EAB with ACME Profile - Sleep for 10s"
uses: juliangruber/sleep-action@v2.0.3
with:
time: 10s
- name: "Check issuance log entry"
working-directory: examples/Docker/
run: |
if [ "$DEPLOYMENT_TYPE" == "container" ]; then
docker compose logs | grep "issued for account" | grep "with EAB KID keyid_00." | grep "Serial:" | grep "Common Name: lego.acme, SANs: \['DNS:lego.acme'\]"
elif [ "$DEPLOYMENT_TYPE" == "rpm" ]; then
docker exec -i acme-srv bash -c 'tail -n 500 /var/log/messages | grep "issued for account" | grep "with EAB KID keyid_00." | grep "Serial:" | grep "Common Name: lego.acme, SANs:"'
fi
shell: bash
env:
DEPLOYMENT_TYPE: ${{ inputs.DEPLOYMENT_TYPE }}
- name: "EAB with ACME Profile - 01 - revoke lego"
run: |
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego -s https://acme-srv --tls-skip-verify -a --email "lego@example.com" --eab --kid keyid_00 --hmac V2VfbmVlZF9hbm90aGVyX3ZlcnkfX2xvbmdfaG1hY190b19jaGVja19lYWJfZm9yX2tleWlkXzAwX2FzX2xlZ29fZW5mb3JjZXNfYW5faG1hY19sb25nZXJfdGhhbl8yNTZfYml0cw -d lego.acme revoke
shell: bash
- name: "EAB with ACME Profile - Sleep for 20s"
uses: juliangruber/sleep-action@v2.0.3
with:
time: 20s
- name: "Check Revocation log entry"
working-directory: examples/Docker/
run: |
if [ "$DEPLOYMENT_TYPE" == "container" ]; then
docker compose logs | grep "revocation successful for account" | grep "with EAB KID" | grep "Serial" | grep "Common Name: lego.acme, SANs: \['DNS:lego.acme'\]"
elif [ "$DEPLOYMENT_TYPE" == "rpm" ]; then
docker exec -i acme-srv bash -c 'tail -n 500 /var/log/messages | grep "revocation successful for account" | grep "with EAB KID keyid_00."| grep "Serial:" | grep "Common Name: lego.acme, SANs:"'
fi
shell: bash
env:
DEPLOYMENT_TYPE: ${{ inputs.DEPLOYMENT_TYPE }}
- name: "EAB with ACME Profile - 02a - Enroll lego with a template_name taken from header_info NOT included in kid.json (to fail)"
id: legofail01
continue-on-error: true
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego -s https://acme-srv --tls-skip-verify -a --email "lego@example.com" --eab --kid keyid_00 --hmac V2VfbmVlZF9hbm90aGVyX3ZlcnkfX2xvbmdfaG1hY190b19jaGVja19lYWJfZm9yX2tleWlkXzAwX2FzX2xlZ29fZW5mb3JjZXNfYW5faG1hY19sb25nZXJfdGhhbl8yNTZfYml0cw -d lego.acme --http run --profile unknown
shell: bash
- name: "EAB with ACME Profile - 02a - check result "
if: steps.legofail01.outcome != 'failure'
run: |
echo "legofail outcome is ${{steps.legofail01.outcome }}"
exit 1
shell: bash
- name: "EAB with ACME Profile - 02b - Enroll lego with a template_name taken from header_info included in kid.json"
run: |
sudo rm -rf lego/*
docker run -i -v $PWD/lego:/.lego/ --rm --name lego --network acme goacme/lego --tls-skip-verify -s https://acme-srv -a --email "
gitextract_wrrzvmdn/
├── .dockerignore
├── .gitattributes
├── .github/
│ ├── .codecov.yml
│ ├── Caddyfile
│ ├── FUNDING.yml
│ ├── a2c.psql
│ ├── actions/
│ │ ├── acme_clients/
│ │ │ └── action.yml
│ │ ├── acmeshell/
│ │ │ └── action.yml
│ │ ├── cert_gen/
│ │ │ └── action.yml
│ │ ├── container_build/
│ │ │ └── action.yml
│ │ ├── container_build_upload/
│ │ │ └── action.yml
│ │ ├── container_check/
│ │ │ └── action.yml
│ │ ├── container_down/
│ │ │ └── action.yml
│ │ ├── container_load/
│ │ │ └── action.yml
│ │ ├── container_prep/
│ │ │ └── action.yml
│ │ ├── container_run/
│ │ │ └── action.yml
│ │ ├── container_up/
│ │ │ └── action.yml
│ │ ├── deb_build/
│ │ │ └── action.yml
│ │ ├── deb_build_upload/
│ │ │ └── action.yml
│ │ ├── deb_prep/
│ │ │ └── action.yml
│ │ ├── download_artifact/
│ │ │ └── action.yml
│ │ ├── dump-secrets-to-json/
│ │ │ └── action.yml
│ │ ├── mailserver_install/
│ │ │ └── action.yml
│ │ ├── mariadb_prep/
│ │ │ └── action.yml
│ │ ├── mssql_prep/
│ │ │ └── action.yml
│ │ ├── parse-json-secret/
│ │ │ └── action.yml
│ │ ├── psql_prep/
│ │ │ └── action.yml
│ │ ├── rpm_build/
│ │ │ └── action.yml
│ │ ├── rpm_build_upload/
│ │ │ └── action.yml
│ │ ├── rpm_prep/
│ │ │ └── action.yml
│ │ └── wf_specific/
│ │ ├── acme_ca_handler/
│ │ │ ├── compare_profile_info/
│ │ │ │ └── action.yml
│ │ │ ├── compare_renewal_info/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_acmeprofile/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_dns/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_dns_wc/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_eab_acmeprofile/
│ │ │ │ └── action.yml
│ │ │ ├── enrollment_profiling/
│ │ │ │ └── action.yml
│ │ │ ├── le-sim_prep/
│ │ │ │ └── action.yml
│ │ │ └── smallstep_prep/
│ │ │ └── action.yml
│ │ ├── acme_sh/
│ │ │ └── enroll/
│ │ │ └── action.yml
│ │ ├── ari/
│ │ │ └── enroll/
│ │ │ └── action.yml
│ │ ├── asa_ca_handler/
│ │ │ ├── enroll_acmeprofile/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_eab_acmeprofile/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_eab_w_headerinfo/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_eab_wo_headerinfo/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_headerinfo/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_profile_1/
│ │ │ │ └── action.yml
│ │ │ └── enroll_profile_2/
│ │ │ └── action.yml
│ │ ├── certifier_ca_handler/
│ │ │ ├── enroll_101_profile/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_102_profile/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_acmeprofile/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_eab_w_acmeprofile/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_eab_w_headerinfo/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_eab_wo_headerinfo/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_headerinfo/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_no_profile/
│ │ │ │ └── action.yml
│ │ │ └── tunnel_setup/
│ │ │ └── action.yml
│ │ ├── digicert_ca_handler/
│ │ │ ├── enroll_acmeprofile/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_eab/
│ │ │ │ └── action.yml
│ │ │ └── enroll_eab_acmeprofile/
│ │ │ └── action.yml
│ │ ├── disable_challengevalidation/
│ │ │ ├── dehydrated_install/
│ │ │ │ └── action.yml
│ │ │ ├── enroll/
│ │ │ │ └── action.yml
│ │ │ └── enroll_eabprofile/
│ │ │ └── action.yml
│ │ ├── eab/
│ │ │ ├── enroll_unknown_credentials/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_wo_credentials/
│ │ │ │ └── action.yml
│ │ │ └── enroll_wrong_credentials/
│ │ │ └── action.yml
│ │ ├── ejbca_ca_handler/
│ │ │ ├── ejbca_prep/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_acmeprofile/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_eab_acmeprofile/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_eab_w_headerinfo/
│ │ │ │ └── action.yml
│ │ │ └── enroll_eab_wo_headerinfo/
│ │ │ └── action.yml
│ │ ├── emailreply_challengevalidation/
│ │ │ └── acme_email_enroll/
│ │ │ └── action.yml
│ │ ├── enrollment_timeout/
│ │ │ └── enroll/
│ │ │ └── action.yml
│ │ ├── entrust_ca_handler/
│ │ │ ├── enroll/
│ │ │ │ └── action.yml
│ │ │ └── enroll_eab/
│ │ │ └── action.yml
│ │ ├── error_tests/
│ │ │ ├── account_checks/
│ │ │ │ └── action.yml
│ │ │ ├── acmeshell_install/
│ │ │ │ └── action.yml
│ │ │ └── order_checks/
│ │ │ └── action.yml
│ │ ├── harica/
│ │ │ └── acme_enroll/
│ │ │ └── action.yml
│ │ ├── hooks/
│ │ │ └── enroll/
│ │ │ └── action.yml
│ │ ├── manual/
│ │ │ └── setup/
│ │ │ └── action.yml
│ │ ├── ms_ca_handler/
│ │ │ ├── enroll_acmeprofile/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_allowed_domain_list/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_default_headerinfo/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_eab/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_eab_acmeprofile/
│ │ │ │ └── action.yml
│ │ │ └── tunnel_setup/
│ │ │ └── action.yml
│ │ ├── nclm_ca_handler/
│ │ │ └── tunnel_setup/
│ │ │ └── action.yml
│ │ ├── openssl_ca_handler/
│ │ │ ├── enroll_adjust_cert_validity/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_cn_enforce/
│ │ │ │ └── action.yml
│ │ │ └── enroll_w_teamplate/
│ │ │ └── action.yml
│ │ ├── openxpki_ca_handler/
│ │ │ ├── enroll_acmeprofile/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_eab_acmeprofile/
│ │ │ │ └── action.yml
│ │ │ └── openxpki_prep/
│ │ │ └── action.yml
│ │ ├── upgrade/
│ │ │ ├── cleanup/
│ │ │ │ └── action.yml
│ │ │ ├── enroll/
│ │ │ │ └── action.yml
│ │ │ └── renew/
│ │ │ └── action.yml
│ │ ├── vault_ca_handler/
│ │ │ ├── enroll_acmeprofile/
│ │ │ │ └── action.yml
│ │ │ ├── enroll_eab_acmeprofile/
│ │ │ │ └── action.yml
│ │ │ └── vault_prep/
│ │ │ └── action.yml
│ │ └── xca_ca_handler/
│ │ ├── enroll_acmeprofile/
│ │ │ └── action.yml
│ │ ├── enroll_eab/
│ │ │ └── action.yml
│ │ ├── enroll_eab_acmeprofile/
│ │ │ └── action.yml
│ │ ├── enroll_eab_sp/
│ │ │ └── action.yml
│ │ ├── enroll_headerinfo/
│ │ │ └── action.yml
│ │ ├── enroll_no_template/
│ │ │ └── action.yml
│ │ └── enroll_template/
│ │ └── action.yml
│ ├── django_db.sqlite3
│ ├── django_settings.py
│ ├── django_settings_mariadb.py
│ ├── django_settings_mssql.py
│ ├── django_settings_psql.py
│ ├── dns_test.sh
│ ├── dnsmasq.conf
│ ├── dnsmasq.yml
│ ├── est_handler.patch
│ ├── k8s-acme-srv.yml
│ ├── k8s-cert-mgr-dns-01.yml
│ ├── k8s-cert-mgr-http-01.yml
│ ├── mlc_config.json
│ ├── openssl_ca_handler.py_acme_srv_choosen_handler.cfg
│ ├── openssl_ca_handler.py_acme_srv_default_handler.cfg
│ ├── openssl_ca_handler.py_acme_srv_default_handler_dns.cfg
│ ├── openssl_ca_handler_v16.py
│ ├── pgpass
│ ├── pycodestyle
│ ├── pylintrc
│ ├── traefik-matrix.yml
│ └── workflows/
│ ├── app-acme-sh.yml
│ ├── app-caddy.yml
│ ├── app-certbot.yml
│ ├── app-certmanager.yml
│ ├── app-lego.yml
│ ├── app-traeffik.yml
│ ├── app-winacme.yml
│ ├── cahandler-acme.yml
│ ├── cahandler-asa.yml
│ ├── cahandler-certifier.yml
│ ├── cahandler-cmp.yml
│ ├── cahandler-digicert.yml
│ ├── cahandler-dogtag.yml
│ ├── cahandler-ejbca.yml
│ ├── cahandler-est.yml
│ ├── cahandler-freeipa.yml
│ ├── cahandler-harica.yml
│ ├── cahandler-legacy.yml
│ ├── cahandler-msca.yml
│ ├── cahandler-nclm.yml
│ ├── cahandler-openssl.yml
│ ├── cahandler-openxpki.yml
│ ├── cahandler-pkcs7soap.yml
│ ├── cahandler-vault.yml
│ ├── cahandler-xca.yml
│ ├── deployment-arm.yml
│ ├── deployment-django.yml
│ ├── deployment-ha.yml
│ ├── deployment-manual-install.yml
│ ├── deployment-push-images-to-dockerhub.yml
│ ├── deployment-upgrade.yml
│ ├── deployment-wsgi.yml
│ ├── deplyoment-container.yml
│ ├── deplyoment-debian.yml
│ ├── feaature-disablechallengevalidation.yml
│ ├── feature-alpn-challenge.yml
│ ├── feature-ari.yml
│ ├── feature-dns-challenge.yml
│ ├── feature-dryrun.yml
│ ├── feature-eab.yml
│ ├── feature-emailreply-challenge.yml
│ ├── feature-enrollment-timeout.yml
│ ├── feature-headerinfo.yml
│ ├── feature-hooks.yml
│ ├── feature-idempotent-finalize.yml
│ ├── feature-ipaddress-identifier.yml
│ ├── feature-ipv6.yml
│ ├── feature-proxy.yml
│ ├── feature-tnauth.yml
│ ├── helper-dump-secrets.yml
│ ├── main-build.yml
│ ├── main-create-release.yml
│ ├── main-dispatch-broker.yml
│ ├── quality-codescanner.yml
│ ├── quality-error.yml
│ ├── quality-markdown.yml
│ ├── quality-python.yml
│ └── quality-wiki-update.yml
├── .gitignore
├── .pre-commit-config.yaml
├── CHANGES.md
├── LICENSE
├── README.md
├── SECURITY.md
├── acme_srv/
│ ├── __init__.py
│ ├── account.py
│ ├── acmechallenge.py
│ ├── authorization.py
│ ├── certificate.py
│ ├── certificate_business_logic.py
│ ├── certificate_manager.py
│ ├── certificate_repository.py
│ ├── challenge.py
│ ├── challenge_business_logic.py
│ ├── challenge_error_handling.py
│ ├── challenge_registry_setup.py
│ ├── challenge_validators/
│ │ ├── __init__.py
│ │ ├── base.py
│ │ ├── dns_validator.py
│ │ ├── email_reply_validator.py
│ │ ├── http_validator.py
│ │ ├── registry.py
│ │ ├── source_address_validator.py
│ │ ├── tkauth_validator.py
│ │ └── tls_alpn_validator.py
│ ├── directory.py
│ ├── email_handler.py
│ ├── error.py
│ ├── helper.py
│ ├── helpers/
│ │ ├── __init__.py
│ │ ├── certificates.py
│ │ ├── config.py
│ │ ├── crypto.py
│ │ ├── csr.py
│ │ ├── datetime_utils.py
│ │ ├── domain_utils.py
│ │ ├── eab.py
│ │ ├── encoding.py
│ │ ├── global_variables.py
│ │ ├── logging_utils.py
│ │ ├── network.py
│ │ ├── plugin_loader.py
│ │ ├── utils.py
│ │ └── validation.py
│ ├── housekeeping.py
│ ├── message.py
│ ├── monkey_patches.py
│ ├── nonce.py
│ ├── order.py
│ ├── renewalinfo.py
│ ├── signature.py
│ ├── threadwithreturnvalue.py
│ ├── trigger.py
│ └── version.py
├── docs/
│ ├── CONTRIBUTING.md
│ ├── __init__.py
│ ├── a2c-alma-loadbalancing.md
│ ├── a2c-ubuntu-loadbalancing.md
│ ├── acme-clients.md
│ ├── acme_ca.md
│ ├── acme_profiling.md
│ ├── acme_srv.md
│ ├── architecture/
│ │ ├── account-architecture.md
│ │ ├── authorization-architecture.md
│ │ ├── certificate-architecture.md
│ │ ├── challenge-architecture.md
│ │ ├── directory-architecture.md
│ │ ├── order-architecture.md
│ │ └── renewalinfo-architecture.md
│ ├── asa.md
│ ├── async_mode.md
│ ├── ca_handler.md
│ ├── cert-mgr.md
│ ├── certifier.md
│ ├── cmp.md
│ ├── digicert.md
│ ├── eab.md
│ ├── eab_profiling.md
│ ├── ejbca.md
│ ├── entrust.md
│ ├── est.md
│ ├── external_database_support.md
│ ├── header_info.md
│ ├── hooks.md
│ ├── housekeeping.md
│ ├── install_apache2_wsgi.md
│ ├── install_deb.md
│ ├── install_docker.md
│ ├── install_nginx_wsgi.md
│ ├── install_nginx_wsgi_ub22.md
│ ├── install_rpm.md
│ ├── manual_installation.md
│ ├── mscertsrv.md
│ ├── mswcce.md
│ ├── nclm.md
│ ├── openssl.md
│ ├── openxpki.md
│ ├── pkcs7_soap_ca.md
│ ├── poll.md
│ ├── prevalidated_domainlist.md
│ ├── proxy_support.md
│ ├── rfc8823_email_identifier.md
│ ├── tnauthlist.md
│ ├── trigger.md
│ ├── upgrading.md
│ ├── vault.md
│ └── xca.md
├── examples/
│ ├── Docker/
│ │ ├── .env
│ │ ├── .gitignore
│ │ ├── README.md
│ │ ├── almalinux-systemd/
│ │ │ ├── Dockerfile
│ │ │ ├── django_tester.sh
│ │ │ ├── rpm_tester.sh
│ │ │ └── script_tester.sh
│ │ ├── apache2/
│ │ │ ├── django/
│ │ │ │ ├── Dockerfile
│ │ │ │ └── docker-entrypoint.sh
│ │ │ └── wsgi/
│ │ │ ├── Dockerfile
│ │ │ └── docker-entrypoint.sh
│ │ ├── docker-compose.yml
│ │ ├── nginx/
│ │ │ ├── django/
│ │ │ │ ├── Dockerfile
│ │ │ │ └── docker-entrypoint.sh
│ │ │ └── wsgi/
│ │ │ ├── Dockerfile
│ │ │ └── docker-entrypoint.sh
│ │ ├── soap-srv/
│ │ │ ├── Dockerfile
│ │ │ └── docker-entrypoint.sh
│ │ ├── soap_srv.yml
│ │ ├── ubuntu-systemd/
│ │ │ ├── deb_tester.sh
│ │ │ └── django_tester.sh
│ │ └── vault/
│ │ ├── compose.yaml
│ │ └── config.hcl
│ ├── acme2certifier_wsgi.py
│ ├── acme_srv.cfg
│ ├── acme_srv.db.example
│ ├── apache2/
│ │ ├── apache_django.conf
│ │ ├── apache_django_ssl.conf
│ │ ├── apache_wsgi.conf
│ │ └── apache_wsgi_ssl.conf
│ ├── ca_handler/
│ │ ├── __init__.py
│ │ ├── acme_ca_handler.py
│ │ ├── asa_ca_handler.py
│ │ ├── certifier_ca_handler.py
│ │ ├── certsrv.py
│ │ ├── cmp_ca_handler.py
│ │ ├── digicert_ca_handler.py
│ │ ├── ejbca_ca_handler.py
│ │ ├── entrust_ca_handler.py
│ │ ├── est_ca_handler.py
│ │ ├── ms_wcce/
│ │ │ ├── __init__.py
│ │ │ ├── errors.py
│ │ │ ├── request.py
│ │ │ ├── rpc.py
│ │ │ └── target.py
│ │ ├── mscertsrv_ca_handler.py
│ │ ├── mswcce_ca_handler.py
│ │ ├── nclm_ca_handler.py
│ │ ├── openssl_ca_handler.py
│ │ ├── openxpki_ca_handler.py
│ │ ├── pkcs7_soap_ca_handler.py
│ │ ├── skeleton_ca_handler.py
│ │ ├── vault_ca_handler.py
│ │ └── xca_ca_handler.py
│ ├── db_handler/
│ │ ├── __init__.py
│ │ ├── django_handler.py
│ │ └── wsgi_handler.py
│ ├── django/
│ │ ├── acme2certifier/
│ │ │ ├── __init__.py
│ │ │ ├── settings.py
│ │ │ ├── urls.py
│ │ │ └── wsgi.py
│ │ ├── acme_srv/
│ │ │ ├── __init__.py
│ │ │ ├── a2c_response.py
│ │ │ ├── admin.py
│ │ │ ├── fixture/
│ │ │ │ ├── __init__.py
│ │ │ │ └── status.yaml
│ │ │ ├── migrations/
│ │ │ │ └── __init__.py
│ │ │ ├── models.py
│ │ │ ├── tests.py
│ │ │ ├── urls.py
│ │ │ └── views.py
│ │ └── manage.py
│ ├── eab_handler/
│ │ ├── file_handler.py
│ │ ├── json_handler.py
│ │ ├── key_file.csv
│ │ ├── key_file.json
│ │ ├── kid_profile_handler.py
│ │ ├── kid_profiles.json
│ │ ├── kid_profiles.yml
│ │ ├── skeleton_eab_handler.py
│ │ └── sql_handler.py
│ ├── ejbca/
│ │ ├── certprofile_acmeca1-673448746.xml
│ │ ├── certprofile_acmeca2-83252423.xml
│ │ └── entityprofile_acmeca-1535885215.xml
│ ├── hooks/
│ │ ├── cn_dump_hooks.py
│ │ ├── email_hooks.py
│ │ ├── exception_test_hooks.py
│ │ └── skeleton_hooks.py
│ ├── install_scripts/
│ │ ├── a2c-centos9-nginx.sh
│ │ ├── a2c-ubuntu22-apache2.sh
│ │ ├── a2c-ubuntu22-nginx.sh
│ │ ├── debian/
│ │ │ ├── acme2certifier.install
│ │ │ ├── changelog
│ │ │ ├── conffiles
│ │ │ ├── control
│ │ │ ├── copyright
│ │ │ ├── postinst
│ │ │ └── rules
│ │ └── rpm/
│ │ └── acme2certifier.spec
│ ├── nginx/
│ │ ├── acme2certifier.ini
│ │ ├── acme2certifier.te
│ │ ├── nginx_acme_srv.conf
│ │ ├── nginx_acme_srv_ssl.conf
│ │ ├── supervisord.conf
│ │ └── uwsgi.service
│ ├── reports/
│ │ ├── account_report.csv
│ │ ├── account_report.json
│ │ ├── account_report_nested.json
│ │ ├── acme_srv.db.example
│ │ ├── cert_report.csv
│ │ └── cert_report.json
│ ├── soap/
│ │ ├── mock_signer.py
│ │ ├── mock_soap_srv.py
│ │ └── soap_srv.cfg
│ └── trigger/
│ └── certifier_trigger.sh
├── pyproject.toml
├── requirements.txt
├── setup.py
├── sonar-project.properties
├── test/
│ ├── __init__.py
│ ├── ca/
│ │ ├── acme2certifier-clean.xdb
│ │ ├── certs.p7b
│ │ ├── certs.pem
│ │ ├── certs_der.p7b
│ │ ├── certsrv_ca_certs.pem
│ │ ├── csr.der
│ │ ├── fr1.txt
│ │ ├── fr2.txt
│ │ ├── root-ca-cert.pem
│ │ ├── root-ca-client.pem
│ │ ├── root-ca-client.txt
│ │ ├── sub-ca-cert.pem
│ │ ├── sub-ca-client.pem
│ │ ├── sub-ca-client.txt
│ │ ├── sub-ca-crl.pem
│ │ └── sub-ca-key.pem
│ ├── test_account.py
│ ├── test_acme_ca_handler.py
│ ├── test_acmechallenge.py
│ ├── test_asa_ca_handler.py
│ ├── test_authorization.py
│ ├── test_certificate.py
│ ├── test_certificate_business_logic.py
│ ├── test_certificate_manager.py
│ ├── test_certificate_repository.py
│ ├── test_certifier_handler.py
│ ├── test_challenge.py
│ ├── test_challenge_business_logic.py
│ ├── test_challenge_error_handling.py
│ ├── test_challenge_registry_setup.py
│ ├── test_challenge_validators.py
│ ├── test_cli.py
│ ├── test_cmp_ca_handler.py
│ ├── test_digicert.py
│ ├── test_directory.py
│ ├── test_django_update.py
│ ├── test_eabfile_handler.py
│ ├── test_eabjson_handler.py
│ ├── test_eabkid_profile_handler.py
│ ├── test_eabsql_handler.py
│ ├── test_ejbca_handler.py
│ ├── test_email_handler.py
│ ├── test_email_hooks.py
│ ├── test_entrust.py
│ ├── test_error.py
│ ├── test_est_ca_handler.py
│ ├── test_helper.py
│ ├── test_housekeeping.py
│ ├── test_message.py
│ ├── test_msca_handler.py
│ ├── test_mswcce_ca_handler.py
│ ├── test_nclm_ca_handler.py
│ ├── test_nonce.py
│ ├── test_openssl_ca_handler.py
│ ├── test_openxpki_ca_handler.py
│ ├── test_order.py
│ ├── test_pkcs7_soap_ca_handler.py
│ ├── test_renewalinfo.py
│ ├── test_signature.py
│ ├── test_trigger.py
│ ├── test_vault_handler.py
│ ├── test_wsgi_acme2certifier.py
│ ├── test_wsgi_handler.py
│ └── test_xca_ca_handler.py
└── tools/
├── a2c_cli.py
├── cert_poll.py
├── cliuser_mgmt.py
├── db_update.py
├── django_secret_keygen.py
├── django_update.py
├── eab_chk.py
├── entrust_mgr.py
├── invalidator.py
├── mswcce_connection_test.py
└── report_generator.py
Showing preview only (566K chars total). Download the full file or copy to clipboard to get everything.
SYMBOL INDEX (5718 symbols across 137 files)
FILE: .github/openssl_ca_handler_v16.py
class CAhandler (line 27) | class CAhandler(object):
method __init__ (line 30) | def __init__(self, debug=None, logger=None):
method __enter__ (line 46) | def __enter__(self):
method __exit__ (line 52) | def __exit__(self, *args):
method _ca_load (line 55) | def _ca_load(self):
method _certificate_chain_verify (line 80) | def _certificate_chain_verify(self, cert, ca_cert):
method _certificate_extensions_add (line 138) | def _certificate_extensions_add(self, cert_extension_dic, cert, ca_cert):
method _certificate_extensions_load (line 202) | def _certificate_extensions_load(self):
method _certificate_store (line 238) | def _certificate_store(self, cert):
method _config_check (line 270) | def _config_check(self):
method _config_load (line 329) | def _config_load(self):
method _crl_check (line 387) | def _crl_check(self, crl, serial):
method _csr_check (line 407) | def _csr_check(self, csr):
method _list_check (line 459) | def _list_check(self, entry, list_, toggle=False):
method _pemcertchain_generate (line 487) | def _pemcertchain_generate(self, ee_cert, issuer_cert):
method _string_wlbl_check (line 504) | def _string_wlbl_check(self, entry, white_list, black_list):
method enroll (line 534) | def enroll(self, csr):
method poll (line 664) | def poll(self, _cert_name, poll_identifier, _csr):
method revoke (line 676) | def revoke(self, cert, rev_reason="unspecified", rev_date=None):
method trigger (line 747) | def trigger(self, _payload):
FILE: acme_srv/account.py
class ExternalAccountBinding (line 32) | class ExternalAccountBinding:
method __init__ (line 35) | def __init__(self, logger, eab_handler, server_name=None):
method get_kid (line 40) | def get_kid(self, protected: str) -> str:
method compare_jwk (line 56) | def compare_jwk(self, protected: dict, payload: str) -> bool:
method verify_signature (line 77) | def verify_signature(self, content: dict, mac_key: str) -> tuple:
method verify (line 94) | def verify(self, payload: dict, err_msg_dic: dict) -> tuple:
method check (line 123) | def check(self, protected: dict, payload: dict, err_msg_dic: dict) -> ...
class AccountDatabaseError (line 151) | class AccountDatabaseError(Exception):
class AccountRepository (line 157) | class AccountRepository:
method __init__ (line 160) | def __init__(self, dbstore, logger=None):
method lookup_account (line 164) | def lookup_account(self, field: str, value: str) -> Optional[Dict[str,...
method add_account (line 172) | def add_account(self, data_dic: Dict[str, str]) -> Tuple[Optional[str]...
method update_account (line 180) | def update_account(self, data_dic: Dict[str, str], active: bool = True...
method delete_account (line 188) | def delete_account(self, account_name: str) -> bool:
method load_jwk (line 196) | def load_jwk(self, account_name: str) -> Optional[Dict[str, str]]:
class AccountConfiguration (line 206) | class AccountConfiguration:
class AccountData (line 222) | class AccountData:
class Account (line 234) | class Account:
method __init__ (line 237) | def __init__(self, debug: bool = False, srv_name: str = None, logger=N...
method __enter__ (line 246) | def __enter__(self) -> "Order":
method __exit__ (line 251) | def __exit__(self, *args) -> None:
method _load_configuration (line 256) | def _load_configuration(self):
method _add_account_to_db (line 294) | def _add_account_to_db(
method _validate_contact (line 318) | def _validate_contact(self, contact: List[str]) -> Tuple[int, str, str]:
method _check_tos (line 331) | def _check_tos(self, content: Dict[str, str]) -> Tuple[int, str, str]:
method _create_account (line 353) | def _create_account(
method _parse_query (line 405) | def _parse_query(self, account_name: str) -> Dict[str, str]:
method _onlyreturnexisting (line 420) | def _onlyreturnexisting(
method _handle_deactivation (line 458) | def _handle_deactivation(
method _deactivate_account (line 474) | def _deactivate_account(self, account_name: str) -> Tuple[int, str, str]:
method _handle_contact_update (line 496) | def _handle_contact_update(
method _update_account_contacts (line 509) | def _update_account_contacts(
method _handle_key_change (line 531) | def _handle_key_change(
method _rollover_account_key (line 557) | def _rollover_account_key(
method _validate_key_change (line 594) | def _validate_key_change(
method _handle_account_query (line 642) | def _handle_account_query(self, account_name: str) -> Dict[str, str]:
method _lookup_account_by_name (line 653) | def _lookup_account_by_name(self, value: str) -> Optional[Dict[str, st...
method _lookup_account_by_field (line 664) | def _lookup_account_by_field(
method _build_account_info (line 677) | def _build_account_info(self, account_obj: Dict[str, str]) -> Dict[str...
method _build_response (line 694) | def _build_response(
method create_account (line 737) | def create_account(self, content: Dict[str, str]) -> Dict[str, str]:
method parse_request (line 753) | def parse_request(self, content: Dict[str, str]) -> Dict[str, str]:
method new (line 776) | def new(self, content: Dict[str, str]) -> Dict[str, str]:
method parse (line 780) | def parse(self, content: Dict[str, str]) -> Dict[str, str]:
FILE: acme_srv/acmechallenge.py
class Acmechallenge (line 7) | class Acmechallenge(object):
method __init__ (line 10) | def __init__(self, debug=None, srv_name=None, logger=None):
method __enter__ (line 16) | def __enter__(self):
method __exit__ (line 20) | def __exit__(self, *args):
method lookup (line 23) | def lookup(self, path_info: str) -> str:
FILE: acme_srv/authorization.py
class AuthorizationError (line 23) | class AuthorizationError(Exception):
class AuthorizationNotFoundError (line 30) | class AuthorizationNotFoundError(AuthorizationError):
class AuthorizationExpiredError (line 37) | class AuthorizationExpiredError(AuthorizationError):
class ConfigurationError (line 44) | class ConfigurationError(AuthorizationError):
class AuthorizationConfiguration (line 52) | class AuthorizationConfiguration:
class AuthorizationData (line 64) | class AuthorizationData:
method to_dict (line 75) | def to_dict(self) -> Dict[str, str]:
class AuthorizationRepository (line 94) | class AuthorizationRepository:
method __init__ (line 97) | def __init__(self, dbstore: DBstore, logger):
method find_authorization_by_name (line 101) | def find_authorization_by_name(
method update_authorization_expiry (line 133) | def update_authorization_expiry(
method search_expired_authorizations (line 153) | def search_expired_authorizations(
method mark_authorization_as_expired (line 173) | def mark_authorization_as_expired(self, authz_name: str) -> None:
method mark_authorization_as_valid (line 191) | def mark_authorization_as_valid(self, authz_name: str) -> None:
method mark_order_as_ready (line 209) | def mark_order_as_ready(self, order_name: str) -> None:
class AuthorizationBusinessLogic (line 226) | class AuthorizationBusinessLogic:
method __init__ (line 229) | def __init__(
method extract_authorization_name_from_url (line 239) | def extract_authorization_name_from_url(self, url: str, server_name: s...
method generate_authorization_token_and_expiry (line 250) | def generate_authorization_token_and_expiry(self) -> Tuple[str, int]:
method enrich_authorization_with_identifier_info (line 264) | def enrich_authorization_with_identifier_info(
method extract_identifier_info_for_challenge (line 302) | def extract_identifier_info_for_challenge(
method is_authorization_eligible_for_expiry (line 319) | def is_authorization_eligible_for_expiry(self, auth_record: Dict[str, ...
class ChallengeSetManager (line 340) | class ChallengeSetManager:
method __init__ (line 343) | def __init__(self, debug: bool, server_name: str, logger):
method get_challenge_set_for_authorization (line 348) | def get_challenge_set_for_authorization(
class Authorization (line 374) | class Authorization(object):
method __init__ (line 377) | def __init__(
method __enter__ (line 399) | def __enter__(self):
method __exit__ (line 408) | def __exit__(self, *args):
method _load_configuration (line 413) | def _load_configuration(self) -> AuthorizationConfiguration:
method get_authorization_details (line 462) | def get_authorization_details(self, url: str) -> Optional[Dict[str, st...
method _apply_eab_and_domain_whitelist (line 551) | def _apply_eab_and_domain_whitelist(
method _apply_eab_profile (line 560) | def _apply_eab_profile(self, authz_name, auth_details):
method _apply_domain_whitelist (line 590) | def _apply_domain_whitelist(
method expire_invalid_authorizations (line 616) | def expire_invalid_authorizations(
method handle_get_request (line 672) | def handle_get_request(self, url: str) -> Dict[str, str]:
method handle_post_request (line 690) | def handle_post_request(self, content: str) -> Dict[str, str]:
method new_get (line 738) | def new_get(self, url: str) -> Dict[str, str]:
method new_post (line 743) | def new_post(self, content: str) -> Dict[str, str]:
method invalidate (line 748) | def invalidate(self, timestamp: int = None) -> Tuple[List[str], List[s...
FILE: acme_srv/certificate.py
class CertificateLogger (line 38) | class CertificateLogger:
method __init__ (line 41) | def __init__(self, logger, cert_operations_log: str, repository):
method log_certificate_issuance (line 54) | def log_certificate_issuance(
method log_certificate_revocation (line 122) | def log_certificate_revocation(self, certificate: str, code: int):
method _log_as_json (line 179) | def _log_as_json(self, data_dic: Dict, operation_type: str):
method _log_issuance_as_text (line 187) | def _log_issuance_as_text(self, certificate_name: str, data_dic: Dict):
method _log_revocation_as_text (line 207) | def _log_revocation_as_text(self, data_dic: Dict):
class CertificateConfiguration (line 227) | class CertificateConfiguration:
class Certificate (line 247) | class Certificate(object):
method __init__ (line 257) | def __init__(self, debug: bool = False, srv_name: str = None, logger=N...
method __enter__ (line 285) | def __enter__(self):
method __exit__ (line 290) | def __exit__(self, *args):
method _validate_input_parameters (line 293) | def _validate_input_parameters(self, **kwargs) -> Dict[str, str]:
method _create_error_response (line 303) | def _create_error_response(
method _validate_certificate_account_ownership (line 309) | def _validate_certificate_account_ownership(
method _validate_certificate_authorization (line 329) | def _validate_certificate_authorization(
method _validate_order_authorization (line 379) | def _validate_order_authorization(self, order_name: str, certificate: ...
method _check_certificate_reusability (line 414) | def _check_certificate_reusability(self, csr: str) -> Tuple[None, str,...
method _load_hooks_configuration (line 484) | def _load_hooks_configuration(self, config_dic: Dict[str, str]):
method _load_certificate_parameters (line 511) | def _load_certificate_parameters(self, config_dic: Dict[str, str] = No...
method _load_configuration (line 582) | def _load_configuration(self):
method _load_and_validate_identifiers (line 608) | def _load_and_validate_identifiers(
method _validate_csr_against_order (line 653) | def _validate_csr_against_order(self, certificate_name: str, csr: str)...
method _process_certificate_enrollment (line 694) | def _process_certificate_enrollment(self, csr: str) -> Tuple[str, str,...
method _get_certificate_renewal_info (line 729) | def _get_certificate_renewal_info(self, certificate: str) -> str:
method _store_certificate_and_update_order (line 744) | def _store_certificate_and_update_order(
method _handle_enrollment_error (line 801) | def _handle_enrollment_error(
method _execute_pre_enrollment_hooks (line 837) | def _execute_pre_enrollment_hooks(
method _execute_post_enrollment_hooks (line 860) | def _execute_post_enrollment_hooks(
method _process_enrollment_and_store_certificate (line 885) | def _process_enrollment_and_store_certificate(
method _check_identifier_match (line 953) | def _check_identifier_match(
method _validate_identifiers_against_sans (line 974) | def _validate_identifiers_against_sans(
method _check_tnauth_identifier_match (line 1011) | def _check_tnauth_identifier_match(
method _validate_identifiers_against_tnauthlist (line 1029) | def _validate_identifiers_against_tnauthlist(
method _get_certificate_info (line 1058) | def _get_certificate_info(
method _update_order_status (line 1074) | def _update_order_status(self, data_dic: Dict[str, str]):
method _validate_revocation_reason (line 1082) | def _validate_revocation_reason(self, reason: str) -> str:
method _validate_revocation_request (line 1106) | def _validate_revocation_request(
method _store_certificate_in_database (line 1154) | def _store_certificate_in_database(
method _store_certificate_error (line 1196) | def _store_certificate_error(
method _check_for_tnauth_identifiers (line 1216) | def _check_for_tnauth_identifiers(self, identifier_dic: Dict[str, str]...
method certlist_search (line 1232) | def certlist_search(
method cleanup (line 1250) | def cleanup(
method _update_certificate_dates (line 1269) | def _update_certificate_dates(self, cert: Dict[str, str]):
method dates_update (line 1295) | def dates_update(self):
method _handle_enrollment_thread_execution (line 1311) | def _handle_enrollment_thread_execution(
method _parse_enrollment_result (line 1341) | def _parse_enrollment_result(self, enroll_result) -> Tuple[str, str]:
method process_certificate_enrollment_request (line 1354) | def process_certificate_enrollment_request(
method _determine_certificate_response (line 1405) | def _determine_certificate_response(self, cert_info: Dict) -> Dict[str...
method _handle_valid_certificate (line 1421) | def _handle_valid_certificate(self, cert_info: Dict) -> Dict[str, str]:
method _handle_processing_certificate (line 1432) | def _handle_processing_certificate(self) -> Dict[str, str]:
method get_certificate_details (line 1440) | def get_certificate_details(self, url: str) -> Dict[str, str]:
method _validate_certificate_request_message (line 1478) | def _validate_certificate_request_message(
method _prepare_certificate_response (line 1495) | def _prepare_certificate_response(
method process_certificate_request (line 1516) | def process_certificate_request(self, content: str) -> Dict[str, str]:
method _validate_revocation_message (line 1584) | def _validate_revocation_message(
method _process_certificate_revocation (line 1601) | def _process_certificate_revocation(
method revoke_certificate (line 1638) | def revoke_certificate(self, content: str) -> Dict[str, str]:
method _handle_successful_certificate_poll (line 1694) | def _handle_successful_certificate_poll(
method _handle_failed_certificate_poll (line 1726) | def _handle_failed_certificate_poll(
method poll_certificate_status (line 1753) | def poll_certificate_status(
method store_certificate_signing_request (line 1811) | def store_certificate_signing_request(
method enroll_and_store (line 1844) | def enroll_and_store(
method new_get (line 1853) | def new_get(self, url: str) -> Dict[str, str]:
method new_post (line 1858) | def new_post(self, content: str) -> Dict[str, str]:
method revoke (line 1863) | def revoke(self, content: str) -> Dict[str, str]:
method poll (line 1868) | def poll(
method store_csr (line 1877) | def store_csr(self, order_name: str, csr: str, header_info: str) -> str:
FILE: acme_srv/certificate_business_logic.py
class CertificateBusinessLogic (line 20) | class CertificateBusinessLogic:
method __init__ (line 34) | def __init__(self, debug: bool = False, logger=None, err_msg_dic=None,...
method validate_csr (line 50) | def validate_csr(
method calculate_certificate_dates (line 92) | def calculate_certificate_dates(self, certificate_raw: str) -> Tuple[i...
method generate_certificate_name (line 113) | def generate_certificate_name(self) -> str:
method validate_certificate_data (line 122) | def validate_certificate_data(self, certificate: str) -> bool:
method extract_certificate_info (line 161) | def extract_certificate_info(self, certificate: str) -> Dict[str, str]:
method sanitize_certificate_name (line 192) | def sanitize_certificate_name(self, certificate_name: str) -> str:
method format_certificate_response (line 208) | def format_certificate_response(
FILE: acme_srv/certificate_manager.py
class CertificateManager (line 13) | class CertificateManager:
method __init__ (line 30) | def __init__(
method search_certificates (line 57) | def search_certificates(
method get_certificate_info (line 122) | def get_certificate_info(self, certificate_name: str) -> Dict[str, str]:
method store_certificate (line 151) | def store_certificate(
method update_certificate_dates (line 223) | def update_certificate_dates(self, certificate_name: str = None) -> Tu...
method cleanup_certificates (line 294) | def cleanup_certificates(
method _check_invalidation (line 368) | def _check_invalidation(
method _assume_expirydate (line 408) | def _assume_expirydate(
method _get_expiredate (line 431) | def _get_expiredate(
method check_account_authorization (line 458) | def check_account_authorization(
method prepare_certificate_response (line 496) | def prepare_certificate_response(
method update_order_status (line 513) | def update_order_status(
method get_certificate_by_order (line 543) | def get_certificate_by_order(self, order_name: str) -> Dict[str, str]:
method validate_and_store_csr (line 571) | def validate_and_store_csr(
FILE: acme_srv/certificate_repository.py
class CertificateRepository (line 9) | class CertificateRepository(ABC):
method search_certificates (line 14) | def search_certificates(
method get_certificate_info (line 21) | def get_certificate_info(self, certificate_name: str) -> Dict[str, str]:
method search_expired_certificates (line 26) | def search_expired_certificates(
method certificate_account_check (line 33) | def certificate_account_check(
method certificate_lookup (line 40) | def certificate_lookup(
method certificate_add (line 47) | def certificate_add(self, data_dic: Dict[str, Any]) -> int:
method certificate_delete (line 52) | def certificate_delete(self, key: str, value: Any) -> bool:
method order_lookup (line 57) | def order_lookup(
method order_update (line 64) | def order_update(self, data_dic: Dict[str, Any]) -> bool:
class DatabaseCertificateRepository (line 69) | class DatabaseCertificateRepository(CertificateRepository):
method __init__ (line 72) | def __init__(self, dbstore: DBstore, logger):
method search_certificates (line 76) | def search_certificates(
method get_certificate_info (line 115) | def get_certificate_info(self, certificate_name: str) -> Dict[str, str]:
method add_certificate (line 150) | def add_certificate(self, data_dic: Dict[str, str]) -> bool:
method delete_certificate (line 171) | def delete_certificate(self, certificate_name: str) -> bool:
method get_account_check_result (line 196) | def get_account_check_result(
method update_order (line 221) | def update_order(self, data_dic: Dict[str, str]) -> bool:
method get_orders_by_account (line 242) | def get_orders_by_account(self, account_name: str) -> List[Dict[str, s...
method search_expired_certificates (line 266) | def search_expired_certificates(
method get_certificate_by_order (line 300) | def get_certificate_by_order(self, order_name: str) -> Dict[str, str]:
method store_certificate_operation_log (line 324) | def store_certificate_operation_log(
method certificate_account_check (line 357) | def certificate_account_check(
method certificate_lookup (line 375) | def certificate_lookup(
method certificate_add (line 394) | def certificate_add(self, data_dic: Dict[str, Any]) -> int:
method certificate_delete (line 408) | def certificate_delete(self, key: str, value: Any) -> bool:
method order_lookup (line 422) | def order_lookup(
method order_update (line 439) | def order_update(self, data_dic: Dict[str, Any]) -> bool:
FILE: acme_srv/challenge.py
class ChallengeConfiguration (line 48) | class ChallengeConfiguration:
class DatabaseChallengeRepository (line 68) | class DatabaseChallengeRepository(ChallengeRepository):
method __init__ (line 71) | def __init__(self, dbstore: DBstore, logger, expiry: float = 3600):
method find_challenges_by_authorization (line 76) | def find_challenges_by_authorization(
method get_challengeinfo_by_challengename (line 117) | def get_challengeinfo_by_challengename(
method get_challenge_by_name (line 147) | def get_challenge_by_name(
method create_challenge (line 195) | def create_challenge(self, request: ChallengeCreationRequest) -> Optio...
method update_challenge (line 232) | def update_challenge(self, request: ChallengeUpdateRequest) -> bool:
method update_authorization_status (line 260) | def update_authorization_status(self, challenge_name: str, status: str...
method get_account_jwk (line 292) | def get_account_jwk(self, challenge_name: str) -> Optional[Dict[str, A...
class Challenge (line 317) | class Challenge:
method __init__ (line 320) | def __init__(
method __enter__ (line 359) | def __enter__(self):
method __exit__ (line 364) | def __exit__(self, *args):
method _create_error_response (line 369) | def _create_error_response(
method _create_success_response (line 377) | def _create_success_response(self, response_dic: Dict[str, Any]) -> Di...
method _execute_challenge_validation (line 383) | def _execute_challenge_validation(self, challenge_name: str) -> Valida...
method _extract_challenge_name_from_url (line 416) | def _extract_challenge_name_from_url(self, url: str) -> str:
method _get_challenge_validation_details (line 425) | def _get_challenge_validation_details(
method _handle_challenge_validation_request (line 475) | def _handle_challenge_validation_request(
method _handle_validation_disabled (line 546) | def _handle_validation_disabled(self, challenge_name: str) -> bool:
method _load_address_check_configuration (line 578) | def _load_address_check_configuration(self, config_dic: Dict[str, str]):
method _load_dns_configuration (line 601) | def _load_dns_configuration(self, config_dic: Dict[str, str]):
method _load_proxy_configuration (line 631) | def _load_proxy_configuration(self, config_dic: Dict[str, str]):
method _load_configuration (line 648) | def _load_configuration(self):
method _initialize_business_logic_components (line 717) | def _initialize_business_logic_components(self):
method _ensure_components_initialized (line 735) | def _ensure_components_initialized(self):
method _get_eab_kid_from_challenge (line 742) | def _get_eab_kid_from_challenge(self, challenge_name: str) -> Optional...
method _get_challenge_profile_settings (line 773) | def _get_challenge_profile_settings(
method _apply_eab_profile_settings (line 807) | def _apply_eab_profile_settings(self, settings: Dict[str, bool], eab_k...
method _check_challenge_validation_eabprofile (line 834) | def _check_challenge_validation_eabprofile(self, challenge_name: str):
method _perform_challenge_validation (line 870) | def _perform_challenge_validation(
method _perform_source_address_validation (line 914) | def _perform_source_address_validation(
method _perform_validation_with_retry (line 984) | def _perform_validation_with_retry(
method _start_async_validation (line 1011) | def _start_async_validation(self, challenge_name: str, payload: Dict[s...
method _update_challenge_state_from_validation (line 1027) | def _update_challenge_state_from_validation(
method _validate_tnauthlist_payload (line 1046) | def _validate_tnauthlist_payload(
method get_challenge_details (line 1071) | def get_challenge_details(self, url: str) -> Dict[str, str]:
method process_challenge_request (line 1094) | def process_challenge_request(self, content: str) -> Dict[str, str]:
method retrieve_challenge_set (line 1143) | def retrieve_challenge_set(
method get (line 1183) | def get(self, url: str) -> Dict[str, str]:
method challengeset_get (line 1188) | def challengeset_get(self, *args, **kwargs) -> List[Dict[str, str]]:
method parse (line 1193) | def parse(self, content: str) -> Dict[str, str]:
FILE: acme_srv/challenge_business_logic.py
class ChallengeInfo (line 14) | class ChallengeInfo:
class ChallengeCreationRequest (line 30) | class ChallengeCreationRequest:
class ChallengeUpdateRequest (line 41) | class ChallengeUpdateRequest:
class ChallengeRepository (line 52) | class ChallengeRepository(ABC):
method find_challenges_by_authorization (line 57) | def find_challenges_by_authorization(
method get_challenge_by_name (line 64) | def get_challenge_by_name(self, name: str) -> Optional[ChallengeInfo]:
method get_challengeinfo_by_challengename (line 69) | def get_challengeinfo_by_challengename(self, name: str) -> Optional[Ch...
method create_challenge (line 74) | def create_challenge(self, request: ChallengeCreationRequest) -> Optio...
method update_challenge (line 79) | def update_challenge(self, request: ChallengeUpdateRequest) -> bool:
method update_authorization_status (line 84) | def update_authorization_status(self, challenge_name: str, status: str...
method get_account_jwk (line 89) | def get_account_jwk(self, challenge_name: str) -> Optional[Dict[str, A...
class ChallengeStateManager (line 94) | class ChallengeStateManager:
method __init__ (line 97) | def __init__(self, repository: ChallengeRepository, logger: logging.Lo...
method transition_to_processing (line 101) | def transition_to_processing(self, challenge_name: str) -> bool:
method transition_to_valid (line 118) | def transition_to_valid(
method transition_to_invalid (line 149) | def transition_to_invalid(
method update_key_authorization (line 180) | def update_key_authorization(
class ChallengeFactory (line 198) | class ChallengeFactory:
method __init__ (line 201) | def __init__(
method create_standard_challenge_set (line 215) | def create_standard_challenge_set(
method create_email_reply_challenge (line 244) | def create_email_reply_challenge(
method create_tkauth_challenge (line 266) | def create_tkauth_challenge(
method create_single_challenge (line 280) | def create_single_challenge(
class ChallengeService (line 347) | class ChallengeService:
method __init__ (line 350) | def __init__(
method get_challenge_set_for_authorization (line 362) | def get_challenge_set_for_authorization(
method _format_existing_challenges (line 404) | def _format_existing_challenges(
method _create_new_challenge_set (line 445) | def _create_new_challenge_set(
FILE: acme_srv/challenge_error_handling.py
class ErrorCategory (line 14) | class ErrorCategory(Enum):
class ErrorSeverity (line 27) | class ErrorSeverity(Enum):
class ErrorDetail (line 37) | class ErrorDetail:
class ChallengeError (line 48) | class ChallengeError(Exception):
method __init__ (line 51) | def __init__(
class ValidationError (line 71) | class ValidationError(ChallengeError):
method __init__ (line 74) | def __init__(self, message: str, **kwargs):
class NetworkError (line 78) | class NetworkError(ChallengeError):
method __init__ (line 81) | def __init__(self, message: str, **kwargs):
class DatabaseError (line 85) | class DatabaseError(ChallengeError):
method __init__ (line 88) | def __init__(self, message: str, **kwargs):
class ConfigurationError (line 97) | class ConfigurationError(ChallengeError):
method __init__ (line 100) | def __init__(self, message: str, **kwargs):
class AuthenticationError (line 109) | class AuthenticationError(ChallengeError):
method __init__ (line 112) | def __init__(self, message: str, **kwargs):
class MalformedRequestError (line 121) | class MalformedRequestError(ChallengeError):
method __init__ (line 124) | def __init__(self, message: str, **kwargs):
class TimeoutError (line 128) | class TimeoutError(ChallengeError):
method __init__ (line 131) | def __init__(self, message: str, **kwargs):
class UnsupportedChallengeTypeError (line 135) | class UnsupportedChallengeTypeError(ValidationError):
method __init__ (line 138) | def __init__(self, challenge_type: str, supported_types: List[str]):
class DNSResolutionError (line 151) | class DNSResolutionError(NetworkError):
method __init__ (line 154) | def __init__(self, domain: str, dns_servers: Optional[List[str]] = None):
class HTTPChallengeError (line 164) | class HTTPChallengeError(ValidationError):
method __init__ (line 167) | def __init__(self, url: str, expected: str, received: str):
class DNSChallengeError (line 181) | class DNSChallengeError(ValidationError):
method __init__ (line 184) | def __init__(self, dns_record: str, expected_hash: str, found_records:...
class TLSALPNChallengeError (line 198) | class TLSALPNChallengeError(ValidationError):
method __init__ (line 201) | def __init__(self, domain: str, expected_extension: str):
class ErrorHandler (line 211) | class ErrorHandler:
method __init__ (line 214) | def __init__(self, logger: logging.Logger):
method handle_error (line 218) | def handle_error(
method _log_error (line 246) | def _log_error(self, error_detail: ErrorDetail, original_error: Except...
method create_acme_error_response (line 276) | def create_acme_error_response(
class ErrorRecovery (line 308) | class ErrorRecovery:
method __init__ (line 311) | def __init__(self, logger: logging.Logger):
method should_retry (line 314) | def should_retry(self, error_detail: ErrorDetail, attempt_count: int) ...
method get_retry_delay (line 342) | def get_retry_delay(self, attempt_count: int) -> float:
FILE: acme_srv/challenge_registry_setup.py
function create_challenge_validator_registry (line 20) | def create_challenge_validator_registry(
function create_custom_registry (line 60) | def create_custom_registry(
FILE: acme_srv/challenge_validators/base.py
class ValidationResult (line 14) | class ValidationResult:
class ChallengeContext (line 24) | class ChallengeContext:
class ChallengeValidationError (line 40) | class ChallengeValidationError(Exception):
class ValidationTimeoutError (line 46) | class ValidationTimeoutError(ChallengeValidationError):
class InvalidChallengeTypeError (line 52) | class InvalidChallengeTypeError(ChallengeValidationError):
class ChallengeValidator (line 58) | class ChallengeValidator(ABC):
method __init__ (line 61) | def __init__(self, logger: logging.Logger):
method get_challenge_type (line 65) | def get_challenge_type(self) -> str:
method perform_validation (line 70) | def perform_validation(self, context: ChallengeContext) -> ValidationR...
method validate_challenge (line 82) | def validate_challenge(self, context: ChallengeContext) -> ValidationR...
FILE: acme_srv/challenge_validators/dns_validator.py
class DnsChallengeValidator (line 9) | class DnsChallengeValidator(ChallengeValidator):
method get_challenge_type (line 12) | def get_challenge_type(self) -> str:
method perform_validation (line 15) | def perform_validation(self, context: ChallengeContext) -> ValidationR...
method _handle_wildcard_domain (line 69) | def _handle_wildcard_domain(self, fqdn: str) -> str:
FILE: acme_srv/challenge_validators/email_reply_validator.py
class EmailReplyChallengeValidator (line 12) | class EmailReplyChallengeValidator(ChallengeValidator):
method get_challenge_type (line 15) | def get_challenge_type(self) -> str:
method perform_validation (line 19) | def perform_validation(self, context: ChallengeContext) -> ValidationR...
method _generate_email_keyauth (line 77) | def _generate_email_keyauth(
method _filter_email (line 94) | def _filter_email(self, email_data, rfc_token1):
method _extract_email_keyauth (line 115) | def _extract_email_keyauth(self, email_body: str) -> str:
FILE: acme_srv/challenge_validators/http_validator.py
class HttpChallengeValidator (line 10) | class HttpChallengeValidator(ChallengeValidator):
method get_challenge_type (line 13) | def get_challenge_type(self) -> str:
method perform_validation (line 16) | def perform_validation(self, context: ChallengeContext) -> ValidationR...
FILE: acme_srv/challenge_validators/registry.py
class ChallengeValidatorRegistry (line 16) | class ChallengeValidatorRegistry:
method __init__ (line 19) | def __init__(self, logger: logging.Logger):
method register_validator (line 23) | def register_validator(self, validator: ChallengeValidator) -> None:
method get_validator (line 33) | def get_validator(self, challenge_type: str) -> Optional[ChallengeVali...
method get_supported_types (line 40) | def get_supported_types(self) -> List[str]:
method is_supported (line 45) | def is_supported(self, challenge_type: str) -> bool:
method validate_challenge (line 50) | def validate_challenge(
FILE: acme_srv/challenge_validators/source_address_validator.py
class SourceAddressValidator (line 12) | class SourceAddressValidator(ChallengeValidator):
method __init__ (line 15) | def __init__(
method get_challenge_type (line 22) | def get_challenge_type(self) -> str:
method perform_validation (line 25) | def perform_validation(self, context: ChallengeContext) -> ValidationR...
method _perform_forward_check (line 127) | def _perform_forward_check(
method _perform_reverse_check (line 183) | def _perform_reverse_check(
method _domain_matches (line 234) | def _domain_matches(self, requested_domain: str, resolved_domain: str)...
FILE: acme_srv/challenge_validators/tkauth_validator.py
class TkauthChallengeValidator (line 9) | class TkauthChallengeValidator(ChallengeValidator):
method get_challenge_type (line 12) | def get_challenge_type(self) -> str:
method perform_validation (line 15) | def perform_validation(self, context: ChallengeContext) -> ValidationR...
FILE: acme_srv/challenge_validators/tls_alpn_validator.py
class TlsAlpnChallengeValidator (line 10) | class TlsAlpnChallengeValidator(ChallengeValidator):
method get_challenge_type (line 13) | def get_challenge_type(self) -> str:
method perform_validation (line 16) | def perform_validation(self, context: ChallengeContext) -> ValidationR...
method _validate_certificate_extensions (line 141) | def _validate_certificate_extensions(
FILE: acme_srv/directory.py
class DirectoryConfig (line 23) | class DirectoryConfig:
class DirectoryRepository (line 41) | class DirectoryRepository:
method __init__ (line 44) | def __init__(self, dbstore: object, logger: object) -> None:
method get_db_version (line 49) | def get_db_version(self) -> Tuple[Optional[str], Optional[str]]:
method profile_list_get (line 59) | def profile_list_get(self) -> List[Dict[str, object]]:
method profile_list_set (line 76) | def profile_list_set(self, data_dic: Dict[str, object]) -> None:
class Directory (line 84) | class Directory:
method __init__ (line 87) | def __init__(
method __enter__ (line 103) | def __enter__(self) -> "Directory":
method __exit__ (line 108) | def __exit__(self, *args) -> None:
method _load_configuration (line 113) | def _load_configuration(self) -> None:
method _parse_directory_section (line 128) | def _parse_directory_section(self, config_dic: object) -> None:
method _parse_caaidentities (line 141) | def _parse_caaidentities(self, value: str) -> List[str]:
method _parse_booleans (line 155) | def _parse_booleans(self, config_dic: object) -> None:
method _parse_eab_and_profiles (line 173) | def _parse_eab_and_profiles(self, config_dic: object) -> None:
method _parse_cahandler_section (line 182) | def _parse_cahandler_section(self, config_dic: object) -> None:
method _validate_profiles_sync (line 202) | def _validate_profiles_sync(self) -> None:
method _set_profiles_sync_interval (line 214) | def _set_profiles_sync_interval(self, config_dic: object) -> None:
method _load_ca_handler (line 230) | def _load_ca_handler(self, config_dic: object) -> None:
method _build_meta_information (line 238) | def _build_meta_information(self) -> Dict[str, object]:
method _build_directory_response (line 264) | def _build_directory_response(self) -> Dict[str, object]:
method get_directory_response (line 301) | def get_directory_response(self) -> Dict[str, object]:
method directory_get (line 335) | def directory_get(self) -> Dict[str, object]:
method servername_get (line 340) | def servername_get(self) -> str:
FILE: acme_srv/email_handler.py
class EmailHandler (line 13) | class EmailHandler:
method __init__ (line 16) | def __init__(self, debug: bool = False, logger=None):
method __enter__ (line 45) | def __enter__(self):
method __exit__ (line 50) | def __exit__(self, *args):
method _config_load (line 54) | def _config_load(self):
method send_email_challenge (line 136) | def send_email_challenge(self, to_address: str = None, token1: str = N...
method send (line 154) | def send(
method receive (line 207) | def receive(
method _imap_connect (line 238) | def _imap_connect(self):
method _emails_fetch (line 249) | def _emails_fetch(self, mail, callback, mark_as_read):
method start_polling (line 290) | def start_polling(
method stop_polling (line 312) | def stop_polling(self):
method _polling_loop (line 322) | def _polling_loop(self, folder: str, mark_as_read: bool):
method _email_parse (line 344) | def _email_parse(self, email_message) -> Dict[str, Any]:
method _smtp_config_validate (line 396) | def _smtp_config_validate(self) -> bool:
method _imap_config_validate (line 409) | def _imap_config_validate(self) -> bool:
FILE: acme_srv/error.py
class Error (line 8) | class Error(object):
method __init__ (line 11) | def __init__(self, debug=None, logger=None):
method _acme_errormessage (line 15) | def _acme_errormessage(self, message):
method enrich_error (line 36) | def enrich_error(self, message, detail=None):
FILE: acme_srv/helpers/certificates.py
function cert_aki_get (line 21) | def cert_aki_get(logger: logging.Logger, certificate: str) -> str:
function cert_aki_pyopenssl_get (line 35) | def cert_aki_pyopenssl_get(logger, certificate: str) -> str:
function cert_load (line 59) | def cert_load(
function cert_dates_get (line 76) | def cert_dates_get(logger: logging.Logger, certificate: str) -> Tuple[in...
function cert_cn_get (line 111) | def cert_cn_get(logger: logging.Logger, certificate: str) -> str:
function cert_der2pem (line 127) | def cert_der2pem(der_cert: bytes) -> str:
function cert_issuer_get (line 134) | def cert_issuer_get(logger: logging.Logger, certificate: str) -> str:
function cert_pem2der (line 144) | def cert_pem2der(pem_cert: str) -> bytes:
function cert_pubkey_get (line 151) | def cert_pubkey_get(logger: logging.Logger, certificate=str) -> str:
function cert_san_pyopenssl_get (line 164) | def cert_san_pyopenssl_get(logger, certificate, recode=True):
function cert_san_get (line 191) | def cert_san_get(
function cert_ski_pyopenssl_get (line 216) | def cert_ski_pyopenssl_get(logger, certificate: str) -> str:
function cert_ski_get (line 240) | def cert_ski_get(logger: logging.Logger, certificate: str) -> str:
function cryptography_version_get (line 255) | def cryptography_version_get(logger: logging.Logger) -> int:
function cert_extensions_get (line 276) | def cert_extensions_get(logger: logging.Logger, certificate: str, recode...
function cert_extensions_py_openssl_get (line 296) | def cert_extensions_py_openssl_get(logger, certificate, recode=True):
function cert_serial_get (line 317) | def cert_serial_get(logger: logging.Logger, certificate: str, hexformat:...
function pembundle_to_list (line 331) | def pembundle_to_list(logger: logging.Logger, pem_bundle: str) -> List[s...
function certid_asn1_get (line 349) | def certid_asn1_get(logger: logging.Logger, cert_pem: str, issuer_pem: s...
function certid_hex_get (line 367) | def certid_hex_get(logger: logging.Logger, renewal_info: str) -> Tuple[s...
function certid_check (line 382) | def certid_check(
FILE: acme_srv/helpers/config.py
function config_check (line 12) | def config_check(logger: logging.Logger, config_dic: Dict):
function config_profile_load (line 26) | def config_profile_load(logger: logging.Logger, config_dic: Dict[str, st...
function config_eab_profile_load (line 42) | def config_eab_profile_load(logger: logging.Logger, config_dic: Dict[str...
function config_headerinfo_load (line 93) | def config_headerinfo_load(logger: logging.Logger, config_dic: Dict[str,...
function config_enroll_config_log_load (line 114) | def config_enroll_config_log_load(logger: logging.Logger, config_dic: Di...
function config_allowed_domainlist_load (line 149) | def config_allowed_domainlist_load(logger: logging.Logger, config_dic: D...
function config_async_mode_load (line 188) | def config_async_mode_load(
function config_proxy_load (line 208) | def config_proxy_load(logger, config_dic: Dict[str, str], host_name: str):
function load_config (line 235) | def load_config(
function header_info_jsonify (line 253) | def header_info_jsonify(logger: logging.Logger, header_info: str) -> Dic...
function header_info_lookup (line 270) | def header_info_lookup(logger, csr: str, header_info_field, key: str) ->...
function profile_lookup (line 295) | def profile_lookup(logger: logging.Logger, csr: str) -> str:
function client_parameter_validate (line 320) | def client_parameter_validate(
FILE: acme_srv/helpers/crypto.py
function decode_deserialize (line 15) | def decode_deserialize(logger: logging.Logger, string: str) -> Dict:
function decode_message (line 30) | def decode_message(
function generate_random_string (line 59) | def generate_random_string(logger: logging.Logger, length: int) -> str:
function jwk_thumbprint_get (line 66) | def jwk_thumbprint_get(logger: logging.Logger, pub_key: Dict[str, str]) ...
function sha256_hash (line 83) | def sha256_hash(logger: logging.Logger, string: str) -> str:
function sha256_hash_hex (line 94) | def sha256_hash_hex(logger: logging.Logger, string: str) -> str:
function signature_check (line 102) | def signature_check(
function string_sanitize (line 146) | def string_sanitize(logger: logging.Logger, unsafe_str: str) -> str:
FILE: acme_srv/helpers/csr.py
function csr_load (line 17) | def csr_load(logger: logging.Logger, csr: str) -> x509.CertificateSignin...
function csr_cn_get (line 29) | def csr_cn_get(logger: logging.Logger, csr_pem: str) -> str:
function csr_dn_get (line 45) | def csr_dn_get(logger: logging.Logger, csr: str) -> str:
function csr_pubkey_get (line 56) | def csr_pubkey_get(logger: logging.Logger, csr, encoding="pem"):
function csr_san_get (line 85) | def csr_san_get(logger: logging.Logger, csr: str) -> List[str]:
function csr_san_byte_get (line 112) | def csr_san_byte_get(logger: logging.Logger, csr: str) -> bytes:
function csr_extensions_get (line 137) | def csr_extensions_get(logger: logging.Logger, csr: str) -> List[str]:
function csr_subject_get (line 153) | def csr_subject_get(logger: logging.Logger, csr: str) -> Dict[str, str]:
function csr_cn_lookup (line 176) | def csr_cn_lookup(logger: logging.Logger, csr: str) -> str:
FILE: acme_srv/helpers/datetime_utils.py
function uts_now (line 9) | def uts_now():
function uts_to_date_utc (line 14) | def uts_to_date_utc(uts: int, tformat: str = "%Y-%m-%dT%H:%M:%SZ") -> str:
function date_to_uts_utc (line 19) | def date_to_uts_utc(date_human: str, _tformat: str = "%Y-%m-%dT%H:%M:%S"...
function date_to_datestr (line 29) | def date_to_datestr(
function datestr_to_date (line 40) | def datestr_to_date(datestr: str, tformat: str = "%Y-%m-%dT%H:%M:%S") ->...
FILE: acme_srv/helpers/domain_utils.py
function encode_domain (line 9) | def encode_domain(logger, domain: str) -> bytes:
function wildcard_domain_check (line 26) | def wildcard_domain_check(
function pattern_check (line 46) | def pattern_check(logger, domain, pattern):
function is_domain_whitelisted (line 70) | def is_domain_whitelisted(
function allowed_domainlist_check (line 94) | def allowed_domainlist_check(
function sancheck_lists_create (line 131) | def sancheck_lists_create(logger, csr: str) -> Tuple[List[str], List[str]]:
FILE: acme_srv/helpers/eab.py
function _handle_eab_profiling (line 12) | def _handle_eab_profiling(
function _handle_acme_profiling (line 26) | def _handle_acme_profiling(
function _handle_header_info_profiling (line 42) | def _handle_header_info_profiling(
function eab_profile_header_info_check (line 67) | def eab_profile_header_info_check(
function eab_profile_subject_string_check (line 98) | def eab_profile_subject_string_check(
function eab_profile_subject_check (line 144) | def eab_profile_subject_check(
function eab_profile_revocation_check (line 174) | def eab_profile_revocation_check(
function eab_profile_check (line 202) | def eab_profile_check(
function eab_profile_list_check (line 244) | def eab_profile_list_check(logger, cahandler, eab_handler, csr, key, val...
function eab_profile_string_check (line 287) | def eab_profile_string_check(logger, cahandler, key, value):
FILE: acme_srv/helpers/encoding.py
function b64decode_pad (line 8) | def b64decode_pad(logger: logging.Logger, string: str) -> bytes:
function b64_decode (line 18) | def b64_decode(logger: logging.Logger, string: str) -> str:
function b64_encode (line 24) | def b64_encode(logger: logging.Logger, string: str) -> str:
function b64_url_encode (line 30) | def b64_url_encode(logger: logging.Logger, string: str) -> str:
function b64_url_recode (line 38) | def b64_url_recode(logger: logging.Logger, string: str) -> str:
function b64_url_decode (line 48) | def b64_url_decode(logger: logging.Logger, string: str) -> str:
function build_pem_file (line 59) | def build_pem_file(logger: logging.Logger, existing, certificate, wrap, ...
function convert_byte_to_string (line 78) | def convert_byte_to_string(value: bytes) -> str:
function convert_string_to_byte (line 89) | def convert_string_to_byte(value: str) -> bytes:
FILE: acme_srv/helpers/logging_utils.py
function _logger_nonce_modify (line 11) | def _logger_nonce_modify(data_dic: Dict[str, str]) -> Dict[str, str]:
function _logger_certificate_modify (line 18) | def _logger_certificate_modify(
function _logger_token_modify (line 27) | def _logger_token_modify(data_dic: Dict[str, str]) -> Dict[str, str]:
function _logger_challenges_modify (line 34) | def _logger_challenges_modify(data_dic: Dict[str, str]) -> Dict[str, str]:
function logger_info (line 45) | def logger_info(
function logger_setup (line 66) | def logger_setup(debug: bool) -> logging.Logger:
function print_debug (line 85) | def print_debug(debug: bool, text: str):
function handle_exception (line 91) | def handle_exception(exc_type, exc_value, exc_traceback): # pragma: no ...
FILE: acme_srv/helpers/network.py
function _handle_dns_exception (line 22) | def _handle_dns_exception(
function _process_dns_answers (line 44) | def _process_dns_answers(
function _fqdn_resolve (line 65) | def _fqdn_resolve(
function fqdn_resolve (line 113) | def fqdn_resolve(
function ptr_resolve (line 145) | def ptr_resolve(
function dns_server_list_load (line 169) | def dns_server_list_load() -> List[str]:
function patched_create_connection (line 190) | def patched_create_connection(address: List[str], *args, **kwargs): # p...
function proxy_check (line 201) | def proxy_check(
function url_get_with_own_dns (line 232) | def url_get_with_own_dns(
function allowed_gai_family (line 270) | def allowed_gai_family():
function url_get_with_default_dns (line 276) | def url_get_with_default_dns(
function url_get (line 349) | def url_get(
function txt_get (line 378) | def txt_get(logger: logging.Logger, fqdn: str, dns_srv: List[str] = None...
function proxystring_convert (line 398) | def proxystring_convert(
function servercert_get (line 460) | def servercert_get(
function v6_adjust (line 532) | def v6_adjust(logger: logging.Logger, url: str) -> Tuple[Dict[str, str],...
function header_info_get (line 553) | def header_info_get(
function get_url (line 574) | def get_url(environ: Dict[str, str], include_path: bool = False) -> str:
function parse_url (line 602) | def parse_url(logger: logging.Logger, url: str) -> Dict[str, str]:
function encode_url (line 614) | def encode_url(logger: logging.Logger, input_string: str) -> str:
function request_operation (line 621) | def request_operation(
FILE: acme_srv/helpers/plugin_loader.py
function ca_handler_load (line 9) | def ca_handler_load(
function eab_handler_load (line 43) | def eab_handler_load(
function hooks_load (line 80) | def hooks_load(logger: logging.Logger, config_dic: Dict) -> importlib.im...
FILE: acme_srv/helpers/utils.py
function error_dic_get (line 9) | def error_dic_get(logger: logging.Logger) -> Dict[str, str]:
function enrollment_config_log (line 34) | def enrollment_config_log(
function radomize_parameter_list (line 69) | def radomize_parameter_list(
function handler_config_check (line 98) | def handler_config_check(logger, handler, parameterlist) -> str:
FILE: acme_srv/helpers/validation.py
function dkeys_lower (line 9) | def dkeys_lower(tree: Dict[str, str]) -> Dict[str, str]:
function fqdn_in_san_check (line 20) | def fqdn_in_san_check(logger: logging.Logger, san_list: List[str], fqdn:...
function validate_csr (line 39) | def validate_csr(logger: logging.Logger, order_dic: Dict[str, str], _csr...
function validate_email (line 45) | def validate_email(logger: logging.Logger, contact_list: List[str]) -> b...
function validate_identifier (line 69) | def validate_identifier(
function validate_ip (line 93) | def validate_ip(logger: logging.Logger, ip: str) -> bool:
function validate_fqdn (line 105) | def validate_fqdn(logger: logging.Logger, fqdn: str) -> bool:
function ip_validate (line 128) | def ip_validate(logger: logging.Logger, ip_addr: str) -> Tuple[str, bool]:
function ipv6_chk (line 142) | def ipv6_chk(logger: logging.Logger, address: str) -> bool:
function cn_validate (line 160) | def cn_validate(logger: logging.Logger, cn: str) -> bool:
FILE: acme_srv/housekeeping.py
class Housekeeping (line 23) | class Housekeeping(object):
method __init__ (line 26) | def __init__(self, debug: bool = False, logger: object = None):
method __enter__ (line 33) | def __enter__(self):
method __exit__ (line 38) | def __exit__(self, *args):
method _accountlist_get (line 41) | def _accountlist_get(self) -> Dict[str, str]:
method _certificatelist_get (line 54) | def _certificatelist_get(self) -> Dict[str, str]:
method _cliconfig_check (line 67) | def _cliconfig_check(self, config_dic: Dict[str, str]) -> bool:
method _cliaccounts_list (line 84) | def _cliaccounts_list(self, silent: bool = True) -> Dict[str, str]:
method _cliaccounts_format (line 99) | def _cliaccounts_format(self, result_list: List[str]):
method _report_get (line 115) | def _report_get(
method _clireport_get (line 154) | def _clireport_get(
method _config_load (line 177) | def _config_load(self):
method _uts_fields_set (line 184) | def _uts_fields_set(
method _cert_serial_add (line 214) | def _cert_serial_add(self, cert_raw: str) -> str:
method _convert_data (line 226) | def _convert_data(self, cert_list: List[str]) -> List[str]:
method _csv_dump (line 270) | def _csv_dump(self, filename: str, content: List[str]):
method _data_dic_create (line 279) | def _data_dic_create(self, config_dic: Dict[str, str]) -> Dict[str, str]:
method _data_dic_build (line 293) | def _data_dic_build(self, config_dic: Dict[str, str]) -> Dict[str, str]:
method _json_dump (line 318) | def _json_dump(self, filename: str, data_: Dict[str, str]):
method _fieldlist_normalize (line 325) | def _fieldlist_normalize(
method _lists_normalize (line 345) | def _lists_normalize(
method _account_list_convert (line 368) | def _account_list_convert(self, tmp_json: List[str]) -> List[str]:
method _dicstructure_create (line 413) | def _dicstructure_create(
method _account_dic_create (line 463) | def _account_dic_create(
method _to_acc_json (line 514) | def _to_acc_json(self, account_list: List[str]) -> List[str]:
method _to_list (line 530) | def _to_list(self, field_list: List[str], cert_list: List[str]) -> Lis...
method accountreport_get (line 562) | def accountreport_get(
method certreport_get (line 593) | def certreport_get(
method certificate_dates_update (line 631) | def certificate_dates_update(self):
method certificates_cleanup (line 638) | def certificates_cleanup(
method cli_usermgr (line 681) | def cli_usermgr(self, config_dic: Dict[str, str]) -> int:
method authorizations_invalidate (line 712) | def authorizations_invalidate(
method dbversion_check (line 753) | def dbversion_check(self, version: str = None):
method orders_invalidate (line 779) | def orders_invalidate(
method parse (line 820) | def parse(self, content: str) -> Dict[str, str]:
FILE: acme_srv/message.py
class MessageConfiguration (line 22) | class MessageConfiguration:
class AccountRepository (line 34) | class AccountRepository:
method __init__ (line 37) | def __init__(self, dbstore):
method account_lookup (line 40) | def account_lookup(self, key, value):
method account_update (line 44) | def account_update(self, data_dic, active):
method cli_permissions_get (line 48) | def cli_permissions_get(self, account_name):
class Message (line 53) | class Message(object):
method __init__ (line 56) | def __init__(
method __enter__ (line 67) | def __enter__(self):
method __exit__ (line 71) | def __exit__(self, *args):
method _load_configuration (line 74) | def _load_configuration(self) -> MessageConfiguration:
method _check_and_handle_invalid_eab_credentials (line 115) | def _check_and_handle_invalid_eab_credentials(self, account_name: str):
method _safe_account_lookup (line 150) | def _safe_account_lookup(self, account_name: str):
method _eab_mac_key_exists (line 157) | def _eab_mac_key_exists(self, eab_kid: str) -> bool:
method _handle_missing_eab_credentials (line 168) | def _handle_missing_eab_credentials(self, account_name: str, eab_kid: ...
method _extract_account_name_for_revocation (line 188) | def _extract_account_name_for_revocation(
method _extract_account_name_from_content (line 211) | def _extract_account_name_from_content(
method extract_account_name_from_content (line 244) | def extract_account_name_from_content(
method _check_nonce_for_replay_protection (line 255) | def _check_nonce_for_replay_protection(
method _validate_message_and_check_signature (line 278) | def _validate_message_and_check_signature(
method check (line 327) | def check(
method cli_check (line 364) | def cli_check(
method prepare_response (line 405) | def prepare_response(
FILE: acme_srv/monkey_patches.py
function django_sqlite_atomic (line 8) | def django_sqlite_atomic(): # NOSONAR
FILE: acme_srv/nonce.py
class NonceRepository (line 10) | class NonceRepository:
method __init__ (line 13) | def __init__(self, dbstore) -> None:
method check_nonce (line 16) | def check_nonce(self, nonce) -> bool:
method delete_nonce (line 19) | def delete_nonce(self, nonce) -> None:
method add_nonce (line 22) | def add_nonce(self, nonce) -> int:
class Nonce (line 26) | class Nonce(object):
method __init__ (line 29) | def __init__(self, debug: bool = False, logger: object = None, repo: o...
method __enter__ (line 34) | def __enter__(self):
method __exit__ (line 38) | def __exit__(self, *args):
method _validate_and_consume_nonce (line 41) | def _validate_and_consume_nonce(self, nonce: str) -> Tuple[int, str, s...
method _generate_nonce_value (line 65) | def _generate_nonce_value(self) -> str:
method check (line 70) | def check(self, protected_decoded: Dict[str, str]) -> Tuple[int, str, ...
method generate_and_add (line 84) | def generate_and_add(self) -> str:
FILE: acme_srv/order.py
class OrderDatabaseError (line 27) | class OrderDatabaseError(Exception):
class OrderValidationError (line 34) | class OrderValidationError(Exception):
class OrderRepository (line 41) | class OrderRepository:
method __init__ (line 44) | def __init__(self, dbstore, logger):
method add_order (line 48) | def add_order(self, data_dic):
method add_authorization (line 56) | def add_authorization(self, auth):
method update_authorization (line 64) | def update_authorization(self, auth):
method order_lookup (line 74) | def order_lookup(self, key, value):
method order_update (line 82) | def order_update(self, data_dic):
method authorization_lookup (line 90) | def authorization_lookup(self, key, value, fields):
method account_lookup (line 100) | def account_lookup(self, key, value):
method certificate_lookup (line 108) | def certificate_lookup(self, key, value):
method hkparameter_get (line 118) | def hkparameter_get(self, param):
method orders_invalid_search (line 126) | def orders_invalid_search(self, order_field, timestamp, vlist, operant):
class OrderConfiguration (line 142) | class OrderConfiguration:
class Order (line 164) | class Order(object):
method __init__ (line 167) | def __init__(
method __enter__ (line 185) | def __enter__(self) -> "Order":
method __exit__ (line 190) | def __exit__(self, *args) -> None:
method _add_authorizations_to_db (line 195) | def _add_authorizations_to_db(
method is_profile_valid (line 225) | def is_profile_valid(self, profile: str) -> str:
method _add_order_and_authorizations (line 242) | def _add_order_and_authorizations(
method add_profile_to_order (line 264) | def add_profile_to_order(
method _apply_eab_profile (line 281) | def _apply_eab_profile(self, account_name: str) -> None:
method create_order (line 335) | def create_order(
method _load_header_info_config (line 372) | def _load_header_info_config(self, config_dic: Dict[str, str]):
method _load_order_config (line 387) | def _load_order_config(self, config_dic: Dict[str, str]):
method _load_profile_config (line 441) | def _load_profile_config(self, config_dic: Dict[str, str]):
method _load_profiles_from_config (line 449) | def _load_profiles_from_config(self, config_dic: Dict[str, str]):
method _load_profiles_from_db_if_sync (line 456) | def _load_profiles_from_db_if_sync(self, config_dic: Dict[str, str]):
method _set_profiles_from_db (line 476) | def _set_profiles_from_db(self, profiles):
method _maybe_disable_profile_check (line 486) | def _maybe_disable_profile_check(self, config_dic: Dict[str, str]):
method _load_configuration (line 493) | def _load_configuration(self):
method _name_get (line 531) | def _name_get(self, url: str) -> str:
method are_identifiers_allowed (line 542) | def are_identifiers_allowed(self, identifiers_list: List[str]) -> Tupl...
method _get_allowed_identifier_types (line 557) | def _get_allowed_identifier_types(self) -> List[str]:
method _check_single_identifier (line 565) | def _check_single_identifier(
method _rewrite_email_identifiers (line 627) | def _rewrite_email_identifiers(
method _check_identifier_limit (line 657) | def _check_identifier_limit(self, identifiers_list: List[str]) -> bool:
method _check_identifiers_validity (line 670) | def _check_identifiers_validity(
method _get_order_info (line 706) | def _get_order_info(self, order_name: str) -> Dict[str, str]:
method _header_info_lookup (line 716) | def _header_info_lookup(self, header: Optional[Dict[str, Any]]) -> str:
method _finalize_csr (line 736) | def _finalize_csr(
method _finalize_order (line 767) | def _finalize_order(
method _process_order_request (line 816) | def _process_order_request(
method _process_csr (line 863) | def _process_csr(
method _order_dic_create (line 909) | def _order_dic_create(self, tmp_dic: Dict[str, str]) -> Dict[str, str]:
method _get_authorization_list (line 934) | def _get_authorization_list(self, order_name: str) -> List[str]:
method _update_validity_list (line 949) | def _update_validity_list(
method get_order_details (line 973) | def get_order_details(self, order_name: str) -> Dict[str, str]:
method invalidate_expired_orders (line 990) | def invalidate_expired_orders(
method create_from_content (line 1048) | def create_from_content(self, content: str) -> Dict[str, str]:
method _parse_order_message (line 1108) | def _parse_order_message(
method parse_order_content (line 1145) | def parse_order_content(self, content: str, header: str = None) -> Dic...
method invalidate (line 1206) | def invalidate(self, timestamp: int = None) -> Tuple[List[str], List[s...
method new (line 1213) | def new(self, content: str) -> Dict[str, str]:
method parse (line 1218) | def parse(self, content: str, header: str = None) -> Dict[str, str]:
FILE: acme_srv/renewalinfo.py
class RenewalinfoConfig (line 24) | class RenewalinfoConfig:
class RenewalinfoRepository (line 33) | class RenewalinfoRepository:
method __init__ (line 36) | def __init__(self, dbstore, logger):
method get_certificate_by_certid (line 40) | def get_certificate_by_certid(self, certid_hex):
method get_certificates_by_serial (line 66) | def get_certificates_by_serial(self, serial):
method add_certificate (line 94) | def add_certificate(self, data_dic):
method get_housekeeping_param (line 99) | def get_housekeeping_param(self, name):
method add_housekeeping_param (line 104) | def add_housekeeping_param(self, param):
class Renewalinfo (line 110) | class Renewalinfo(object):
method __init__ (line 113) | def __init__(
method _load_configuration (line 127) | def _load_configuration(self):
method _parse_cahandler_section (line 163) | def _parse_cahandler_section(self, config_dic: object) -> None:
method _load_ca_handler (line 184) | def _load_ca_handler(self, config_dic: object) -> None:
method __enter__ (line 192) | def __enter__(self):
method __exit__ (line 196) | def __exit__(self, *args):
method _lookup_certificate_by_renewalinfo (line 201) | def _lookup_certificate_by_renewalinfo(
method _update_certificate_table_with_serial_and_aki (line 220) | def _update_certificate_table_with_serial_and_aki(self):
method _lookup_certificate_by_certid (line 259) | def _lookup_certificate_by_certid(self, certid_hex: str) -> Dict[str, ...
method _lookup_certificate_by_serial_and_aki (line 263) | def _lookup_certificate_by_serial_and_aki(
method _generate_renewalinfo_window (line 281) | def _generate_renewalinfo_window(self, cert_dic: Dict[str, str]) -> Di...
method _get_renewalinfo_data (line 310) | def _get_renewalinfo_data(self, renewalinfo_string: str) -> Dict[str, ...
method _parse_renewalinfo_string_from_url (line 319) | def _parse_renewalinfo_string_from_url(self, url: str) -> str:
method _extract_serial_and_aki_from_string (line 332) | def _extract_serial_and_aki_from_string(
method get (line 354) | def get(self, url: str) -> Dict[str, str]:
method update (line 393) | def update(self, content: str) -> Dict[str, str]:
FILE: acme_srv/signature.py
class Signature (line 9) | class Signature:
method __init__ (line 12) | def __init__(
method _get_revocation_path (line 23) | def _get_revocation_path(self, cfg) -> str:
method _jwk_loader (line 28) | def _jwk_loader(self, kid, cli: bool = False) -> Optional[Dict[str, st...
method cli_check (line 40) | def cli_check(self, aname: str, content: str) -> Tuple[bool, str, None]:
method check (line 54) | def check(
method eab_check (line 90) | def eab_check(self, content: str, mac_key: str) -> Tuple[bool, str]:
FILE: acme_srv/threadwithreturnvalue.py
class ThreadWithReturnValue (line 7) | class ThreadWithReturnValue(Thread):
method __init__ (line 10) | def __init__(
method run (line 17) | def run(self):
method join (line 21) | def join(self, timeout: int = None):
FILE: acme_srv/trigger.py
class Trigger (line 20) | class Trigger(object):
method __init__ (line 23) | def __init__(
method __enter__ (line 33) | def __enter__(self):
method __exit__ (line 38) | def __exit__(self, *args):
method _certname_lookup (line 41) | def _certname_lookup(self, cert_pem: str) -> List[str]:
method _config_load (line 69) | def _config_load(self):
method _cert_store (line 92) | def _cert_store(self, cert_bundle: str, cert_raw: str) -> Tuple[int, s...
method _payload_process (line 140) | def _payload_process(self, payload: str) -> Tuple[int, str, str]:
method parse (line 161) | def parse(self, content: str) -> Dict[str, str]:
FILE: examples/acme2certifier_wsgi.py
function err_wrong_request_method (line 63) | def err_wrong_request_method(start_response):
function handle_exception (line 68) | def handle_exception(exc_type, exc_value, exc_traceback):
function create_header (line 89) | def create_header(response_dic, add_json_header=True):
function get_request_body (line 111) | def get_request_body(environ):
function acct (line 124) | def acct(environ, start_response):
function acmechallenge_serve (line 138) | def acmechallenge_serve(environ, start_response):
function authz (line 152) | def authz(environ, start_response):
function newaccount (line 182) | def newaccount(environ, start_response):
function directory (line 207) | def directory(environ, start_response):
function cert (line 232) | def cert(environ, start_response):
function chall (line 272) | def chall(environ, start_response):
function newnonce (line 320) | def newnonce(environ, start_response):
function neworders (line 344) | def neworders(environ, start_response):
function order (line 368) | def order(environ, start_response):
function renewalinfo (line 392) | def renewalinfo(environ, start_response):
function revokecert (line 436) | def revokecert(environ, start_response):
function trigger (line 462) | def trigger(environ, start_response):
function housekeeping (line 489) | def housekeeping(environ, start_response):
function not_found (line 514) | def not_found(_environ, start_response):
function redirect (line 524) | def redirect(environ, start_response):
function application (line 555) | def application(environ, start_response):
function get_handler_cls (line 575) | def get_handler_cls():
FILE: examples/ca_handler/acme_ca_handler.py
class CAhandler (line 49) | class CAhandler(object):
method __init__ (line 52) | def __init__(self, _debug: bool = False, logger: object = None):
method __enter__ (line 81) | def __enter__(self):
method __exit__ (line 87) | def __exit__(self, *args):
method _config_account_load (line 90) | def _config_account_load(self, config_dic: Dict[str, str]):
method _config_parameters_load (line 122) | def _config_parameters_load(self, config_dic: Dict[str, str]):
method _config_dns_update_script_load (line 137) | def _config_dns_update_script_load(self, config_dic: Dict[str, str]):
method _config_profiles_load (line 199) | def _config_profiles_load(self, config_dic: Dict[str, str]) -> Dict[st...
method _config_load (line 220) | def _config_load(self):
method _challenge_filter (line 258) | def _challenge_filter(
method _challenge_info (line 276) | def _challenge_info(
method _dns_challenge_deprovision (line 306) | def _dns_challenge_deprovision(self):
method _dns_challenge_provision (line 346) | def _dns_challenge_provision(
method _environment_variables_handle (line 426) | def _environment_variables_handle(self, unset=False):
method _get_dns_challenge (line 481) | def _get_dns_challenge(self, authzr, user_key):
method _get_http_or_email_challenge (line 495) | def _get_http_or_email_challenge(self, authzr, user_key):
method _http_challenge_store (line 516) | def _http_challenge_store(self, challenge_name: str, challenge_content...
method _key_generate (line 526) | def _key_generate(self) -> josepy.jwk.JWKRSA:
method _user_key_load (line 537) | def _user_key_load(self) -> josepy.jwk.JWKRSA:
method _order_authorization (line 565) | def _order_authorization(
method _handle_authzr_status (line 583) | def _handle_authzr_status(self, acmeclient, authzr, user_key):
method _handle_pending_status (line 598) | def _handle_pending_status(self, acmeclient, authzr, user_key):
method _order_new (line 631) | def _order_new(
method _order_issue (line 658) | def _order_issue(
method _account_lookup (line 703) | def _account_lookup(
method _jwk_strip (line 722) | def _jwk_strip(self, user_key: josepy.jwk.JWKRSA) -> josepy.jwk.JWKRSA:
method _account_create (line 755) | def _account_create(
method _accountname_get (line 823) | def _accountname_get(
method _account_register (line 844) | def _account_register(
method _account_to_keyfile (line 891) | def _account_to_keyfile(self):
method _zerossl_eab_get (line 906) | def _zerossl_eab_get(self):
method _eab_profile_list_set (line 928) | def _eab_profile_list_set(self, csr: str, key: str, value: str) -> str:
method eab_profile_list_check (line 954) | def eab_profile_list_check(
method _enroll (line 993) | def _enroll(
method _registration_lookup (line 1026) | def _registration_lookup(
method _revoke_or_fallback (line 1067) | def _revoke_or_fallback(self, acmeclient=None, cert: str = None):
method enroll (line 1089) | def enroll(self, csr: str) -> Tuple[str, str, str, str]:
method handler_check (line 1149) | def handler_check(self):
method _synchronize_profiles (line 1158) | def _synchronize_profiles(self, repository: object, acme_url: str, uts...
method synchronize_profiles (line 1180) | def synchronize_profiles(
method _get_renewalinfo_endpoint_url (line 1220) | def _get_renewalinfo_endpoint_url(self, acme_url: str) -> str:
method lookup_renewalinfo (line 1264) | def lookup_renewalinfo(
method poll (line 1300) | def poll(
method revoke (line 1314) | def revoke(
method trigger (line 1399) | def trigger(self, _payload: str) -> Tuple[int, str, str]:
FILE: examples/ca_handler/asa_ca_handler.py
class CAhandler (line 33) | class CAhandler(object):
method __init__ (line 36) | def __init__(self, _debug: bool = None, logger: object = None):
method __enter__ (line 56) | def __enter__(self):
method __exit__ (line 62) | def __exit__(self, *args):
method _api_get (line 65) | def _api_get(self, url: str) -> Tuple[int, Dict[str, str]]:
method _api_post (line 94) | def _api_post(self, url: str, data: Dict[str, str]) -> Tuple[int, Dict...
method _auth_set (line 128) | def _auth_set(self):
method _config_host_load (line 139) | def _config_host_load(self, config_dic: Dict[str, str]):
method _certificates_list (line 157) | def _certificates_list(self) -> Dict[str, str]:
method _config_key_load (line 167) | def _config_key_load(self, config_dic: Dict[str, str]):
method _config_password_load (line 185) | def _config_password_load(self, config_dic: Dict[str, str]):
method _config_user_load (line 205) | def _config_user_load(self, config_dic: Dict[str, str]):
method _config_load (line 223) | def _config_load(self):
method _csr_cn_get (line 294) | def _csr_cn_get(self, csr: str) -> str:
method _issuer_verify (line 316) | def _issuer_verify(self) -> str:
method _issuers_list (line 335) | def _issuers_list(self) -> Dict[str, str]:
method _profiles_list (line 345) | def _profiles_list(self) -> Dict[str, str]:
method _profile_verify (line 355) | def _profile_verify(self) -> str:
method _validity_dates_get (line 373) | def _validity_dates_get(self) -> Tuple[str, str]:
method _pem_cert_chain_generate (line 387) | def _pem_cert_chain_generate(self, certs_list: list) -> str:
method _issuer_chain_get (line 400) | def _issuer_chain_get(self) -> str:
method _cert_get (line 415) | def _cert_get(self, data_dic: Dict[str, str]) -> str:
method _cert_status_get (line 431) | def _cert_status_get(self, certificate: str) -> str:
method _enrollment_dic_create (line 442) | def _enrollment_dic_create(self, csr: str) -> Dict[str, str]:
method enroll (line 476) | def enroll(self, csr: str) -> Tuple[str, str, str, str]:
method handler_check (line 521) | def handler_check(self):
method poll (line 541) | def poll(
method revoke (line 555) | def revoke(
method trigger (line 591) | def trigger(self, _payload: str) -> Tuple[str, str, str]:
FILE: examples/ca_handler/certifier_ca_handler.py
class CAhandler (line 36) | class CAhandler(object):
method __init__ (line 39) | def __init__(self, debug: bool = False, logger: object = None):
method __enter__ (line 59) | def __enter__(self):
method __exit__ (line 66) | def __exit__(self, *args):
method _auth_set (line 69) | def _auth_set(self):
method _api_poll (line 80) | def _api_poll(self, request_dic: Dict[str, str]) -> Tuple[str, str, str]:
method _api_post (line 109) | def _api_post(self, url: str, data: Dict[str, str]) -> Dict[str, str]:
method _ca_get (line 133) | def _ca_get(
method _ca_get_properties (line 166) | def _ca_get_properties(self, filter_key: str, filter_value: str) -> Di...
method _cert_get (line 188) | def _cert_get(self, csr: str) -> Dict[str, str]:
method _cert_get_properties (line 215) | def _cert_get_properties(self, serial: str, ca_link: str) -> Dict[str,...
method _certificate_revoke (line 241) | def _certificate_revoke(
method _config_user_load (line 291) | def _config_user_load(self, config_dic: Dict[str, str]):
method _config_password_load (line 318) | def _config_password_load(self, config_dic: Dict[str, str]):
method _config_parameter_load (line 347) | def _config_parameter_load(self, config_dic: Dict[str, str]):
method _config_proxy_load (line 402) | def _config_proxy_load(self, config_dic: Dict[str, str]):
method _config_load (line 422) | def _config_load(self):
method _csr_check (line 458) | def _csr_check(self, csr: str) -> str:
method _poll_cert_get (line 468) | def _poll_cert_get(
method _loop_poll (line 510) | def _loop_poll(self, request_url: str) -> Tuple[str, str, str, str]:
method _pem_list_cert_get (line 552) | def _pem_list_cert_get(self, cert_dic: Dict[str, str]) -> Dict[str, str]:
method _pem_list_build (line 587) | def _pem_list_build(self, cert_dic: Dict[str, str]) -> List[str]:
method _pem_cert_chain_generate (line 608) | def _pem_cert_chain_generate(self, cert_dic: str) -> str:
method _request_poll (line 627) | def _request_poll(self, request_url: str) -> Tuple[str, str, str, str,...
method _trigger_bundle_build (line 664) | def _trigger_bundle_build(
method enroll (line 688) | def enroll(self, csr: str) -> Tuple[str, str, str, str]:
method handler_check (line 729) | def handler_check(self):
method poll (line 740) | def poll(
method revoke (line 766) | def revoke(
method trigger (line 802) | def trigger(self, payload: str) -> Tuple[str, str, str]:
FILE: examples/ca_handler/certsrv.py
class RequestDeniedException (line 26) | class RequestDeniedException(Exception):
method __init__ (line 29) | def __init__(self, message, response):
class CouldNotRetrieveCertificateException (line 34) | class CouldNotRetrieveCertificateException(Exception):
method __init__ (line 37) | def __init__(self, message, response):
class CertificatePendingException (line 42) | class CertificatePendingException(Exception):
method __init__ (line 45) | def __init__(self, req_id):
class Certsrv (line 55) | class Certsrv(object):
method __init__ (line 80) | def __init__(
method _set_credentials (line 121) | def _set_credentials(self, username, password):
method _post (line 146) | def _post(self, url, **kwargs):
method _get (line 152) | def _get(self, url, **kwargs):
method _handle_response (line 159) | def _handle_response(response):
method get_cert (line 187) | def get_cert(self, csr, template, encoding="b64", attributes=None):
method get_existing_cert (line 253) | def get_existing_cert(self, req_id, encoding="b64"):
method get_ca_cert (line 293) | def get_ca_cert(self, encoding="b64"):
method get_chain (line 330) | def get_chain(self, encoding="bin"):
method check_credentials (line 369) | def check_credentials(self):
method update_credentials (line 391) | def update_credentials(self, username, password):
function _get_ca_bundle (line 407) | def _get_ca_bundle():
function get_cert (line 425) | def get_cert(server, csr, template, username, password, encoding="b64", ...
function get_existing_cert (line 463) | def get_existing_cert(server, req_id, username, password, encoding="b64"...
function get_ca_cert (line 498) | def get_ca_cert(server, username, password, encoding="b64", **kwargs):
function get_chain (line 527) | def get_chain(server, username, password, encoding="bin", **kwargs):
function check_credentials (line 556) | def check_credentials(server, username, password, **kwargs):
FILE: examples/ca_handler/cmp_ca_handler.py
class CAhandler (line 19) | class CAhandler(object):
method __init__ (line 22) | def __init__(self, _debug: bool = False, logger: object = None):
method __enter__ (line 34) | def __enter__(self):
method __exit__ (line 40) | def __exit__(self, *args):
method _certs_bundle (line 43) | def _certs_bundle(self) -> Tuple[str, str]:
method _config_refsecret_load (line 76) | def _config_refsecret_load(self, config_dic: Dict[str, str]):
method _config_paramters_load (line 91) | def _config_paramters_load(self):
method _config_cmprecipient_load (line 117) | def _config_cmprecipient_load(self, config_dic: Dict[str, str]):
method _config_cmpparameter_load (line 131) | def _config_cmpparameter_load(self, ele: str, config_dic: Dict[str, st...
method _config_load (line 167) | def _config_load(self):
method _opensslcmd_build (line 187) | def _opensslcmd_build(self) -> List[str]:
method _file_save (line 224) | def _file_save(self, filename: str, content: str):
method _tmp_dir_delete (line 231) | def _tmp_dir_delete(self):
method enroll (line 240) | def enroll(self, csr: str) -> Tuple[str, str, str, bool]:
method poll (line 278) | def poll(
method revoke (line 292) | def revoke(
method trigger (line 306) | def trigger(self, _payload: str) -> Tuple[int, str, str]:
FILE: examples/ca_handler/digicert_ca_handler.py
class CAhandler (line 30) | class CAhandler(object):
method __init__ (line 33) | def __init__(self, _debug: bool = None, logger: object = None):
method __enter__ (line 51) | def __enter__(self):
method __exit__ (line 57) | def __exit__(self, *args):
method _api_get (line 60) | def _api_get(self, url: str) -> Tuple[int, Dict[str, str]]:
method _api_post (line 77) | def _api_post(self, url: str, data: Dict[str, str]) -> Tuple[int, Dict...
method _api_put (line 94) | def _api_put(self, url: str, data: Dict[str, str]) -> Tuple[int, Dict[...
method _config_check (line 111) | def _config_check(self) -> str:
method _config_load (line 122) | def _config_load(self):
method _order_send (line 181) | def _order_send(self, csr: str, csr_cn) -> Tuple[str, str]:
method _order_response_parse (line 225) | def _order_response_parse(self, content: Dict[str, str]) -> Tuple[str,...
method _organiation_id_get (line 259) | def _organiation_id_get(self):
method _csr_check (line 285) | def _csr_check(self, csr: str) -> str:
method enroll (line 295) | def enroll(self, csr: str) -> Tuple[str, str, str, str]:
method handler_check (line 333) | def handler_check(self):
method poll (line 340) | def poll(
method revoke (line 354) | def revoke(
method trigger (line 387) | def trigger(self, _payload: str) -> Tuple[str, str, str]:
FILE: examples/ca_handler/ejbca_ca_handler.py
class CAhandler (line 32) | class CAhandler(object):
method __init__ (line 35) | def __init__(self, _debug: bool = False, logger: object = None):
method __enter__ (line 56) | def __enter__(self):
method __exit__ (line 62) | def __exit__(self, *args):
method _api_put (line 65) | def _api_put(self, url: str) -> Dict[str, str]:
method _cert_status_check (line 82) | def _cert_status_check(self, issuer_dn: str, cert_serial: str) -> Dict...
method _config_server_load (line 110) | def _config_server_load(self, config_dic: Dict[str, str]):
method _config_authuser_load (line 134) | def _config_authuser_load(self, config_dic: Dict[str, str]):
method _config_enrollmentcode_load (line 173) | def _config_enrollmentcode_load(self, config_dic: Dict[str, str]):
method _config_session_load (line 201) | def _config_session_load(self, config_dic: Dict[str, str]):
method _config_auth_load (line 248) | def _config_auth_load(self, config_dic: Dict[str, str]):
method _config_cainfo_load (line 260) | def _config_cainfo_load(self, config_dic: Dict[str, str]):
method _config_load (line 275) | def _config_load(self):
method _api_post (line 318) | def _api_post(self, url: str, data: Dict[str, str]) -> Dict[str, str]:
method _csr_cn_get (line 336) | def _csr_cn_get(self, csr: str) -> str:
method _enroll (line 358) | def _enroll(self, csr: str) -> Tuple[str, str, str]:
method _status_get (line 388) | def _status_get(self) -> Dict[str, str]:
method _sign (line 414) | def _sign(self, csr: str) -> Dict[str, str]:
method enroll (line 452) | def enroll(self, csr: str) -> Tuple[str, str, str, str]:
method handler_check (line 488) | def handler_check(self):
method poll (line 506) | def poll(
method revoke (line 520) | def revoke(
method trigger (line 565) | def trigger(self, _payload: str) -> Tuple[str, str, str]:
FILE: examples/ca_handler/entrust_ca_handler.py
class CAhandler (line 67) | class CAhandler(object):
method __init__ (line 70) | def __init__(self, _debug: bool = None, logger: object = None):
method __enter__ (line 93) | def __enter__(self):
method __exit__ (line 99) | def __exit__(self, *args):
method _api_get (line 102) | def _api_get(self, url: str) -> Tuple[int, Dict[str, str]]:
method _api_post (line 120) | def _api_post(self, url: str, data: Dict[str, str]) -> Tuple[int, Dict...
method _api_put (line 137) | def _api_put(self, url: str, data: Dict[str, str]) -> Tuple[int, Dict[...
method _certificates_get_from_serial (line 155) | def _certificates_get_from_serial(self, cert_serial: str) -> List[str]:
method _config_load (line 185) | def _config_load(self):
method _config_passphrase_load (line 253) | def _config_passphrase_load(self, config_dic: Dict[str, str]):
method _config_root_load (line 289) | def _config_root_load(self, config_dic: Dict[str, str]):
method _config_session_load (line 310) | def _config_session_load(self, config_dic: Dict[str, str]):
method _org_domain_cfg_check (line 349) | def _org_domain_cfg_check(self) -> str:
method _organizations_get (line 369) | def _organizations_get(self) -> Dict[str, str]:
method _domains_get (line 393) | def _domains_get(self, org_id: str) -> List[str]:
method credential_check (line 416) | def credential_check(self):
method _config_check (line 428) | def _config_check(self) -> str:
method _enroll_check (line 442) | def _enroll_check(self, csr: str) -> str:
method _trackingid_get (line 465) | def _trackingid_get(self, cert_raw: str) -> int:
method _response_parse (line 499) | def _response_parse(self, content: Dict[str, str]) -> Tuple[str, str]:
method _enroll (line 525) | def _enroll(self, csr: str) -> Tuple[str, str]:
method revoke_by_trackingid (line 575) | def revoke_by_trackingid(
method _total_get (line 590) | def _total_get(self, content: str) -> int:
method certificates_get (line 617) | def certificates_get(self, limit=200) -> List[str]:
method enroll (line 665) | def enroll(self, csr: str) -> Tuple[str, str, str, str]:
method handler_check (line 682) | def handler_check(self):
method poll (line 691) | def poll(
method revoke (line 705) | def revoke(
method trigger (line 743) | def trigger(self, _payload: str) -> Tuple[str, str, str]:
FILE: examples/ca_handler/est_ca_handler.py
class CAhandler (line 30) | class CAhandler(object):
method __init__ (line 33) | def __init__(self, _debug: bool = False, logger: object = None):
method __enter__ (line 45) | def __enter__(self):
method __exit__ (line 51) | def __exit__(self, *args):
method _cacerts_get (line 54) | def _cacerts_get(self) -> Tuple[str, str]:
method _cert_bundle_create (line 95) | def _cert_bundle_create(
method _config_host_load (line 113) | def _config_host_load(self, config_dic: Dict[str, str]):
method _cert_passphrase_load (line 134) | def _cert_passphrase_load(self, config_dic: Dict[str, str]):
method _config_clientauth_load (line 153) | def _config_clientauth_load(self, config_dic: Dict[str, str]):
method _config_userauth_load (line 189) | def _config_userauth_load(self, config_dic: Dict[str, str]):
method _config_password_load (line 207) | def _config_password_load(self, config_dic: Dict[str, str]):
method _config_parameters_load (line 232) | def _config_parameters_load(self, config_dic: Dict[str, str]):
method _config_proxy_load (line 258) | def _config_proxy_load(self, config_dic: Dict[str, str]):
method _config_load (line 278) | def _config_load(self):
method _pkcs7_to_pem (line 316) | def _pkcs7_to_pem(self, pkcs7_content: str, outform: str = "string") -...
method _simpleenroll (line 345) | def _simpleenroll(self, csr: str) -> Tuple[str, str]:
method enroll (line 381) | def enroll(self, csr: str) -> Tuple[str, str, str, bool]:
method handler_check (line 410) | def handler_check(self):
method poll (line 417) | def poll(
method revoke (line 431) | def revoke(
method trigger (line 444) | def trigger(self, _payload: str) -> Tuple[str, str, str]:
FILE: examples/ca_handler/ms_wcce/errors.py
function translate_error_code (line 7) | def translate_error_code(error_code: int) -> str:
FILE: examples/ca_handler/ms_wcce/request.py
function csr_pem_to_der (line 22) | def csr_pem_to_der(csr: str) -> bytes:
function der_to_pem (line 28) | def der_to_pem(certificate: bytes) -> bytes:
class DCERPCSessionError (line 34) | class DCERPCSessionError(rpcrt.DCERPCException):
method __init__ (line 37) | def __init__(self, error_string=None, error_code=None, packet=None):
method __str__ (line 40) | def __str__(self) -> str:
class CERTTRANSBLOB (line 47) | class CERTTRANSBLOB(NDRSTRUCT):
class CertServerRequest (line 57) | class CertServerRequest(NDRCALL):
class CertServerRequestResponse (line 71) | class CertServerRequestResponse(NDRCALL):
class Request (line 83) | class Request:
method __init__ (line 87) | def __init__(
method get_cert (line 114) | def get_cert(self, csr: bytes) -> bytes:
FILE: examples/ca_handler/ms_wcce/rpc.py
function get_dce_rpc_from_string_binding (line 10) | def get_dce_rpc_from_string_binding(
function get_dynamic_endpoint (line 53) | def get_dynamic_endpoint(interface: bytes, target: str, timeout: int = 5):
function get_dce_rpc (line 82) | def get_dce_rpc(
FILE: examples/ca_handler/ms_wcce/target.py
function is_ip (line 9) | def is_ip(hostname: str) -> bool:
class DnsResolver (line 20) | class DnsResolver:
method __init__ (line 23) | def __init__(self):
method from_options (line 29) | def from_options(options, target) -> "DnsResolver":
method create (line 47) | def create(
method resolve (line 67) | def resolve(self, hostname: str) -> str:
class Target (line 109) | class Target:
method __init__ (line 112) | def __init__(
method __repr__ (line 156) | def __repr__(self) -> str:
FILE: examples/ca_handler/mscertsrv_ca_handler.py
class CAhandler (line 32) | class CAhandler(object):
method __init__ (line 35) | def __init__(self, _debug: bool = False, logger: object = None):
method __enter__ (line 54) | def __enter__(self):
method __exit__ (line 60) | def __exit__(self, *args):
method _check_credentials (line 63) | def _check_credentials(self, ca_server: object) -> bool:
method _cert_bundle_create (line 70) | def _cert_bundle_create(
method _config_headerinfo_load (line 92) | def _config_headerinfo_load(self, config_dic: Dict[str, str]):
method _config_user_load (line 113) | def _config_user_load(self, config_dic: Dict[str, str]):
method _config_password_load (line 131) | def _config_password_load(self, config_dic: Dict[str, str]):
method _config_hostname_load (line 151) | def _config_hostname_load(self, config_dic: Dict[str, str]):
method _config_url_load (line 168) | def _config_url_load(self, config_dic: Dict[str, str]):
method _config_parameters_load (line 183) | def _config_parameters_load(self, config_dic: Dict[str, str]):
method _config_proxy_load (line 209) | def _config_proxy_load(self, config_dic: Dict[str, str]):
method _config_load (line 226) | def _config_load(self):
method _pkcs7_to_pem (line 251) | def _pkcs7_to_pem(self, pkcs7_content: str, outform: str = "string") -...
method _template_name_get (line 312) | def _template_name_get(self, csr: str) -> str:
method _csr_process (line 335) | def _csr_process(self, ca_server, csr: str) -> Tuple[str, str, str]:
method _parameter_overwrite (line 368) | def _parameter_overwrite(self, _csr: str):
method _enroll (line 374) | def _enroll(self, csr: str) -> Tuple[str, str, str]:
method enroll (line 411) | def enroll(self, csr: str) -> Tuple[str, str, str, bool]:
method handler_check (line 437) | def handler_check(self):
method poll (line 446) | def poll(
method revoke (line 460) | def revoke(
method trigger (line 473) | def trigger(self, _payload: str) -> Tuple[int, str, str]:
FILE: examples/ca_handler/mswcce_ca_handler.py
class CAhandler (line 30) | class CAhandler(object):
method __init__ (line 33) | def __init__(self, _debug: bool = False, logger: object = None):
method __enter__ (line 53) | def __enter__(self):
method __exit__ (line 59) | def __exit__(self, *args):
method _config_headerinfo_load (line 62) | def _config_headerinfo_load(self, config_dic: Dict[str, str]):
method _config_host_load (line 83) | def _config_host_load(self, config_dic: Dict[str, str]):
method _config_credentials_load (line 101) | def _config_credentials_load(self, config_dic: Dict[str, str]):
method _config_parameters_load (line 133) | def _config_parameters_load(self, config_dic: Dict[str, str]):
method _config_proxy_load (line 174) | def _config_proxy_load(self, config_dic: Dict[str, str]):
method _config_load (line 191) | def _config_load(self):
method _file_load (line 214) | def _file_load(self, bundle: str) -> str:
method request_create (line 224) | def request_create(self) -> Request:
method _template_name_get (line 251) | def _template_name_get(self, csr: str) -> str:
method _enroll (line 274) | def _enroll(self, csr: str) -> Tuple[str, str, str]:
method enroll (line 320) | def enroll(self, csr: str) -> Tuple[str, str, str, str]:
method handler_check (line 351) | def handler_check(self):
method poll (line 362) | def poll(
method revoke (line 376) | def revoke(
method trigger (line 389) | def trigger(self, _payload: str) -> Tuple[str, str, str]:
FILE: examples/ca_handler/nclm_ca_handler.py
class CAhandler (line 34) | class CAhandler(object):
method __init__ (line 37) | def __init__(self, _debug=None, logger=None):
method __enter__ (line 59) | def __enter__(self):
method __exit__ (line 70) | def __exit__(self, *args):
method _api_post (line 73) | def _api_post(self, url: str, data: Dict[str, str]) -> Dict[str, str]:
method _ca_id_get (line 96) | def _ca_id_get(self, ca_list: Dict[str, str]) -> int:
method _ca_policylink_id_lookup (line 114) | def _ca_policylink_id_lookup(self) -> int:
method _cert_enroll (line 139) | def _cert_enroll(self, csr: str, policylink_id: int) -> Tuple[str, str...
method _csr_post (line 165) | def _csr_post(self, csr: str, policylink_id: int) -> Dict[str, str]:
method _issuer_certid_get (line 190) | def _issuer_certid_get(self, cert_dic: Tuple[str, str]) -> Tuple[str, ...
method _cert_bundle_build (line 226) | def _cert_bundle_build(self, cert_id: int) -> Tuple[str, str, str]:
method _cert_id_get (line 273) | def _cert_id_get(self, job_id: int) -> int:
method _certid_get_from_serial (line 317) | def _certid_get_from_serial(self, cert_raw: str) -> List[str]:
method _cert_id_lookup (line 358) | def _cert_id_lookup(self, cert_raw: str) -> int:
method _config_api_access_check (line 386) | def _config_api_access_check(self):
method _config_names_check (line 407) | def _config_names_check(self):
method _config_check (line 426) | def _config_check(self):
method _config_api_user_load (line 435) | def _config_api_user_load(self, config_dic: Dict[str, str]):
method _config_api_password_load (line 453) | def _config_api_password_load(self, config_dic: Dict[str, str]):
method _config_names_load (line 473) | def _config_names_load(self, config_dic: Dict[str, str]):
method _config_proxy_load (line 497) | def _config_proxy_load(self, config_dic: Dict[str, str]):
method _config_timer_load (line 516) | def _config_timer_load(self, config_dic: Dict[str, str]):
method _config_load (line 541) | def _config_load(self):
method _container_id_lookup (line 570) | def _container_id_lookup(self):
method _csr_check (line 609) | def _csr_check(self, csr: str) -> str:
method _enroll (line 619) | def _enroll(self, csr: str, ca_id: int) -> Tuple[str, str, str, str]:
method _login (line 648) | def _login(self):
method _revocation_status_poll (line 707) | def _revocation_status_poll(
method _template_list_get (line 743) | def _template_list_get(self, ca_id: int) -> Dict[str, str]:
method _templates_enumerate (line 768) | def _templates_enumerate(self, template_list: Dict[str, str]):
method _template_id_lookup (line 784) | def _template_id_lookup(self, ca_id: int):
method enroll (line 808) | def enroll(self, csr: str) -> Tuple[str, str, str, str]:
method handler_check (line 851) | def handler_check(self):
method poll (line 859) | def poll(
method revoke (line 873) | def revoke(
method trigger (line 916) | def trigger(self, _payload: str) -> Tuple[str, str, str]:
FILE: examples/ca_handler/openssl_ca_handler.py
class CAhandler (line 41) | class CAhandler(object):
method __init__ (line 44) | def __init__(self, debug: bool = False, logger: object = None):
method __enter__ (line 62) | def __enter__(self):
method __exit__ (line 68) | def __exit__(self, *args):
method _ca_load (line 71) | def _ca_load(self) -> Tuple[object, object]:
method _cert_extension_ku_parse (line 94) | def _cert_extension_ku_parse(self, ext: str) -> Dict[str, str]:
method _cert_extension_eku_parse (line 129) | def _cert_extension_eku_parse(self, ext: str) -> List[str]:
method _cert_extension_dic_parse (line 158) | def _cert_extension_dic_parse(
method _certificate_extensions_load (line 206) | def _certificate_extensions_load(self) -> Dict[str, str]:
method _certificate_store (line 242) | def _certificate_store(self, cert: object):
method _config_check_issuer (line 271) | def _config_check_issuer(self) -> str:
method _config_check_crl (line 295) | def _config_check_crl(self, error: str = None) -> str:
method _config_parameters_check (line 315) | def _config_parameters_check(self, error: str = None) -> str:
method _config_check (line 332) | def _config_check(self) -> str:
method _config_domainlists_load (line 347) | def _config_domainlists_load(self, config_dic: Dict[str, str]):
method _config_credentials_load (line 409) | def _config_credentials_load(self, config_dic: Dict[str, str]):
method _config_policy_load (line 445) | def _config_policy_load(self, config_dic: Dict[str, str]):
method _config_load (line 485) | def _config_load(self):
method _chk_san_lists_get (line 504) | def _chk_san_lists_get(self, csr: str) -> Tuple[List[str], List[bool]]:
method _cn_add (line 531) | def _cn_add(self, csr: str, san_list: List[str]) -> Tuple[List[str], s...
method _csr_check (line 554) | def _csr_check(self, csr: str) -> Tuple[bool, str]:
method _list_regex_check (line 586) | def _list_regex_check(self, entry: str, list_: List[str]) -> bool:
method _list_check (line 602) | def _list_check(self, entry: str, list_: List[str], toggle: bool = Fal...
method _pemcertchain_generate (line 624) | def _pemcertchain_generate(self, ee_cert: str, issuer_cert: str) -> str:
method _string_wlbl_check (line 642) | def _string_wlbl_check(
method _cert_expiry_get (line 672) | def _cert_expiry_get(self, cert):
method _cacert_expiry_get (line 681) | def _cacert_expiry_get(self):
method _certexpiry_date_default (line 721) | def _certexpiry_date_default(self) -> datetime.datetime:
method _certexpiry_date_set (line 733) | def _certexpiry_date_set(self) -> datetime.datetime:
method _cert_signing_prep (line 754) | def _cert_signing_prep(self, ca_cert: object, req: object, subject: st...
method _cert_extension_default (line 773) | def _cert_extension_default(self, ca_cert: object, req: object) -> Lis...
method _cert_extension_apply (line 820) | def _cert_extension_apply(
method enroll (line 852) | def enroll(self, csr: str) -> Tuple[str, str, str, str]:
method poll (line 927) | def poll(
method _crlobject_build (line 941) | def _crlobject_build(
method revoke (line 976) | def revoke(
method trigger (line 1049) | def trigger(self, _payload: str) -> Tuple[str, str, str]:
FILE: examples/ca_handler/openxpki_ca_handler.py
class CAhandler (line 30) | class CAhandler(object):
method __init__ (line 33) | def __init__(self, _debug: bool = None, logger: object = None):
method __enter__ (line 55) | def __enter__(self):
method __exit__ (line 61) | def __exit__(self, *args):
method _cert_bundle_create (line 64) | def _cert_bundle_create(self, response: Dict[str, str]) -> Tuple[str, ...
method _cert_identifier_get (line 91) | def _cert_identifier_get(self, cert_raw: str) -> str:
method _config_server_load (line 107) | def _config_server_load(self, config_dic):
method _config_ca_load (line 136) | def _config_ca_load(self, config_dic):
method _config_passphrase_load (line 166) | def _config_passphrase_load(self, config_dic: Dict[str, str]):
method _config_session_load (line 198) | def _config_session_load(self, config_dic: Dict[str, str]):
method _config_load (line 232) | def _config_load(self):
method _enroll (line 280) | def _enroll(self, data_dic: Dict[str, str]) -> Tuple[str, str, str, str]:
method _rpc_post (line 344) | def _rpc_post(self, path: str, data_dic: Dict[str, str]) -> Dict[str, ...
method _revoke (line 364) | def _revoke(self, cert_identifier: str, rev_reason: str) -> Tuple[int,...
method enroll (line 403) | def enroll(self, csr: str) -> Tuple[str, str, str, str]:
method handler_check (line 448) | def handler_check(self):
method poll (line 457) | def poll(
method revoke (line 471) | def revoke(
method trigger (line 497) | def trigger(self, _payload: str) -> Tuple[str, str, str]:
FILE: examples/ca_handler/pkcs7_soap_ca_handler.py
function binary_read (line 32) | def binary_read(logger, file_name):
function binary_write (line 42) | def binary_write(logger, file_name, content):
class CAhandler (line 51) | class CAhandler(object):
method __init__ (line 54) | def __init__(self, _debug=None, logger=None):
method __enter__ (line 65) | def __enter__(self):
method __exit__ (line 71) | def __exit__(self, *args):
method _script_config_load (line 74) | def _script_config_load(self, config_dic):
method _self_signing_config_load (line 97) | def _self_signing_config_load(self, config_dic):
method _global_config_load (line 136) | def _global_config_load(self, config_dic):
method _config_load (line 164) | def _config_load(self):
method _cert_decode (line 190) | def _cert_decode(self, cert):
method _sign (line 197) | def _sign(self, key, payload):
method _pkcs7_create (line 221) | def _pkcs7_create(self, cert, csr, private_key):
method _soaprequest_build (line 296) | def _soaprequest_build(self, pkcs7):
method _soaprequest_send (line 316) | def _soaprequest_send(self, payload):
method _get_certificate (line 385) | def _get_certificate(self, signature_block_file):
method _certraw_get (line 418) | def _certraw_get(self, pem_data):
method _pkcs7_signing_config_verify (line 430) | def _pkcs7_signing_config_verify(self):
method _signing_command_build (line 458) | def _signing_command_build(self, csr_unsigned, csr_signed):
method _pkcs7_sign_external (line 492) | def _pkcs7_sign_external(self, csr):
method enroll (line 539) | def enroll(self, csr):
method poll (line 594) | def poll(self, _cert_name, poll_identifier, _csr):
method revoke (line 606) | def revoke(self, _cert, _rev_reason, _rev_date):
method trigger (line 617) | def trigger(self, _payload):
FILE: examples/ca_handler/skeleton_ca_handler.py
class CAhandler (line 10) | class CAhandler(object):
method __init__ (line 13) | def __init__(self, _debug: bool = None, logger: object = None):
method __enter__ (line 17) | def __enter__(self):
method __exit__ (line 23) | def __exit__(self, *args):
method _config_load (line 26) | def _config_load(self):
method _stub_func (line 37) | def _stub_func(self, parameter: str):
method enroll (line 43) | def enroll(self, csr: str) -> Tuple[str, str, str, str]:
method handler_check (line 63) | def handler_check(self):
method poll (line 74) | def poll(
method revoke (line 89) | def revoke(
method trigger (line 102) | def trigger(self, payload: str) -> Tuple[str, str, str]:
FILE: examples/ca_handler/vault_ca_handler.py
class CAhandler (line 37) | class CAhandler(object):
method __init__ (line 40) | def __init__(self, _debug: bool = None, logger: object = None):
method __enter__ (line 59) | def __enter__(self):
method __exit__ (line 65) | def __exit__(self, *args):
method _api_get (line 68) | def _api_get(self, url: str) -> Tuple[int, Dict[str, str]]:
method _api_post (line 85) | def _api_post(self, url: str, data: Dict[str, str]) -> Tuple[int, Dict...
method _api_put (line 102) | def _api_put(self, url: str, data: Dict[str, str]) -> Tuple[int, Dict[...
method _config_check (line 119) | def _config_check(self) -> str:
method _config_load (line 135) | def _config_load(self):
method _csr_check (line 196) | def _csr_check(self, csr: str) -> str:
method _enrollment_request_prepare (line 205) | def _enrollment_request_prepare(self, csr: str) -> Tuple[str, str, str]:
method _preconfig_check (line 219) | def _preconfig_check(self, csr: str) -> str:
method enroll (line 230) | def enroll(self, csr: str) -> Tuple[str, str, str, str]:
method handler_check (line 293) | def handler_check(self):
method poll (line 302) | def poll(
method revoke (line 316) | def revoke(
method trigger (line 373) | def trigger(self, _payload: str) -> Tuple[str, str, str]:
FILE: examples/ca_handler/xca_ca_handler.py
function dict_from_row (line 53) | def dict_from_row(row):
class CAhandler (line 58) | class CAhandler(object):
method __init__ (line 61) | def __init__(self, debug: bool = False, logger: object = None):
method __enter__ (line 79) | def __enter__(self):
method __exit__ (line 85) | def __exit__(self, *args):
method _asn1_stream_parse (line 88) | def _asn1_stream_parse(self, asn1_stream: str = None) -> Dict[str, str]:
method _ca_cert_load (line 128) | def _ca_cert_load(self) -> Tuple[object, int]:
method _ca_key_load (line 162) | def _ca_key_load(self) -> object:
method _ca_load (line 196) | def _ca_load(self) -> Tuple[object, object, int]:
method _cdp_list_generate (line 205) | def _cdp_list_generate(self, cdp_string: str = None) -> List[str]:
method _cert_insert (line 224) | def _cert_insert(self, cert_dic: Dict[str, str] = None) -> int:
method _cert_search (line 273) | def _cert_search(self, column: str, value: str) -> Dict[str, str]:
method _cert_subject_generate (line 310) | def _cert_subject_generate(
method _cert_sign (line 331) | def _cert_sign(
method _columnnames_get (line 426) | def _columnnames_get(self, table: str) -> List[str]:
method _config_check (line 441) | def _config_check(self) -> str:
method _config_load (line 469) | def _config_load(self):
method _csr_import (line 533) | def _csr_import(self, csr, request_name):
method _csr_insert (line 559) | def _csr_insert(self, csr_dic: Dict[str, str] = None) -> int:
method _csr_search (line 590) | def _csr_search(self, column: str, value: str) -> Dict[str, str]:
method _db_check (line 611) | def _db_check(self):
method _db_open (line 646) | def _db_open(self):
method _db_close (line 654) | def _db_close(self):
method _extended_keyusage_generate (line 661) | def _extended_keyusage_generate(
method _extension_list_default (line 705) | def _extension_list_default(self, ca_cert: str = None, cert: str = None):
method _extension_list_generate (line 750) | def _extension_list_generate(
method _identifier_check (line 794) | def _identifier_check(self, table: str, identifier: str) -> bool:
method _item_insert (line 823) | def _item_insert(self, item_dic: Dict[str, str] = None) -> int:
method _keyusage_generate (line 862) | def _keyusage_generate(
method _kue_generate (line 886) | def _kue_generate(self, kuval: int = 0, ku_csr: str = None) -> Dict[st...
method _ku_dict_generate (line 916) | def _ku_dict_generate(self, kuval: int = 0) -> Dict[str, str]:
method _pemcertchain_generate (line 951) | def _pemcertchain_generate(self, ee_cert: str, issuer_cert: str = None...
method _requestname_get (line 971) | def _requestname_get(self, csr: str = None) -> str:
method _revocation_insert (line 991) | def _revocation_insert(self, rev_dic: Dict[str, str] = None) -> int:
method _revocation_check (line 1027) | def _revocation_check(
method _revocation_search (line 1058) | def _revocation_search(self, column: str, value: str) -> Dict[str, str]:
method _store_cert (line 1079) | def _store_cert(
method _stream_split (line 1115) | def _stream_split(self, byte_stream: str = None) -> Tuple[str, str]:
method _stub_func (line 1139) | def _stub_func(self, parameter: str) -> str:
method _subject_name_hash_get (line 1145) | def _subject_name_hash_get(self, cert: str = None) -> int:
method _subject_modify (line 1154) | def _subject_modify(self, subject: str, dn_dic: Dict[str, str] = None)...
method _table_check (line 1199) | def _table_check(self, table: str) -> bool:
method _template_load (line 1213) | def _template_load(self) -> Tuple[Dict[str, str], Dict[str, str]]:
method _template_parse (line 1237) | def _template_parse(
method _utf_stream_parse (line 1262) | def _utf_stream_parse(self, utf_stream: str = None) -> Dict[str, str]:
method _validity_calculate (line 1298) | def _validity_calculate(self, template_dic: Dict[str, str] = None) -> ...
method _xca_template_process (line 1321) | def _xca_template_process(
method handler_check (line 1391) | def handler_check(self):
method enroll (line 1402) | def enroll(self, csr: str = None) -> Tuple[str, str, str, str]:
method poll (line 1447) | def poll(
method revoke (line 1462) | def revoke(
method trigger (line 1498) | def trigger(self, payload: str) -> Tuple[str, str, str]:
FILE: examples/db_handler/django_handler.py
function initialize (line 12) | def initialize(): # nopep8
class DBstore (line 46) | class DBstore(object):
method __init__ (line 49) | def __init__(self, _debug: bool = False, logger: object = None):
method _account_getinstance (line 54) | def _account_getinstance(self, aname: str) -> QuerySet:
method _authorization_getinstance (line 59) | def _authorization_getinstance(self, name: str) -> QuerySet:
method _modify_key (line 64) | def _modify_key(self, mkey: str, operant: str) -> str:
method _order_getinstance (line 74) | def _order_getinstance(self, value: str = id, mkey: id = "id") -> Quer...
method _status_getinstance (line 79) | def _status_getinstance(self, value: str, mkey: str = "id") -> QuerySet:
method account_add (line 84) | def account_add(self, data_dic: Dict[str, str]) -> Tuple[str, bool]:
method account_lookup (line 105) | def account_lookup(
method account_delete (line 129) | def account_delete(self, aname):
method account_update (line 135) | def account_update(
method accountlist_get (line 149) | def accountlist_get(self) -> Tuple[List[str], QuerySet]:
method authorization_add (line 191) | def authorization_add(self, data_dic: Dict[str, str]) -> int:
method authorization_lookup (line 209) | def authorization_lookup(
method authorizations_expired_search (line 217) | def authorizations_expired_search(
method authorization_update (line 249) | def authorization_update(self, data_dic: Dict[str, str]) -> int:
method cahandler_add (line 279) | def cahandler_add(self, data_dic: Dict[str, str]) -> Tuple[str, bool]:
method cahandler_lookup (line 294) | def cahandler_lookup(self, mkey: str, value: str) -> Dict[str, str]:
method challenge_add (line 306) | def challenge_add(self, value: str, mtype: str, data_dic: Dict[str, st...
method certificate_add (line 340) | def certificate_add(self, data_dic: Dict[str, str]) -> int:
method certificate_account_check (line 355) | def certificate_account_check(self, account_name: str, certificate: st...
method certificate_delete (line 376) | def certificate_delete(self, mkey: str, value: str) -> QuerySet:
method certificatelist_get (line 381) | def certificatelist_get(self) -> Tuple[List[str], List[QuerySet]]:
method certificate_lookup (line 417) | def certificate_lookup(
method certificates_search (line 438) | def certificates_search(
method challenge_lookup (line 450) | def challenge_lookup(
method challenges_search (line 471) | def challenges_search(
method challenge_update (line 481) | def challenge_update(self, data_dic: Dict[str, str]):
method cli_jwk_load (line 492) | def cli_jwk_load(self, aname: str) -> Dict[str, str]:
method cli_permissions_get (line 507) | def cli_permissions_get(self, aname: str) -> Dict[str, str]:
method dbversion_get (line 518) | def dbversion_get(self) -> Tuple[Dict[str, str], str]:
method hkparameter_add (line 531) | def hkparameter_add(self, data_dic: Dict[str, str]):
method hkparameter_get (line 539) | def hkparameter_get(self, parameter: str) -> str:
method jwk_load (line 552) | def jwk_load(self, aname: str) -> Dict[str, str]:
method nonce_add (line 567) | def nonce_add(self, nonce: str) -> int:
method nonce_check (line 576) | def nonce_check(self, nonce: str) -> bool:
method nonce_delete (line 584) | def nonce_delete(self, nonce: str):
method order_add (line 590) | def order_add(self, data_dic: Dict[str, str]) -> int:
method order_lookup (line 605) | def order_lookup(
method order_update (line 634) | def order_update(self, data_dic: Dict[str, str]):
method orders_invalid_search (line 645) | def orders_invalid_search(
FILE: examples/db_handler/wsgi_handler.py
function initialize (line 19) | def initialize():
function dict_from_row (line 25) | def dict_from_row(row):
class DBstore (line 30) | class DBstore(object):
method __init__ (line 33) | def __init__(self, debug: bool = False, logger: object = None, db_name...
method _columnnames_get (line 55) | def _columnnames_get(self, table: str) -> List[str]:
method _table_check (line 73) | def _table_check(self, table: str) -> bool:
method _identifier_check (line 85) | def _identifier_check(self, table: str, identifier: str) -> bool:
method _account_search (line 119) | def _account_search(
method _authorization_search (line 149) | def _authorization_search(self, column: str, string: str) -> List[str]:
method _cahandler_search (line 188) | def _cahandler_search(self, column: str, string: str) -> List[str]:
method _certificate_account_check (line 212) | def _certificate_account_check(
method _certificate_insert (line 234) | def _certificate_insert(self, data_dic: Dict[str, str]) -> int:
method _certificate_update (line 267) | def _certificate_update(
method _certificate_search (line 298) | def _certificate_search(self, column: str, string: str) -> Dict[str, s...
method _challenge_search (line 326) | def _challenge_search(self, column: str, string: str) -> List[str]:
method _cliaccount_search (line 368) | def _cliaccount_search(self, column: str, string: str) -> Dict[str, str]:
method _db_close (line 392) | def _db_close(self):
method _db_create (line 399) | def _db_create(self):
method _db_open (line 492) | def _db_open(self):
method _db_update_account (line 498) | def _db_update_account(self):
method _db_update_authorization (line 518) | def _db_update_authorization(self):
method _db_update_cahandler (line 540) | def _db_update_cahandler(self):
method _db_update_certificate (line 555) | def _db_update_certificate(self):
method _db_update_challenge (line 601) | def _db_update_challenge(self):
method _db_update_cliaccount (line 628) | def _db_update_cliaccount(self):
method _db_update_housekeeping (line 643) | def _db_update_housekeeping(self):
method _db_update_orders (line 693) | def _db_update_orders(self):
method _db_update_status (line 723) | def _db_update_status(self):
method _order_search (line 737) | def _order_search(self, column: str, string: str) -> List[str]:
method _status_search (line 773) | def _status_search(self, column: str, string: str) -> Tuple[int, str]:
method account_add (line 788) | def account_add(self, data_dic):
method account_delete (line 822) | def account_delete(self, aname: str) -> bool:
method account_lookup (line 833) | def account_lookup(
method account_update (line 853) | def account_update(
method accountlist_get (line 895) | def accountlist_get(self) -> Tuple[List[str], List[str]]:
method authorization_add (line 990) | def authorization_add(self, data_dic: Dict[str, str]) -> int:
method authorization_lookup (line 1003) | def authorization_lookup(
method authorizations_expired_search (line 1032) | def authorizations_expired_search(
method authorization_update (line 1087) | def authorization_update(self, data_dic: Dict[str, str]) -> List[str]:
method certificate_account_check (line 1121) | def certificate_account_check(
method cahandler_add (line 1152) | def cahandler_add(self, data_dic: Dict[str, str]) -> int:
method cahandler_lookup (line 1181) | def cahandler_lookup(
method cliaccount_add (line 1207) | def cliaccount_add(self, data_dic: Dict[str, str]) -> int:
method cliaccount_delete (line 1235) | def cliaccount_delete(self, data_dic: Dict[str, str]):
method cliaccountlist_get (line 1251) | def cliaccountlist_get(self) -> List[str]:
method certificate_add (line 1285) | def certificate_add(self, data_dic: Dict[str, str]) -> int:
method certificate_delete (line 1309) | def certificate_delete(self, mkey: str, string: str):
method certificatelist_get (line 1321) | def certificatelist_get(self) -> Tuple[List[str], List[str]]:
method certificate_lookup (line 1383) | def certificate_lookup(
method certificates_search (line 1409) | def certificates_search(
method challenges_search (line 1456) | def challenges_search(
method challenge_add (line 1505) | def challenge_add(self, value: str, mtype: str, data_dic: Dict[str, st...
method challenge_lookup (line 1530) | def challenge_lookup(
method challenge_update (line 1557) | def challenge_update(self, data_dic: Dict[str, str]):
method cli_jwk_load (line 1587) | def cli_jwk_load(self, aname: str) -> Dict[str, str]:
method cli_permissions_get (line 1597) | def cli_permissions_get(self, aname: str) -> Dict[str, str]:
method db_update (line 1611) | def db_update(self):
method dbversion_get (line 1655) | def dbversion_get(self) -> Tuple[List[str], str]:
method hkparameter_add (line 1671) | def hkparameter_add(self, data_dic: Dict[str, str]) -> Tuple[str, bool]:
method hkparameter_get (line 1697) | def hkparameter_get(self, parameter: str) -> List[str]:
method jwk_load (line 1716) | def jwk_load(self, aname: str) -> Dict[str, str]:
method nonce_add (line 1727) | def nonce_add(self, nonce: str) -> int:
method nonce_check (line 1741) | def nonce_check(self, nonce: str) -> bool:
method nonce_delete (line 1755) | def nonce_delete(self, nonce: str):
method order_add (line 1766) | def order_add(self, data_dic: Dict[str, str]) -> int:
method order_lookup (line 1793) | def order_lookup(
method order_update (line 1829) | def order_update(self, data_dic: Dict[str, str]):
method orders_invalid_search (line 1843) | def orders_invalid_search(
FILE: examples/django/acme_srv/a2c_response.py
class JsonResponse (line 9) | class JsonResponse(HttpResponse):
method __init__ (line 15) | def __init__(
FILE: examples/django/acme_srv/models.py
class Nonce (line 8) | class Nonce(models.Model):
method __unicode__ (line 14) | def __unicode__(self):
class Status (line 18) | class Status(models.Model):
method __unicode__ (line 23) | def __unicode__(self):
class Account (line 27) | class Account(models.Model):
method __unicode__ (line 38) | def __unicode__(self):
class Cliaccount (line 42) | class Cliaccount(models.Model):
class Order (line 54) | class Order(models.Model):
method __unicode__ (line 67) | def __unicode__(self):
class Authorization (line 71) | class Authorization(models.Model):
method __unicode__ (line 83) | def __unicode__(self):
class Challenge (line 87) | class Challenge(models.Model):
method __unicode__ (line 102) | def __unicode__(self):
class Certificate (line 106) | class Certificate(models.Model):
method __unicode__ (line 125) | def __unicode__(self):
class Housekeeping (line 129) | class Housekeeping(models.Model):
class Cahandler (line 137) | class Cahandler(models.Model):
FILE: examples/django/acme_srv/views.py
function handle_exception (line 58) | def handle_exception(exc_type, exc_value, exc_traceback):
function pretty_request (line 66) | def pretty_request(request):
function directory (line 84) | def directory(request):
function newaccount (line 101) | def newaccount(request):
function newnonce (line 128) | def newnonce(request):
function servername_get (line 152) | def servername_get(request):
function acct (line 158) | def acct(request):
function neworders (line 177) | def neworders(request):
function authz (line 207) | def authz(request):
function chall (line 237) | def chall(request):
function order (line 278) | def order(request):
function cert (line 304) | def cert(request):
function revokecert (line 336) | def revokecert(request):
function trigger (line 366) | def trigger(request):
function renewalinfo (line 396) | def renewalinfo(request):
function housekeeping (line 429) | def housekeeping(request):
function acmechallenge_serve (line 456) | def acmechallenge_serve(request):
FILE: examples/eab_handler/file_handler.py
class EABhandler (line 12) | class EABhandler(object):
method __init__ (line 15) | def __init__(self, logger: object = None):
method __enter__ (line 19) | def __enter__(self):
method __exit__ (line 25) | def __exit__(self, *args):
method _config_load (line 28) | def _config_load(self):
method key_file_load (line 37) | def key_file_load(self) -> Dict[str, str]:
method mac_key_get (line 54) | def mac_key_get(self, kid: str = None) -> str:
FILE: examples/eab_handler/json_handler.py
class EABhandler (line 12) | class EABhandler(object):
method __init__ (line 15) | def __init__(self, logger: object = None):
method __enter__ (line 19) | def __enter__(self):
method __exit__ (line 25) | def __exit__(self, *args):
method _config_load (line 28) | def _config_load(self):
method key_file_load (line 37) | def key_file_load(self) -> Dict[str, str]:
method mac_key_get (line 54) | def mac_key_get(self, kid: str = None) -> str:
FILE: examples/eab_handler/kid_profile_handler.py
class EABhandler (line 14) | class EABhandler(object):
method __init__ (line 17) | def __init__(self, logger: object = None):
method __enter__ (line 21) | def __enter__(self):
method __exit__ (line 27) | def __exit__(self, *args):
method _config_load (line 30) | def _config_load(self):
method _chk_san_lists_get (line 39) | def _chk_san_lists_get(self, csr: str) -> Tuple[List[str], List[bool]]:
method _cn_add (line 65) | def _cn_add(self, csr: str, san_list: List[str]) -> Tuple[List[str], s...
method _list_regex_check (line 82) | def _list_regex_check(self, entry: str, list_: List[str]) -> bool:
method _wllist_check (line 100) | def _wllist_check(self, entry: str, list_: List[str], toggle: bool = F...
method _allowed_domains_check (line 124) | def _allowed_domains_check(self, csr: str, domain_list: List[str]) -> ...
method eab_kid_get (line 145) | def eab_kid_get(self, csr: str, revocation=False) -> str:
method eab_profile_get (line 181) | def eab_profile_get(self, csr: str, revocation=False) -> str:
method keyfile_content_load (line 207) | def keyfile_content_load(self, key_file_content) -> dict:
method key_file_load (line 226) | def key_file_load(self):
method mac_key_get (line 246) | def mac_key_get(self, kid: str = None) -> str:
FILE: examples/eab_handler/skeleton_eab_handler.py
class EABhandler (line 10) | class EABhandler(object):
method __init__ (line 13) | def __init__(self, logger: object = None):
method __enter__ (line 17) | def __enter__(self):
method __exit__ (line 23) | def __exit__(self, *args):
method _config_load (line 26) | def _config_load(self):
method allowed_domains_check (line 36) | def allowed_domains_check(self, csr, value) -> str:
method mac_key_get (line 43) | def mac_key_get(self, kid: str = None) -> str:
FILE: examples/eab_handler/sql_handler.py
class EABhandler (line 17) | class EABhandler(object):
method __init__ (line 20) | def __init__(self, logger: Logger):
method __enter__ (line 29) | def __enter__(self):
method __exit__ (line 34) | def __exit__(self, *args):
method _config_load (line 37) | def _config_load(self):
method _chk_san_lists_get (line 55) | def _chk_san_lists_get(self, csr: str) -> Tuple[List[str], List[bool]]:
method _cn_add (line 81) | def _cn_add(self, csr: str, san_list: List[str]) -> Tuple[List[str], s...
method _list_regex_check (line 98) | def _list_regex_check(self, entry: str, list_: List[str]) -> bool:
method _wllist_check (line 116) | def _wllist_check(self, entry: str, list_: List[str], toggle: bool = F...
method _allowed_domains_check (line 140) | def _allowed_domains_check(self, csr: str, domain_list: List[str]) -> ...
method eab_kid_get (line 161) | def eab_kid_get(self, csr: str, revocation=False) -> str:
method eab_profile_get (line 199) | def eab_profile_get(self, csr: str, revocation=False) -> str:
method key_file_load (line 225) | def key_file_load(self) -> Dict[str, str]:
method _load_mssql_profiles (line 241) | def _load_mssql_profiles(self, sql_query: str) -> Dict[str, str]:
method _load_postgres_profiles (line 267) | def _load_postgres_profiles(self, sql_query: str) -> Dict[str, str]:
method mac_key_get (line 287) | def mac_key_get(self, key_id: str) -> Optional[str]:
FILE: examples/hooks/cn_dump_hooks.py
class Hooks (line 8) | class Hooks:
method __init__ (line 11) | def __init__(self, logger) -> None:
method __enter__ (line 16) | def __enter__(self):
method __exit__ (line 20) | def __exit__(self, *args):
method _config_load (line 23) | def _config_load(self):
method _file_append (line 31) | def _file_append(self, filename, content):
method pre_hook (line 38) | def pre_hook(self, _certificate_name, _order_name, csr):
method post_hook (line 46) | def post_hook(self, _certificate_name, _order_name, csr, _error):
method success_hook (line 54) | def success_hook(
FILE: examples/hooks/email_hooks.py
class Hooks (line 84) | class Hooks:
method __init__ (line 87) | def __init__(self, logger) -> None:
method _validate_configuration (line 101) | def _validate_configuration(self) -> None:
method _get_config_value (line 131) | def _get_config_value(self, key: str, fallback=None):
method _get_config_int (line 144) | def _get_config_int(self, key: str, fallback=None):
method _get_config_boolean (line 154) | def _get_config_boolean(self, key: str, fallback=None):
method _validate_smtp_configuration (line 163) | def _validate_smtp_configuration(self) -> None:
method _load_configuration (line 218) | def _load_configuration(self) -> None:
method _setup_email_envelope (line 263) | def _setup_email_envelope(self) -> None:
method _done (line 274) | def _done(self):
method _clean_san (line 361) | def _clean_san(self, sans):
method _attach_csr (line 387) | def _attach_csr(self, request_key, csr):
method _attach_cert (line 418) | def _attach_cert(self, request_key, certificate):
method _format_subject (line 458) | def _format_subject(self, status: str, san: str) -> str:
method _format_message_header (line 467) | def _format_message_header(self, status: str, san: str) -> str:
method pre_hook (line 484) | def pre_hook(self, _certificate_name, _order_name, _csr) -> None:
method post_hook (line 488) | def post_hook(self, request_key, _order_name, csr, error) -> None:
method success_hook (line 520) | def success_hook(
FILE: examples/hooks/exception_test_hooks.py
class Hooks (line 7) | class Hooks:
method __init__ (line 10) | def __init__(self, logger) -> None:
method __enter__ (line 17) | def __enter__(self):
method __exit__ (line 21) | def __exit__(self, *args):
method _config_load (line 24) | def _config_load(self):
method pre_hook (line 40) | def pre_hook(self, certificate_name, order_name, _csr) -> None:
method post_hook (line 46) | def post_hook(self, certificate_name, order_name, _csr, _error) -> None:
method success_hook (line 52) | def success_hook(
FILE: examples/hooks/skeleton_hooks.py
class Hooks (line 6) | class Hooks:
method __init__ (line 21) | def __init__(self, logger) -> None:
method pre_hook (line 24) | def pre_hook(self, certificate_name, order_name, csr) -> None:
method post_hook (line 30) | def post_hook(self, certificate_name, order_name, csr, error) -> None:
method success_hook (line 36) | def success_hook(
FILE: examples/soap/mock_soap_srv.py
function arg_parse (line 34) | def arg_parse():
function _csr_get (line 61) | def _csr_get(
function _csr_lookup (line 104) | def _csr_lookup(logger, soap_dic: Dict[str, str]) -> str:
function _opensslcmd_pem2pkcs7_convert (line 122) | def _opensslcmd_pem2pkcs7_convert(
function _opensslcmd_csr_extract (line 144) | def _opensslcmd_csr_extract(logger, pkcs7_file: str, csr_file: str) -> L...
function _file_load_binary (line 165) | def _file_load_binary(logger, filename: str) -> List[str]:
function _file_load (line 173) | def _file_load(logger, filename: str) -> List[str]:
function _file_dump_binary (line 181) | def _file_dump_binary(logger, filename: str, data_: str):
function _file_dump (line 188) | def _file_dump(logger, filename: str, data_: str):
function _pem2pkcs7_convert (line 195) | def _pem2pkcs7_convert(logger, tmp_dir: str, pem: str) -> str:
function _get_request_body (line 218) | def _get_request_body(environ: Dict[str, str]) -> str:
function _config_load (line 231) | def _config_load(logger, config_file: str) -> Dict[str, str]:
function _csr_extract (line 255) | def _csr_extract(logger, tmp_dir: str, csr: str) -> str:
function request_process (line 278) | def request_process(logger, csr: str) -> bytes:
function soap_srv (line 330) | def soap_srv(environ, start_response) -> List[str]:
FILE: setup.py
function glob_files (line 11) | def glob_files(pattern: str) -> t.List[str]:
function update_and_copy_nginx_configs (line 18) | def update_and_copy_nginx_configs():
FILE: test/test_account.py
class FakeDBStore (line 15) | class FakeDBStore(object):
class TestAccountRepository (line 22) | class TestAccountRepository(unittest.TestCase):
method setUp (line 25) | def setUp(self):
method test_001_lookup_account_success (line 40) | def test_001_lookup_account_success(self):
method test_002_lookup_account_exception (line 50) | def test_002_lookup_account_exception(self):
method test_003_add_account_success (line 67) | def test_003_add_account_success(self):
method test_004_add_account_exception (line 78) | def test_004_add_account_exception(self):
method test_005_update_account_success (line 90) | def test_005_update_account_success(self):
method test_006_update_account_exception (line 97) | def test_006_update_account_exception(self):
method test_007_delete_account_success (line 111) | def test_007_delete_account_success(self):
method test_008_delete_account_exception (line 116) | def test_008_delete_account_exception(self):
method test_009_load_jwk_success (line 130) | def test_009_load_jwk_success(self):
method test_010_load_jwk_exception (line 137) | def test_010_load_jwk_exception(self):
class TestExternalAccountBinding (line 150) | class TestExternalAccountBinding(unittest.TestCase):
method setUp (line 153) | def setUp(self):
method test_001_get_kid_success (line 170) | def test_001_get_kid_success(self):
method test_002_get_kid_invalid (line 178) | def test_002_get_kid_invalid(self):
method test_003_compare_jwk_success (line 187) | def test_003_compare_jwk_success(self):
method test_004_compare_jwk_mismatch (line 195) | def test_004_compare_jwk_mismatch(self):
method test_005_compare_jwk_no_jwk (line 203) | def test_005_compare_jwk_no_jwk(self):
method test_006_verify_signature_success (line 207) | def test_006_verify_signature_success(self):
method test_007_verify_signature_failure (line 217) | def test_007_verify_signature_failure(self):
method test_008_verify_signature_no_content (line 228) | def test_008_verify_signature_no_content(self):
method test_009_verify_success (line 234) | def test_009_verify_success(self):
method test_010_verify_signature_error (line 250) | def test_010_verify_signature_error(self):
method test_011_verify_no_mac_key (line 268) | def test_011_verify_no_mac_key(self):
method test_012_check_success (line 283) | def test_012_check_success(self):
method test_013_check_jwk_mismatch (line 311) | def test_013_check_jwk_mismatch(self):
method test_014_check_no_externalaccountbinding (line 335) | def test_014_check_no_externalaccountbinding(self):
method test_016_verify_no_kid (line 352) | def test_016_verify_no_kid(self):
class TestAccount (line 363) | class TestAccount(unittest.TestCase):
method setUp (line 367) | def setUp(self):
method test_017__enter_ (line 386) | def test_017__enter_(self):
method test_018__enter_ (line 390) | def test_018__enter_(self):
method test_001_create_account_success (line 394) | def test_001_create_account_success(self):
method test_002_create_account_msg_check_failure (line 412) | def test_002_create_account_msg_check_failure(self):
method test_003_create_account_onlyreturnexisting (line 430) | def test_003_create_account_onlyreturnexisting(self):
method test_004__validate_contact_missing (line 455) | def test_004__validate_contact_missing(self):
method test_005__validate_contact_invalid (line 461) | def test_005__validate_contact_invalid(self):
method test_006__validate_contact_valid (line 468) | def test_006__validate_contact_valid(self):
method test_007__check_tos_agreed (line 475) | def test_007__check_tos_agreed(self):
method test_008__check_tos_not_agreed (line 482) | def test_008__check_tos_not_agreed(self):
method test_009__check_tos_missing (line 489) | def test_009__check_tos_missing(self):
method test_010__add_account_to_db_success_new (line 496) | def test_010__add_account_to_db_success_new(self):
method test_011__add_account_to_db_success_existing (line 509) | def test_011__add_account_to_db_success_existing(self):
method test_011__add_account_to_db_exception (line 522) | def test_011__add_account_to_db_exception(self):
method test_012__parse_query_valid (line 543) | def test_012__parse_query_valid(self):
method test_013__parse_query_invalid (line 558) | def test_013__parse_query_invalid(self):
method test_014__onlyreturnexisting_acc_lookup_success (line 564) | def test_014__onlyreturnexisting_acc_lookup_success(self):
method test_014__onlyreturnexisting_acc_lookup_failed (line 583) | def test_014__onlyreturnexisting_acc_lookup_failed(self):
method test_015__onlyreturnexisting_no_jwk (line 600) | def test_015__onlyreturnexisting_no_jwk(self):
method test_016__onlyreturnexisting_false (line 608) | def test_016__onlyreturnexisting_false(self):
method test_017__onlyreturnexisting_missing (line 616) | def test_017__onlyreturnexisting_missing(self):
method test_018__handle_deactivation_success (line 624) | def test_018__handle_deactivation_success(self):
method test_018__handle_deactivation_fail (line 635) | def test_018__handle_deactivation_fail(self):
method test_019__handle_deactivation_status_invalid (line 650) | def test_019__handle_deactivation_status_invalid(self):
method test_020__deactivate_account_success (line 657) | def test_020__deactivate_account_success(self):
method test_021__deactivate_account_failure (line 663) | def test_021__deactivate_account_failure(self):
method test_022__deactivate_account_exception (line 671) | def test_022__deactivate_account_exception(self):
method test_023__handle_contact_update_success (line 690) | def test_023__handle_contact_update_success(self):
method test_024__handle_contact_update_failure (line 716) | def test_024__handle_contact_update_failure(self):
method test_025__update_account_contacts_validation_failes (line 729) | def test_025__update_account_contacts_validation_failes(self):
method test_025__update_account_contacts_success (line 743) | def test_025__update_account_contacts_success(self):
method test_026__update_account_contacts_failure (line 754) | def test_026__update_account_contacts_failure(self):
method test_027__update_account_contacts_exception (line 765) | def test_027__update_account_contacts_exception(self):
method test_028__handle_key_change_success (line 781) | def test_028__handle_key_change_success(self):
method test_029__handle_key_change_failure (line 794) | def test_029__handle_key_change_failure(self):
method test_030__rollover_account_key_validation_success (line 804) | def test_030__rollover_account_key_validation_success(self):
method test_030__rollover_account_key_validation_failure (line 815) | def test_030__rollover_account_key_validation_failure(self):
method test_031__rollover_account_key_failure (line 830) | def test_031__rollover_account_key_failure(self):
method test_032__rollover_account_key_exception (line 848) | def test_032__rollover_account_key_exception(self):
method test_033__validate_key_change_success (line 864) | def test_033__validate_key_change_success(self):
method test_034__validate_key_change_missing_jwk (line 875) | def test_034__validate_key_change_missing_jwk(self):
method test_035__validate_key_change_key_exists (line 885) | def test_035__validate_key_change_key_exists(self):
method test_036__validate_key_change_url_mismatch (line 900) | def test_036__validate_key_change_url_mismatch(self):
method test_037__validate_key_change_missing_url (line 911) | def test_037__validate_key_change_missing_url(self):
method test_038__validate_key_change_kid_account_mismatch (line 922) | def test_038__validate_key_change_kid_account_mismatch(self):
method test_039__validate_key_change_missing_kid_account (line 933) | def test_039__validate_key_change_missing_kid_account(self):
method test_040__load_configuration (line 944) | def test_040__load_configuration(self):
method test_041_load_configuration_without_accountsection (line 1017) | def test_041_load_configuration_without_accountsection(self):
method test_041__create_account_success (line 1042) | def test_041__create_account_success(self):
method test_042__create_account_tos_check_fail (line 1060) | def test_042__create_account_tos_check_fail(self):
method test_043__create_account_eab_check_fail (line 1074) | def test_043__create_account_eab_check_fail(self):
method test_044__create_account_contact_check_fail (line 1088) | def test_044__create_account_contact_check_fail(self):
method test_045__create_account_eab_kid_set (line 1105) | def test_045__create_account_eab_kid_set(self):
method test_046__handle_key_change_success (line 1131) | def test_046__handle_key_change_success(self):
method test_047__handle_key_change_check_fail (line 1154) | def test_047__handle_key_change_check_fail(self):
method test_048__handle_key_change_rollover_fail (line 1170) | def test_048__handle_key_change_rollover_fail(self):
method test_049__handle_key_change_url_missing (line 1193) | def test_049__handle_key_change_url_missing(self):
method test_050__handle_account_query_valid (line 1205) | def test_050__handle_account_query_valid(self):
method test_051__handle_account_query_invalid (line 1225) | def test_051__handle_account_query_invalid(self):
method test_052__lookup_account_by_name_success (line 1240) | def test_052__lookup_account_by_name_success(self):
method test_053__lookup_account_by_name_exception (line 1251) | def test_053__lookup_account_by_name_exception(self):
method test_052__lookup_account_by_field_success (line 1263) | def test_052__lookup_account_by_field_success(self):
method test_053__lookup_account_by_field_exception (line 1274) | def test_053__lookup_account_by_field_exception(self):
method test_056__build_account_info_normal (line 1286) | def test_056__build_account_info_normal(self):
method test_056__build_account_info_witheab (line 1301) | def test_056__build_account_info_witheab(self):
method test_057__build_account_info_missing_fields (line 1318) | def test_057__build_account_info_missing_fields(self):
method test_058__build_account_info_eab_kid_empty (line 1333) | def test_058__build_account_info_eab_kid_empty(self):
method test_059__build_response_201 (line 1345) | def test_059__build_response_201(self):
method test_060__build_response_200 (line 1363) | def test_060__build_response_200(self):
method test_061__build_response_error (line 1381) | def test_061__build_response_error(self):
method test_062__build_response_eab_binding (line 1394) | def test_062__build_response_eab_binding(self):
method test_063_parse_request_error (line 1419) | def test_063_parse_request_error(self):
method test_064_parse_request_deactivation (line 1433) | def test_064_parse_request_deactivation(self):
method test_065_parse_request_contact_update (line 1450) | def test_065_parse_request_contact_update(self):
method test_066_parse_request_key_change (line 1467) | def test_066_parse_request_key_change(self):
method test_067_parse_request_account_query (line 1485) | def test_067_parse_request_account_query(self):
method test_068_parse_request_unknown (line 1501) | def test_068_parse_request_unknown(self):
method test_069_new_calls_create_account (line 1518) | def test_069_new_calls_create_account(self):
method test_070_parse_calls_parse_request (line 1528) | def test_070_parse_calls_parse_request(self):
FILE: test/test_acme_ca_handler.py
class FakeDBStore (line 21) | class FakeDBStore(object):
class TestACMEHandler (line 28) | class TestACMEHandler(unittest.TestCase):
method setUp (line 29) | def setUp(self):
method tearDown (line 42) | def tearDown(self):
method _generate_full_jwk (line 46) | def _generate_full_jwk(self):
method test_214__order_authorization_unexpected_status (line 53) | def test_214__order_authorization_unexpected_status(self):
method test_200__synchronize_profiles_success (line 69) | def test_200__synchronize_profiles_success(self, mock_url_get):
method test_201__synchronize_profiles_error (line 87) | def test_201__synchronize_profiles_error(self, mock_url_get):
method test_202_load_profiles_outdated_sync (line 100) | def test_202_load_profiles_outdated_sync(self, mock_uts, mock_thread):
method test_203_load_profiles_outdated_async (line 114) | def test_203_load_profiles_outdated_async(self, mock_uts, mock_thread):
method test_204_load_profiles_up_to_date (line 128) | def test_204_load_profiles_up_to_date(self, mock_uts, mock_thread):
method test_205__get_renewalinfo_endpoint_url_success (line 144) | def test_205__get_renewalinfo_endpoint_url_success(self, mock_url_get):
method test_206__get_renewalinfo_endpoint_url_no_renewalinfo (line 153) | def test_206__get_renewalinfo_endpoint_url_no_renewalinfo(self, mock_u...
method test_207__get_renewalinfo_endpoint_url_json_error (line 162) | def test_207__get_renewalinfo_endpoint_url_json_error(self, mock_url_g...
method test_208__get_renewalinfo_endpoint_url_fetch_error (line 170) | def test_208__get_renewalinfo_endpoint_url_fetch_error(self, mock_url_...
method test_209__get_renewalinfo_endpoint_url_exception (line 178) | def test_209__get_renewalinfo_endpoint_url_exception(self, mock_url_get):
method test_210_lookup_renewalinfo_success (line 185) | def test_210_lookup_renewalinfo_success(self, mock_url_get):
method test_211_lookup_renewalinfo_json_error (line 195) | def test_211_lookup_renewalinfo_json_error(self, mock_url_get):
method test_212_lookup_renewalinfo_unexpected_response (line 204) | def test_212_lookup_renewalinfo_unexpected_response(self, mock_url_get):
method test_213_lookup_renewalinfo_exception (line 213) | def test_213_lookup_renewalinfo_exception(self, mock_url_get):
method setUp (line 220) | def setUp(self):
method tearDown (line 233) | def tearDown(self):
method _generate_full_jwk (line 237) | def _generate_full_jwk(self):
method test_001___init__ (line 244) | def test_001___init__(self):
method test_002___exit__ (line 248) | def test_002___exit__(self):
method test_003__config_load (line 253) | def test_003__config_load(self, mock_load_cfg):
method test_004__config_load (line 275) | def test_004__config_load(self, mock_load_cfg):
method test_005__config_load (line 303) | def test_005__config_load(self, mock_load_cfg):
method test_006__config_load (line 331) | def test_006__config_load(self, mock_load_cfg):
method test_007__config_load (line 355) | def test_007__config_load(self, mock_load_cfg):
method test_008__config_load (line 382) | def test_008__config_load(self, mock_load_cfg):
method test_009__config_load (line 406) | def test_009__config_load(self, mock_load_cfg):
method test_010__config_load (line 434) | def test_010__config_load(self, mock_load_cfg):
method test_011__config_load (line 462) | def test_011__config_load(self, mock_load_cfg):
method test_012__config_load (line 490) | def test_012__config_load(self, mock_load_cfg):
method test_013__config_load (line 518) | def test_013__config_load(self, mock_load_cfg):
method test_014__config_load (line 546) | def test_014__config_load(self, mock_load_cfg):
method test_015__config_load (line 575) | def test_015__config_load(self, mock_load_cfg):
method test_016__config_load (line 608) | def test_016__config_load(self, mock_load_cfg):
method test_017__config_load (line 637) | def test_017__config_load(self, mock_load_cfg):
method test_018__config_load (line 667) | def test_018__config_load(self, mock_load_cfg):
method test_019__config_load (line 701) | def test_019__config_load(self, mock_load_cfg):
method test_020__config_load (line 732) | def test_020__config_load(self, mock_load_cfg):
method test_021__challenge_filter (line 762) | def test_021__challenge_filter(self):
method test_022__challenge_filter (line 775) | def test_022__challenge_filter(self):
method test_023__challenge_filter (line 792) | def test_023__challenge_filter(self):
method test_024__challenge_filter (line 809) | def test_024__challenge_filter(self):
method test_025__http_challenge_store (line 828) | def test_025__http_challenge_store(self):
method test_026__http_challenge_store (line 834) | def test_026__http_challenge_store(self):
method test_027__http_challenge_store (line 840) | def test_027__http_challenge_store(self):
method test_028__challenge_info (line 846) | def test_028__challenge_info(self, mock_filter):
method test_029__challenge_info (line 857) | def test_029__challenge_info(self, mock_filter):
method test_030__challenge_info (line 872) | def test_030__challenge_info(self, mock_filter):
method test_031__challenge_info (line 884) | def test_031__challenge_info(self, mock_filter):
method test_032__challenge_info (line 896) | def test_032__challenge_info(self, mock_filter):
method test_033__key_generate (line 908) | def test_033__key_generate(self, mock_key):
method test_034__user_key_load (line 917) | def test_034__user_key_load(self, mock_file, mock_key, mock_json):
method test_035__user_key_load (line 931) | def test_035__user_key_load(self, mock_file, mock_key, mock_json):
method test_036__user_key_load (line 945) | def test_036__user_key_load(self, mock_file, mock_key, mock_json):
method test_037__user_key_load (line 958) | def test_037__user_key_load(self, mock_file, mock_key, mock_json):
method test_038__account_register (line 970) | def test_038__account_register(self, mock_messages):
method test_039__account_register (line 992) | def test_039__account_register(self, mock_messages):
method test_040__account_register (line 1014) | def test_040__account_register(self, mock_messages):
method test_041__account_register (line 1036) | def test_041__account_register(self, mock_messages):
method test_042__account_register (line 1060) | def test_042__account_register(self, mock_messages):
method test_043__account_register (line 1076) | def test_043__account_register(self, mock_messages):
method test_044__account_register (line 1092) | def test_044__account_register(self, mock_messages):
method test_045__account_register (line 1110) | def test_045__account_register(self, mock_messages, mock_eab):
method test_046__account_register (line 1129) | def test_046__account_register(self, mock_messages, mock_eab):
method test_047__account_register (line 1151) | def test_047__account_register(self, mock_messages, mock_eab):
method test_048__account_register (line 1173) | def test_048__account_register(self, mock_messages, mock_eab, mock_jwk...
method test_049_acount_create (line 1194) | def test_049_acount_create(self, mock_newreg):
method test_050_acount_create (line 1207) | def test_050_acount_create(self, mock_newreg):
method test_051_acount_create (line 1224) | def test_051_acount_create(self, mock_newreg):
method test_052_trigger (line 1240) | def test_052_trigger(self):
method test_053_poll (line 1246) | def test_053_poll(self):
method test_054_enroll (line 1259) | def test_054_enroll(
method test_055_enroll (line 1278) | def test_055_enroll(
method test_056_enroll (line 1307) | def test_056_enroll(
method test_057_enroll (line 1325) | def test_057_enroll(
method test_058_enroll (line 1349) | def test_058_enroll(
method test_059_enroll (line 1424) | def test_059_enroll(
method test_060_enroll (line 1496) | def test_060_enroll(
method test_061_enroll (line 1554) | def test_061_enroll(
method test_062_enroll (line 1630) | def test_062_enroll(
method test_063_enroll (line 1653) | def test_063_enroll(
method test_064_enroll (line 1685) | def test_064_enroll(
method test_065_enroll (line 1723) | def test_065_enroll(
method test_066__account_lookup (line 1772) | def test_066__account_lookup(self, mock_messages):
method test_067__account_lookup (line 1789) | def test_067__account_lookup(self, mock_messages):
method test_068__account_lookup (line 1807) | def test_068__account_lookup(self, mock_messages):
method test_069__account_lookup (line 1825) | def test_069__account_lookup(self, mock_messages):
method test_070_revoke (line 1852) | def test_070_revoke(
method test_071_revoke (line 1889) | def test_071_revoke(
method test_072_revoke (line 1926) | def test_072_revoke(
method test_073_revoke (line 1965) | def test_073_revoke(
method test_074_revoke (line 1994) | def test_074_revoke(
method test_075_revoke (line 2021) | def test_075_revoke(self, mock_exists, mock_load):
method test_076__zerossl_eab_get (line 2034) | def test_076__zerossl_eab_get(self, mock_post):
method test_077__zerossl_eab_get (line 2047) | def test_077__zerossl_eab_get(self, mock_post):
method test_078__zerossl_eab_get (line 2066) | def test_078__zerossl_eab_get(self, mock_post):
method test_079__zerossl_eab_get (line 2084) | def test_079__zerossl_eab_get(self, mock_post):
method test_080__zerossl_eab_get (line 2102) | def test_080__zerossl_eab_get(self, mock_post):
method test_081__order_authorization (line 2120) | def test_081__order_authorization(self, mock_info):
method test_082__order_authorization (line 2148) | def test_082__order_authorization(self, mock_info):
method test_083__order_authorization (line 2165) | def test_083__order_authorization(self, mock_info):
method test_084__order_authorization (line 2184) | def test_084__order_authorization(self, mock_info):
method test_085_eab_profile_list_check (line 2196) | def test_085_eab_profile_list_check(self):
method test_086_eab_profile_list_check (line 2209) | def test_086_eab_profile_list_check(self):
method test_087_eab_profile_list_check (line 2224) | def test_087_eab_profile_list_check(self, mock_hiv):
method test_088_eab_profile_list_check (line 2237) | def test_088_eab_profile_list_check(self, mock_hiv):
method test_089_eab_profile_list_check (line 2251) | def test_089_eab_profile_list_check(self, mock_hiv):
method test_090_eab_profile_list_check (line 2265) | def test_090_eab_profile_list_check(self, mock_hiv, mock_chk):
method test_091_eab_profile_list_check (line 2283) | def test_091_eab_profile_list_check(self, mock_hiv, mock_chk):
method test_092_eab_profile_list_check (line 2302) | def test_092_eab_profile_list_check(self, mock_hiv, mock_chk):
method test_093_eab_profile_list_check (line 2322) | def test_093_eab_profile_list_check(self, mock_hiv, mock_chk):
method test_094_account_to_keyfile (line 2340) | def test_094_account_to_keyfile(self, mock_file):
method test_095_account_to_keyfile (line 2348) | def test_095_account_to_keyfile(self, mock_file):
method test_096_account_to_keyfile (line 2356) | def test_096_account_to_keyfile(self, mock_file):
method test_097_account_to_keyfile (line 2364) | def test_097_account_to_keyfile(self, mock_file):
method test_098_accountname_get (line 2377) | def test_098_accountname_get(self):
method test_099_accountname_get (line 2386) | def test_099_accountname_get(self):
method test_100_accountname_get (line 2395) | def test_100_accountname_get(self):
method test_101_accountname_get (line 2404) | def test_101_accountname_get(self):
method test_102_accountname_get (line 2413) | def test_102_accountname_get(self):
method test_103_order_new (line 2422) | def test_103_order_new(self):
method test_104_order_new (line 2431) | def test_104_order_new(self):
method test_105_order_new (line 2441) | def test_105_order_new(self):
method test_106_revoke_or_fallback (line 2459) | def test_106_revoke_or_fallback(self, mock_cry_load, mock_ossl_load, m...
method test_107_revoke_or_fallback (line 2471) | def test_107_revoke_or_fallback(
method test_108_order_issue_success (line 2490) | def test_108_order_issue_success(
method test_109_order_issue_success (line 2530) | def test_109_order_issue_success(
method test_110_order_issue_success (line 2572) | def test_110_order_issue_success(
method test_111_order_issue_success (line 2614) | def test_111_order_issue_success(
method test_112_order_issue_no_fullchain (line 2656) | def test_112_order_issue_no_fullchain(
method test_113_order_issue_invalid_order (line 2685) | def test_113_order_issue_invalid_order(self, mock_jwk, mock_order, moc...
method test_114_order_authorization_http_challenge (line 2715) | def test_114_order_authorization_http_challenge(
method test_115_order_authorization_dns_challenge (line 2751) | def test_115_order_authorization_dns_challenge(
method test_116_order_authorization_sectigo_email_challenge (line 2790) | def test_116_order_authorization_sectigo_email_challenge(
method test_117_order_authorization_no_challenge (line 2820) | def test_117_order_authorization_no_challenge(
method test_118_get_dns_challenge_success (line 2834) | def test_118_get_dns_challenge_success(self, mock_jwk, mock_filter):
method test_119_get_dns_challenge_no_challenge (line 2852) | def test_119_get_dns_challenge_no_challenge(self, mock_jwk):
method test_120_set_environment_variables (line 2865) | def test_120_set_environment_variables(self):
method test_121_unset_environment_variables (line 2885) | def test_121_unset_environment_variables(self):
method test_122_unset_not_set_variable (line 2901) | def test_122_unset_not_set_variable(self):
method test_123_dns_update_script_does_not_exist (line 2919) | def test_123_dns_update_script_does_not_exist(self, mock_exists):
method test_124_dns_update_script_exists_and_acme_sh_script_missing (line 2933) | def test_124_dns_update_script_exists_and_acme_sh_script_missing(self,...
method test_125_dns_validation_timeout_parsing (line 2953) | def test_125_dns_validation_timeout_parsing(self, mock_exists):
method test_126_dns_update_script_variables_none (line 2972) | def test_126_dns_update_script_variables_none(self, mock_exists):
method test_127_dns_validation_timeout_parsing (line 2990) | def test_127_dns_validation_timeout_parsing(self, mock_exists):
method test_128_challenge_info_dns (line 3008) | def test_128_challenge_info_dns(
method test_129_challenge_info_http (line 3033) | def test_129_challenge_info_http(
method test_130_challenge_info_missing_authzr (line 3056) | def test_130_challenge_info_missing_authzr(self):
method test_131_challenge_info_missing_user_key (line 3070) | def test_131_challenge_info_missing_user_key(self):
method test_132_deprovision_calls_subprocess_and_env (line 3090) | def test_132_deprovision_calls_subprocess_and_env(
method test_133_deprovision_calls_subprocess_and_env (line 3129) | def test_133_deprovision_calls_subprocess_and_env(
method test_134_deprovision_no_records (line 3159) | def test_134_deprovision_no_records(self, mock_env_handle, mock_subpro...
method test_135_deprovision_missing_scripts (line 3170) | def test_135_deprovision_missing_scripts(self):
method test_136_dns_challenge_provision_success (line 3197) | def test_136_dns_challenge_provision_success(
method test_137_dns_challenge_provision_success (line 3249) | def test_137_dns_challenge_provision_success(
method test_138_dns_challenge_provision_success (line 3308) | def test_138_dns_challenge_provision_success(
method test_139_dns_challenge_provision_timeout (line 3370) | def test_139_dns_challenge_provision_timeout(
method test_140_existing_account_found (line 3411) | def test_140_existing_account_found(self, mock_directory, mock_reg, mo...
method test_141_account_not_found_register_new (line 3432) | def test_141_account_not_found_register_new(
method test_142_no_account_set_register_new (line 3464) | def test_142_no_account_set_register_new(
method test_142_jwk_strip_minimal_fields (line 3487) | def test_142_jwk_strip_minimal_fields(self):
method test_143_jwk_strip_non_rsa_key (line 3498) | def test_143_jwk_strip_non_rsa_key(self):
method test_144_jwk_strip_missing_fields (line 3509) | def test_144_jwk_strip_missing_fields(self):
method test_145_jwk_strip_invalid_jwk (line 3522) | def test_145_jwk_strip_invalid_jwk(self):
method test_146_handler_check (line 3537) | def test_146_handler_check(self, mock_handler_check):
FILE: test/test_acmechallenge.py
class FakeDBStore (line 13) | class FakeDBStore(object):
class TestACMEHandler (line 20) | class TestACMEHandler(unittest.TestCase):
method setUp (line 25) | def setUp(self):
method test_001__enter_ (line 39) | def test_001__enter_(self):
method test_002__enter_ (line 43) | def test_002__enter_(self):
method test_003_lookup (line 47) | def test_003_lookup(self):
method test_004_lookup (line 52) | def test_004_lookup(self):
method test_005_lookup (line 60) | def test_005_lookup(self):
method test_006_lookup (line 68) | def test_006_lookup(self):
FILE: test/test_asa_ca_handler.py
class TestACMEHandler (line 16) | class TestACMEHandler(unittest.TestCase):
method setUp (line 19) | def setUp(self):
method test_001_default (line 30) | def test_001_default(self):
method test_002__enter__ (line 35) | def test_002__enter__(self, mock_cfg):
method test_003_poll (line 41) | def test_003_poll(self):
method test_004_trigger (line 48) | def test_004_trigger(self):
method test_005_config_load (line 55) | def test_005_config_load(self, mock_config_load):
method test_006_config_load (line 83) | def test_006_config_load(self, mock_config_load):
method test_007_config_load (line 111) | def test_007_config_load(self, mock_config_load):
method test_008_config_load (line 139) | def test_008_config_load(self, mock_config_load):
method test_009_config_load (line 167) | def test_009_config_load(self, mock_config_load):
method test_010_config_load (line 188) | def test_010_config_load(self, mock_config_load):
method test_011_config_load (line 220) | def test_011_config_load(self, mock_config_load):
method test_012_config_load (line 252) | def test_012_config_load(self, mock_config_load):
method test_013_config_load (line 288) | def test_013_config_load(self, mock_config_load):
method test_014_config_load (line 321) | def test_014_config_load(self, mock_config_load):
method test_015_config_load (line 353) | def test_015_config_load(self, mock_config_load):
method test_016_config_load (line 385) | def test_016_config_load(self, mock_config_load):
method test_017_config_load (line 417) | def test_017_config_load(self, mock_config_load):
method test_018__api_post (line 449) | def test_018__api_post(self, mock_req):
method test_019__api_post (line 460) | def test_019__api_post(self, mock_req):
method test_020__api_post (line 477) | def test_020__api_post(self, mock_req):
method test_021__api_post (line 486) | def test_021__api_post(self, mock_req):
method test_022__api_get (line 501) | def test_022__api_get(self, mock_req):
method test_023__api_get (line 512) | def test_023__api_get(self, mock_req):
method test_024__api_get (line 529) | def test_024__api_get(self, mock_req):
method test_025__issuers_list (line 542) | def test_025__issuers_list(self, mock_get):
method test_026__profiles_list (line 548) | def test_026__profiles_list(self, mock_get):
method test_027__certificates_list (line 555) | def test_027__certificates_list(self, mock_get):
method test_028_cert_status_get (line 562) | def test_028_cert_status_get(self, mock_req):
method test_029__csr_cn_get (line 573) | def test_029__csr_cn_get(self, mock_cn, mock_san):
method test_030__csr_cn_get (line 582) | def test_030__csr_cn_get(self, mock_cn, mock_san):
method test_031__csr_cn_get (line 597) | def test_031__csr_cn_get(self, mock_cn, mock_san):
method test_032_issuer_verify (line 611) | def test_032_issuer_verify(self, mock_list):
method test_033_issuer_verify (line 618) | def test_033_issuer_verify(self, mock_list):
method test_034_issuer_verify (line 629) | def test_034_issuer_verify(self, mock_list):
method test_035_profile_verify (line 641) | def test_035_profile_verify(self, mock_list):
method test_036_profile_verify (line 648) | def test_036_profile_verify(self, mock_list):
method test_037_profile_verify (line 662) | def test_037_profile_verify(self, mock_list):
method test_038__validity_dates_get (line 675) | def test_038__validity_dates_get(self, mock_now, mock_utc):
method test_039__pem_cert_chain_generate (line 685) | def test_039__pem_cert_chain_generate(self, mock_dec, mock_d2p, mock_b...
method test_040__pem_cert_chain_generate (line 692) | def test_040__pem_cert_chain_generate(self):
method test_041___issuer_chain_get (line 736) | def test_041___issuer_chain_get(self, mock_req, mock_pem):
method test_042___issuer_chain_get (line 746) | def test_042___issuer_chain_get(self, mock_req, mock_pem):
method test_043_enroll (line 765) | def test_043_enroll(
method test_044_enroll (line 811) | def test_044_enroll(
method test_045_enroll (line 859) | def test_045_enroll(
method test_046_enroll (line 903) | def test_046_enroll(
method test_047_enroll (line 945) | def test_047_enroll(
method test_048_enroll (line 987) | def test_048_enroll(
method test_049_enroll (line 1031) | def test_049_enroll(
method test_050_revoke (line 1074) | def test_050_revoke(self, mock_ski, mock_post, mock_epr):
method test_051_revoke (line 1087) | def test_051_revoke(self, mock_ski, mock_post, mock_epr):
method test_052_revoke (line 1100) | def test_052_revoke(self, mock_ski, mock_post):
method test_053_revoke (line 1114) | def test_053_revoke(self, mock_ski, mock_post):
method test_054_revoke (line 1128) | def test_054_revoke(self, mock_ski, mock_post):
method test_055_config_user_load (line 1141) | def test_055_config_user_load(self):
method test_056_config_user_load (line 1149) | def test_056_config_user_load(self):
method test_057_config_user_load (line 1162) | def test_057_config_user_load(self):
method test_058_config_host_load (line 1172) | def test_058_config_host_load(self):
method test_059_config_host_load (line 1180) | def test_059_config_host_load(self):
method test_060_config_host_load (line 1193) | def test_060_config_host_load(self):
method test_061_config_key_load (line 1203) | def test_061_config_key_load(self):
method test_062_config_key_load (line 1211) | def test_062_config_key_load(self):
method test_063_config_key_load (line 1224) | def test_063_config_key_load(self):
method test_064_config_password_load (line 1234) | def test_064_config_password_load(self):
method test_065_config_password_load (line 1242) | def test_065_config_password_load(self):
method test_066_config_password_load (line 1255) | def test_066_config_password_load(self):
method test_067_enrollment_dic_create (line 1270) | def test_067_enrollment_dic_create(self, mock_pkg, mock_ccg, mock_vdg):
method test_068_handler_check (line 1286) | def test_068_handler_check(self, mock_handler_check):
FILE: test/test_authorization.py
class TestAuthorizationConfiguration (line 35) | class TestAuthorizationConfiguration(unittest.TestCase):
method test_001_config_default_values (line 38) | def test_001_config_default_values(self):
method test_002_config_custom_values (line 45) | def test_002_config_custom_values(self):
class TestAuthorizationData (line 55) | class TestAuthorizationData(unittest.TestCase):
method test_003_data_creation_required_fields (line 58) | def test_003_data_creation_required_fields(self):
method test_004_data_creation_all_fields (line 71) | def test_004_data_creation_all_fields(self):
method test_005_data_to_dict_basic (line 90) | def test_005_data_to_dict_basic(self, mock_uts_to_date):
method test_006_data_to_dict_with_identifier (line 104) | def test_006_data_to_dict_with_identifier(self, mock_uts_to_date):
method test_007_data_to_dict_with_wildcard (line 126) | def test_007_data_to_dict_with_wildcard(self, mock_uts_to_date):
method test_008_data_to_dict_with_challenges (line 147) | def test_008_data_to_dict_with_challenges(self, mock_uts_to_date):
class TestAuthorizationRepository (line 169) | class TestAuthorizationRepository(unittest.TestCase):
method setUp (line 172) | def setUp(self):
method test_009_repository_initialization (line 177) | def test_009_repository_initialization(self):
method test_010_find_authorization_by_name_success (line 182) | def test_010_find_authorization_by_name_success(self):
method test_011_find_authorization_by_name_with_field_list (line 196) | def test_011_find_authorization_by_name_with_field_list(self):
method test_012_find_authorization_by_name_not_found (line 208) | def test_012_find_authorization_by_name_not_found(self):
method test_013_find_authorization_by_name_empty_result (line 216) | def test_013_find_authorization_by_name_empty_result(self):
method test_014_find_authorization_by_name_database_error (line 221) | def test_014_find_authorization_by_name_database_error(self):
method test_015_update_authorization_expiry_success (line 236) | def test_015_update_authorization_expiry_success(self):
method test_016_update_authorization_expiry_database_error (line 252) | def test_016_update_authorization_expiry_database_error(self):
method test_017_search_expired_authorizations_success (line 269) | def test_017_search_expired_authorizations_success(self):
method test_018_search_expired_authorizations_database_error (line 283) | def test_018_search_expired_authorizations_database_error(self):
method test_019_mark_authorization_as_expired_success (line 298) | def test_019_mark_authorization_as_expired_success(self):
method test_020_mark_authorization_as_expired_database_error (line 308) | def test_020_mark_authorization_as_expired_database_error(self):
method test_021_mark_authorization_as_valid_success (line 323) | def test_021_mark_authorization_as_valid_success(self):
method test_022_mark_authorization_as_valid_database_error (line 332) | def test_022_mark_authorization_as_valid_database_error(self):
method test_023_mark_order_as_ready_success (line 347) | def test_023_mark_order_as_ready_success(self):
method test_024_mark_order_as_ready_database_error (line 356) | def test_024_mark_order_as_ready_database_error(self):
class TestAuthorizationBusinessLogic (line 370) | class TestAuthorizationBusinessLogic(unittest.TestCase):
method setUp (line 373) | def setUp(self):
method test_025_business_logic_initialization (line 381) | def test_025_business_logic_initialization(self):
method test_026_extract_authorization_name_from_url (line 388) | def test_026_extract_authorization_name_from_url(self, mock_sanitize):
method test_027_extract_authorization_name_from_url_custom_path (line 402) | def test_027_extract_authorization_name_from_url_custom_path(self, moc...
method test_028_generate_authorization_token_and_expiry (line 418) | def test_028_generate_authorization_token_and_expiry(
method test_029_enrich_authorization_with_identifier_info_empty (line 432) | def test_029_enrich_authorization_with_identifier_info_empty(self):
method test_030_enrich_authorization_with_identifier_info_dict (line 442) | def test_030_enrich_authorization_with_identifier_info_dict(self):
method test_031_enrich_authorization_with_identifier_info_list (line 458) | def test_031_enrich_authorization_with_identifier_info_list(self):
method test_032_enrich_authorization_with_identifier_info_tnauthlist (line 476) | def test_032_enrich_authorization_with_identifier_info_tnauthlist(self):
method test_033_enrich_authorization_with_identifier_info_wildcard (line 496) | def test_033_enrich_authorization_with_identifier_info_wildcard(self):
method test_034_enrich_authorization_with_identifier_info_no_type_value (line 516) | def test_034_enrich_authorization_with_identifier_info_no_type_value(s...
method test_035_extract_identifier_info_for_challenge_success (line 529) | def test_035_extract_identifier_info_for_challenge_success(self):
method test_036_extract_identifier_info_for_challenge_no_identifier (line 540) | def test_036_extract_identifier_info_for_challenge_no_identifier(self):
method test_037_extract_identifier_info_for_challenge_partial_identifier (line 551) | def test_037_extract_identifier_info_for_challenge_partial_identifier(...
method test_038_is_authorization_eligible_for_expiry_valid (line 567) | def test_038_is_authorization_eligible_for_expiry_valid(self):
method test_039_is_authorization_eligible_for_expiry_missing_name (line 575) | def test_039_is_authorization_eligible_for_expiry_missing_name(self):
method test_040_is_authorization_eligible_for_expiry_missing_status (line 583) | def test_040_is_authorization_eligible_for_expiry_missing_status(self):
method test_041_is_authorization_eligible_for_expiry_already_expired (line 591) | def test_041_is_authorization_eligible_for_expiry_already_expired(self):
method test_042_is_authorization_eligible_for_expiry_zero_expires (line 599) | def test_042_is_authorization_eligible_for_expiry_zero_expires(self):
class TestChallengeSetManager (line 608) | class TestChallengeSetManager(unittest.TestCase):
method setUp (line 611) | def setUp(self):
method test_043_challenge_manager_initialization (line 617) | def test_043_challenge_manager_initialization(self):
method test_044_get_challenge_set_for_authorization_success (line 624) | def test_044_get_challenge_set_for_authorization_success(
method test_045_get_challenge_set_for_authorization_with_none_values (line 656) | def test_045_get_challenge_set_for_authorization_with_none_values(
class TestAuthorization (line 680) | class TestAuthorization(unittest.TestCase):
method setUp (line 681) | def setUp(self):
method tearDown (line 686) | def tearDown(self):
method test_046_authorization_initialization_defaults (line 689) | def test_046_authorization_initialization_defaults(self):
method test_047_authorization_initialization_custom_params (line 702) | def test_047_authorization_initialization_custom_params(self):
method test_048_authorization_context_manager_enter (line 714) | def test_048_authorization_context_manager_enter(
method test_049_authorization_context_manager_exit (line 731) | def test_049_authorization_context_manager_exit(self):
method test_050_load_configuration_empty (line 738) | def test_050_load_configuration_empty(self, mock_load_config, mock_eab...
method test_051_load_configuration_success (line 754) | def test_051_load_configuration_success(self, mock_load_config, mock_e...
method test_052_load_configuration_invalid_validity (line 771) | def test_052_load_configuration_invalid_validity(self, mock_load_config):
method test_053_load_configuration_empty_config (line 789) | def test_053_load_configuration_empty_config(
method test_054_get_authorization_details_not_found (line 801) | def test_054_get_authorization_details_not_found(self):
method test_055_get_authorization_details_success_minimal (line 815) | def test_055_get_authorization_details_success_minimal(self, mock_uts_...
method test_056_get_authorization_details_success_with_details (line 859) | def test_056_get_authorization_details_success_with_details(self, mock...
method test_057_get_authorization_details_challenge_error (line 908) | def test_057_get_authorization_details_challenge_error(self):
method test_058_expire_invalid_authorizations_default_timestamp (line 951) | def test_058_expire_invalid_authorizations_default_timestamp(self, moc...
method test_059_expire_invalid_authorizations_custom_timestamp (line 974) | def test_059_expire_invalid_authorizations_custom_timestamp(self):
method test_060_expire_invalid_authorizations_search_error (line 996) | def test_060_expire_invalid_authorizations_search_error(self):
method test_061_expire_invalid_authorizations_not_eligible (line 1015) | def test_061_expire_invalid_authorizations_not_eligible(self):
method test_062_expire_invalid_authorizations_expire_error (line 1035) | def test_062_expire_invalid_authorizations_expire_error(self):
method test_063_handle_get_request_success (line 1065) | def test_063_handle_get_request_success(self):
method test_064_handle_get_request_not_found (line 1080) | def test_064_handle_get_request_not_found(self):
method test_065_handle_get_request_none_result (line 1098) | def test_065_handle_get_request_none_result(self):
method test_066_handle_get_request_authorization_error (line 1116) | def test_066_handle_get_request_authorization_error(self):
method test_067_handle_post_request_success_with_expiry_check (line 1146) | def test_067_handle_post_request_success_with_expiry_check(self):
method test_068_handle_post_request_expiry_check_disabled (line 1179) | def test_068_handle_post_request_expiry_check_disabled(self):
method test_069_handle_post_request_invalidate_error (line 1203) | def test_069_handle_post_request_invalidate_error(self):
method test_070_handle_post_request_no_url (line 1238) | def test_070_handle_post_request_no_url(self):
method test_071_handle_post_request_message_check_failure (line 1297) | def test_071_handle_post_request_message_check_failure(self):
method test_072_handle_post_request_missing_url (line 1317) | def test_072_handle_post_request_missing_url(self):
method test_073_handle_post_request_authorization_lookup_failed (line 1350) | def test_073_handle_post_request_authorization_lookup_failed(self):
method test_074_handle_post_request_authorization_error (line 1388) | def test_074_handle_post_request_authorization_error(self):
method test_075_handle_post_request_authorization_details_valid (line 1428) | def test_075_handle_post_request_authorization_details_valid(self):
method test_076_new_get_backward_compatibility (line 1468) | def test_076_new_get_backward_compatibility(self):
method test_077_new_post_backward_compatibility (line 1476) | def test_077_new_post_backward_compatibility(self):
method test_078_invalidate_backward_compatibility (line 1486) | def test_078_invalidate_backward_compatibility(self):
method test_079_load_configuration_prevalidated_domainlist_success (line 1499) | def test_079_load_configuration_prevalidated_domainlist_success(
method test_080_apply_domain_whitelist_else_branch (line 1518) | def test_080_apply_domain_whitelist_else_branch(self):
method test_081_apply_eab_and_domain_whitelist_always_calls_domain_whitelist (line 1562) | def test_081_apply_eab_and_domain_whitelist_always_calls_domain_whitel...
method test_082_load_configuration_prevalidated_domainlist_invalid_json (line 1592) | def test_082_load_configuration_prevalidated_domainlist_invalid_json(
method test_083_eab_profile_prevalidated_domainlist_applied (line 1612) | def test_083_eab_profile_prevalidated_domainlist_applied(self):
method test_084_eab_profile_no_prevalidated_domainlist (line 1631) | def test_084_eab_profile_no_prevalidated_domainlist(self):
method test_085_eab_profile_handler_exception (line 1648) | def test_085_eab_profile_handler_exception(self):
method test_086_domain_whitelist_dns_match (line 1666) | def test_086_domain_whitelist_dns_match(self):
method test_087_domain_whitelist_dns_no_match (line 1683) | def test_087_domain_whitelist_dns_no_match(self):
method test_088_domain_whitelist_not_set (line 1696) | def test_088_domain_whitelist_not_set(self):
method test_089_domain_whitelist_non_dns (line 1708) | def test_089_domain_whitelist_non_dns(self):
class TestAuthorizationExceptions (line 1721) | class TestAuthorizationExceptions(unittest.TestCase):
method test_090_authorization_error (line 1724) | def test_090_authorization_error(self):
method test_091_authorization_not_found_error (line 1730) | def test_091_authorization_not_found_error(self):
method test_092_authorization_expired_error (line 1737) | def test_092_authorization_expired_error(self):
method test_093_configuration_error (line 1744) | def test_093_configuration_error(self):
method test_094_authorization_error (line 1751) | def test_094_authorization_error(self):
method test_095_authorization_not_found_error (line 1757) | def test_095_authorization_not_found_error(self):
method test_096_authorization_expired_error (line 1764) | def test_096_authorization_expired_error(self):
method test_097_configuration_error (line 1771) | def test_097_configuration_error(self):
class TestAuthorizationRepositoryLogging (line 1779) | class TestAuthorizationRepositoryLogging(unittest.TestCase):
method setUp (line 1782) | def setUp(self):
method test_098_authorization_expiry_logs_error (line 1789) | def test_098_authorization_expiry_logs_error(self):
method test_099_authorization_as_valid_logs_critical (line 1797) | def test_099_authorization_as_valid_logs_critical(self):
method test_100_order_as_ready_logs_critical (line 1805) | def test_100_order_as_ready_logs_critical(self):
method test_101_authorization_as_expired_logs_critical (line 1813) | def test_101_authorization_as_expired_logs_critical(self):
FILE: test/test_certificate.py
class FakeDBStore (line 11) | class FakeDBStore(object):
class TestCertificateLogger (line 18) | class TestCertificateLogger(unittest.TestCase):
method setUp (line 19) | def setUp(self):
method test_001_log_issuance_success_json (line 36) | def test_001_log_issuance_success_json(self, mock_san, mock_cn, mock_s...
method test_001_log_issuance_success_text (line 56) | def test_001_log_issuance_success_text(self, mock_san, mock_cn, mock_s...
method test_002_log_revocation_success_json (line 77) | def test_002_log_revocation_success_json(self, mock_san, mock_cn, mock...
method test_002_log_revocation_success_text (line 95) | def test_002_log_revocation_success_text(self, mock_san, mock_cn, mock...
method test_003_log_issuance_db_error (line 114) | def test_003_log_issuance_db_error(self, mock_san, mock_cn, mock_serial):
method test_004_log_revocation_db_error (line 128) | def test_004_log_revocation_db_error(self, mock_san, mock_cn, mock_ser...
method test_005_log_issuance_text_format (line 140) | def test_005_log_issuance_text_format(self, mock_san, mock_cn, mock_se...
method test_006_log_issuance_with_reusage_and_kid (line 160) | def test_006_log_issuance_with_reusage_and_kid(
method test_007_log_revocation_text_format (line 182) | def test_007_log_revocation_text_format(self, mock_san, mock_cn, mock_...
method test_008_log_as_json (line 197) | def test_008_log_as_json(self):
method test_009_log_issuance_as_text (line 202) | def test_009_log_issuance_as_text(self):
method test_010_log_revocation_as_text (line 221) | def test_010_log_revocation_as_text(self):
class TestCertificate (line 241) | class TestCertificate(unittest.TestCase):
method setUp (line 242) | def setUp(self):
method test_011_load_hooks_configuration_success (line 279) | def test_011_load_hooks_configuration_success(self):
method test_012_load_hooks_configuration_failure (line 287) | def test_012_load_hooks_configuration_failure(self):
method test_013_load_hooks_configuration_hooks_exception (line 296) | def test_013_load_hooks_configuration_hooks_exception(self):
method test_014_load_configuration (line 308) | def test_014_load_configuration(self):
method test_015_load_configuration_no_ca_handler_logs_critical (line 328) | def test_015_load_configuration_no_ca_handler_logs_critical(self):
method test_016_load_and_validate_identifiers_tnauth (line 339) | def test_016_load_and_validate_identifiers_tnauth(self):
method test_017_load_and_validate_identifiers_sans (line 353) | def test_017_load_and_validate_identifiers_sans(self):
method test_018_validate_csr_against_order_success (line 365) | def test_018_validate_csr_against_order_success(self):
method test_019_validate_csr_against_order_failure (line 375) | def test_019_validate_csr_against_order_failure(self):
method test_020_process_certificate_enrollment_reuse (line 385) | def test_020_process_certificate_enrollment_reuse(self):
method test_021_process_certificate_enrollment_new (line 397) | def test_021_process_certificate_enrollment_new(self):
method test_022_get_certificate_renewal_info (line 406) | def test_022_get_certificate_renewal_info(self):
method test_023_store_certificate_and_update_order_success (line 413) | def test_023_store_certificate_and_update_order_success(self):
method test_024_certificate_and_update_order_error_handling (line 424) | def test_024_certificate_and_update_order_error_handling(self):
method test_025_check_identifier_match (line 444) | def test_025_check_identifier_match(self):
method test_026_validate_identifiers_against_sans (line 449) | def test_026_validate_identifiers_against_sans(self):
method test_027_validate_identifiers_against_sans_unknown (line 458) | def test_027_validate_identifiers_against_sans_unknown(self):
method test_028_validate_identifiers_against_nosans (line 472) | def test_028_validate_identifiers_against_nosans(self):
method test_029_check_tnauth_identifier_match (line 484) | def test_029_check_tnauth_identifier_match(self):
method test_030_validate_identifiers_against_tnauthlist (line 490) | def test_030_validate_identifiers_against_tnauthlist(self):
method test_031_validate_identifiers_against_tnauthlist_tnauthlist_and_not_identifier_dic (line 498) | def test_031_validate_identifiers_against_tnauthlist_tnauthlist_and_no...
method test_032_validate_identifiers_against_tnauthlist_identifiers_and_tnauthlist (line 509) | def test_032_validate_identifiers_against_tnauthlist_identifiers_and_t...
method test_033_validate_identifiers_against_tnauthlist_else_branch (line 523) | def test_033_validate_identifiers_against_tnauthlist_else_branch(self):
method test_034_get_certificate_info_success (line 532) | def test_034_get_certificate_info_success(self):
method test_035_update_order_status (line 537) | def test_035_update_order_status(self):
method test_036_update_order_status_exception (line 541) | def test_036_update_order_status_exception(self):
method test_037_validate_revocation_reason (line 550) | def test_037_validate_revocation_reason(self):
method test_038_validate_revocation_request_success (line 554) | def test_038_validate_revocation_request_success(self):
method test_039_store_certificate_in_database_success (line 564) | def test_039_store_certificate_in_database_success(self):
method test_040_store_certificate_error_success (line 577) | def test_040_store_certificate_error_success(self):
method test_041_check_for_tnauth_identifiers (line 582) | def test_041_check_for_tnauth_identifiers(self):
method test_042_certlist_search (line 587) | def test_042_certlist_search(self):
method test_043_cleanup (line 594) | def test_043_cleanup(self):
method test_044_cleanup (line 602) | def test_044_cleanup(self):
method test_045_update_certificate_dates (line 612) | def test_045_update_certificate_dates(self):
method test_046_dates_update (line 630) | def test_046_dates_update(self):
method test_047_validate_input_parameters_all_valid (line 647) | def test_047_validate_input_parameters_all_valid(self):
method test_048_validate_input_parameters_some_invalid (line 652) | def test_048_validate_input_parameters_some_invalid(self):
method test_049_create_error_response (line 659) | def test_049_create_error_response(self):
method test_050_validate_certificate_account_ownership_success (line 663) | def test_050_validate_certificate_account_ownership_success(self):
method test_051_validate_certificate_account_ownership_db_error (line 669) | def test_051_validate_certificate_account_ownership_db_error(self):
method test_052_validate_certificate_authorization_tnauthlist (line 680) | def test_052_validate_certificate_authorization_tnauthlist(self):
method test_053_validate_certificate_authorization_sans (line 694) | def test_053_validate_certificate_authorization_sans(self):
method test_054_certificate_authorization_json_decode_error (line 706) | def test_054_certificate_authorization_json_decode_error(self):
method test_055_certificate_authorization_tnauthlist_cert_extensions_get_exception (line 721) | def test_055_certificate_authorization_tnauthlist_cert_extensions_get_...
method test_056_certificate_authorization_debug_log (line 744) | def test_056_certificate_authorization_debug_log(self):
method test_057_validate_order_authorization_success (line 757) | def test_057_validate_order_authorization_success(self):
method test_058_validate_order_authorization_failure (line 764) | def test_058_validate_order_authorization_failure(self):
method test_059_validate_order_authorization_db_error (line 771) | def test_059_validate_order_authorization_db_error(self):
method test_060_check_certificate_reusability_found (line 780) | def test_060_check_certificate_reusability_found(self):
method test_061_check_certificate_reusability_db_error (line 795) | def test_061_check_certificate_reusability_db_error(self):
method test_062_check_certificate_reusability_none_found (line 806) | def test_062_check_certificate_reusability_none_found(self):
method test_063_handle_enrollment_error (line 812) | def test_063_handle_enrollment_error(self):
method test_064_enrollment_error_poll_identifier (line 817) | def test_064_enrollment_error_poll_identifier(self):
method test_065_execute_pre_enrollment_hooks (line 826) | def test_065_execute_pre_enrollment_hooks(self):
method test_066_pre_enrollment_hooks_with_hooks (line 833) | def test_066_pre_enrollment_hooks_with_hooks(self):
method test_067_execute_post_enrollment_hooks (line 841) | def test_067_execute_post_enrollment_hooks(self):
method test_068_post_enrollment_hooks_with_error (line 854) | def test_068_post_enrollment_hooks_with_error(self):
method test_069_handle_processing_certificate (line 869) | def test_069_handle_processing_certificate(self):
method test_070_handle_valid_certificate (line 875) | def test_070_handle_valid_certificate(self):
method test_071_handle_valid_certificate_db_error (line 885) | def test_071_handle_valid_certificate_db_error(self):
method test_072_determine_certificate_response_valid (line 897) | def test_072_determine_certificate_response_valid(self):
method test_073_determine_certificate_response_processing (line 911) | def test_073_determine_certificate_response_processing(self):
method test_074_determine_certificate_response_invalid (line 925) | def test_074_determine_certificate_response_invalid(self):
method test_075_validate_input_parameters_invalid (line 929) | def test_075_validate_input_parameters_invalid(self):
method test_076_poll_certificate_status_success (line 943) | def test_076_poll_certificate_status_success(self):
method test_077_poll_certificate_status_failure (line 956) | def test_077_poll_certificate_status_failure(self):
method test_078_poll_certificate_status_failure (line 969) | def test_078_poll_certificate_status_failure(self):
method test_079_store_certificate_signing_request_success (line 989) | def test_079_store_certificate_signing_request_success(self):
method test_080_store_certificate_signing_request_failure (line 997) | def test_080_store_certificate_signing_request_failure(self):
method test_081_store_certificate_signing_request_exception (line 1004) | def test_081_store_certificate_signing_request_exception(self):
method test_082_handle_successful_certificate_poll_db_error (line 1019) | def test_082_handle_successful_certificate_poll_db_error(self):
method test_083_handle_failed_certificate_poll_db_error (line 1033) | def test_083_handle_failed_certificate_poll_db_error(self):
method test_084_handle_failed_certificate_poll_order_update_error (line 1046) | def test_084_handle_failed_certificate_poll_order_update_error(self):
method test_085_enroll_and_store_legacy (line 1057) | def test_085_enroll_and_store_legacy(self):
method test_086_new_get_legacy (line 1067) | def test_086_new_get_legacy(self):
method test_087_new_post_legacy (line 1075) | def test_087_new_post_legacy(self):
method test_088_revoke_legacy (line 1083) | def test_088_revoke_legacy(self):
method test_089_poll_legacy (line 1091) | def test_089_poll_legacy(self):
method test_090_store_csr_legacy (line 1099) | def test_090_store_csr_legacy(self):
method test_091_validate_certificate_account_ownership_exception (line 1107) | def test_091_validate_certificate_account_ownership_exception(self):
method test_092_validate_certificate_authorization_exception (line 1120) | def test_092_validate_certificate_authorization_exception(self):
method test_093_validate_order_authorization_exception (line 1134) | def test_093_validate_order_authorization_exception(self):
method test_094_check_certificate_reusability_exception (line 1144) | def test_094_check_certificate_reusability_exception(self):
method test_095_process_certificate_enrollment_exception (line 1156) | def test_095_process_certificate_enrollment_exception(self):
method test_096_store_certificate_and_update_order_exception (line 1167) | def test_096_store_certificate_and_update_order_exception(self):
method test_097_dates_update (line 1185) | def test_097_dates_update(self):
method test_098_update_certificate_dates_with_dates (line 1203) | def test_098_update_certificate_dates_with_dates(self):
method test_099_update_certificate_dates_zero_dates (line 1219) | def test_099_update_certificate_dates_zero_dates(self):
method test_100_handle_enrollment_thread_execution_success (line 1238) | def test_100_handle_enrollment_thread_execution_success(self):
method test_101_handle_enrollment_thread_execution_timeout (line 1250) | def test_101_handle_enrollment_thread_execution_timeout(self):
method test_102_handle_enrollment_thread_execution_exception (line 1262) | def test_102_handle_enrollment_thread_execution_exception(self):
method test_103_parse_enrollment_result_valid_tuple (line 1273) | def test_103_parse_enrollment_result_valid_tuple(self):
method test_104_parse_enrollment_result_invalid_format (line 1278) | def test_104_parse_enrollment_result_invalid_format(self):
method test_105_process_certificate_enrollment_request_invalid_input (line 1283) | def test_105_process_certificate_enrollment_request_invalid_input(self):
method test_106_process_certificate_enrollment_request_csr_validation_error (line 1298) | def test_106_process_certificate_enrollment_request_csr_validation_err...
method test_107_process_certificate_enrollment_request_csr_validation_failed (line 1313) | def test_107_process_certificate_enrollment_request_csr_validation_fai...
method test_108_process_certificate_enrollment_request_enrollment_success (line 1326) | def test_108_process_certificate_enrollment_request_enrollment_success...
method test_109_process_certificate_enrollment_request_unexpected_error (line 1340) | def test_109_process_certificate_enrollment_request_unexpected_error(s...
method test_110_determine_certificate_response_no_cert_info (line 1353) | def test_110_determine_certificate_response_no_cert_info(self):
method test_111_determine_certificate_response_valid_order (line 1358) | def test_111_determine_certificate_response_valid_order(self):
method test_112_determine_certificate_response_processing_order (line 1370) | def test_112_determine_certificate_response_processing_order(self):
method test_113_determine_certificate_response_invalid_order (line 1379) | def test_113_determine_certificate_response_invalid_order(self):
method test_114_handle_valid_certificate_with_cert (line 1386) | def test_114_handle_valid_certificate_with_cert(self):
method test_115_and_validate_identifiers_json_decode_error (line 1393) | def test_115_and_validate_identifiers_json_decode_error(self):
method test_116_and_validate_identifiers_tnauthlist_extension_error (line 1404) | def test_116_and_validate_identifiers_tnauthlist_extension_error(self):
method test_117_and_validate_identifiers_san_extraction_error (line 1423) | def test_117_and_validate_identifiers_san_extraction_error(self):
method test_118_handle_valid_certificate_no_cert (line 1439) | def test_118_handle_valid_certificate_no_cert(self):
method test_119_handle_processing_certificate (line 1445) | def test_119_handle_processing_certificate(self):
method test_120_get_certificate_details_invalid_url (line 1453) | def test_120_get_certificate_details_invalid_url(self):
method test_121_get_certificate_details_manager_error (line 1461) | def test_121_get_certificate_details_manager_error(self):
method test_122_get_certificate_details_success (line 1473) | def test_122_get_certificate_details_success(self):
method test_123_get_certificate_details_unexpected_error (line 1487) | def test_123_get_certificate_details_unexpected_error(self):
method test_124_validate_certificate_request_message_success (line 1500) | def test_124_validate_certificate_request_message_success(self):
method test_125_validate_certificate_request_message_error (line 1510) | def test_125_validate_certificate_request_message_error(self):
method test_126_prepare_certificate_response_success (line 1518) | def test_126_prepare_certificate_response_success(self):
method test_127_prepare_certificate_response_with_dict_data (line 1530) | def test_127_prepare_certificate_response_with_dict_data(self):
method test_128_prepare_certificate_response_error (line 1542) | def test_128_prepare_certificate_response_error(self):
method test_129_process_certificate_request_invalid_content (line 1554) | def test_129_process_certificate_request_invalid_content(self):
method test_130_process_certificate_request_message_validation_error (line 1564) | def test_130_process_certificate_request_message_validation_error(self):
method test_131_process_certificate_request_success_with_url (line 1578) | def test_131_process_certificate_request_success_with_url(self):
method test_132_process_certificate_request_success_with_url (line 1596) | def test_132_process_certificate_request_success_with_url(self):
method test_133_process_certificate_request_missing_url (line 1616) | def test_133_process_certificate_request_missing_url(self):
method test_134_process_certificate_request_get_details_error (line 1630) | def test_134_process_certificate_request_get_details_error(self):
method test_135_process_certificate_request_unexpected_error (line 1654) | def test_135_process_certificate_request_unexpected_error(self):
method test_136_validate_revocation_message_success (line 1669) | def test_136_validate_revocation_message_success(self):
method test_137_validate_revocation_message_error (line 1679) | def test_137_validate_revocation_message_error(self):
method test_138_process_certificate_revocation_validation_error (line 1687) | def test_138_process_certificate_revocation_validation_error(self):
method test_139_process_certificate_revocation_success (line 1695) | def test_139_process_certificate_revocation_success(self):
method test_140_process_certificate_revocation_with_logging (line 1708) | def test_140_process_certificate_revocation_with_logging(self):
method test_141_process_certificate_revocation_logging_error (line 1724) | def test_141_process_certificate_revocation_logging_error(self):
method test_142_process_certificate_revocation_exception (line 1744) | def test_142_process_certificate_revocation_exception(self):
method test_143_revoke_certificate_invalid_content (line 1754) | def test_143_revoke_certificate_invalid_content(self):
method test_144_revoke_certificate_message_validation_error (line 1764) | def test_144_revoke_certificate_message_validation_error(self):
method test_145_revoke_certificate_success (line 1778) | def test_145_revoke_certificate_success(self):
method test_146_revoke_certificate_unexpected_error (line 1796) | def test_146_revoke_certificate_unexpected_error(self):
method test_147_process_enrollment_and_store_certificate_success (line 1811) | def test_147_process_enrollment_and_store_certificate_success(self):
method test_148_process_enrollment_and_store_certificate_enrollment_error (line 1835) | def test_148_process_enrollment_and_store_certificate_enrollment_error...
method test_149_process_enrollment_and_store_certificate_pre_hook_error (line 1856) | def test_149_process_enrollment_and_store_certificate_pre_hook_error(s...
method test_150_process_enrollment_and_store_certificate_post_hook_error (line 1866) | def test_150_proces
Condensed preview — 490 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (6,999K chars).
[
{
"path": ".dockerignore",
"chars": 365,
"preview": ".gitattributes\n.gitignore\n.github\n.git\ndocs\nDockerfile\n*.md\ndocker-compose.yml\n**/venv\n**/env\nlocal/bin\n*.pyc\n*.swp\n.pre"
},
{
"path": ".gitattributes",
"chars": 115,
"preview": "# Auto detect text files and perform LF normalization\n* text=auto\n# all python files should be lf\n*.py text eol=lf\n"
},
{
"path": ".github/.codecov.yml",
"chars": 360,
"preview": "ignore:\n - \"examples/ca_handler/skeleton_ca_handler.py\"\n - \"examples/ca_handler/certsrv.py\"\n - \"examples/ca_handler/m"
},
{
"path": ".github/Caddyfile",
"chars": 190,
"preview": "{\n\temail grindsa@foo.local\n\tacme_ca https://acme-srv.acme/acme/directory\n\tacme_ca_root /tmp/acme2certifier_cabundle.pem\n"
},
{
"path": ".github/FUNDING.yml",
"chars": 149,
"preview": "# These are supported funding model platforms\n\ngithub: grindsa\ncustom: https://www.paypal.me/Gindsa\npatreon: GrindSa\nope"
},
{
"path": ".github/a2c.psql",
"chars": 507,
"preview": "DROP DATABASE IF EXISTS acme2certifier;\nCREATE DATABASE acme2certifier;\nCREATE USER acme2certifier WITH PASSWORD '1mmSvD"
},
{
"path": ".github/actions/acme_clients/action.yml",
"chars": 22318,
"preview": "name: \"acme_clients - enroll, renew and revoke certificates\"\ndescription: \"Test if acme.sh, certbot and lego can enroll,"
},
{
"path": ".github/actions/acmeshell/action.yml",
"chars": 4429,
"preview": "name: \"acme_clients - enroll, renew and revoke certificates\"\ndescription: \"Test if acme.sh, certbot and lego can enroll,"
},
{
"path": ".github/actions/cert_gen/action.yml",
"chars": 6485,
"preview": "name: \"cert_gen\"\ndescription: \"Generate Certificates\"\ninputs:\n ISSUING_CA_KEY:\n description: \"Path to the Issuing-CA"
},
{
"path": ".github/actions/container_build/action.yml",
"chars": 1281,
"preview": "name: \"container_build\"\ndescription: \"Build Container\"\ninputs:\n DB_HANDLER:\n description: \"Database handler\"\n req"
},
{
"path": ".github/actions/container_build_upload/action.yml",
"chars": 1013,
"preview": "name: \"container_build_upload\"\ndescription: \"Build and Upload Container\"\ninputs:\n DB_HANDLER:\n description: \"Databas"
},
{
"path": ".github/actions/container_check/action.yml",
"chars": 861,
"preview": "name: \"container_check\"\ndescription: \"Check container configuration\"\ninputs:\n DB_HANDLER:\n description: \"Database ha"
},
{
"path": ".github/actions/container_down/action.yml",
"chars": 822,
"preview": "name: \"container_down\"\ndescription: \"Stop a2c container\"\ninputs:\n DB_HANDLER:\n description: \"Database handler\"\n r"
},
{
"path": ".github/actions/container_load/action.yml",
"chars": 1857,
"preview": "name: \"container_load\"\ndescription: \"Download and import container image\"\ninputs:\n RUN_ID:\n description: \"The run ID"
},
{
"path": ".github/actions/container_prep/action.yml",
"chars": 3516,
"preview": "name: \"container_prep\"\ndescription: \"Prepare environment for container installation\"\ninputs:\n DB_HANDLER:\n descripti"
},
{
"path": ".github/actions/container_run/action.yml",
"chars": 1215,
"preview": "name: \"container_up\"\ndescription: \"instanciate a2c container\"\ninputs:\n DB_HANDLER:\n description: \"Database handler\"\n"
},
{
"path": ".github/actions/container_up/action.yml",
"chars": 840,
"preview": "name: \"container_up\"\ndescription: \"instanciate a2c container\"\ninputs:\n DB_HANDLER:\n description: \"Database handler\"\n"
},
{
"path": ".github/actions/deb_build/action.yml",
"chars": 2915,
"preview": "name: \"deb_build\"\ndescription: \"Build deb package\"\noutputs:\n deb_file_name:\n description: \"Name of the debian packag"
},
{
"path": ".github/actions/deb_build_upload/action.yml",
"chars": 1428,
"preview": "name: \"deb_build_upload\"\ndescription: \"Build and Upload package\"\ninputs:\n NO_VERSION:\n description: \"If true, do not"
},
{
"path": ".github/actions/deb_prep/action.yml",
"chars": 3942,
"preview": "name: \"deb_prep\"\ndescription: \"Prepare environment for deb installation\"\ninputs:\n GH_USER:\n description: \"GIT user f"
},
{
"path": ".github/actions/download_artifact/action.yml",
"chars": 1458,
"preview": "name: \"download artifact\"\ndescription: \"download an artifact from a workflow run\"\ninputs:\n RUN_ID:\n description: \"Th"
},
{
"path": ".github/actions/dump-secrets-to-json/action.yml",
"chars": 3375,
"preview": "name: 'Dump Secrets to JSON'\ndescription: 'Dumps a list of secrets into a JSON structure with secret names as keys and c"
},
{
"path": ".github/actions/mailserver_install/action.yml",
"chars": 3703,
"preview": "name: \"mailserver_install\"\ndescription: \"mailserver_install\"\ninputs:\n NAME_SPACE:\n description: \"Namespace\"\n requ"
},
{
"path": ".github/actions/mariadb_prep/action.yml",
"chars": 2012,
"preview": "name: \"maria_prep\"\ndescription: \"bring up and configure mariadb instance\"\ninputs:\n NAME_SPACE:\n description: \"Name s"
},
{
"path": ".github/actions/mssql_prep/action.yml",
"chars": 2175,
"preview": "name: \"mssql_prep\"\ndescription: \"bring up and configure mssql instance\"\ninputs:\n NAME_SPACE:\n description: \"Name spa"
},
{
"path": ".github/actions/parse-json-secret/action.yml",
"chars": 3881,
"preview": "name: 'Parse JSON Secret'\ndescription: 'Parse one or more JSON secrets and create environment variables for each key-val"
},
{
"path": ".github/actions/psql_prep/action.yml",
"chars": 1843,
"preview": "name: \"psql_prep\"\ndescription: \"bring up and configure psql instance\"\ninputs:\n NAME_SPACE:\n description: \"Name space"
},
{
"path": ".github/actions/rpm_build/action.yml",
"chars": 1406,
"preview": "name: \"rpm_build\"\ndescription: \"Build RPM package\"\noutputs:\n rpm_dir_path:\n description: \"Path to the directory cont"
},
{
"path": ".github/actions/rpm_build_upload/action.yml",
"chars": 773,
"preview": "name: \"rpm_build_upload\"\ndescription: \"Build and Upload package\"\noutputs:\n rpm_file_name:\n description: \"Name of the"
},
{
"path": ".github/actions/rpm_prep/action.yml",
"chars": 4683,
"preview": "name: \"rpm_prep\"\ndescription: \"Prepare environment for RPM installation\"\ninputs:\n GH_USER:\n description: \"GIT user f"
},
{
"path": ".github/actions/wf_specific/acme_ca_handler/compare_profile_info/action.yml",
"chars": 1516,
"preview": "name: \"compare_profile_info\"\ndescription: \"compare_profile_info\"\ninputs:\n NAME_SPACE:\n description: \"Namespace for t"
},
{
"path": ".github/actions/wf_specific/acme_ca_handler/compare_renewal_info/action.yml",
"chars": 4549,
"preview": "name: \"compare_profile_info\"\ndescription: \"compare_profile_info\"\ninputs:\n NAME_SPACE:\n description: \"Namespace for t"
},
{
"path": ".github/actions/wf_specific/acme_ca_handler/enroll_acmeprofile/action.yml",
"chars": 3809,
"preview": "name: \"enroll_acmeprofile\"\ndescription: \"enroll_acmeprofile‚\"\ninputs:\n DEPLOYMENT_TYPE:\n description: \"Deployment ty"
},
{
"path": ".github/actions/wf_specific/acme_ca_handler/enroll_dns/action.yml",
"chars": 8507,
"preview": "name: \"acme_clients - enroll, renew and revoke certificates\"\ndescription: \"Test if acme.sh, certbot and lego can enroll,"
},
{
"path": ".github/actions/wf_specific/acme_ca_handler/enroll_dns_wc/action.yml",
"chars": 4514,
"preview": "name: \"acme_clients - enroll, renew and revoke certificates\"\ndescription: \"Test if acme.sh, certbot and lego can enroll,"
},
{
"path": ".github/actions/wf_specific/acme_ca_handler/enroll_eab_acmeprofile/action.yml",
"chars": 6140,
"preview": "name: \"eab_acmeprofile\"\ndescription: \"eab_acmeprofile\"\ninputs:\n DEPLOYMENT_TYPE:\n description: \"Deployment type\"\n "
},
{
"path": ".github/actions/wf_specific/acme_ca_handler/enrollment_profiling/action.yml",
"chars": 10552,
"preview": "name: \"enrollment_profiling\"\ndescription: \"le-enrollment_profiling\"\n\nruns:\n using: \"composite\"\n steps:\n\n - name: \"Sle"
},
{
"path": ".github/actions/wf_specific/acme_ca_handler/le-sim_prep/action.yml",
"chars": 2524,
"preview": "name: \"le-sim_prep\"\ndescription: \"le-sim_prep\"\ninputs:\n LESIM_NAME:\n description: \"Name of the le-sim\"\n required:"
},
{
"path": ".github/actions/wf_specific/acme_ca_handler/smallstep_prep/action.yml",
"chars": 1645,
"preview": "name: \"smallstep_prep\"\ndescription: \"smallstep_prep\"\n\nruns:\n using: \"composite\"\n steps:\n\n - name: \"Setup smallstep\"\n "
},
{
"path": ".github/actions/wf_specific/acme_sh/enroll/action.yml",
"chars": 5789,
"preview": "name: \"acme_clients - enroll, renew and revoke certificates\"\ndescription: \"Test if acme.sh, certbot and lego can enroll,"
},
{
"path": ".github/actions/wf_specific/ari/enroll/action.yml",
"chars": 2109,
"preview": "name: \"ari tests - enroll acme clients\"\ndescription: \"Test ARI feature - enroll acme clients against acme-srv using acme"
},
{
"path": ".github/actions/wf_specific/asa_ca_handler/enroll_acmeprofile/action.yml",
"chars": 2085,
"preview": "name: \"enroll_102_profile\"\ndescription: \"wf enrollment 102 profile\"\ninputs:\n ASA_PROFILE1:\n description: \"ASA Profil"
},
{
"path": ".github/actions/wf_specific/asa_ca_handler/enroll_eab_acmeprofile/action.yml",
"chars": 7213,
"preview": "name: \"enroll_w_headerinfo\"\ndescription: \"enroll_w_headerinfo\"\ninputs:\n ASA_CA_NAME1:\n description: \"ASA CA 1\"\n r"
},
{
"path": ".github/actions/wf_specific/asa_ca_handler/enroll_eab_w_headerinfo/action.yml",
"chars": 14817,
"preview": "name: \"enroll_w_headerinfo\"\ndescription: \"enroll_w_headerinfo\"\ninputs:\n ASA_CA_NAME1:\n description: \"ASA CA 1\"\n r"
},
{
"path": ".github/actions/wf_specific/asa_ca_handler/enroll_eab_wo_headerinfo/action.yml",
"chars": 11252,
"preview": "name: \"enroll_wo_headerinfo\"\ndescription: \"enroll_wo_headerinfo\"\ninputs:\n ASA_CA_NAME1:\n description: \"ASA CA 1\"\n "
},
{
"path": ".github/actions/wf_specific/asa_ca_handler/enroll_headerinfo/action.yml",
"chars": 3840,
"preview": "name: \"enroll_102_profile\"\ndescription: \"wf enrollment 102 profile\"\ninputs:\n ASA_PROFILE1:\n description: \"ASA Profil"
},
{
"path": ".github/actions/wf_specific/asa_ca_handler/enroll_profile_1/action.yml",
"chars": 4359,
"preview": "name: \"enroll_profile_1\"\ndescription: \"wf enroll_profile_1\"\nruns:\n using: \"composite\"\n steps:\n - name: \"Profile 1 - S"
},
{
"path": ".github/actions/wf_specific/asa_ca_handler/enroll_profile_2/action.yml",
"chars": 3183,
"preview": "name: \"enroll_2_profile\"\ndescription: \"wf enrollment 2 profile\"\n\nruns:\n using: \"composite\"\n steps:\n - name: \"Profile "
},
{
"path": ".github/actions/wf_specific/certifier_ca_handler/enroll_101_profile/action.yml",
"chars": 3219,
"preview": "name: \"enroll_101_profile\"\ndescription: \"wf enrollment 101 profile\"\n\nruns:\n using: \"composite\"\n steps:\n - name: \"Prof"
},
{
"path": ".github/actions/wf_specific/certifier_ca_handler/enroll_102_profile/action.yml",
"chars": 3219,
"preview": "name: \"enroll_102_profile\"\ndescription: \"wf enrollment 102 profile\"\n\nruns:\n using: \"composite\"\n steps:\n - name: \"Prof"
},
{
"path": ".github/actions/wf_specific/certifier_ca_handler/enroll_acmeprofile/action.yml",
"chars": 2415,
"preview": "name: \"enroll_102_profile\"\ndescription: \"wf enrollment 102 profile\"\n\nruns:\n using: \"composite\"\n steps:\n - name: \"Slee"
},
{
"path": ".github/actions/wf_specific/certifier_ca_handler/enroll_eab_w_acmeprofile/action.yml",
"chars": 9593,
"preview": "name: \"enroll_acme_profile\"\ndescription: \"wf enrollment acme profile\"\ninputs:\n RECONFIGURE:\n description: \"Reconfigu"
},
{
"path": ".github/actions/wf_specific/certifier_ca_handler/enroll_eab_w_headerinfo/action.yml",
"chars": 15329,
"preview": "name: \"enroll_102_profile\"\ndescription: \"wf enrollment 102 profile\"\ninputs:\n RECONFIGURE:\n description: \"Reconfigure"
},
{
"path": ".github/actions/wf_specific/certifier_ca_handler/enroll_eab_wo_headerinfo/action.yml",
"chars": 10615,
"preview": "name: \"enroll_102_profile\"\ndescription: \"wf enrollment 102 profile\"\n\nruns:\n using: \"composite\"\n steps:\n - name: \"EAB "
},
{
"path": ".github/actions/wf_specific/certifier_ca_handler/enroll_headerinfo/action.yml",
"chars": 2985,
"preview": "name: \"enroll_102_profile\"\ndescription: \"wf enrollment 102 profile\"\n\nruns:\n using: \"composite\"\n steps:\n - name: \"Slee"
},
{
"path": ".github/actions/wf_specific/certifier_ca_handler/enroll_no_profile/action.yml",
"chars": 3061,
"preview": "name: \"enroll_no_profile\"\ndescription: \"wf enrollment without profile\"\n\nruns:\n using: \"composite\"\n steps:\n\n - name: \""
},
{
"path": ".github/actions/wf_specific/certifier_ca_handler/tunnel_setup/action.yml",
"chars": 2122,
"preview": "name: \"tunnel_setup\"\ndescription: \"tunnel_setup\"\ninputs:\n SSH_KEY:\n description: \"SSH access key\"\n required: true"
},
{
"path": ".github/actions/wf_specific/digicert_ca_handler/enroll_acmeprofile/action.yml",
"chars": 5054,
"preview": "name: \"enroll_eab\"\ndescription: \"enroll_eab\"\ninputs:\n DEPLOYMENT_TYPE:\n description: \"Deployment type\"\n required:"
},
{
"path": ".github/actions/wf_specific/digicert_ca_handler/enroll_eab/action.yml",
"chars": 6928,
"preview": "name: \"enroll_eab\"\ndescription: \"enroll_eab\"\n\nruns:\n using: \"composite\"\n steps:\n - name: \"Sleep for 5s\"\n uses: jul"
},
{
"path": ".github/actions/wf_specific/digicert_ca_handler/enroll_eab_acmeprofile/action.yml",
"chars": 8644,
"preview": "name: \"enroll_eab\"\ndescription: \"enroll_eab\"\ninputs:\n DEPLOYMENT_TYPE:\n description: \"Deployment type\"\n required:"
},
{
"path": ".github/actions/wf_specific/disable_challengevalidation/dehydrated_install/action.yml",
"chars": 625,
"preview": "name: \"dehydrated_install\"\ndescription: \"dehydrated_install\"\n\nruns:\n using: \"composite\"\n steps:\n - name: \"Install deh"
},
{
"path": ".github/actions/wf_specific/disable_challengevalidation/enroll/action.yml",
"chars": 3275,
"preview": "name: \"enroll_test\"\ndescription: \"enroll_test\"\ninputs:\n TO_FAIL:\n description: \"Enrollment is expected to fail\"\n "
},
{
"path": ".github/actions/wf_specific/disable_challengevalidation/enroll_eabprofile/action.yml",
"chars": 2451,
"preview": "name: \"enroll_test\"\ndescription: \"enroll_test\"\ninputs:\n TO_FAIL:\n description: \"Enrollment is expected to fail\"\n "
},
{
"path": ".github/actions/wf_specific/eab/enroll_unknown_credentials/action.yml",
"chars": 5364,
"preview": "name: \"eab_enroll_unknown_credentials\"\ndescription: \"EAB enroll with unknown credentials\"\ninputs:\n NAME_SPACE:\n desc"
},
{
"path": ".github/actions/wf_specific/eab/enroll_wo_credentials/action.yml",
"chars": 5182,
"preview": "name: \"eab_enroll_wo_credentials\"\ndescription: \"EAB enroll without credentials\"\ninputs:\n NAME_SPACE:\n description: \""
},
{
"path": ".github/actions/wf_specific/eab/enroll_wrong_credentials/action.yml",
"chars": 5426,
"preview": "name: \"eab_enroll_wrong_credentials\"\ndescription: \"EAB enroll with wrong credentials\"\ninputs:\n NAME_SPACE:\n descript"
},
{
"path": ".github/actions/wf_specific/ejbca_ca_handler/ejbca_prep/action.yml",
"chars": 3864,
"preview": "name: \"ejbca_prep\"\ndescription: \"ejbca_prep\"\ninputs:\n RUNNER_IP:\n description: \"Runner IP\"\n required: true\n WORK"
},
{
"path": ".github/actions/wf_specific/ejbca_ca_handler/enroll_acmeprofile/action.yml",
"chars": 2425,
"preview": "name: \"enroll_w_headerinfo\"\ndescription: \"enroll_w_headerinfo\"\ninputs:\n ASA_CA_NAME1:\n description: \"ASA CA 1\"\n r"
},
{
"path": ".github/actions/wf_specific/ejbca_ca_handler/enroll_eab_acmeprofile/action.yml",
"chars": 6267,
"preview": "name: \"enroll_w_headerinfo\"\ndescription: \"enroll_w_headerinfo\"\ninputs:\n ASA_CA_NAME1:\n description: \"ASA CA 1\"\n r"
},
{
"path": ".github/actions/wf_specific/ejbca_ca_handler/enroll_eab_w_headerinfo/action.yml",
"chars": 6851,
"preview": "name: \"enroll_w_headerinfo\"\ndescription: \"enroll_w_headerinfo\"\ninputs:\n ASA_CA_NAME1:\n description: \"ASA CA 1\"\n r"
},
{
"path": ".github/actions/wf_specific/ejbca_ca_handler/enroll_eab_wo_headerinfo/action.yml",
"chars": 5144,
"preview": "name: \"enroll_wo_headerinfo\"\ndescription: \"enroll_wo_headerinfo\"\n\n\nruns:\n using: \"composite\"\n steps:\n - name: \"Sleep "
},
{
"path": ".github/actions/wf_specific/emailreply_challengevalidation/acme_email_enroll/action.yml",
"chars": 2732,
"preview": "name: \"acme_email_enroll\"\ndescription: \"acme_email_enroll\"\ninputs:\n TO_FAIL:\n description: \"Enrollment is expected t"
},
{
"path": ".github/actions/wf_specific/enrollment_timeout/enroll/action.yml",
"chars": 4508,
"preview": "name: \"enroll timeout\"\ndescription: test enrollment timeout handling for various ACME clients\"\ninputs:\n DEPLOYMENT_TYPE"
},
{
"path": ".github/actions/wf_specific/entrust_ca_handler/enroll/action.yml",
"chars": 10866,
"preview": "name: \"acme_clients - enroll, renew and revoke certificates\"\ndescription: \"Test if acme.sh, certbot and lego can enroll,"
},
{
"path": ".github/actions/wf_specific/entrust_ca_handler/enroll_eab/action.yml",
"chars": 2112,
"preview": "name: \"enroll_eab\"\ndescription: \"enroll_eab\"\n\nruns:\n using: \"composite\"\n steps:\n - name: \"Sleep for 5s\"\n uses: jul"
},
{
"path": ".github/actions/wf_specific/error_tests/account_checks/action.yml",
"chars": 16074,
"preview": "name: \"account_error_checking\"\ndescription: \"EAB enroll with unknown credentials\"\ninputs:\n NAME_SPACE:\n description:"
},
{
"path": ".github/actions/wf_specific/error_tests/acmeshell_install/action.yml",
"chars": 2498,
"preview": "name: \"Install acmeshell\"\ndescription: \"Install acmeshell\"\ninputs:\n ACME_SERVER:\n description: \"ACME server URL\"\n "
},
{
"path": ".github/actions/wf_specific/error_tests/order_checks/action.yml",
"chars": 13307,
"preview": "name: \"order_error_checking\"\ndescription: \"EAB enroll with unknown credentials\"\ninputs:\n NAME_SPACE:\n description: \""
},
{
"path": ".github/actions/wf_specific/harica/acme_enroll/action.yml",
"chars": 2747,
"preview": "name: \"enroll_acmeprofile\"\ndescription: \"enroll_acmeprofile‚\"\ninputs:\n DEPLOYMENT_TYPE:\n description: \"Deployment ty"
},
{
"path": ".github/actions/wf_specific/hooks/enroll/action.yml",
"chars": 3410,
"preview": "name: \"acme_email_enroll\"\ndescription: \"acme_email_enroll\"\ninputs:\n NAME_SPACE:\n description: \"namespace\"\n requir"
},
{
"path": ".github/actions/wf_specific/manual/setup/action.yml",
"chars": 5979,
"preview": "name: \"acme_email_enroll\"\ndescription: \"acme_email_enroll\"\ninputs:\n NAME_SPACE:\n description: \"namespace\"\n requir"
},
{
"path": ".github/actions/wf_specific/ms_ca_handler/enroll_acmeprofile/action.yml",
"chars": 4980,
"preview": "name: \"enroll_acmeprofile\"\ndescription: \"Enroll an ACME profile\"\ninputs:\n NAME_SPACE:\n description: \"namespace\"\n "
},
{
"path": ".github/actions/wf_specific/ms_ca_handler/enroll_allowed_domain_list/action.yml",
"chars": 2099,
"preview": "name: \"enroll_allowed_domain_list\"\ndescription: \"enroll_allowed_domain_list\"\ninputs:\n NAME_SPACE:\n description: \"nam"
},
{
"path": ".github/actions/wf_specific/ms_ca_handler/enroll_default_headerinfo/action.yml",
"chars": 3523,
"preview": "name: \"enroll_default_headerinfo\"\ndescription: \"enroll_default_headerinfo\"\ninputs:\n NAME_SPACE:\n description: \"names"
},
{
"path": ".github/actions/wf_specific/ms_ca_handler/enroll_eab/action.yml",
"chars": 7206,
"preview": "name: \"enroll_default_headerinfo\"\ndescription: \"enroll_default_headerinfo\"\ninputs:\n NAME_SPACE:\n description: \"names"
},
{
"path": ".github/actions/wf_specific/ms_ca_handler/enroll_eab_acmeprofile/action.yml",
"chars": 8122,
"preview": "name: \"enroll_default_headerinfo\"\ndescription: \"enroll_default_headerinfo\"\ninputs:\n NAME_SPACE:\n description: \"names"
},
{
"path": ".github/actions/wf_specific/ms_ca_handler/tunnel_setup/action.yml",
"chars": 2167,
"preview": "name: \"tunnel_setup\"\ndescription: \"tunnel_setup\"\ninputs:\n SSH_KEY:\n description: \"SSH access key\"\n required: true"
},
{
"path": ".github/actions/wf_specific/nclm_ca_handler/tunnel_setup/action.yml",
"chars": 2123,
"preview": "name: \"tunnel_setup\"\ndescription: \"tunnel_setup\"\ninputs:\n SSH_KEY:\n description: \"SSH access key\"\n required: true"
},
{
"path": ".github/actions/wf_specific/openssl_ca_handler/enroll_adjust_cert_validity/action.yml",
"chars": 1760,
"preview": "name: \"enroll_w_headerinfo\"\ndescription: \"enroll_w_headerinfo\"\ninputs:\n ASA_CA_NAME1:\n description: \"ASA CA 1\"\n r"
},
{
"path": ".github/actions/wf_specific/openssl_ca_handler/enroll_cn_enforce/action.yml",
"chars": 2127,
"preview": "name: \"enroll_w_headerinfo\"\ndescription: \"enroll_w_headerinfo\"\ninputs:\n ASA_CA_NAME1:\n description: \"ASA CA 1\"\n r"
},
{
"path": ".github/actions/wf_specific/openssl_ca_handler/enroll_w_teamplate/action.yml",
"chars": 4194,
"preview": "name: \"enroll_w_headerinfo\"\ndescription: \"enroll_w_headerinfo\"\ninputs:\n ASA_CA_NAME1:\n description: \"ASA CA 1\"\n r"
},
{
"path": ".github/actions/wf_specific/openxpki_ca_handler/enroll_acmeprofile/action.yml",
"chars": 3818,
"preview": "name: \"enroll_eab\"\ndescription: \"enroll_eab\"\ninputs:\n DEPLOYMENT_TYPE:\n description: \"Deployment type\"\n required:"
},
{
"path": ".github/actions/wf_specific/openxpki_ca_handler/enroll_eab_acmeprofile/action.yml",
"chars": 9218,
"preview": "name: \"enroll_eab\"\ndescription: \"enroll_eab\"\ninputs:\n DEPLOYMENT_TYPE:\n description: \"Deployment type\"\n required:"
},
{
"path": ".github/actions/wf_specific/openxpki_ca_handler/openxpki_prep/action.yml",
"chars": 5417,
"preview": "name: \"OpenXPKI Prep\"\ndescription: \"OpenXPKI preparation steps\"\ninputs:\n RUNNER_IP:\n description: \"Runner IP\"\n re"
},
{
"path": ".github/actions/wf_specific/upgrade/cleanup/action.yml",
"chars": 1307,
"preview": "name: \"Cleanup after testing upgrade\"\ndescription: \"Cleanup\"\ninputs:\n DOCKER_COMPOSE_FILE_PATH:\n description: \"Path "
},
{
"path": ".github/actions/wf_specific/upgrade/enroll/action.yml",
"chars": 5789,
"preview": "name: \"acme-sh, lego, certbot - enroll, renew \"\ndescription: \"Test if acme-sh certbot and lego can enroll and renew cros"
},
{
"path": ".github/actions/wf_specific/upgrade/renew/action.yml",
"chars": 4827,
"preview": "name: \"acme_clients - renew certificates\"\ndescription: \"Test if acme.sh, certbot and lego can renew certificates across "
},
{
"path": ".github/actions/wf_specific/vault_ca_handler/enroll_acmeprofile/action.yml",
"chars": 2439,
"preview": "name: \"enroll_w_headerinfo\"\ndescription: \"enroll_w_headerinfo\"\ninputs:\n ASA_CA_NAME1:\n description: \"ASA CA 1\"\n r"
},
{
"path": ".github/actions/wf_specific/vault_ca_handler/enroll_eab_acmeprofile/action.yml",
"chars": 6390,
"preview": "name: \"enroll_w_headerinfo\"\ndescription: \"enroll_w_headerinfo\"\ninputs:\n ASA_CA_NAME1:\n description: \"ASA CA 1\"\n r"
},
{
"path": ".github/actions/wf_specific/vault_ca_handler/vault_prep/action.yml",
"chars": 7279,
"preview": "name: \"vault_prep\"\ndescription: \"vault_prep\"\ninputs:\n RUNNER_IP:\n description: \"Runner IP\"\n required: true\n WORK"
},
{
"path": ".github/actions/wf_specific/xca_ca_handler/enroll_acmeprofile/action.yml",
"chars": 3291,
"preview": "name: \"enroll_headerinfo\"\ndescription: \"enroll_headerinfo\"\n\nruns:\n using: \"composite\"\n steps:\n - name: \"Sleep for 5s\""
},
{
"path": ".github/actions/wf_specific/xca_ca_handler/enroll_eab/action.yml",
"chars": 18612,
"preview": "name: \"enroll_eab\"\ndescription: \"enroll_eab\"\n\nruns:\n using: \"composite\"\n steps:\n - name: \"Sleep for 5s\"\n uses: jul"
},
{
"path": ".github/actions/wf_specific/xca_ca_handler/enroll_eab_acmeprofile/action.yml",
"chars": 10257,
"preview": "name: \"enroll_eab\"\ndescription: \"enroll_eab\"\n\nruns:\n using: \"composite\"\n steps:\n - name: \"Sleep for 5s\"\n uses: jul"
},
{
"path": ".github/actions/wf_specific/xca_ca_handler/enroll_eab_sp/action.yml",
"chars": 24239,
"preview": "name: \"enroll_eab\"\ndescription: \"enroll_eab\"\ninputs:\n DEPLOYMENT_TYPE:\n description: \"Deployment type\"\n required:"
},
{
"path": ".github/actions/wf_specific/xca_ca_handler/enroll_headerinfo/action.yml",
"chars": 4425,
"preview": "name: \"enroll_headerinfo\"\ndescription: \"enroll_headerinfo\"\n\nruns:\n using: \"composite\"\n steps:\n - name: \"Sleep for 5s\""
},
{
"path": ".github/actions/wf_specific/xca_ca_handler/enroll_no_template/action.yml",
"chars": 3229,
"preview": "name: \"enroll_no_template\"\ndescription: \"enroll_no_template\"\n\nruns:\n using: \"composite\"\n steps:\n - name: \"Sleep for 5"
},
{
"path": ".github/actions/wf_specific/xca_ca_handler/enroll_template/action.yml",
"chars": 3308,
"preview": "name: \"enroll_template\"\ndescription: \"enroll_template\"\n\nruns:\n using: \"composite\"\n steps:\n - name: \"Sleep for 5s\"\n "
},
{
"path": ".github/django_settings.py",
"chars": 2839,
"preview": "\"\"\"\nDjango settings for acme2certifier project.\n\"\"\"\n\nimport os\n\n# Build paths inside the project like this: os.path.join"
},
{
"path": ".github/django_settings_mariadb.py",
"chars": 3510,
"preview": "\"\"\"\nDjango settings for acme2certifier project.\n\nGenerated by 'django-admin startproject' using Django 1.11.15.\n\nFor mor"
},
{
"path": ".github/django_settings_mssql.py",
"chars": 3323,
"preview": "\"\"\"\nDjango settings for acme2certifier project.\n\nGenerated by 'django-admin startproject' using Django 1.11.15.\n\nFor mor"
},
{
"path": ".github/django_settings_psql.py",
"chars": 3193,
"preview": "\"\"\"\nDjango settings for acme2certifier project.\n\nGenerated by 'django-admin startproject' using Django 1.11.15.\n\nFor mor"
},
{
"path": ".github/dns_test.sh",
"chars": 616,
"preview": "#!/usr/bin/env sh\n\ndns_test_add() {\n fulldomain=$1\n txtvalue=$2\n _info \"adding dns record: ${fulldomain}: ${txtvalue}"
},
{
"path": ".github/dnsmasq.conf",
"chars": 98,
"preview": "log-queries\nno-resolv\nserver=1.0.0.1\nserver=1.1.1.1\nstrict-order\naddress=/www.bar.local/RUNNER_IP\n"
},
{
"path": ".github/dnsmasq.yml",
"chars": 513,
"preview": "---\napiVersion: v1\nkind: Namespace\nmetadata:\n name: dnsmasq\n---\napiVersion: v1\nkind: Pod\nmetadata:\n name: dnsmasq\n na"
},
{
"path": ".github/est_handler.patch",
"chars": 97,
"preview": "6a7,8\n> import urllib3\n> requests.packages.urllib3.util.ssl_.DEFAULT_CIPHERS = 'ALL:@SECLEVEL=1'\n"
},
{
"path": ".github/k8s-acme-srv.yml",
"chars": 910,
"preview": "---\napiVersion: v1\nkind: Namespace\nmetadata:\n name: cert-manager-acme\n---\napiVersion: v1\nkind: Pod\nmetadata:\n name: ac"
},
{
"path": ".github/k8s-cert-mgr-dns-01.yml",
"chars": 862,
"preview": "---\napiVersion: v1\nkind: Secret\nmetadata:\n name: cloudflare-api-token-secret\n namespace: cert-manager-acme\ntype: Opaqu"
},
{
"path": ".github/k8s-cert-mgr-http-01.yml",
"chars": 1718,
"preview": "---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: webserver-depl\nspec:\n selector:\n matchLabels:\n app: "
},
{
"path": ".github/mlc_config.json",
"chars": 326,
"preview": "{\n \"projectBaseUrl\":\"${workspaceFolder}\",\n \"ignorePatterns\": [\n {\n \"pattern\": \"^ https://hub.docker.com\"\n }"
},
{
"path": ".github/openssl_ca_handler.py_acme_srv_choosen_handler.cfg",
"chars": 886,
"preview": "[DEFAULT]\ndebug: True\n\n[Nonce]\n# disable nonce check. THIS IS A SEVERE SECURTIY ISSUE! Please do only for testing/debugg"
},
{
"path": ".github/openssl_ca_handler.py_acme_srv_default_handler.cfg",
"chars": 830,
"preview": "[DEFAULT]\ndebug: True\n\n[Nonce]\n# disable nonce check. THIS IS A SEVERE SECURTIY ISSUE! Please do only for testing/debugg"
},
{
"path": ".github/openssl_ca_handler.py_acme_srv_default_handler_dns.cfg",
"chars": 858,
"preview": "[DEFAULT]\ndebug: True\n\n[Nonce]\n# disable nonce check. THIS IS A SEVERE SECURTIY ISSUE! Please do only for testing/debugg"
},
{
"path": ".github/openssl_ca_handler_v16.py",
"chars": 30412,
"preview": "#!/usr/bin/python\n# -*- coding: utf-8 -*-\n\"\"\"handler for an openssl ca\"\"\"\nfrom __future__ import print_function\nimport o"
},
{
"path": ".github/pgpass",
"chars": 34,
"preview": "postgresdbsrv:*:*:postgres:foobar\n"
},
{
"path": ".github/pycodestyle",
"chars": 94,
"preview": "[pycodestyle]\ncount = False\nignore = E501, W503, E203\nmax-line-length = 160\nstatistics = True\n"
},
{
"path": ".github/pylintrc",
"chars": 569,
"preview": "# plyintrc for acme2certifier CI pipeline\n[MESSAGES CONTROL]\n# c0301 - line to long\n# r0205 - useless-object-inheritance"
},
{
"path": ".github/traefik-matrix.yml",
"chars": 1205,
"preview": "services:\n traefik:\n image: traefik:latest\n container_name: \"traefik\"\n command:\n - \"--log.level=DEBUG\"\n "
},
{
"path": ".github/workflows/app-acme-sh.yml",
"chars": 11321,
"preview": "name: Application Tests - acme_sh\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch to run"
},
{
"path": ".github/workflows/app-caddy.yml",
"chars": 5263,
"preview": "name: Application Tests - Caddy\n\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch to run "
},
{
"path": ".github/workflows/app-certbot.yml",
"chars": 7511,
"preview": "name: Application Tests - Certbot\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch to run"
},
{
"path": ".github/workflows/app-certmanager.yml",
"chars": 30288,
"preview": "name: Application Tests - cert-manager\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch t"
},
{
"path": ".github/workflows/app-lego.yml",
"chars": 18017,
"preview": "name: Application Tests - lego\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch to run th"
},
{
"path": ".github/workflows/app-traeffik.yml",
"chars": 17078,
"preview": "name: Application Tests - Traefik\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch to run"
},
{
"path": ".github/workflows/app-winacme.yml",
"chars": 8395,
"preview": "name: Application Tests - win-acme\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch to ru"
},
{
"path": ".github/workflows/cahandler-acme.yml",
"chars": 70148,
"preview": "name: CA-Handler Tests - ACME\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch to run the"
},
{
"path": ".github/workflows/cahandler-asa.yml",
"chars": 66439,
"preview": "name: CA-Handler Tests - Insta ASA CA\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch to"
},
{
"path": ".github/workflows/cahandler-certifier.yml",
"chars": 42649,
"preview": "name: CA-Handler Tests - Insta Certifier\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch"
},
{
"path": ".github/workflows/cahandler-cmp.yml",
"chars": 36642,
"preview": "name: CA-Handler Tests - CMPV2\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch to run th"
},
{
"path": ".github/workflows/cahandler-digicert.yml",
"chars": 40071,
"preview": "name: CA-Handler Tests - Digicert CertCentral\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'B"
},
{
"path": ".github/workflows/cahandler-dogtag.yml",
"chars": 5944,
"preview": "name: CA handler tests - DogTag\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch to run t"
},
{
"path": ".github/workflows/cahandler-ejbca.yml",
"chars": 47733,
"preview": "name: CA-Handler Tests - EJBCA\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch to run th"
},
{
"path": ".github/workflows/cahandler-est.yml",
"chars": 13287,
"preview": "name: CA-Handler Tests - EST\n# Clientauth tests are not working on testrfc7030 and are done insed openxpi wf\non:\n push:"
},
{
"path": ".github/workflows/cahandler-freeipa.yml",
"chars": 6094,
"preview": "name: CA handler tests - FreeIPA\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch to run "
},
{
"path": ".github/workflows/cahandler-harica.yml",
"chars": 16389,
"preview": "name: CA handler tests - Harica\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch to run t"
},
{
"path": ".github/workflows/cahandler-legacy.yml",
"chars": 13451,
"preview": "name: CA-Handler Tests - Backwards compatibility\non:\n workflow_dispatch:\n inputs:\n branch:\n description:"
},
{
"path": ".github/workflows/cahandler-msca.yml",
"chars": 124451,
"preview": "name: CA-Handler Tests - MSCA\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch to run the"
},
{
"path": ".github/workflows/cahandler-nclm.yml",
"chars": 19638,
"preview": "name: CA-Handler Tests - NCLM\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch to run the"
},
{
"path": ".github/workflows/cahandler-openssl.yml",
"chars": 19839,
"preview": "name: CA-Handler Tests - OpenSSL\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch to run "
},
{
"path": ".github/workflows/cahandler-openxpki.yml",
"chars": 45273,
"preview": "name: CA-Handler Tests - OpenXPKI\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch to run"
},
{
"path": ".github/workflows/cahandler-pkcs7soap.yml",
"chars": 14115,
"preview": "name: CA-Handler Tests - PKCS7 SOAP\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch to r"
},
{
"path": ".github/workflows/cahandler-vault.yml",
"chars": 22335,
"preview": "name: CA-Handler Tests - Hashicorp Vault\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch"
},
{
"path": ".github/workflows/cahandler-xca.yml",
"chars": 60792,
"preview": "name: CA-Handler Tests - XCA\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch to run the "
},
{
"path": ".github/workflows/deployment-arm.yml",
"chars": 15977,
"preview": "name: Deployment Tests - arm64\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch to run th"
},
{
"path": ".github/workflows/deployment-django.yml",
"chars": 11018,
"preview": "name: Deyployment Tests - Django\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch to run "
},
{
"path": ".github/workflows/deployment-ha.yml",
"chars": 25812,
"preview": "name: Deployment Tests - HA\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch to run the w"
},
{
"path": ".github/workflows/deployment-manual-install.yml",
"chars": 24276,
"preview": "name: Deployment Tests - Manual Installation\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Br"
},
{
"path": ".github/workflows/deployment-push-images-to-dockerhub.yml",
"chars": 29599,
"preview": "name: Deployment Tests - Update images on dockerhub and ghcr.io\non:\n workflow_dispatch:\n inputs:\n branch:\n "
},
{
"path": ".github/workflows/deployment-upgrade.yml",
"chars": 83443,
"preview": "name: Deployment Tests - Upgrades\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch to run"
},
{
"path": ".github/workflows/deployment-wsgi.yml",
"chars": 11275,
"preview": "name: Feature Tests - custom db-file\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch to "
},
{
"path": ".github/workflows/deplyoment-container.yml",
"chars": 4463,
"preview": "name: Deployment Tests - Containers\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch to r"
},
{
"path": ".github/workflows/deplyoment-debian.yml",
"chars": 5039,
"preview": "name: Deployment Tests - Debian Packages\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch"
},
{
"path": ".github/workflows/feaature-disablechallengevalidation.yml",
"chars": 36508,
"preview": "name: Feature Tests - Disable challengevalidation\non:\n workflow_dispatch:\n inputs:\n branch:\n description"
},
{
"path": ".github/workflows/feature-alpn-challenge.yml",
"chars": 10470,
"preview": "name: Feature Tests - TLS-ALPN-01\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch to run"
},
{
"path": ".github/workflows/feature-ari.yml",
"chars": 11354,
"preview": "name: Feature Tests - ARI\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch to run the wor"
},
{
"path": ".github/workflows/feature-dns-challenge.yml",
"chars": 24610,
"preview": "name: Feature Tests - DNS Challenge\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch to r"
},
{
"path": ".github/workflows/feature-dryrun.yml",
"chars": 11357,
"preview": "name: Feature Tests - ARI\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch to run the wor"
},
{
"path": ".github/workflows/feature-eab.yml",
"chars": 27191,
"preview": "name: Feature Tests - EAB\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch to run the wor"
},
{
"path": ".github/workflows/feature-emailreply-challenge.yml",
"chars": 17910,
"preview": "name: Feature Tests - EmailReply Challenge\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Bran"
},
{
"path": ".github/workflows/feature-enrollment-timeout.yml",
"chars": 17862,
"preview": "name: Feature Tests - Asynchronous enrollment and certificate re-usage\non:\n workflow_dispatch:\n inputs:\n branch"
},
{
"path": ".github/workflows/feature-headerinfo.yml",
"chars": 18434,
"preview": "name: Feature Tests - Headerinfo\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch to run "
},
{
"path": ".github/workflows/feature-hooks.yml",
"chars": 41432,
"preview": "name: Feature Tests - Hooks\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch to run the w"
},
{
"path": ".github/workflows/feature-idempotent-finalize.yml",
"chars": 13070,
"preview": "name: Feature Tests - Idempotent_finalize option tests\non:\n workflow_dispatch:\n inputs:\n branch:\n descri"
},
{
"path": ".github/workflows/feature-ipaddress-identifier.yml",
"chars": 13421,
"preview": "name: Feature Tests - IP addresses identifier\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'B"
},
{
"path": ".github/workflows/feature-ipv6.yml",
"chars": 13804,
"preview": "name: Feature Tests - IPv6\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch to run the wo"
},
{
"path": ".github/workflows/feature-proxy.yml",
"chars": 35860,
"preview": "name: Feature Tests - Proxy Support\non:\n push:\n branches: [ 'disabled']\n# workflow_dispatch:\n# inputs:\n# bra"
},
{
"path": ".github/workflows/feature-tnauth.yml",
"chars": 13097,
"preview": "name: Feature Tests - Tnauth\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch to run the "
},
{
"path": ".github/workflows/helper-dump-secrets.yml",
"chars": 4020,
"preview": "name: Dump Secrets to JSON\n\non:\n # push:\n workflow_dispatch:\n inputs:\n secret_list:\n description: 'Comm"
},
{
"path": ".github/workflows/main-build.yml",
"chars": 2953,
"preview": "name: build\non:\n\n push:\n branches: [ \"**\" ] # build on any branch\n workflow_dispatch: {}\n schedule:\n - cr"
},
{
"path": ".github/workflows/main-create-release.yml",
"chars": 5923,
"preview": "on:\n push:\n branches:\n - \"master\"\n\nname: Create Release\n\njobs:\n build:\n name: Create Release\n runs-on: u"
},
{
"path": ".github/workflows/main-dispatch-broker.yml",
"chars": 1184,
"preview": "\nname: dispatch-broker\non:\n repository_dispatch:\n types: [ artifacts_ready ]\n\njobs:\n guard:\n runs-on: ubuntu-lat"
},
{
"path": ".github/workflows/quality-codescanner.yml",
"chars": 5692,
"preview": "name: Code quality - Code Scanner\non:\n push:\n branches:\n - 'master'\n - 'devel'\n - 'min-devel'\n -"
},
{
"path": ".github/workflows/quality-error.yml",
"chars": 4555,
"preview": "name: Code quality - Error testing\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch to ru"
},
{
"path": ".github/workflows/quality-markdown.yml",
"chars": 2063,
"preview": "name: Code quality - Markdown Check\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch to r"
},
{
"path": ".github/workflows/quality-python.yml",
"chars": 4545,
"preview": "name: Code quality - Python Tests\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch to run"
},
{
"path": ".github/workflows/quality-wiki-update.yml",
"chars": 2099,
"preview": "name: Documentation - Wiki Update\non:\n workflow_dispatch:\n inputs:\n branch:\n description: 'Branch to run"
},
{
"path": ".gitignore",
"chars": 2206,
"preview": "# Byte-compiled / optimized / DLL files\n__pycache__/\n*.py[cod]\n*$py.class\n\n# C extensions\n*.so\n\n# Distribution / packagi"
},
{
"path": ".pre-commit-config.yaml",
"chars": 913,
"preview": "# See https://pre-commit.com for more information\n# See https://pre-commit.com/hooks.html for more hooks\nrepos:\n- rep"
},
{
"path": "CHANGES.md",
"chars": 32104,
"preview": "<!-- markdownlint-disable MD013 -->\n\n# Acme2certifier changelog\n\nThis is a high-level summary of the most important cha"
},
{
"path": "LICENSE",
"chars": 35113,
"preview": "GNU GENERAL PUBLIC LICENSE\n Version 3, 29 June 2007\n\n Copyright (C) 2007 Free Software Foundation,"
},
{
"path": "README.md",
"chars": 10571,
"preview": "<!-- markdownlint-disable MD013 -->\n\n# acme2certifier\n\n![GitHub release](https://img.shields.io/github/release/grindsa/a"
},
{
"path": "SECURITY.md",
"chars": 651,
"preview": "<!-- markdownlint-disable MD013 -->\n\n<!-- wiki-title Security Policy -->\n\n# Security Policy\n\n## Supported Versions\n\n| V"
},
{
"path": "acme_srv/__init__.py",
"chars": 48,
"preview": "\"\"\"init.py\"\"\"\n\nfrom .version import __version__\n"
},
{
"path": "acme_srv/account.py",
"chars": 30783,
"preview": "# -*- coding: utf-8 -*-\n\"\"\"Refactored Account class with improved design and maintainability\"\"\"\n\nfrom __future__ import "
},
{
"path": "acme_srv/acmechallenge.py",
"chars": 1215,
"preview": "# -*- coding: utf-8 -*-\n\"\"\"acmechallenge class\"\"\"\nfrom __future__ import print_function\nfrom acme_srv.db_handler import "
},
{
"path": "acme_srv/authorization.py",
"chars": 26509,
"preview": "# -*- coding: utf-8 -*-\n\"\"\"Authorization class - refactored version\"\"\"\n# pylint: disable=R0913, R1705\nfrom __future__ im"
},
{
"path": "acme_srv/certificate.py",
"chars": 71768,
"preview": "# -*- coding: utf-8 -*-\n# pylint: disable=r0902, r0912, r0913, r0915, r1705\n\"\"\"certificate class\"\"\"\nfrom __future__ impo"
},
{
"path": "acme_srv/certificate_business_logic.py",
"chars": 7639,
"preview": "# -*- coding: utf-8 -*-\n\"\"\"Certificate Business Logic - Core Business Rules for Certificate Operations\"\"\"\n\nfrom typing i"
},
{
"path": "acme_srv/certificate_manager.py",
"chars": 21620,
"preview": "# -*- coding: utf-8 -*-\n\"\"\"Certificate Manager - Coordination Layer for Certificate Operations\"\"\"\n# pylint: disable=R091"
},
{
"path": "acme_srv/certificate_repository.py",
"chars": 14440,
"preview": "# -*- coding: utf-8 -*-\n\"\"\"Certificate Repository - Database operations abstraction\"\"\"\n\nfrom abc import ABC, abstractmet"
},
{
"path": "acme_srv/challenge.py",
"chars": 47446,
"preview": "# -*- coding: utf-8 -*-\n# pylint: disable=r0902, r0912, r0913, r0915, r1705\n\"\"\"Challenge class - refactored version\"\"\"\ni"
}
]
// ... and 290 more files (download for full content)
About this extraction
This page contains the full source code of the grindsa/acme2certifier GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 490 files (6.3 MB), approximately 1.7M tokens, and a symbol index with 5718 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.