Created
March 2, 2017 21:01
-
-
Save miracle2k/3ca96a0b6d9739a9665e9dc3992be1ba to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from flask import Flask, current_app | |
from cryptography.hazmat.primitives import hashes | |
import base64 | |
import confcollect | |
from acme import jose | |
DEFAULT_CONFIG = { | |
'DEBUG': False, | |
'ACCOUNT_THUMBPRINT_BASE64': '', | |
'ACCOUNT_JSON': '' | |
} | |
def create_app(): | |
app = Flask(__name__) | |
# Load config | |
app.config.update(confcollect.from_environ(by_defaults=DEFAULT_CONFIG)) | |
# Get the thumbprint. | |
if not app.config.get('ACCOUNT_THUMBPRINT_BASE64'): | |
if not app.config.get('ACCOUNT_JSON'): | |
raise ValueError('Needs either account thumbprint or account key') | |
app.config['ACCOUNT_THUMBPRINT_BASE64'] = get_thumbprint(app.config['ACCOUNT_JSON']) | |
print "Calculated account thumbprint: %s" % app.config['ACCOUNT_THUMBPRINT_BASE64'] | |
@app.route('/.well-known/acme-challenge/<id>') | |
def respond(id): | |
return "{}.{}".format( | |
id, | |
current_app.config['ACCOUNT_THUMBPRINT_BASE64'] | |
) | |
return app | |
def get_thumbprint(account_json): | |
"""Given a Let's Encrypt account in JWRSA format, get it's | |
thumbprint, encoded as base64. | |
""" | |
key = jose.JWKRSA.json_loads(account_json) | |
thumbprint = key.public_key().thumbprint(hashes.SHA256) | |
return jose.b64encode(thumbprint) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment