Refactor a bit to make it possible to set the url argument.

2026-01-26 07:41:33 +03:00 · 2018-10-26 14:13:01 +02:00
parent f20e55321c
commit ebd2af9ea0
2 changed files with 15 additions and 13 deletions
--- a/acme/acme/messages.py
+++ b/acme/acme/messages.py
@@ -9,6 +9,7 @@ from acme import challenges
 from acme import errors
 from acme import fields
 from acme import util
+from acme import jws

 OLD_ERROR_PREFIX = "urn:acme:error:"
 ERROR_PREFIX = "urn:ietf:params:acme:error:"
@@ -265,21 +266,18 @@ class ExternalAccountBinding:
    """ACME External Account Binding"""

    @classmethod
-    def from_data(cls, account_public_key, kid, hmac_key):
+    def from_data(cls, account_public_key, kid, hmac_key, directory):
        """Create External Account Binding Resource from contact details, kid and hmac."""

        key_json = json.dumps(account_public_key.to_partial_json())
        decoded_hmac_key = jose.b64.b64decode(hmac_key)
-        jws = jose.JWS.sign(
-            payload=key_json,
-            key=jose.jwk.JWKOct(key=decoded_hmac_key),
-            alg=jose.jwa.HS256,
-            kid=kid,
-            include_jwk=False,
-            protect=frozenset(['alg', 'kid'])
-        )
+        url = directory["newAccount"]

-        return jws.to_partial_json()
+        eab = jws.JWS.sign(key_json, jose.jwk.JWKOct(key=decoded_hmac_key),
+                           jose.jwa.HS256, None,
+                           url, kid)
+
+        return eab.to_partial_json()


 class Registration(ResourceBody):
@@ -304,7 +302,9 @@ class Registration(ResourceBody):
    email_prefix = 'mailto:'

    @classmethod
-    def from_data(cls, account_public_key=None, kid=None, hmac_key=None, phone=None, email=None, **kwargs):
+    def from_data(cls, account_public_key=None, kid=None,
+                  hmac_key=None, phone=None, email=None,
+                  directory=None, **kwargs):
        """Create registration resource from contact details."""
        details = list(kwargs.pop('contact', ()))
        if phone is not None:
@@ -314,7 +314,8 @@ class Registration(ResourceBody):
        kwargs['contact'] = tuple(details)

        if kid is not None and hmac_key is not None:
-            kwargs['external_account_binding'] = ExternalAccountBinding.from_data(account_public_key, kid, hmac_key)
+            kwargs['external_account_binding'] = ExternalAccountBinding.from_data(account_public_key, kid,
+                                                                                  hmac_key, directory)

        return cls(**kwargs)

--- a/certbot/client.py
+++ b/certbot/client.py
@@ -201,7 +201,8 @@ def perform_registration(acme, config, tos_cb):
        return acme.new_account_and_tos(messages.NewRegistration.from_data(account_public_key=account_public_key,
                                                                           kid=config.eab_kid,
                                                                           hmac_key=config.eab_hmac_key,
-                                                                           email=config.email),
+                                                                           email=config.email,
+                                                                           directory=acme.client.directory),
                                        tos_cb)
    except messages.Error as e:
        if e.code == "invalidEmail" or e.code == "invalidContact":