acme_tools.py

import sys
import josepy as jose
from acme import messages, jose
from acme import client, messages
from cryptography.hazmat.primitives.asymmetric import rsa, ec
from cryptography.hazmat.backends import default_backend

def pg_client(directory, key_type="rsa", key_size=None, key_curve=None):
    try:
        if key_type.lower() == "rsa":
            if key_size == "" or key_size ==  None:
                key_size = 4096
            rsa_key = rsa.generate_private_key(public_exponent=65537, key_size=key_size, backend=default_backend())
            account_key = jose.JWKRSA(key=rsa_key)
            net = client.ClientNetwork(account_key, user_agent='project-gatekeeper/v1.5')
            directory_obj = messages.Directory.from_json(net.get(directory).json())
            acme_client = client.ClientV2(directory_obj, net=net)
            return acme_client
        elif key_type.lower() == "ec":
            if key_curve == "" or key_curve == None:
                key_curve = "ec256"
            if key_curve == 'SECP256R1' or key_curve == 'ec256':
                ec_key = ec.generate_private_key(ec.SECP256R1(), default_backend())
                algo=jose.ES256
            elif key_curve == 'SECP384R1' or key_curve == 'ec384':
                ec_key = ec.generate_private_key(ec.SECP384R1(), default_backend())
                algo=jose.ES384
            account_key = jose.JWKEC(key=ec_key)
            net = client.ClientNetwork(account_key, alg=algo, user_agent='project-gatekeeper/v2')
            response = net.get(directory)
            directory_obj = messages.Directory.from_json(response.json())
            acme_client = client.ClientV2(directory_obj, net=net)
            return acme_client
        else:
            print("Invalid key_type")
            sys.exit()
    except:
        print("Error in initialization")
        sys.exit()

def new_account(pgclient, email, kid=None, hmac=None):
    external_account_binding = None
    if kid and hmac:
        if isinstance(hmac, bytes):
            hmac = hmac.decode('utf-8')
        if not isinstance(hmac, str):
            print("Error: HMAC is not a string after decoding.")
            return False
        try:
            hmac_bytes = jose.b64.b64decode(hmac)
        except Exception as e:
            print(f"Error decoding HMAC key: {e}")
            return False
        hmac_key_b64 = jose.b64.b64encode(hmac_bytes).decode('utf-8')
        external_account_binding = messages.ExternalAccountBinding.from_data(
            account_public_key=pgclient.net.key,
            kid=kid,
            hmac_key=hmac_key_b64,
            directory=pgclient.directory
        )
    registration = messages.NewRegistration.from_data(
        email=email,
        terms_of_service_agreed=True,
        external_account_binding=external_account_binding
    )
    try:
        account = pgclient.new_account(registration)
        return account
    except Exception as e:
        print(f"Error creating account: {e}")
        return False