This repository was archived by the owner on Feb 5, 2025. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
Variable ACME account email #61
Merged
Merged
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit
Hold shift + click to select a range
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,3 +1,4 @@ | ||
| YUBIKEY_PIN="123456" | ||
| ACME_SERVER_DIRECTORY_URL="https://acme.proeftuin.uzi-online.irealisatie.nl/directory" | ||
| OIDC_PROVIDER_BASE_URL="https://proeftuin.uzi-online.irealisatie.nl" | ||
| OIDC_PROVIDER_BASE_URL="https://proeftuin.uzi-online.irealisatie.nl" | ||
| ACME_ACCOUNT_EMAIL="[email protected]" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,11 @@ | ||
| from os import getenv | ||
| from app.acme_directory_configuration import ACMEDirectoryConfiguration | ||
| from .acme import Acme | ||
|
|
||
|
|
||
| class ACME: | ||
| _DEFAULT_ACME_ACCOUNT_EMAIL = "[email protected]" | ||
|
|
||
| nonce = None | ||
| jwt_token = "" | ||
| client = None | ||
|
|
@@ -32,7 +35,12 @@ def __init__( | |
| Create an account. As per acme standard an email needs | ||
| to be provided. | ||
| """ | ||
| areq = {"termsOfServiceAgreed": True, "contact": ["mailto:[email protected]"]} | ||
| account_email: str = getenv("ACME_ACCOUNT_EMAIL", self._DEFAULT_ACME_ACCOUNT_EMAIL) | ||
|
|
||
| areq = { | ||
| "termsOfServiceAgreed": True, | ||
| "contact": [f"mailto:{account_email}"], | ||
| } | ||
| self.client.account_request(areq) | ||
|
|
||
| def order(self, keynum): | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,18 +1,22 @@ | ||
| # Local setup | ||
|
|
||
| First clone this repository and checkout the desired branch. You can then follow this document to set up and run the application. | ||
|
|
||
| ```bash | ||
| git clone [email protected]:minvws/nl-uzipoc-yubisign.git | ||
| ``` | ||
|
|
||
| ## Requirements | ||
|
|
||
| This application requires the [`yubico-piv-tool`](https://developers.yubico.com/yubico-piv-tool/) installed on your computer and therefor the `libykcs11` library. The `yubico-piv-tool` needs to be available in your system path. Next to that, the [`ykman`](https://developers.yubico.com/yubikey-manager/Releases/) CLI is also required in your path. make sure you have the following tools: | ||
|
|
||
| - **`python3.13`**: Make sure the executable is also accessible from your local terminal. | ||
| - **`git`**: To update the application when needed. | ||
|
|
||
| This application should be used with the [Yubikey 5C NFC]( https://www.yubico.com/nl/product/yubikey-5-series/yubikey-5c-nfc/). | ||
| This application should be used with the [Yubikey 5C NFC](https://www.yubico.com/nl/product/yubikey-5-series/yubikey-5c-nfc/). | ||
|
|
||
| #### Windows specific | ||
|
|
||
| > When installing Python on Windows, make sure to add `python.exe` to your PATH and disable path length limit during the installation. | ||
|
|
||
| > The PIV tool can be installed via [this link](https://developers.yubico.com/yubico-piv-tool/Releases/). | ||
|
|
@@ -33,6 +37,7 @@ First, verify if the Python version was set to `3.13` | |
| ```bash | ||
| python --version | ||
| ``` | ||
|
|
||
| Then to create an isolated environment where we can install the Python requirements in, use the below command to use the `venv` package. | ||
|
|
||
| ```bash | ||
|
|
@@ -59,11 +64,12 @@ pip install -r requirements.in | |
|
|
||
| There are a few environmnent variables which need to be configured via the `.env` file. For this, copy and rename the `.env.example` file and fill in the corresponding values. See the table underneath for the examples. | ||
|
|
||
| | Variable | Default value | Type | | ||
| | :-------------------------: | :------------------------------------------------------------: | :---: | | ||
| | Variable | Default value | Type | | ||
| | :-------------------------: | :----------------------------------------------------------: | :---: | | ||
| | `ACME_SERVER_DIRECTORY_URL` | `"https://acme.proeftuin.uzi-online.rdobeheer.nl/directory"` | `str` | | ||
| | `YUBIKEY_PIN` | `"123456"` | `str` | | ||
| | `OIDC_PROVIDER_BASE_URL` | `"https://proeftuin.uzi-online.irealisatie.nl"` | `str` | | ||
| | `YUBIKEY_PIN` | `"123456"` | `str` | | ||
| | `ACME_ACCOUNT_EMAIL` | `"[email protected]"` ee | `str` | | ||
| | `OIDC_PROVIDER_BASE_URL` | `"https://proeftuin.uzi-online.irealisatie.nl"` | `str` | | ||
|
|
||
| The `ACME_SERVER_DIRECTORY_URL` should be set to the the directory URL of the ACME server. For example, this can be `http://localhost:8080/acme/directory` when working with the local ACME server developed by iRealisatie. | ||
|
|
||
|
|
@@ -88,6 +94,7 @@ This screen allows you to select a YubiKey. Select yours and click continue. | |
|  | ||
|
|
||
| #### 2.3 Creating the RSA keys | ||
|
|
||
| This step creates the RSA keys on the selected Yubikey. In here, tick the checkbox and click continue. | ||
|  | ||
|
|
||
|
|
||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.