Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set sign algo acording to key type #4521

Merged
merged 5 commits into from
Oct 2, 2023
Merged

Set sign algo acording to key type #4521

merged 5 commits into from
Oct 2, 2023

Conversation

skorobkov
Copy link

@skorobkov skorobkov commented Jul 23, 2023
edited
Loading

When client uses exisiting ACME account with private key NOT RSA type, on requests to ACME server he will get error:

  File "<console>", line 1, in <module>
  File "/opt/venv/lib/python3.8/site-packages/acme/client.py", line 138, in new_order
    response = self._post(self.directory['newOrder'], order)
  File "/opt/venv/lib/python3.8/site-packages/acme/client.py", line 366, in _post
    return self.net.post(*args, **kwargs)
  File "/opt/venv/lib/python3.8/site-packages/acme/client.py", line 739, in post
    return self._post_once(*args, **kwargs)
  File "/opt/venv/lib/python3.8/site-packages/acme/client.py", line 749, in _post_once
    data = self._wrap_in_jws(obj, self._get_nonce(url, new_nonce_url), url)
  File "/opt/venv/lib/python3.8/site-packages/acme/client.py", line 560, in _wrap_in_jws
    return jws.JWS.sign(jobj, **cast(Mapping[str, Any], kwargs)).json_dumps(indent=2)
  File "/opt/venv/lib/python3.8/site-packages/acme/jws.py", line 56, in sign
    return super().sign(payload, key=key, alg=alg,
  File "/opt/venv/lib/python3.8/site-packages/josepy/jws.py", line 291, in sign
    cls.signature_cls.sign(payload=payload, **kwargs),))
  File "/opt/venv/lib/python3.8/site-packages/josepy/jws.py", line 231, in sign
    assert isinstance(key, alg.kty)
AssertionError

This error occurs because acme.client.ClientNetwork initialised with default RS256 sign algorithm.
This PR is fixing this issue (at least for EC keys).

@hosseinsh
Copy link
Contributor

Thanks for the PR @skorobkov.
Would appreciate it if you get a chance to resolve the Linting-related errors.

--> Linting Python files
PYFLAKES_NODOCTEST=1 flake8 lemur
lemur/common/utils.py:248:1: E302 expected 2 blank lines, found 1
make: *** [Makefile:96: lint-python] Error 1
Error: Process completed with exit code 2.

@coveralls
Copy link

coveralls commented Oct 2, 2023
edited
Loading

Coverage Status

coverage: 75.407% (+0.008%) from 75.399% when pulling a68c4d0 on skorobkov:acme_clinet_sign_alg into b6d3531 on Netflix:master.

@jmcrawford45 jmcrawford45 merged commit 6732fec into Netflix:master Oct 2, 2023
18 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jmcrawford45 jmcrawford45 jmcrawford45 approved these changes

@hosseinsh hosseinsh Awaiting requested review from hosseinsh

@charhate charhate Awaiting requested review from charhate

@jtschladen jtschladen Awaiting requested review from jtschladen

@douglasc-nflx douglasc-nflx Awaiting requested review from douglasc-nflx

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@skorobkov @hosseinsh @coveralls @jmcrawford45 @skorobkov78