Upload 15 files

.gitattributes

@@ -1,35 +1,35 @@
-*.7z filter=lfs diff=lfs merge=lfs -text
-*.arrow filter=lfs diff=lfs merge=lfs -text
-*.bin filter=lfs diff=lfs merge=lfs -text
-*.bz2 filter=lfs diff=lfs merge=lfs -text
-*.ckpt filter=lfs diff=lfs merge=lfs -text
-*.ftz filter=lfs diff=lfs merge=lfs -text
-*.gz filter=lfs diff=lfs merge=lfs -text
-*.h5 filter=lfs diff=lfs merge=lfs -text
-*.joblib filter=lfs diff=lfs merge=lfs -text
-*.lfs.* filter=lfs diff=lfs merge=lfs -text
-*.mlmodel filter=lfs diff=lfs merge=lfs -text
-*.model filter=lfs diff=lfs merge=lfs -text
-*.msgpack filter=lfs diff=lfs merge=lfs -text
-*.npy filter=lfs diff=lfs merge=lfs -text
-*.npz filter=lfs diff=lfs merge=lfs -text
-*.onnx filter=lfs diff=lfs merge=lfs -text
-*.ot filter=lfs diff=lfs merge=lfs -text
-*.parquet filter=lfs diff=lfs merge=lfs -text
-*.pb filter=lfs diff=lfs merge=lfs -text
-*.pickle filter=lfs diff=lfs merge=lfs -text
-*.pkl filter=lfs diff=lfs merge=lfs -text
-*.pt filter=lfs diff=lfs merge=lfs -text
-*.pth filter=lfs diff=lfs merge=lfs -text
-*.rar filter=lfs diff=lfs merge=lfs -text
-*.safetensors filter=lfs diff=lfs merge=lfs -text
-saved_model/**/* filter=lfs diff=lfs merge=lfs -text
-*.tar.* filter=lfs diff=lfs merge=lfs -text
-*.tar filter=lfs diff=lfs merge=lfs -text
-*.tflite filter=lfs diff=lfs merge=lfs -text
-*.tgz filter=lfs diff=lfs merge=lfs -text
-*.wasm filter=lfs diff=lfs merge=lfs -text
-*.xz filter=lfs diff=lfs merge=lfs -text
-*.zip filter=lfs diff=lfs merge=lfs -text
-*.zst filter=lfs diff=lfs merge=lfs -text
-*tfevents* filter=lfs diff=lfs merge=lfs -text
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.arrow filter=lfs diff=lfs merge=lfs -text
+*.bin filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.ckpt filter=lfs diff=lfs merge=lfs -text
+*.ftz filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.h5 filter=lfs diff=lfs merge=lfs -text
+*.joblib filter=lfs diff=lfs merge=lfs -text
+*.lfs.* filter=lfs diff=lfs merge=lfs -text
+*.mlmodel filter=lfs diff=lfs merge=lfs -text
+*.model filter=lfs diff=lfs merge=lfs -text
+*.msgpack filter=lfs diff=lfs merge=lfs -text
+*.npy filter=lfs diff=lfs merge=lfs -text
+*.npz filter=lfs diff=lfs merge=lfs -text
+*.onnx filter=lfs diff=lfs merge=lfs -text
+*.ot filter=lfs diff=lfs merge=lfs -text
+*.parquet filter=lfs diff=lfs merge=lfs -text
+*.pb filter=lfs diff=lfs merge=lfs -text
+*.pickle filter=lfs diff=lfs merge=lfs -text
+*.pkl filter=lfs diff=lfs merge=lfs -text
+*.pt filter=lfs diff=lfs merge=lfs -text
+*.pth filter=lfs diff=lfs merge=lfs -text
+*.rar filter=lfs diff=lfs merge=lfs -text
+*.safetensors filter=lfs diff=lfs merge=lfs -text
+saved_model/**/* filter=lfs diff=lfs merge=lfs -text
+*.tar.* filter=lfs diff=lfs merge=lfs -text
+*.tar filter=lfs diff=lfs merge=lfs -text
+*.tflite filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.wasm filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
+*tfevents* filter=lfs diff=lfs merge=lfs -text

.gitignore

@@ -0,0 +1,8 @@
+.env
+certificate*
+/raanna*
+/thenayankasturi*
+/__pycache__
+*.json
+/venv
+/error

acme_tools.py

@@ -0,0 +1,71 @@
+import sys
+import josepy as jose
+from acme import messages, jose
+from acme import client, messages
+from cryptography.hazmat.primitives.asymmetric import rsa, ec
+from cryptography.hazmat.backends import default_backend
+
+def pg_client(directory, key_type="rsa", key_size=None, key_curve=None):
+    try:
+        if key_type.lower() == "rsa":
+            if key_size == "" or key_size ==  None:
+                key_size = 4096
+            rsa_key = rsa.generate_private_key(public_exponent=65537, key_size=key_size, backend=default_backend())
+            account_key = jose.JWKRSA(key=rsa_key)
+            net = client.ClientNetwork(account_key, user_agent='project-gatekeeper/v1.5')
+            directory_obj = messages.Directory.from_json(net.get(directory).json())
+            acme_client = client.ClientV2(directory_obj, net=net)
+            return acme_client
+        elif key_type.lower() == "ec":
+            if key_curve == "" or key_curve == None:
+                key_curve = "ec256"
+            if key_curve == 'SECP256R1' or key_curve == 'ec256':
+                ec_key = ec.generate_private_key(ec.SECP256R1(), default_backend())
+                algo=jose.ES256
+            elif key_curve == 'SECP384R1' or key_curve == 'ec384':
+                ec_key = ec.generate_private_key(ec.SECP384R1(), default_backend())
+                algo=jose.ES384
+            account_key = jose.JWKEC(key=ec_key)
+            net = client.ClientNetwork(account_key, alg=algo, user_agent='project-gatekeeper/v2')
+            response = net.get(directory)
+            directory_obj = messages.Directory.from_json(response.json())
+            acme_client = client.ClientV2(directory_obj, net=net)
+            return acme_client
+        else:
+            print("Invalid key_type")
+            return False
+    except:
+        print("Error in initialization")
+        return False
+
+def new_account(pgclient, email, kid=None, hmac=None):
+    external_account_binding = None
+    if kid and hmac:
+        if isinstance(hmac, bytes):
+            hmac = hmac.decode('utf-8')
+        if not isinstance(hmac, str):
+            print("Error: HMAC is not a string after decoding.")
+            return False
+        try:
+            hmac_bytes = jose.b64.b64decode(hmac)
+        except Exception as e:
+            print(f"Error decoding HMAC key: {e}")
+            return False
+        hmac_key_b64 = jose.b64.b64encode(hmac_bytes).decode('utf-8')
+        external_account_binding = messages.ExternalAccountBinding.from_data(
+            account_public_key=pgclient.net.key,
+            kid=kid,
+            hmac_key=hmac_key_b64,
+            directory=pgclient.directory
+        )
+    registration = messages.NewRegistration.from_data(
+        email=email,
+        terms_of_service_agreed=True,
+        external_account_binding=external_account_binding
+    )
+    try:
+        account = pgclient.new_account(registration)
+        return account
+    except Exception as e:
+        print(f"Error creating account: {e}")
+        return False

app.py

@@ -0,0 +1,81 @@
+import os
+import sys
+import gradio as gr
+from main import main
+from tools import write_file
+
+def gen_ssl(i_domains, wildcard, email, ca_server, key_type, key_size=None, key_curve=None):
+    if key_type == "rsa":
+        key_curve = None
+    elif key_type == "ec":
+        key_size = None
+    else:
+        key_curve = None
+    if key_size is not None:
+        key_size = int(key_size)
+    pvt, csr, cert = main(i_domains, wildcard, email, ca_server, key_type, key_size, key_curve)
+    if email == "":
+        path = "error"
+    else:
+        path = email.split("@")[0]
+    try:
+        os.makedirs(path, exist_ok=True)
+    except:
+        print("Error creating directory")
+    write_file(f"{path}/private.pem", pvt)
+    write_file(f"{path}/domain.csr", csr)
+    write_file(f"{path}/cert.pem", cert)
+    try:
+        return pvt.decode('utf-8'), csr.decode('utf-8'), cert.decode('utf-8')
+    except:
+        return pvt, csr, cert
+
+def update_key_options(key_type):
+    if key_type == "rsa":
+        return gr.update(visible=True), gr.update(visible=False)
+    else:
+        return gr.update(visible=False), gr.update(visible=True)
+
+def update_ca_server(wildcard: bool):
+    if wildcard == False:
+        return gr.update(choices=["Let's Encrypt (Testing)","Let's Encrypt", "Buypass (Testing)", "Buypass", "ZeroSSL", "Google (Testing)","Google", "SSL.com"], value="Let's Encrypt (Testing)")
+    else:
+        return gr.update(choices=["Let's Encrypt (Testing)","Let's Encrypt", "ZeroSSL", "Google (Testing)","Google", "SSL.com"], value="Let's Encrypt")
+
+def update_buypass_options(ca_server):
+    if ca_server == "Buypass (Testing)" or ca_server == "Buypass":
+        return gr.update(choices=['SECP256R1'])
+    else:
+        return gr.update(choices=['SECP256R1', 'SECP384R1'])
+
+def app():
+    with gr.Blocks(title="Project Gatekeeper - Get free SSL Certificates") as webui:
+        with gr.Row():
+            with gr.Column():
+                domains_input = gr.Textbox(label="Enter Domains", placeholder="thenayankasturi.eu.org, dash.thenayankasturi.eu.org, www.thenayankasturi.eu.org", type="text", interactive=True)
+                wildcard = gr.Checkbox(label="Wildcard SSL", interactive=True, value=False)
+            email_input = gr.Textbox(label="Enter your Email ID", placeholder="[email protected]", type="text", interactive=True)
+        with gr.Row():
+            ca_server = gr.Dropdown(label="Select Certificate Authority", choices=["Let's Encrypt (Testing)","Let's Encrypt", "Google (Testing)","Google", "Buypass (Testing)", "Buypass", "ZeroSSL", "SSL.com"], interactive=True, value="Let's Encrypt (Testing)")
+            key_type = gr.Radio(label="Select SSL key type", choices=["rsa", "ec"], interactive=True, value='ec')
+            key_size_dropdown = gr.Dropdown(label="Select Key Size", choices=['2048', '4096'], value='4096', visible=False)  # Initially visible
+            key_curve_dropdown = gr.Dropdown(label="Select Key Curve", choices=['SECP256R1', 'SECP384R1'], value='SECP256R1', visible=True)  # Initially hidden
+        ca_server.change(fn=update_buypass_options, inputs=ca_server, outputs=key_curve_dropdown)
+        key_type.change(fn=update_key_options, inputs=key_type, outputs=[key_size_dropdown, key_curve_dropdown])
+        wildcard.change(fn=update_ca_server, inputs=wildcard, outputs=ca_server)
+        btn = gr.Button(value="Generate SSL Certificate")
+        with gr.Row():
+            with gr.Column():
+                pvt = gr.Textbox(label="Your Private Key", placeholder="Your Private Key will appear here, after successful SSL generation", type="text", interactive=False, show_copy_button=True, lines=10, max_lines=10)
+            with gr.Column():
+                csr = gr.Textbox(label="Your CSR", placeholder="Your CSR will appear here, after successful SSL generation", type="text", interactive=False, show_copy_button=True, lines=10, max_lines=10)
+            with gr.Column():
+                crt = gr.Textbox(label="Your SSL Certificate", placeholder="Your SSL Certificate will appear here, after successful SSL generation", type="text", interactive=False, show_copy_button=True, lines=10, max_lines=10)
+        btn.click(gen_ssl, inputs=[domains_input, wildcard, email_input, ca_server, key_type, key_size_dropdown, key_curve_dropdown], outputs=[pvt, csr, crt])
+    try:
+        webui.queue(default_concurrency_limit=15).launch()
+    except Exception as e:
+        print(f"Error: {e}")
+
+if __name__ == "__main__":
+    app()

dns_cf.py

@@ -0,0 +1,62 @@
+import requests
+import os
+from dotenv import load_dotenv
+
+load_dotenv()
+cf_token = os.environ.get("CF_TOKEN")
+cf_zone_id = os.environ.get("CF_ZONE_ID")
+cf_email = os.environ.get("CF_EMAIL_ID")
+cf_api = "https://api.cloudflare.com/client/v4/"
+
+headers = {
+    "Content-Type": "application/json",
+    "X-Auth-Email": cf_email,
+    "X-Auth-Key": cf_token
+}
+
+def check_txt():
+    cf_endpoint = f"zones/{cf_zone_id}/dns_records"
+    url = f"{cf_api}{cf_endpoint}"
+    response = requests.request("GET", url, headers=headers)
+    data = response.json()
+    record_ids = []
+    record_names = []
+    for record in data['result']:
+        if record['type'] == "TXT":
+            record_id = record['id']
+            record_name = record['name']
+            record_ids.append(record_id)
+            record_names.append(record_name)
+        else:
+            continue
+    return record_ids, record_names
+        
+def add_txt(txt_rec, txt_value, ssl_email):
+    cf_endpoint = f"zones/{cf_zone_id}/dns_records"
+    url = f"{cf_api}{cf_endpoint}"
+    name = txt_rec
+    data = {
+        "type": "TXT",
+        "name": name,
+        "content": txt_value,
+        "proxied": False,
+        "comment": f"SSL Verification for {ssl_email}"
+    }
+    response = requests.request("POST", url, headers=headers, json=data)
+    return response.json()
+
+def del_txt(txt_name):
+    res = None
+    record_ids, record_names = check_txt()
+    for record_id, record_name in zip(record_ids, record_names):
+        if record_name.startswith(txt_name):
+            try:
+                cf_endpoint = f"zones/{cf_zone_id}/dns_records/{record_id}"
+                url = f"{cf_api}{cf_endpoint}"
+                requests.request("DELETE", url, headers=headers)
+                res = "records deleted"
+            except Exception as e:
+                res = f"Error deleting records: {e}"
+        else:
+            res = "records not found"
+    return res

genPVTCSR.py

@@ -0,0 +1,82 @@
+from cryptography.hazmat.primitives import serialization, hashes
+from cryptography import x509
+from cryptography.hazmat.primitives.asymmetric import ec, rsa
+from cryptography.hazmat.backends import default_backend
+from cryptography.x509.oid import NameOID
+from typing import List, Tuple
+
+def gen_pvt(key_type: str, key_size: int = None, key_curve: str = None) -> bytes:
+    if key_type.lower() == "ec":
+        if key_curve == 'SECP256R1' or key_curve == 'ec256':
+            key = ec.generate_private_key(ec.SECP256R1(), default_backend())
+        elif key_curve == 'SECP384R1' or key_curve == 'ec384':
+            key = ec.generate_private_key(ec.SECP384R1(), default_backend())
+        else:
+            key = ec.generate_private_key(ec.SECP256R1(), default_backend())
+        private_key = key.private_bytes(
+            encoding=serialization.Encoding.PEM,
+            format=serialization.PrivateFormat.TraditionalOpenSSL,
+            encryption_algorithm=serialization.NoEncryption()
+        )
+    elif key_type.lower() == "rsa":
+        if key_size not in [2048, 4096]:
+            key_size = 4096
+        key = rsa.generate_private_key(
+            public_exponent=65537,
+            key_size=key_size,
+            backend=default_backend()
+        )
+        private_key = key.private_bytes(
+            encoding=serialization.Encoding.PEM,
+            format=serialization.PrivateFormat.TraditionalOpenSSL,
+            encryption_algorithm=serialization.NoEncryption()
+        )
+    else:
+        raise ValueError("Unsupported key type or parameters")
+    return private_key
+
+def gen_csr(private_key: bytes, domains: List[str], email: str, common_name: str = None, country: str = None,
+           state: str = None, locality: str = None, organization: str = None, organization_unit: str = None) -> bytes:
+    
+    ssl_domains = [x509.DNSName(domain.strip()) for domain in domains]
+    private_key_obj = serialization.load_pem_private_key(private_key, password=None, backend=default_backend())
+    try:
+        if email.split("@")[1] in ["demo.com", "example.com"] or email.count("@") > 1 or email.count(".") < 1 or email is None:
+            print("Invalid email address")
+            email = f"admin@{domains[0]}"
+    except Exception as e:
+        print(f"Error in email address: {e}")
+        email = f"admin@{domains[0]}"
+    country: str = country or "IN"
+    state: str = state or "Maharashtra"
+    locality: str = locality or "Mumbai"
+    organization_unit: str = organization_unit or "IT Department"
+    common_name: str = common_name or domains[0]
+    organization: str = organization or common_name.split(".")[0]
+    subject = x509.Name([
+        x509.NameAttribute(NameOID.COUNTRY_NAME, country),
+        x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, state),
+        x509.NameAttribute(NameOID.LOCALITY_NAME, locality),
+        x509.NameAttribute(NameOID.EMAIL_ADDRESS, email),
+        x509.NameAttribute(NameOID.ORGANIZATION_NAME, organization),
+        x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, organization_unit),
+        x509.NameAttribute(NameOID.COMMON_NAME, common_name),
+    ])
+    builder = x509.CertificateSigningRequestBuilder()
+    builder = builder.subject_name(subject)
+    builder = builder.add_extension(
+        x509.SubjectAlternativeName(ssl_domains),
+        critical=False,
+    )
+    csr = builder.sign(private_key_obj, hashes.SHA256(), default_backend())
+    return csr.public_bytes(serialization.Encoding.PEM)
+
+def gen_pvt_csr(domains: List[str], key_type: str, key_size: int = None, key_curve: str = None, email: str = None,
+              common_name: str = None, country: str = None, state: str = None, locality: str = None,
+              organization: str = None, organization_unit: str = None) -> Tuple[bytes, bytes]:
+    if key_type.lower() == "rsa":
+        private_key = gen_pvt(key_type, key_size)
+    else:
+        private_key = gen_pvt(key_type, key_curve)
+    csr = gen_csr(private_key, domains, email, common_name, country, state, locality, organization, organization_unit)
+    return private_key, csr

gen_client_cnames.py

@@ -0,0 +1,8 @@
+from gen_records import gen_cname
+from tools import get_domains, extract_subdomains
+
+def gen_client_cnames(i_domains, cf_domain):
+    domains = get_domains(i_domains)
+    exchange = extract_subdomains(domains=domains)
+    cname_recs, cname_values = gen_cname(domains, cf_domain, exchange)
+    return cname_recs, cname_values

gen_records.py

@@ -0,0 +1,45 @@
+import hashlib
+
+def get_domains(i_domains):
+    domains = []
+    for domain in i_domains.split(","):
+        domain = domain.strip()
+        domains.append(domain)
+    return domains
+
+def prefix(domain):
+    domain_bytes = domain.encode()
+    prefix = hashlib.blake2b(domain_bytes, digest_size=12).hexdigest()
+    return prefix
+
+def gen_cname_recs(domains):
+    cname_recs = []
+    for domain in domains:
+        cname_rec = f"_acme-challenge.{domain}"
+        cname_recs.append(cname_rec)
+    return cname_recs
+
+def gen_cname_values(domains, cf_domain, exchange):
+    temp_cname_values = []
+    cname_values = []
+    for domain in domains:
+        cname_value = prefix(domain)
+        cname_value = f"{cname_value}.{domain}"
+        temp_cname_values.append(cname_value)
+    for cname_value in temp_cname_values:
+        modified_cname_value = cname_value.replace(exchange, cf_domain)
+        cname_values.append(modified_cname_value)
+    return cname_values
+
+def gen_cname(domains, cf_domain, exchange):
+    cname_recs  = gen_cname_recs(domains)
+    cname_values = gen_cname_values(domains, cf_domain, exchange)
+    return cname_recs, cname_values
+
+def txt_recs(txt_records, exchange):
+    txt_record = txt_records.replace("_acme-challenge.", "")
+    txt_rec = txt_record.replace(f"{exchange}", "")
+    pre = prefix(txt_record)
+    rec = f"{pre}.{txt_rec}"
+    rec = rec.strip(".")
+    return rec

getGoogleEAB.py

@@ -0,0 +1,32 @@
+import os
+from dotenv import load_dotenv
+from google.oauth2 import service_account
+from google.cloud.security.publicca import PublicCertificateAuthorityServiceClient
+
+def gen_google_eab_data():
+    load_dotenv()
+    data = {
+        "type": "service_account",
+        "project_id": os.getenv("PROJECT_ID"),
+        "private_key_id": os.getenv("PRIVATE_KEY_ID"),
+        "private_key": os.getenv("PRIVATE_KEY"),
+        "client_email": os.getenv("CLIENT_EMAIL"),
+        "client_id": os.getenv("CLIENT_ID"),
+        "auth_uri": os.getenv("AUTH_URI"),
+        "token_uri": os.getenv("TOKEN_URI"),
+        "auth_provider_x509_cert_url": os.getenv("AUTH_PROVIDER_X509_CERT_URL"),
+        "client_x509_cert_url": os.getenv("CLIENT_X509_CERT_URL"),
+        "universe_domain": os.getenv("UNIVERSE_DOMAIN")
+    }
+    return data
+
+def gen_google_eab():
+    service_account_info = gen_google_eab_data()
+    credentials = service_account.Credentials.from_service_account_info(service_account_info)
+    client = PublicCertificateAuthorityServiceClient(credentials=credentials)
+    project_id = service_account_info['project_id']
+    parent = f"projects/{project_id}"
+    response = client.create_external_account_key(parent=parent)
+    kid = response.key_id
+    hmac = response.b64_mac_key
+    return kid, hmac

getTokenCert.py

@@ -0,0 +1,87 @@
+import datetime
+from acme import errors, challenges
+
+def challens(order, directory) -> dict:
+    challs = {}
+    for auth in list(order.authorizations):
+        for challenge in auth.body.challenges:
+            if isinstance(challenge.chall, challenges.DNS01):
+                domain = auth.body.identifier.value
+                challs[domain] = challs[domain] if domain in challs else []
+                challs[domain].append(challenge)
+    if not challs:
+        msg = f"ACME server at '{directory}' does not support DNS-01 challenge."
+        raise errors.ChallengeUnavailable(msg.format(directory=str(directory)))
+    return challs
+
+def get_tokens(client, csr, directory):
+    verification_tokens = {}
+    responses = {}
+    order = client.new_order(csr)
+    challs = challens(order, directory)
+    for domain, challenge_items in challs.items():
+        domain = f"_acme-challenge.{domain}"
+        for challenge in challenge_items:
+            verification_tokens[domain] = verification_tokens[domain] if domain in verification_tokens else []
+            response, validation = challenge.response_and_validation(client.net.key)
+            verification_tokens[domain].append(validation)
+            responses[challenge.chall.token] = response
+    _verification_tokens = verification_tokens
+    return verification_tokens, challs, order
+
+def process_challenge(client, challenge, domain):
+    try:
+        response, _validation = challenge.response_and_validation(client.net.key)
+        print(f"Challenge verified for domain: {domain}")
+        token = challenge.chall.token
+        if isinstance(token, bytes):
+            token = token.decode('utf-8', errors='replace')
+        return response, token
+    except Exception as e:
+        print(f"Error processing challenge for domain {domain}: {e}")
+        return None, None
+
+def answer_challenge(client, challenge, response, domain):
+    try:
+        answer = client.answer_challenge(challenge, response)
+        print(f"Challenge answered for domain: {domain}")
+        return answer
+    except Exception as e:
+        print(f"Error answering challenge for domain {domain}: {e}")
+        return None
+
+def finalize_order(client, order, deadline):
+    try:
+        data = client.poll_and_finalize(order, deadline=deadline)
+        return data
+    except Exception as e:
+        data = client.poll_and_finalize(order, deadline=deadline)
+        print(f"Error finalizing order: {e}")
+        return None
+
+def retrieve_certificate(final_order):
+    try:
+        return final_order.fullchain_pem.encode()
+    except Exception as e:
+        print(f"Error retrieving certificate: {e}")
+        return None
+    
+def verify_tokens(client, challs, order):
+    deadline = datetime.datetime.now() + datetime.timedelta(seconds=180)
+    answers = []
+    responses = {}
+    for domain, challenge_list in challs.items():
+        print(f"Fetching challenges for domain: {domain}")
+        for challenge in challenge_list:
+            response, token = process_challenge(client, challenge, domain)
+            if response is None:
+                continue
+            responses[token] = response
+            answer = answer_challenge(client, challenge, response, domain)
+            if answer is not None:
+                answers.append(answer)
+    final_order = finalize_order(client, order, deadline)
+    if final_order is None:
+        return None
+    cert = retrieve_certificate(final_order)
+    return cert

getZeroSSLEAB.py

@@ -0,0 +1,17 @@
+import requests
+import os
+from dotenv import load_dotenv
+
+def gen_zero_ssl_eab():
+    load_dotenv()    
+    apikey = os.getenv("ZEROSSLAPI")
+    url = "https://api.zerossl.com/acme/eab-credentials"
+    headers = {'Content-Type': 'application/json'}
+    resp = requests.post(url, params={'access_key': apikey}, headers=headers)
+    if resp.json()['success'] == False:
+        print("Error: ", resp.json()['error'])
+        return "Error", "Error"
+    else:
+        kid = resp.json()['eab_kid']
+        hmac = resp.json()['eab_hmac_key']
+    return kid, hmac

main.py

@@ -0,0 +1,167 @@
+import re
+import sys
+import time
+from genPVTCSR import gen_pvt_csr
+from tools import get_domains, get_ca_server, get_kid_hmac, extract_subdomains
+from acme_tools import pg_client, new_account
+from getTokenCert import get_tokens, verify_tokens
+from gen_records import txt_recs
+from dns_cf import add_txt, del_txt
+from verify_txt import verify_txt
+
+def cf_non_wildcard(verification_tokens, email, exchange):
+    tokens = verification_tokens
+    for key, value in tokens.items():
+        txt_rec = txt_recs(key, exchange)
+        txt_value = value[0].strip()
+        try:
+            del_txt(txt_rec)
+        except Exception as e:
+            print(f"Error deleting TXT records or no TXT records exists: {e}")
+        add_txt(txt_rec, txt_value, ssl_email=email)
+
+def cf_wildcard(verification_tokens, email, exchange):
+    tokens = verification_tokens
+    for key, value in tokens.items():
+        txt_rec = txt_recs(key, exchange)
+        try:
+            del_txt(txt_rec)
+        except Exception as e:
+            print(f"Error deleting TXT records or no TXT records exists: {e}")
+        for txt_value in value:
+            add_txt(txt_rec, txt_value, ssl_email=email)
+
+def verify_email(email):
+    pattern = r'^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$'
+    return re.match(pattern, email)
+
+def validate_domains(i_domains):
+    domains = []
+    try:
+        domains = get_domains(i_domains)
+    except:
+        domains = i_domains
+    pattern = r'^[a-zA-Z0-9][a-zA-Z0-9-]{1,61}[a-zA-Z0-9](?:\.[a-zA-Z]{2,})+$'
+    for domain in domains:
+        if re.match(pattern, domain):
+            continue
+        else:
+            return False
+    return True
+
+def verify_txt_records(verification_tokens, exchange):
+    tokens = verification_tokens
+    for key, value in tokens.items():
+        txt_rec = key
+        txt_value = value[0].strip()
+        if not verify_txt(txt_rec, txt_value):
+            return False
+        else:
+            continue
+    return True
+
+def handle_error(message):
+    err = f"Error: {message}"
+    return err, err, err
+
+def main(i_domains, wildcard, email, ca_server, key_type, key_size=None, key_curve=None, kid=None, hmac=None):
+    if i_domains == "":
+        print("domain", i_domains)
+        return handle_error("No domain provided")
+    elif not validate_domains(i_domains):
+        print("domain", i_domains)
+        return handle_error("Invalid domains provided")
+    else:
+        print("domain", i_domains)
+        if email == "":
+            print("email", email)
+            return handle_error("No email provided")
+        elif not verify_email(email):
+            print("email", email)
+            return handle_error("Invalid email provided")
+        else:
+            print("email", email)
+            if ca_server == "":
+                print("ca", ca_server)
+                return handle_error("No CA server provided")
+            else:
+                print("ca", ca_server)
+                if key_type == "":
+                    print("key type", key_type)
+                    return handle_error("No key type provided")
+                else:
+                    print("key type", key_type)
+                    if key_curve == "":
+                        print("size", key_size)
+                        print("curve", key_curve)
+                        return handle_error("No key size or curve provided")
+                    else:
+                        print("size", key_size)
+                        print("curve", key_curve)
+                        print("All data filled")
+    
+    domains = get_domains(i_domains)
+    exchange = extract_subdomains(domains=domains)
+    if wildcard:
+        domains = [exchange, f'*.{exchange}']
+    ca_server_url = get_ca_server(ca_server, key_type)
+    pgk_client = pg_client(ca_server_url, key_type=key_type, key_size=key_size, key_curve=key_curve)
+    if pgk_client is None:
+        return handle_error("Cannot create client access")
+    nkid, nhmac = get_kid_hmac(ca_server)
+    if nkid == 'Error' or nhmac == 'Error':
+        return handle_error("Try with another provider or contact us")
+    kid = nkid
+    hmac = nhmac
+    account = new_account(pgk_client, email, kid=kid, hmac=hmac)
+    if not account:
+        return handle_error("Cannot generate your SSL. Too many requests for this domain.")
+    private_key, csr = gen_pvt_csr(domains=domains, email=email, key_type=key_type, key_curve=key_curve, key_size=key_size)
+    verification_tokens, challs, order = get_tokens(pgk_client, csr, ca_server_url)
+    try:
+        if wildcard:
+            cf_wildcard(verification_tokens, email, exchange)
+        else:
+            cf_non_wildcard(verification_tokens, email, exchange)
+    except Exception as e:
+        print(f"Error adding TXT records: {e}")
+    # verify TXT
+    '''
+    for i in range(60):
+        print(f"Waiting for {60-i} seconds", end="\r")
+        time.sleep(1)
+    '''
+    while not verify_txt_records(verification_tokens, exchange):
+        print("TXT records not verified yet")
+        time.sleep(5)
+    cert = verify_tokens(pgk_client, challs, order)
+    for key in verification_tokens:
+        txt_rec = txt_recs(key, exchange)
+        try:
+            del_txt(txt_rec)
+            print("TXT records deleted successfully")
+        except Exception as e:
+            print(f"Error deleting TXT records or no TXT records exist: {e}")
+    private_key = private_key.decode("utf-8")
+    csr = csr.decode("utf-8")
+    cert = cert.decode("utf-8")
+    return private_key, csr, cert
+
+if __name__ == "__main__":
+    DOMAINS = 'raannakasturi.eu.org'    
+    ca_server = "Google" #Let's Encrypt (Testing), Let's Encrypt, Google (Testing), Google, Buypass (Testing), Buypass, ZeroSSL, SSL.com
+    EMAIL = "[email protected]"
+    key_type = "ec"
+    key_curve = "ec384"
+    key_size = None
+    KID = None
+    HMAC = None
+    private_key, csr, cert = main(i_domains=DOMAINS, wildcard=True, email=EMAIL, ca_server=ca_server, key_type=key_type, key_size=key_size,key_curve=key_curve, kid=KID, hmac=HMAC)
+    print("Private Key:")
+    print(private_key)
+    print()
+    print("CSR:")
+    print(csr)
+    print()
+    print("Certificate:")
+    print(cert)

requirements.txt

@@ -0,0 +1,6 @@
+josepy==1.14.0
+python-dotenv
+acme==2.11.0
+google-cloud-public-ca==0.3.9
+gradio==4.41.0
+dnspython==2.6.1

tools.py

@@ -0,0 +1,74 @@
+
+
+from getGoogleEAB import gen_google_eab
+from getZeroSSLEAB import gen_zero_ssl_eab
+
+
+def get_domains(i_domains):
+    domains = []
+    for domain in i_domains.split(","):
+        domain = domain.strip()
+        domains.append(domain)
+    return domains
+
+def extract_subdomains(domains):
+    exchange = min(domains, key=len)
+    return exchange
+
+def get_ca_server(caserver, key_type):
+    DEFAULT_LET_ENCRYPT_URL = "https://acme-v02.api.letsencrypt.org/directory"
+    urls = {
+        "SSL.com": {
+            "rsa": "https://acme.ssl.com/sslcom-dv-rsa",
+            "ec": "https://acme.ssl.com/sslcom-dv-ecc"
+        },
+        "Let's Encrypt (Testing)": "https://acme-staging-v02.api.letsencrypt.org/directory",
+        "Let's Encrypt": DEFAULT_LET_ENCRYPT_URL,
+        "Buypass (Testing)": "https://api.test4.buypass.no/acme/directory",
+        "Buypass": "https://api.Buypass.com/acme/directory",
+        "ZeroSSL": "https://acme.zerossl.com/v2/DV90",
+        "Google (Testing)": "https://dv.acme-v02.test-api.pki.goog/directory",
+        "Google": "https://dv.acme-v02.api.pki.goog/directory"
+    }
+    if caserver in urls:
+        if isinstance(urls[caserver], dict):
+            return urls[caserver].get(key_type, DEFAULT_LET_ENCRYPT_URL)
+        else:
+            return urls[caserver]
+    return DEFAULT_LET_ENCRYPT_URL
+
+def get_kid_hmac(server):
+    if server == "SSL.com":
+        return None, None
+    elif server == "Let's Encrypt (Testing)":
+        return None, None
+    elif server == "Let's Encrypt":
+        return None, None
+    elif server == "Buypass (Testing)":
+        return None, None
+    elif server == "Buypass":
+        return None, None
+    elif server == "ZeroSSL":
+        kid, hmac = gen_zero_ssl_eab()
+        return kid, hmac
+    elif server == "Google (Testing)":
+        kid, hmac = gen_google_eab()
+        return kid, hmac
+    elif server == "Google":
+        kid, hmac = gen_google_eab()
+        return kid, hmac
+    else:
+        return None, None
+
+def write_file(filename, data):
+    try:
+        try:
+            with open(filename, 'wb') as f:
+                f.write(data)
+        except:
+            with open(filename, 'w') as f:
+                f.write(data)
+        print(filename, " successfully written")
+    except Exception as e:
+        print("Error writing file: ", filename)
+        print(e)

verify_txt.py

@@ -0,0 +1,23 @@
+from dns import resolver
+
+def get_txt(rec):
+    redirect_domain = None
+    try:
+        txt_answers = resolver.resolve(rec, 'TXT')
+        for answer in txt_answers:
+            txt_record = answer.to_text().rstrip(".")
+            if txt_record.startswith('_acme-challenge'):
+                redirect_domain = txt_record.split('.')[-1]
+            else:
+                redirect_domain = txt_record
+        return redirect_domain.strip('"').strip('.')
+    except Exception as e:
+        print(f"An error occurred while resolving {rec}: {e}")
+        return redirect_domain
+
+def verify_txt(rec, expected):
+    found = get_txt(rec)
+    if found == expected:
+        return True
+    else:
+        return False