upstream/certbot
1
0
Fork 0
mirror of https://github.com/certbot/certbot.git synced 2026-05-28 04:34:11 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

switch interface to new_order and remove best_effort flag

Browse source
This commit is contained in:
Erica Portnoy 2018-02-16 17:35:10 -08:00
parent ea2022588b
commit 20d0b91c71
3 changed files with 22 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
acme/acme/client.py
View file

@ -671,7 +671,6 @@ class BackwardsCompatibleClientV2(object):
self.client = Client(directory, key=key, net=net)
else:
self.client = ClientV2(directory, net=net)
self.orderr = None
def __getattr__(self, name):
if name in vars(self.client):
@ -706,16 +705,16 @@ class BackwardsCompatibleClientV2(object):
regr = regr.update(terms_of_service_agreed=True)
return self.client.new_account(regr)
def request_authorizations(self, csr_pem):
"""Request authorizations for the domains in csr_pem.
def new_order(self, csr_pem):
"""Request a new Order object from the server.
Calls request_domain_challenges for each domain for V1, and
calls new_order and saves the result for V2.
If using ACMEv1, returns a dummy OrderResource with only
the authorizations field filled in.
:param str csr_pem: A CSR in PEM format.
:returns: List of Authorization Resources.
:rtype: list of `.AuthorizationResource`
:returns: The newly created order.
:rtype: OrderResource
"""
if self.acme_version == 1:
csr = OpenSSL.crypto.load_certificate_request(OpenSSL.crypto.FILETYPE_PEM, csr_pem)
@ -724,10 +723,9 @@ class BackwardsCompatibleClientV2(object):
authorizations = []
for domain in dnsNames:
authorizations.append(self.client.request_domain_challenges(domain))
return authorizations
return messages.OrderResource(authorizations=authorizations)
else:
self.orderr = self.client.new_order(csr_pem)
return self.orderr.authorizations
return self.client.new_order(csr_pem)
def _acme_version_from_directory(self, directory):
if hasattr(directory, 'newNonce'):

27
certbot/auth_handler.py
View file

@ -48,12 +48,11 @@ class AuthHandler(object):
# List must be used to keep responses straight.
self.achalls = []
def get_authorizations(self, csr_pem, best_effort=False):
def handle_authorizations(self, orderr):
"""Retrieve all authorizations for challenges.
:param list csr_pem: CSR containing domains for authorization
:param bool best_effort: Whether or not all authorizations are
required (this is useful in renewal)
:param acme.messages.OrderResource orderr: must have
authorizations filled in
:returns: List of authorization resources
:rtype: list
@ -62,7 +61,7 @@ class AuthHandler(object):
authorizations
"""
authzrs = self.acme.request_authorizations(csr_pem)
authzrs = orderr.authorizations
for authzr in authzrs:
self.authzr[authzr.body.identifier.value] = authzr
domains = self.authzr.keys()
@ -80,7 +79,7 @@ class AuthHandler(object):
'Pass "-v" for more info about challenges.', pause=True)
# Send all Responses - this modifies achalls
self._respond(resp, best_effort)
self._respond(resp)
# Just make sure all decisions are complete.
self.verify_authzr_complete()
@ -124,7 +123,7 @@ class AuthHandler(object):
return resp
def _respond(self, resp, best_effort):
def _respond(self, resp):
"""Send/Receive confirmation of all challenges.
.. note:: This method also cleans up the auth_handler state.
@ -137,7 +136,7 @@ class AuthHandler(object):
# Check for updated status...
try:
self._poll_challenges(chall_update, best_effort)
self._poll_challenges(chall_update)
finally:
# This removes challenges from self.achalls
self._cleanup_challenges(active_achalls)
@ -169,7 +168,7 @@ class AuthHandler(object):
return active_achalls
def _poll_challenges(
self, chall_update, best_effort, min_sleep=3, max_rounds=15):
self, chall_update, min_sleep=3, max_rounds=15):
"""Wait for all challenge results to be determined."""
dom_to_check = set(chall_update.keys())
comp_domains = set()
@ -190,14 +189,8 @@ class AuthHandler(object):
chall_update[domain].remove(achall)
# We failed some challenges... damage control
else:
if best_effort:
comp_domains.add(domain)
logger.warning(
"Challenge failed for domain %s",
domain)
else:
all_failed_achalls.update(
updated for _, updated in failed_achalls)
all_failed_achalls.update(
updated for _, updated in failed_achalls)
if all_failed_achalls:
_report_failed_challs(all_failed_achalls)

15
certbot/client.py
View file

@ -235,14 +235,12 @@ class Client(object):
else:
self.auth_handler = None
def obtain_certificate_from_csr(self, csr, authzr=None):
def obtain_certificate_from_csr(self, csr):
"""Obtain certificate.
:param .util.CSR csr: PEM-encoded Certificate Signing
Request. The key used to generate this CSR can be different
than `authkey`.
:param list authzr: List of
:class:`acme.messages.AuthorizationResource`
:returns: `.CertificateResource` and certificate chain (as
returned by `.fetch_chain`).
@ -259,8 +257,8 @@ class Client(object):
logger.debug("CSR: %s", csr)
if authzr is None:
authzr = self.auth_handler.get_authorizations(csr.data)
orderr = self.acme.new_order(csr.data)
authzr = self.auth_handler.handle_authorizations(orderr)
certr = self.acme.request_issuance(
jose.ComparableX509(
@ -315,12 +313,7 @@ class Client(object):
self.config.rsa_key_size, self.config.key_dir)
csr = crypto_util.init_save_csr(key, domains, self.config.csr_dir)
authzr = self.auth_handler.get_authorizations(
csr.data,
self.config.allow_subset_of_names)
certr, chain = self.obtain_certificate_from_csr(
csr, authzr=authzr)
certr, chain = self.obtain_certificate_from_csr(csr)
return certr, chain, key, csr