Use identifiers flow, and poll differently.

2026-06-05 06:42:10 -04:00 · 2017-12-05 22:47:04 -08:00 · 2017-12-05 22:47:04 -08:00 · 2916ec896c
commit 2916ec896c
parent d9616c44f4
2 changed files with 22 additions and 14 deletions
--- a/acme/acme/client.py
+++ b/acme/acme/client.py
@ -10,6 +10,7 @@ import time
 import six
 from six.moves import http_client  # pylint: disable=import-error

+import crypto_util
 import OpenSSL
 import re
 import requests
@ -207,7 +208,11 @@ class Client(object):  # pylint: disable=too-many-instance-attributes
        :rtype: `list` of `.AuthorizationResource`
        """
        csr = OpenSSL.crypto.load_certificate_request(OpenSSL.crypto.FILETYPE_PEM, csr_pem)
-        order = messages.NewOrder(csr=jose.ComparableX509(csr))
+        identifiers = []
+        for name in crypto_util._pyopenssl_cert_or_req_san(csr):
+            identifiers.append(messages.Identifier(typ=messages.IDENTIFIER_FQDN,
+                value=name))
+        order = messages.NewOrder(identifiers=identifiers)
        response = self.net.post(self.directory.new_order, order)
        order_response = self._order_resource_from_response(response)
        return order_response
@ -332,24 +337,27 @@ class Client(object):  # pylint: disable=too-many-instance-attributes
        :rtype: (`.OrderResource`)

        """
-        while True:
-            response = self.net.get(orderr.uri)
-            latest = self._order_resource_from_response(response, uri=orderr.uri)
-            if any([a.body.status == messages.STATUS_PENDING for a in latest.authorizations]):
-                time.sleep(1)
-            else:
-                break
-        for authz in latest.authorizations:
-            if authz.body.status != messages.STATUS_VALID:
+        responses = []
+        for url in orderr.body.authorizations:
+            while True:
+                authzr = self._authzr_from_response(self.net.get(url), uri=url)
+                if authzr.body.status != messages.STATUS_PENDING:
+                    responses.append(authzr)
+                    break
+        for authzr in responses:
+            if authzr.body.status != messages.STATUS_VALID:
                for chall in authz.body.challenges:
                    if chall.error != None:
                        raise Exception("failed challenge for %s: %s" %
                            (authz.body.identifier.value, chall.error))
                raise Exception("failed authorization: %s" % authz.body)
-        while latest.fullchain_pem is None:
+        return orderr
+        #### POST finalize url
+        fullchain_pem = None
+        while fullchain_pem is None:
            time.sleep(1)
            response = self.net.get(orderr.uri)
-            latest = self._order_resource_from_response(response, uri=orderr.uri)
+        latest = self._order_resource_from_response(response, uri=orderr.uri)
        return latest


--- a/acme/acme/messages.py
+++ b/acme/acme/messages.py
@ -491,8 +491,8 @@ class Order(ResourceBody):
    :ivar datetime.datetime expires:

    """
-    csr = jose.Field('csr', decoder=jose.decode_csr, encoder=jose.encode_csr)
-    status = jose.Field('status', omitempty=True)
+    identifiers = jose.Field('identifiers', omitempty=True)
+    status = jose.Field('status', omitempty=True, default=None)
    authorizations = jose.Field('authorizations', omitempty=True)
    certificate = jose.Field('certificate', omitempty=True)
    expires = fields.RFC3339Field('expires', omitempty=True)