put session into payment state after verifying dvsni if policy calls for a payment

2026-06-05 23:04:39 -04:00 · 2012-11-15 21:34:00 -08:00 · 2012-11-15 21:34:00 -08:00 · c3f23f62d2
commit c3f23f62d2
parent 47fd709853
2 changed files with 18 additions and 4 deletions
--- a/server-ca/chocolate.py
+++ b/server-ca/chocolate.py
@ -69,6 +69,7 @@ class session(object):
        #   yet been received;
        # * "makechallenge" where the CA is still coming up with challenges,
        # * "testchallenge" where the challenges have been issued,
+        # * "payment" where the recipient must pay for the certificate,
        # * "issue" where the CA is in the process of issuing the cert,
        # * "done" where the cert has been issued.
        #
@ -346,6 +347,9 @@ class session(object):
                    pass
            self.send_challenges(m, r)
            return
+        if state == "payment":
+            # XXX TODO send a payment challenge including URL to complete payment
+            pass
        # If we're in done, tell the client about the successfully issued cert.
        if state == "done":
            self.send_cert(m, r)
--- a/server-ca/testchallenge-daemon.py
+++ b/server-ca/testchallenge-daemon.py
@ -5,6 +5,7 @@
 # challenges have been met, and to perform this test.

 import redis, time, sys, signal
+import policy
 from redis_lock import redis_lock
 from sni_challenge.verify import verify_challenge

@ -83,15 +84,24 @@ def testchallenge(session):
             all_satisfied = False
    if all_satisfied:
        # Challenges all succeeded, so we should prepare to issue
-        # the requested cert.
+        # the requested cert or request a payment if applicable.
        # TODO: double-check that there were > 0 challenges,
        # so that we don't somehow mistakenly issue a cert in
        # response to an empty list of challenges (even though
        # the daemon that put this session on the queue should
        # also have implicitly guaranteed this).
-        if debug: print "\t** All challenges satisfied; request %s GRANTED" % short(session)
-        r.hset(session, "state", "issue")
-        r.lpush("pending-issue", session)
+        if policy.payment_required(session):
+            if debug: print "\t** All challenges satisfied; request %s NEEDS PAYMENT" % short(session)
+            r.hset(session, "state", "payment")
+            # According to current practice, there is no pending-payment
+            # queue because sessions can get out of payment state
+            # instantaneously as soon as the payment system sends a "payments"
+            # pubsub message to
+            # the payments daemon.
+        else:
+            if debug: print "\t** All challenges satisfied; request %s GRANTED" % short(session)
+            r.hset(session, "state", "issue")
+            r.lpush("pending-issue", session)
    else:
        # Some challenges were not verified.  In the current
        # design of this daemon, the client must contact