def finalize_order(self, orderr, deadline): """Finalize an order and obtain a certificate. :param messages.OrderResource orderr: order to finalize :param datetime.datetime deadline: when to stop polling and timeout :returns: finalized order :rtype: messages.OrderResource """ csr = OpenSSL.crypto.load_certificate_request( OpenSSL.crypto.FILETYPE_PEM, orderr.csr_pem) wrapped_csr = messages.CertificateRequest(csr=jose.ComparableX509(csr)) self._post(orderr.body.finalize, wrapped_csr) while datetime.datetime.now() < deadline: time.sleep(1) response = self._post_as_get(orderr.uri) body = messages.Order.from_json(response.json()) if body.error is not None: raise errors.IssuanceError(body.error) if body.certificate is not None: certificate_response = self._post_as_get(body.certificate).text return orderr.update(body=body, fullchain_pem=certificate_response) raise errors.TimeoutError()
def finalize_order(self, orderr, deadline, fetch_alternative_chains=False): """Finalize an order and obtain a certificate. :param messages.OrderResource orderr: order to finalize :param datetime.datetime deadline: when to stop polling and timeout :param bool fetch_alternative_chains: whether to also fetch alternative certificate chains :returns: finalized order :rtype: messages.OrderResource """ csr = OpenSSL.crypto.load_certificate_request( OpenSSL.crypto.FILETYPE_PEM, orderr.csr_pem) wrapped_csr = messages.CertificateRequest(csr=jose.ComparableX509(csr)) self._post(orderr.body.finalize, wrapped_csr) difference = 5 #set initial delay to 5sec while datetime.datetime.now() < deadline: time.sleep(difference) response = self._post_as_get(orderr.uri) body = messages.Order.from_json(response.json()) if body.error is not None: raise errors.IssuanceError(body.error) if body.certificate is not None: certificate_response = self._post_as_get(body.certificate) orderr = orderr.update(body=body, fullchain_pem=certificate_response.text) if fetch_alternative_chains: alt_chains_urls = self._get_links(certificate_response, 'alternate') alt_chains = [self._post_as_get(url).text for url in alt_chains_urls] orderr = orderr.update(alternative_fullchains_pem=alt_chains) return orderr future_date = self.retry_after(response,DEFAULT_NETWORK_TIMEOUT) difference = (future_date - datetime.datetime.now()).total_seconds() raise errors.TimeoutError()
def get_cert_for_finalized_order(self, orderr, deadline): while datetime.datetime.now() < deadline: time.sleep(1) response = self._post_as_get(orderr.uri) body = messages.Order.from_json(response.json()) if body.error is not None: raise errors.IssuanceError(body.error) if body.certificate is not None: certificate_response = self._post_as_get(body.certificate).text return orderr.update(body=body, fullchain_pem=certificate_response) raise errors.TimeoutError()
def fetch_certificate(self, orderr, deadline): """Attempts to fetch the certificate on an already finalized order""" while datetime.now() < deadline: time.sleep(1) response = self.net.get(orderr.uri) body = messages.Order.from_json(response.json()) if body.error is not None: raise errors.IssuanceError(body.error) if body.certificate is not None: certificate_response = self.net.get( body.certificate, content_type=client.DER_CONTENT_TYPE).text return orderr.update(body=body, fullchain_pem=certificate_response) raise errors.TimeoutError()
def finalize_order(self, orderr, deadline, fetch_alternative_chains=False): """Finalize an order and obtain a certificate. :param messages.OrderResource orderr: order to finalize :param datetime.datetime deadline: when to stop polling and timeout :param bool fetch_alternative_chains: whether to also fetch alternative certificate chains :returns: finalized order :rtype: messages.OrderResource """ if self.acme_version == 1: client_v1 = cast(Client, self.client) csr_pem = orderr.csr_pem certr = client_v1.request_issuance( jose.ComparableX509( OpenSSL.crypto.load_certificate_request( OpenSSL.crypto.FILETYPE_PEM, csr_pem)), orderr.authorizations) chain = None while datetime.datetime.now() < deadline: try: chain = client_v1.fetch_chain(certr) break except errors.Error: time.sleep(1) if chain is None: raise errors.TimeoutError( 'Failed to fetch chain. You should not deploy the generated ' 'certificate, please rerun the command for a new one.') cert = OpenSSL.crypto.dump_certificate( OpenSSL.crypto.FILETYPE_PEM, certr.body.wrapped).decode() chain = crypto_util.dump_pyopenssl_chain(chain).decode() return orderr.update(fullchain_pem=(cert + chain)) return cast(ClientV2, self.client).finalize_order(orderr, deadline, fetch_alternative_chains)
def poll_authorizations(self, orderr, deadline): """Poll Order Resource for status.""" responses = [] for url in orderr.body.authorizations: while datetime.datetime.now() < deadline: authzr = self._authzr_from_response(self.net.get(url), uri=url) if authzr.body.status != messages.STATUS_PENDING: responses.append(authzr) break time.sleep(1) # If we didn't get a response for every authorization, we fell through # the bottom of the loop due to hitting the deadline. if len(responses) < len(orderr.body.authorizations): raise errors.TimeoutError() failed = [] for authzr in responses: if authzr.body.status != messages.STATUS_VALID: for chall in authzr.body.challenges: if chall.error != None: failed.append(authzr) if len(failed) > 0: raise errors.ValidationError(failed) return orderr.update(authorizations=responses)