def request_issuance(self, csr, authzrs):
print("Se ejecuta request issuance")
"""Request issuance.
:param csr: CSR
:type csr: `OpenSSL.crypto.X509Req` wrapped in `.ComparableX509`
:param authzrs: `list` of `.AuthorizationResource`
:returns: Issued certificate
:rtype: `.messages.CertificateResource`
"""
assert authzrs, "Authorizations list is empty"
logger.debug("Requesting issuance...")
# TODO: assert len(authzrs) == number of SANs
#Checks if STARValidityCertbot file containing recurrent_cert_validity exists
if os.path.isfile("../../STARValidityCertbot"):
print "CLIENT.PY: STARValidityCertbot does exist"
fileSTAR = open("../../STARValidityCertbot", "r")
recurrent = True
recurrent_cert_validity = int(float(fileSTAR.read()))
req = messages.CertificateRequest(csr=csr, recurrent=recurrent,recurrent_cert_validity=recurrent_cert_validity)
else:
print "CLIENT.PY: STARValidityCertbot does NOT exist"
req = messages.CertificateRequest(csr=csr)
print "CSR sent to server is %s" % req
content_type = DER_CONTENT_TYPE # TODO: add 'cert_type 'argument
response = self.net.post(
self.directory.new_cert,
req,
content_type=content_type,
headers={'Accept': content_type})
cert_chain_uri = response.links.get('up', {}).get('url')
try:
uri = response.headers['Location']
file=open('/root/certId','wr+')
file.write(uri)
print(uri)
except KeyError:
raise errors.ClientError('"Location" Header missing')
return messages.CertificateResource(
uri=uri, authzrs=authzrs, cert_chain_uri=cert_chain_uri,
body=jose.ComparableX509(OpenSSL.crypto.load_certificate(
OpenSSL.crypto.FILETYPE_ASN1, response.content)))
def finalize_order(self, orderr, deadline):
"""Finalize an order and obtain a certificate.
:param messages.OrderResource orderr: order to finalize
:param datetime.datetime deadline: when to stop polling and timeout
:returns: finalized order
:rtype: messages.OrderResource
"""
csr = OpenSSL.crypto.load_certificate_request(
OpenSSL.crypto.FILETYPE_PEM, orderr.csr_pem)
wrapped_csr = messages.CertificateRequest(csr=jose.ComparableX509(csr))
self._post(orderr.body.finalize, wrapped_csr)
while datetime.datetime.now() < deadline:
time.sleep(1)
response = self._post_as_get(orderr.uri)
body = messages.Order.from_json(response.json())
if body.error is not None:
raise errors.IssuanceError(body.error)
if body.certificate is not None:
certificate_response = self._post_as_get(body.certificate).text
return orderr.update(body=body,
fullchain_pem=certificate_response)
raise errors.TimeoutError()
def finalize_order(self, orderr, deadline, fetch_alternative_chains=False):
"""Finalize an order and obtain a certificate.
:param messages.OrderResource orderr: order to finalize
:param datetime.datetime deadline: when to stop polling and timeout
:param bool fetch_alternative_chains: whether to also fetch alternative
certificate chains
:returns: finalized order
:rtype: messages.OrderResource
"""
csr = OpenSSL.crypto.load_certificate_request(
OpenSSL.crypto.FILETYPE_PEM, orderr.csr_pem)
wrapped_csr = messages.CertificateRequest(csr=jose.ComparableX509(csr))
self._post(orderr.body.finalize, wrapped_csr)
difference = 5 #set initial delay to 5sec
while datetime.datetime.now() < deadline:
time.sleep(difference)
response = self._post_as_get(orderr.uri)
body = messages.Order.from_json(response.json())
if body.error is not None:
raise errors.IssuanceError(body.error)
if body.certificate is not None:
certificate_response = self._post_as_get(body.certificate)
orderr = orderr.update(body=body, fullchain_pem=certificate_response.text)
if fetch_alternative_chains:
alt_chains_urls = self._get_links(certificate_response, 'alternate')
alt_chains = [self._post_as_get(url).text for url in alt_chains_urls]
orderr = orderr.update(alternative_fullchains_pem=alt_chains)
return orderr
future_date = self.retry_after(response,DEFAULT_NETWORK_TIMEOUT)
difference = (future_date - datetime.datetime.now()).total_seconds()
raise errors.TimeoutError()
async def order_finalize(
self, order: messages.Order,
csr: "cryptography.x509.CertificateSigningRequest"
) -> messages.Order:
"""Finalizes the order using the given CSR.
The caller needs to ensure that this method is called with
:py:func:`asyncio.wait_for` and a time-out value.
Otherwise it may result in an infinite loop if the CA
never reports the order's status as *ready*.
:param order: Order that is to be finalized.
:param csr: The CSR that is submitted to apply for certificate issuance.
:raises:
* :class:`acme.messages.Error` If the server is unwilling to finalize the order.
* :class:`aiohttp.ClientResponseError` If the order does not exist.
:returns: The finalized order.
"""
cert_req = messages.CertificateRequest(csr=csr)
while True:
try:
resp, order_obj = await self._signed_request(
cert_req, order.finalize)
break
except acme.messages.Error as e:
# Make sure that the order is in state READY before moving on.
if e.code == "orderNotReady":
await asyncio.sleep(self.FINALIZE_DELAY)
else:
raise e
finalized = await self._poll_until(
self.order_get,
resp.headers["Location"],
predicate=is_valid,
negative_predicate=is_invalid,
delay=5.0,
max_tries=15,
)
return finalized
def request_issuance(self, csr, authzrs):
"""Request issuance.
:param csr: CSR
:type csr: `OpenSSL.crypto.X509Req` wrapped in `.ComparableX509`
:param authzrs: `list` of `.AuthorizationResource`
:returns: Issued certificate
:rtype: `.messages.CertificateResource`
"""
assert authzrs, "Authorizations list is empty"
logger.debug("Requesting issuance...")
# TODO: assert len(authzrs) == number of SANs
req = messages.CertificateRequest(
csr=csr, authorizations=tuple(authzr.uri for authzr in authzrs))
content_type = self.DER_CONTENT_TYPE # TODO: add 'cert_type 'argument
response = self.net.post(
authzrs[0].new_cert_uri, # TODO: acme-spec #90
req,
content_type=content_type,
headers={'Accept': content_type})
cert_chain_uri = response.links.get('up', {}).get('url')
try:
uri = response.headers['Location']
except KeyError:
raise errors.ClientError('"Location" Header missing')
return messages.CertificateResource(
uri=uri,
authzrs=authzrs,
cert_chain_uri=cert_chain_uri,
body=jose.ComparableX509(
OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_ASN1,
response.content)))