def new_order(self, csr_pem):
"""Request a new Order object from the server.
:param str csr_pem: A CSR in PEM format.
:returns: The newly created order.
:rtype: OrderResource
"""
csr = OpenSSL.crypto.load_certificate_request(
OpenSSL.crypto.FILETYPE_PEM, csr_pem)
# pylint: disable=protected-access
dnsNames = crypto_util._pyopenssl_cert_or_req_all_names(csr)
identifiers = []
for name in dnsNames:
identifiers.append(
messages.Identifier(typ=messages.IDENTIFIER_FQDN, value=name))
order = messages.NewOrder(identifiers=identifiers)
response = self._post(self.directory['newOrder'], order)
body = messages.Order.from_json(response.json())
authorizations = []
for url in body.authorizations:
authorizations.append(
self._authzr_from_response(self._post_as_get(url), uri=url))
return messages.OrderResource(body=body,
uri=response.headers.get('Location'),
authorizations=authorizations,
csr_pem=csr_pem)
def new_order(self, csr_pem):
"""Request a new Order object from the server.
:param str csr_pem: A CSR in PEM format.
:returns: The newly created order.
:rtype: OrderResource
"""
csr = OpenSSL.crypto.load_certificate_request(
OpenSSL.crypto.FILETYPE_PEM, csr_pem)
# pylint: disable=protected-access
dnsNames = crypto_util._pyopenssl_cert_or_req_all_names(csr)
ipNames = crypto_util._pyopenssl_cert_or_req_san_ip(csr)
# ipNames is now []string
identifiers = []
for name in dnsNames:
identifiers.append(
messages.Identifier(typ=messages.IDENTIFIER_FQDN, value=name))
for ips in ipNames:
identifiers.append(
messages.Identifier(typ=messages.IDENTIFIER_IP, value=ips))
order = messages.NewOrder(identifiers=identifiers)
response = self._post(self.directory['newOrder'], order)
body = messages.Order.from_json(response.json())
authorizations = []
# pylint has trouble understanding our josepy based objects which use
# things like custom metaclass logic. body.authorizations should be a
# list of strings containing URLs so let's disable this check here.
for url in body.authorizations: # pylint: disable=not-an-iterable
authorizations.append(
self._authzr_from_response(self._post_as_get(url), uri=url))
return messages.OrderResource(body=body,
uri=response.headers.get('Location'),
authorizations=authorizations,
csr_pem=csr_pem)
def new_order(self, csr_pem):
"""Request a new Order object from the server.
:param str csr_pem: A CSR in PEM format.
:returns: The newly created order.
:rtype: OrderResource
"""
csr = cryptography.x509.load_pem_x509_csr(
csr_pem, cryptography.hazmat.backends.default_backend())
san_extension = next(
ext for ext in csr.extensions if ext.oid ==
cryptography.x509.oid.ExtensionOID.SUBJECT_ALTERNATIVE_NAME)
dnsNames = san_extension.value.get_values_for_type(
cryptography.x509.DNSName)
identifiers = []
for name in dnsNames:
identifiers.append(
messages.Identifier(typ=messages.IDENTIFIER_FQDN, value=name))
order = messages.NewOrder(identifiers=identifiers)
response = self.net.post(self.directory['newOrder'], order)
body = messages.Order.from_json(response.json())
authorizations = []
for url in body.authorizations:
authorizations.append(self._authzr_from_response(
self.net.get(url)))
return messages.OrderResource(body=body,
uri=response.headers.get('Location'),
authorizations=authorizations,
csr_pem=csr_pem)
def submit_order(self, key, names):
"""
Create a new order and return the OrderResource for that order with
all the authorizations resolved.
It will automatically create a new private key and CSR for the
domain 'names'.
:param key: Key for the future certificate.
:param list of str names: Sequence of DNS names for which to request
a new certificate.
:return: The new authorization resource.
:rtype: Deferred[`~acme.messages.Order`]
"""
# certbot helper API needs PEM.
pem_key = key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.NoEncryption(),
)
csr_pem = make_csr(pem_key, names)
identifiers = [fqdn_identifier(name) for name in names]
message = messages.NewOrder(identifiers=identifiers)
response = yield self._client.post(self.directory.newOrder, message)
self._expect_response(response, [http.CREATED])
order_uri = self._maybe_location(response)
authorizations = []
order_body = yield response.json()
for uri in order_body['authorizations']:
# We do a POST-as-GET
respose = yield self._client.post(uri, obj=None)
self._expect_response(response, [http.CREATED])
body = yield respose.json()
authorizations.append(
messages.AuthorizationResource(
body=messages.Authorization.from_json(body),
uri=uri,
))
order = messages.OrderResource(
body=messages.Order.from_json(order_body),
uri=order_uri,
authorizations=authorizations,
csr_pem=csr_pem,
)
# TODO: Not sure if all these sanity checks are required.
for identifier in order.body.identifiers:
if identifier not in identifiers:
raise errors.UnexpectedUpdate(order)
defer.returnValue(order)
