Beispiel #1
0
    def handle_authorizations(self, orderr, best_effort=False, max_retries=30):
        """
        Retrieve all authorizations, perform all challenges required to validate
        these authorizations, then poll and wait for the authorization to be checked.
        :param acme.messages.OrderResource orderr: must have authorizations filled in
        :param bool best_effort: if True, not all authorizations need to be validated (eg. renew)
        :param int max_retries: maximum number of retries to poll authorizations
        :returns: list of all validated authorizations
        :rtype: List

        :raises .AuthorizationError: If unable to retrieve all authorizations
        """
        authzrs = orderr.authorizations[:]
        if not authzrs:
            raise errors.AuthorizationError('No authorization to handle.')

        # Retrieve challenges that need to be performed to validate authorizations.
        achalls = self._choose_challenges(authzrs)
        if not achalls:
            return authzrs

        # Starting now, challenges will be cleaned at the end no matter what.
        with error_handler.ExitHandler(self._cleanup_challenges, achalls):
            # To begin, let's ask the authenticator plugin to perform all challenges.
            try:
                resps = self.auth.perform(achalls)

                # If debug is on, wait for user input before starting the verification process.
                logger.info('Waiting for verification...')
                config = zope.component.getUtility(interfaces.IConfig)
                if config.debug_challenges:
                    notify = zope.component.getUtility(interfaces.IDisplay).notification
                    notify('Challenges loaded. Press continue to submit to CA. '
                           'Pass "-v" for more info about challenges.', pause=True)
            except errors.AuthorizationError as error:
                logger.critical('Failure in setting up challenges.')
                logger.info('Attempting to clean up outstanding challenges...')
                raise error
            # All challenges should have been processed by the authenticator.
            assert len(resps) == len(achalls), 'Some challenges have not been performed.'

            # Inform the ACME CA server that challenges are available for validation.
            for achall, resp in zip(achalls, resps):
                self.acme.answer_challenge(achall.challb, resp)

            # Wait for authorizations to be checked.
            self._poll_authorizations(authzrs, max_retries, best_effort)

            # Keep validated authorizations only. If there is none, no certificate can be issued.
            authzrs_validated = [authzr for authzr in authzrs
                                 if authzr.body.status == messages.STATUS_VALID]
            if not authzrs_validated:
                raise errors.AuthorizationError('All challenges have failed.')

            return authzrs_validated
Beispiel #2
0
    def handle_authorizations(self, orderr, best_effort=False):
        """Retrieve all authorizations for challenges.

        :param acme.messages.OrderResource orderr: must have
            authorizations filled in
        :param bool best_effort: Whether or not all authorizations are
            required (this is useful in renewal)

        :returns: List of authorization resources
        :rtype: list

        :raises .AuthorizationError: If unable to retrieve all
            authorizations

        """
        aauthzrs = [
            AnnotatedAuthzr(authzr, []) for authzr in orderr.authorizations
        ]

        self._choose_challenges(aauthzrs)
        config = zope.component.getUtility(interfaces.IConfig)
        notify = zope.component.getUtility(interfaces.IDisplay).notification

        # While there are still challenges remaining...
        while self._has_challenges(aauthzrs):
            with error_handler.ExitHandler(self._cleanup_challenges, aauthzrs):
                resp = self._solve_challenges(aauthzrs)
                logger.info("Waiting for verification...")
                if config.debug_challenges:
                    notify(
                        'Challenges loaded. Press continue to submit to CA. '
                        'Pass "-v" for more info about challenges.',
                        pause=True)

                # Send all Responses - this modifies achalls
                self._respond(aauthzrs, resp, best_effort)

        # Just make sure all decisions are complete.
        self.verify_authzr_complete(aauthzrs)

        # Only return valid authorizations
        retVal = [
            aauthzr.authzr for aauthzr in aauthzrs
            if aauthzr.authzr.body.status == messages.STATUS_VALID
        ]

        if not retVal:
            raise errors.AuthorizationError(
                "Challenges failed for all domains")

        return retVal
Beispiel #3
0
 def setUp(self):
     from certbot import error_handler
     super(ExitHandlerTest, self).setUp()
     self.handler = error_handler.ExitHandler(self.init_func,
                                              *self.init_args,
                                              **self.init_kwargs)