def request_issuance(self, csr, authzrs): print("Se ejecuta request issuance") """Request issuance. :param csr: CSR :type csr: `OpenSSL.crypto.X509Req` wrapped in `.ComparableX509` :param authzrs: `list` of `.AuthorizationResource` :returns: Issued certificate :rtype: `.messages.CertificateResource` """ assert authzrs, "Authorizations list is empty" logger.debug("Requesting issuance...") # TODO: assert len(authzrs) == number of SANs #Checks if STARValidityCertbot file containing recurrent_cert_validity exists if os.path.isfile("../../STARValidityCertbot"): print "CLIENT.PY: STARValidityCertbot does exist" fileSTAR = open("../../STARValidityCertbot", "r") recurrent = True recurrent_cert_validity = int(float(fileSTAR.read())) req = messages.CertificateRequest(csr=csr, recurrent=recurrent,recurrent_cert_validity=recurrent_cert_validity) else: print "CLIENT.PY: STARValidityCertbot does NOT exist" req = messages.CertificateRequest(csr=csr) print "CSR sent to server is %s" % req content_type = DER_CONTENT_TYPE # TODO: add 'cert_type 'argument response = self.net.post( self.directory.new_cert, req, content_type=content_type, headers={'Accept': content_type}) cert_chain_uri = response.links.get('up', {}).get('url') try: uri = response.headers['Location'] file=open('/root/certId','wr+') file.write(uri) print(uri) except KeyError: raise errors.ClientError('"Location" Header missing') return messages.CertificateResource( uri=uri, authzrs=authzrs, cert_chain_uri=cert_chain_uri, body=jose.ComparableX509(OpenSSL.crypto.load_certificate( OpenSSL.crypto.FILETYPE_ASN1, response.content)))
def finalize_order(self, orderr, deadline): """Finalize an order and obtain a certificate. :param messages.OrderResource orderr: order to finalize :param datetime.datetime deadline: when to stop polling and timeout :returns: finalized order :rtype: messages.OrderResource """ csr = OpenSSL.crypto.load_certificate_request( OpenSSL.crypto.FILETYPE_PEM, orderr.csr_pem) wrapped_csr = messages.CertificateRequest(csr=jose.ComparableX509(csr)) self._post(orderr.body.finalize, wrapped_csr) while datetime.datetime.now() < deadline: time.sleep(1) response = self._post_as_get(orderr.uri) body = messages.Order.from_json(response.json()) if body.error is not None: raise errors.IssuanceError(body.error) if body.certificate is not None: certificate_response = self._post_as_get(body.certificate).text return orderr.update(body=body, fullchain_pem=certificate_response) raise errors.TimeoutError()
def finalize_order(self, orderr, deadline, fetch_alternative_chains=False): """Finalize an order and obtain a certificate. :param messages.OrderResource orderr: order to finalize :param datetime.datetime deadline: when to stop polling and timeout :param bool fetch_alternative_chains: whether to also fetch alternative certificate chains :returns: finalized order :rtype: messages.OrderResource """ csr = OpenSSL.crypto.load_certificate_request( OpenSSL.crypto.FILETYPE_PEM, orderr.csr_pem) wrapped_csr = messages.CertificateRequest(csr=jose.ComparableX509(csr)) self._post(orderr.body.finalize, wrapped_csr) difference = 5 #set initial delay to 5sec while datetime.datetime.now() < deadline: time.sleep(difference) response = self._post_as_get(orderr.uri) body = messages.Order.from_json(response.json()) if body.error is not None: raise errors.IssuanceError(body.error) if body.certificate is not None: certificate_response = self._post_as_get(body.certificate) orderr = orderr.update(body=body, fullchain_pem=certificate_response.text) if fetch_alternative_chains: alt_chains_urls = self._get_links(certificate_response, 'alternate') alt_chains = [self._post_as_get(url).text for url in alt_chains_urls] orderr = orderr.update(alternative_fullchains_pem=alt_chains) return orderr future_date = self.retry_after(response,DEFAULT_NETWORK_TIMEOUT) difference = (future_date - datetime.datetime.now()).total_seconds() raise errors.TimeoutError()
async def order_finalize( self, order: messages.Order, csr: "cryptography.x509.CertificateSigningRequest" ) -> messages.Order: """Finalizes the order using the given CSR. The caller needs to ensure that this method is called with :py:func:`asyncio.wait_for` and a time-out value. Otherwise it may result in an infinite loop if the CA never reports the order's status as *ready*. :param order: Order that is to be finalized. :param csr: The CSR that is submitted to apply for certificate issuance. :raises: * :class:`acme.messages.Error` If the server is unwilling to finalize the order. * :class:`aiohttp.ClientResponseError` If the order does not exist. :returns: The finalized order. """ cert_req = messages.CertificateRequest(csr=csr) while True: try: resp, order_obj = await self._signed_request( cert_req, order.finalize) break except acme.messages.Error as e: # Make sure that the order is in state READY before moving on. if e.code == "orderNotReady": await asyncio.sleep(self.FINALIZE_DELAY) else: raise e finalized = await self._poll_until( self.order_get, resp.headers["Location"], predicate=is_valid, negative_predicate=is_invalid, delay=5.0, max_tries=15, ) return finalized
def request_issuance(self, csr, authzrs): """Request issuance. :param csr: CSR :type csr: `OpenSSL.crypto.X509Req` wrapped in `.ComparableX509` :param authzrs: `list` of `.AuthorizationResource` :returns: Issued certificate :rtype: `.messages.CertificateResource` """ assert authzrs, "Authorizations list is empty" logger.debug("Requesting issuance...") # TODO: assert len(authzrs) == number of SANs req = messages.CertificateRequest( csr=csr, authorizations=tuple(authzr.uri for authzr in authzrs)) content_type = self.DER_CONTENT_TYPE # TODO: add 'cert_type 'argument response = self.net.post( authzrs[0].new_cert_uri, # TODO: acme-spec #90 req, content_type=content_type, headers={'Accept': content_type}) cert_chain_uri = response.links.get('up', {}).get('url') try: uri = response.headers['Location'] except KeyError: raise errors.ClientError('"Location" Header missing') return messages.CertificateResource( uri=uri, authzrs=authzrs, cert_chain_uri=cert_chain_uri, body=jose.ComparableX509( OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_ASN1, response.content)))