def gencsr(args, config, plugins):
if not args.private_key:
print('The given key argument does not point to a file.')
key = Key(*args.private_key)
init_save_csr(
key,
args.domains,
os.path.dirname(args.out) or '.',
os.path.basename(args.out)
)
def obtain_certificate(self, domains):
"""Obtains a certificate from the ACME server.
`.register` must be called before `.obtain_certificate`
:param list domains: domains to get a certificate
:returns: `.CertificateResource`, certificate chain (as
returned by `.fetch_chain`), and newly generated private key
(`.le_util.Key`) and DER-encoded Certificate Signing Request
(`.le_util.CSR`).
:rtype: tuple
"""
authzr = self.auth_handler.get_authorizations(
domains, self.config.allow_subset_of_names)
domains = [a.body.identifier.value.encode('ascii') for a in authzr]
# Create CSR from names
key = crypto_util.init_save_key(self.config.rsa_key_size,
self.config.key_dir)
csr = crypto_util.init_save_csr(key, domains, self.config.csr_dir)
return (self.obtain_certificate_from_csr(domains, csr, authzr=authzr) +
(key, csr))
def obtain_certificate(self, domains):
"""Obtains a certificate from the ACME server.
`.register` must be called before `.obtain_certificate`
:param list domains: domains to get a certificate
:returns: `.CertificateResource`, certificate chain (as
returned by `.fetch_chain`), and newly generated private key
(`.le_util.Key`) and DER-encoded Certificate Signing Request
(`.le_util.CSR`).
:rtype: tuple
"""
authzr = self.auth_handler.get_authorizations(
domains,
self.config.allow_subset_of_names)
domains = [a.body.identifier.value.encode('ascii')
for a in authzr]
# Create CSR from names
key = crypto_util.init_save_key(
self.config.rsa_key_size, self.config.key_dir)
csr = crypto_util.init_save_csr(key, domains, self.config.csr_dir)
return (self.obtain_certificate_from_csr(domains, csr, authzr=authzr)
+ (key, csr))
def test_it(self, unused_mock_verify, mock_csr):
from letsencrypt.crypto_util import init_save_csr
mock_csr.return_value = ('csr_pem', 'csr_der')
csr = init_save_csr(mock.Mock(pem='dummy_key'), 'example.com',
self.csr_dir, 'csr-letsencrypt.pem')
self.assertEqual(csr.data, 'csr_der')
self.assertTrue('csr-letsencrypt.pem' in csr.file)
def obtain_certificate(self, domains, csr=None):
"""Obtains a certificate from the ACME server.
:meth:`.register` must be called before :meth:`.obtain_certificate`
.. todo:: This function does not currently handle CSR correctly.
:param set domains: domains to get a certificate
:param csr: CSR must contain requested domains, the key used to generate
this CSR can be different than self.authkey
:type csr: :class:`CSR`
:returns: Certificate, private key, and certificate chain (all
PEM-encoded).
:rtype: `tuple` of `str`
"""
if self.auth_handler is None:
msg = ("Unable to obtain certificate because authenticator is "
"not set.")
logging.warning(msg)
raise errors.LetsEncryptClientError(msg)
if self.account.regr is None:
raise errors.LetsEncryptClientError(
"Please register with the ACME server first.")
# Perform Challenges/Get Authorizations
authzr = self.auth_handler.get_authorizations(domains)
# Create CSR from names
cert_key = crypto_util.init_save_key(
self.config.rsa_key_size, self.config.key_dir)
csr = crypto_util.init_save_csr(
cert_key, domains, self.config.cert_dir)
# Retrieve certificate
certr = self.network.request_issuance(
jose.ComparableX509(
M2Crypto.X509.load_request_der_string(csr.data)),
authzr)
cert_pem = certr.body.as_pem()
chain_pem = None
if certr.cert_chain_uri is not None:
chain_pem = self.network.fetch_chain(certr)
if chain_pem is None:
# XXX: just to stop RenewableCert from complaining; this is
# probably not a good solution
chain_pem = ""
else:
chain_pem = chain_pem.as_pem()
return cert_pem, cert_key.pem, chain_pem
def test_it(self, unused_mock_verify, mock_csr):
from letsencrypt.crypto_util import init_save_csr
mock_csr.return_value = ('csr_pem', 'csr_der')
csr = init_save_csr(
mock.Mock(pem='dummy_key'), 'example.com', self.csr_dir,
'csr-letsencrypt.pem')
self.assertEqual(csr.data, 'csr_der')
self.assertTrue('csr-letsencrypt.pem' in csr.file)
def obtain_certificate(self, domains, csr=None):
"""Obtains a certificate from the ACME server.
:meth:`.register` must be called before :meth:`.obtain_certificate`
.. todo:: This function does not currently handle CSR correctly.
:param set domains: domains to get a certificate
:param csr: CSR must contain requested domains, the key used to generate
this CSR can be different than self.authkey
:type csr: :class:`CSR`
:returns: Certificate, private key, and certificate chain (all
PEM-encoded).
:rtype: `tuple` of `str`
"""
if self.auth_handler is None:
msg = ("Unable to obtain certificate because authenticator is "
"not set.")
logging.warning(msg)
raise errors.LetsEncryptClientError(msg)
if self.account.regr is None:
raise errors.LetsEncryptClientError(
"Please register with the ACME server first.")
# Perform Challenges/Get Authorizations
authzr = self.auth_handler.get_authorizations(domains)
# Create CSR from names
cert_key = crypto_util.init_save_key(self.config.rsa_key_size,
self.config.key_dir)
csr = crypto_util.init_save_csr(cert_key, domains,
self.config.cert_dir)
# Retrieve certificate
certr = self.network.request_issuance(
jose.ComparableX509(M2Crypto.X509.load_request_der_string(
csr.data)), authzr)
cert_pem = certr.body.as_pem()
chain_pem = None
if certr.cert_chain_uri is not None:
chain_pem = self.network.fetch_chain(certr)
if chain_pem is None:
# XXX: just to stop RenewableCert from complaining; this is
# probably not a good solution
chain_pem = ""
else:
chain_pem = chain_pem.as_pem()
return cert_pem, cert_key.pem, chain_pem
def obtain_certificate(self, domains, csr=None):
"""Obtains a certificate from the ACME server.
:meth:`.register` must be called before :meth:`.obtain_certificate`
.. todo:: This function does not currently handle csr correctly...
:param set domains: domains to get a certificate
:param csr: CSR must contain requested domains, the key used to generate
this CSR can be different than self.authkey
:type csr: :class:`CSR`
:returns: cert_key, cert_path, chain_path
:rtype: `tuple` of (:class:`letsencrypt.le_util.Key`, str, str)
"""
if self.auth_handler is None:
msg = ("Unable to obtain certificate because authenticator is "
"not set.")
logging.warning(msg)
raise errors.LetsEncryptClientError(msg)
if self.account.regr is None:
raise errors.LetsEncryptClientError(
"Please register with the ACME server first.")
# Perform Challenges/Get Authorizations
authzr = self.auth_handler.get_authorizations(domains)
# Create CSR from names
cert_key = crypto_util.init_save_key(
self.config.rsa_key_size, self.config.key_dir)
csr = crypto_util.init_save_csr(
cert_key, domains, self.config.cert_dir)
# Retrieve certificate
certr = self.network.request_issuance(
jose.ComparableX509(
M2Crypto.X509.load_request_der_string(csr.data)),
authzr)
# Save Certificate
cert_path, chain_path = self.save_certificate(
certr, self.config.cert_path, self.config.chain_path)
revoker.Revoker.store_cert_key(
cert_path, self.account.key.file, self.config)
return cert_key, cert_path, chain_path
def obtain_certificate(self, domains):
"""Obtains a certificate from the ACME server.
`.register` must be called before `.obtain_certificate`
:param set domains: domains to get a certificate
:returns: `.CertificateResource`, certificate chain (as
returned by `.fetch_chain`), and newly generated private key
(`.le_util.Key`) and DER-encoded Certificate Signing Request
(`.le_util.CSR`).
:rtype: tuple
"""
# Create CSR from names
key = crypto_util.init_save_key(self.config.rsa_key_size, self.config.key_dir)
csr = crypto_util.init_save_csr(key, domains, self.config.csr_dir)
return self._obtain_certificate(domains, csr) + (key, csr)
def obtain_certificate(self, domains):
"""Obtains a certificate from the ACME server.
`.register` must be called before `.obtain_certificate`
:param set domains: domains to get a certificate
:returns: `.CertificateResource`, certificate chain (as
returned by `.fetch_chain`), and newly generated private key
(`.le_util.Key`) and DER-encoded Certificate Signing Request
(`.le_util.CSR`).
:rtype: tuple
"""
# Create CSR from names
key = crypto_util.init_save_key(self.config.rsa_key_size,
self.config.key_dir)
csr = crypto_util.init_save_csr(key, domains, self.config.csr_dir)
return self._obtain_certificate(domains, csr) + (key, csr)
