def new_order(self, csr_pem): """Request a new Order object from the server. :param str csr_pem: A CSR in PEM format. :returns: The newly created order. :rtype: OrderResource """ csr = OpenSSL.crypto.load_certificate_request( OpenSSL.crypto.FILETYPE_PEM, csr_pem) # pylint: disable=protected-access dnsNames = crypto_util._pyopenssl_cert_or_req_all_names(csr) identifiers = [] for name in dnsNames: identifiers.append( messages.Identifier(typ=messages.IDENTIFIER_FQDN, value=name)) order = messages.NewOrder(identifiers=identifiers) response = self._post(self.directory['newOrder'], order) body = messages.Order.from_json(response.json()) authorizations = [] for url in body.authorizations: authorizations.append( self._authzr_from_response(self._post_as_get(url), uri=url)) return messages.OrderResource(body=body, uri=response.headers.get('Location'), authorizations=authorizations, csr_pem=csr_pem)
def new_order(self, csr_pem): """Request a new Order object from the server. :param str csr_pem: A CSR in PEM format. :returns: The newly created order. :rtype: OrderResource """ csr = OpenSSL.crypto.load_certificate_request( OpenSSL.crypto.FILETYPE_PEM, csr_pem) # pylint: disable=protected-access dnsNames = crypto_util._pyopenssl_cert_or_req_all_names(csr) ipNames = crypto_util._pyopenssl_cert_or_req_san_ip(csr) # ipNames is now []string identifiers = [] for name in dnsNames: identifiers.append( messages.Identifier(typ=messages.IDENTIFIER_FQDN, value=name)) for ips in ipNames: identifiers.append( messages.Identifier(typ=messages.IDENTIFIER_IP, value=ips)) order = messages.NewOrder(identifiers=identifiers) response = self._post(self.directory['newOrder'], order) body = messages.Order.from_json(response.json()) authorizations = [] # pylint has trouble understanding our josepy based objects which use # things like custom metaclass logic. body.authorizations should be a # list of strings containing URLs so let's disable this check here. for url in body.authorizations: # pylint: disable=not-an-iterable authorizations.append( self._authzr_from_response(self._post_as_get(url), uri=url)) return messages.OrderResource(body=body, uri=response.headers.get('Location'), authorizations=authorizations, csr_pem=csr_pem)
def new_order(self, csr_pem): """Request a new Order object from the server. :param str csr_pem: A CSR in PEM format. :returns: The newly created order. :rtype: OrderResource """ csr = cryptography.x509.load_pem_x509_csr( csr_pem, cryptography.hazmat.backends.default_backend()) san_extension = next( ext for ext in csr.extensions if ext.oid == cryptography.x509.oid.ExtensionOID.SUBJECT_ALTERNATIVE_NAME) dnsNames = san_extension.value.get_values_for_type( cryptography.x509.DNSName) identifiers = [] for name in dnsNames: identifiers.append( messages.Identifier(typ=messages.IDENTIFIER_FQDN, value=name)) order = messages.NewOrder(identifiers=identifiers) response = self.net.post(self.directory['newOrder'], order) body = messages.Order.from_json(response.json()) authorizations = [] for url in body.authorizations: authorizations.append(self._authzr_from_response( self.net.get(url))) return messages.OrderResource(body=body, uri=response.headers.get('Location'), authorizations=authorizations, csr_pem=csr_pem)
def submit_order(self, key, names): """ Create a new order and return the OrderResource for that order with all the authorizations resolved. It will automatically create a new private key and CSR for the domain 'names'. :param key: Key for the future certificate. :param list of str names: Sequence of DNS names for which to request a new certificate. :return: The new authorization resource. :rtype: Deferred[`~acme.messages.Order`] """ # certbot helper API needs PEM. pem_key = key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=serialization.NoEncryption(), ) csr_pem = make_csr(pem_key, names) identifiers = [fqdn_identifier(name) for name in names] message = messages.NewOrder(identifiers=identifiers) response = yield self._client.post(self.directory.newOrder, message) self._expect_response(response, [http.CREATED]) order_uri = self._maybe_location(response) authorizations = [] order_body = yield response.json() for uri in order_body['authorizations']: # We do a POST-as-GET respose = yield self._client.post(uri, obj=None) self._expect_response(response, [http.CREATED]) body = yield respose.json() authorizations.append( messages.AuthorizationResource( body=messages.Authorization.from_json(body), uri=uri, )) order = messages.OrderResource( body=messages.Order.from_json(order_body), uri=order_uri, authorizations=authorizations, csr_pem=csr_pem, ) # TODO: Not sure if all these sanity checks are required. for identifier in order.body.identifiers: if identifier not in identifiers: raise errors.UnexpectedUpdate(order) defer.returnValue(order)