def handle_authorizations(self, orderr, best_effort=False, max_retries=30): """ Retrieve all authorizations, perform all challenges required to validate these authorizations, then poll and wait for the authorization to be checked. :param acme.messages.OrderResource orderr: must have authorizations filled in :param bool best_effort: if True, not all authorizations need to be validated (eg. renew) :param int max_retries: maximum number of retries to poll authorizations :returns: list of all validated authorizations :rtype: List :raises .AuthorizationError: If unable to retrieve all authorizations """ authzrs = orderr.authorizations[:] if not authzrs: raise errors.AuthorizationError('No authorization to handle.') # Retrieve challenges that need to be performed to validate authorizations. achalls = self._choose_challenges(authzrs) if not achalls: return authzrs # Starting now, challenges will be cleaned at the end no matter what. with error_handler.ExitHandler(self._cleanup_challenges, achalls): # To begin, let's ask the authenticator plugin to perform all challenges. try: resps = self.auth.perform(achalls) # If debug is on, wait for user input before starting the verification process. logger.info('Waiting for verification...') config = zope.component.getUtility(interfaces.IConfig) if config.debug_challenges: notify = zope.component.getUtility(interfaces.IDisplay).notification notify('Challenges loaded. Press continue to submit to CA. ' 'Pass "-v" for more info about challenges.', pause=True) except errors.AuthorizationError as error: logger.critical('Failure in setting up challenges.') logger.info('Attempting to clean up outstanding challenges...') raise error # All challenges should have been processed by the authenticator. assert len(resps) == len(achalls), 'Some challenges have not been performed.' # Inform the ACME CA server that challenges are available for validation. for achall, resp in zip(achalls, resps): self.acme.answer_challenge(achall.challb, resp) # Wait for authorizations to be checked. self._poll_authorizations(authzrs, max_retries, best_effort) # Keep validated authorizations only. If there is none, no certificate can be issued. authzrs_validated = [authzr for authzr in authzrs if authzr.body.status == messages.STATUS_VALID] if not authzrs_validated: raise errors.AuthorizationError('All challenges have failed.') return authzrs_validated
def handle_authorizations(self, orderr, best_effort=False): """Retrieve all authorizations for challenges. :param acme.messages.OrderResource orderr: must have authorizations filled in :param bool best_effort: Whether or not all authorizations are required (this is useful in renewal) :returns: List of authorization resources :rtype: list :raises .AuthorizationError: If unable to retrieve all authorizations """ aauthzrs = [ AnnotatedAuthzr(authzr, []) for authzr in orderr.authorizations ] self._choose_challenges(aauthzrs) config = zope.component.getUtility(interfaces.IConfig) notify = zope.component.getUtility(interfaces.IDisplay).notification # While there are still challenges remaining... while self._has_challenges(aauthzrs): with error_handler.ExitHandler(self._cleanup_challenges, aauthzrs): resp = self._solve_challenges(aauthzrs) logger.info("Waiting for verification...") if config.debug_challenges: notify( 'Challenges loaded. Press continue to submit to CA. ' 'Pass "-v" for more info about challenges.', pause=True) # Send all Responses - this modifies achalls self._respond(aauthzrs, resp, best_effort) # Just make sure all decisions are complete. self.verify_authzr_complete(aauthzrs) # Only return valid authorizations retVal = [ aauthzr.authzr for aauthzr in aauthzrs if aauthzr.authzr.body.status == messages.STATUS_VALID ] if not retVal: raise errors.AuthorizationError( "Challenges failed for all domains") return retVal
def setUp(self): from certbot import error_handler super(ExitHandlerTest, self).setUp() self.handler = error_handler.ExitHandler(self.init_func, *self.init_args, **self.init_kwargs)