def renew(cert, old_version): """Perform automated renewal of the referenced cert, if possible. :param letsencrypt.storage.RenewableCert cert: The certificate lineage to attempt to renew. :param int old_version: The version of the certificate lineage relative to which the renewal should be attempted. :returns: A number referring to newly created version of this cert lineage, or ``False`` if renewal was not successful. :rtype: `int` or `bool` """ # TODO: handle partial success (some names can be renewed but not # others) # TODO: handle obligatory key rotation vs. optional key rotation vs. # requested key rotation if "renewalparams" not in cert.configfile: # TODO: notify user? return False renewalparams = cert.configfile["renewalparams"] if "authenticator" not in renewalparams: # TODO: notify user? return False # Instantiate the appropriate authenticator plugins = plugins_disco.PluginsRegistry.find_all() config = configuration.NamespaceConfig(_AttrDict(renewalparams)) # XXX: this loses type data (for example, the fact that key_size # was an int, not a str) config.rsa_key_size = int(config.rsa_key_size) config.dvsni_port = int(config.dvsni_port) try: authenticator = plugins[renewalparams["authenticator"]] except KeyError: # TODO: Notify user? (authenticator could not be found) return False authenticator = authenticator.init(config) authenticator.prepare() account = client.determine_account(config) # TODO: are there other ways to get the right account object, e.g. # based on the email parameter that might be present in # renewalparams? our_client = client.Client(config, account, authenticator, None) with open(cert.version("cert", old_version)) as f: sans = crypto_util.get_sans_from_cert(f.read()) new_certr, new_chain, new_key, _ = our_client.obtain_certificate(sans) if new_chain is not None: # XXX: Assumes that there was no key change. We need logic # for figuring out whether there was or not. Probably # best is to have obtain_certificate return None for # new_key if the old key is to be used (since save_successor # already understands this distinction!) return cert.save_successor(old_version, new_certr.body.as_pem(), new_key.pem, new_chain.as_pem()) # TODO: Notify results else: # TODO: Notify negative results return False
def test_determine_account(self, mock_op, mock_prompt): """Test determine account""" from letsencrypt import client key = le_util.Key(tempfile.mkstemp()[1], "pem") test_acc = account.Account(self.config, key, "*****@*****.**") mock_op.return_value = test_acc # Test 0 mock_prompt.return_value = None self.assertTrue(client.determine_account(self.config) is None) # Test 1 test_acc.save() acc = client.determine_account(self.config) self.assertEqual(acc.email, test_acc.email) # Test multiple self.assertFalse(mock_op.called) acc2 = account.Account(self.config, key) acc2.save() chosen_acc = client.determine_account(self.config) self.assertTrue(mock_op.called) self.assertTrue(chosen_acc.email, test_acc.email)
def _account_init(args, config): # Prepare for init of Client if args.email is None: return client.determine_account(config) else: try: # The way to get the default would be args.email = "" # First try existing account return account.Account.from_existing_account(config, args.email) except errors.Error: try: # Try to make an account based on the email address return account.Account.from_email(config, args.email) except errors.Error: return None
def _account_init(args, config): le_util.make_or_verify_dir(config.config_dir, constants.CONFIG_DIRS_MODE, os.geteuid()) # Prepare for init of Client if args.email is None: return client.determine_account(config) else: try: # The way to get the default would be args.email = "" # First try existing account return account.Account.from_existing_account(config, args.email) except errors.LetsEncryptClientError: try: # Try to make an account based on the email address return account.Account.from_email(config, args.email) except errors.LetsEncryptClientError: return None
def _account_init(args, config): le_util.make_or_verify_dir( config.config_dir, constants.CONFIG_DIRS_MODE, os.geteuid()) # Prepare for init of Client if args.email is None: return client.determine_account(config) else: try: # The way to get the default would be args.email = "" # First try existing account return account.Account.from_existing_account(config, args.email) except errors.LetsEncryptClientError: try: # Try to make an account based on the email address return account.Account.from_email(config, args.email) except errors.LetsEncryptClientError: return None