def obtain_certificate_from_csr( self, csr: util.CSR, orderr: Optional[messages.OrderResource] = None ) -> Tuple[bytes, bytes]: """Obtain certificate. :param .util.CSR csr: PEM-encoded Certificate Signing Request. The key used to generate this CSR can be different than `authkey`. :param acme.messages.OrderResource orderr: contains authzrs :returns: certificate and chain as PEM byte strings :rtype: tuple """ if self.auth_handler is None: msg = ("Unable to obtain certificate because authenticator is " "not set.") logger.error(msg) raise errors.Error(msg) if self.account is None or self.account.regr is None: raise errors.Error("Please register with the ACME server first.") if self.acme is None: raise errors.Error("ACME client is not set.") logger.debug("CSR: %s", csr) if orderr is None: orderr = self._get_order_and_authorizations(csr.data, best_effort=False) deadline = datetime.datetime.now() + datetime.timedelta( seconds=self.config.issuance_timeout) logger.debug("Will poll for certificate issuance until %s", deadline) orderr = self.acme.finalize_order( orderr, deadline, fetch_alternative_chains=self.config.preferred_chain is not None) fullchain = orderr.fullchain_pem if self.config.preferred_chain and orderr.alternative_fullchains_pem: fullchain = crypto_util.find_chain_with_issuer( [fullchain] + orderr.alternative_fullchains_pem, self.config.preferred_chain, not self.config.dry_run) cert, chain = crypto_util.cert_and_chain_from_fullchain(fullchain) return cert.encode(), chain.encode()
def extract_cert_and_chain(self, fullchain_pem, alternative_fullchains_pem, preferred_issuer=None): if not preferred_issuer: preferred_issuer = current_app.config.get("ACME_PREFERRED_ISSUER", None) if preferred_issuer: # returns first chain if not match fullchain_pem = acme_crypto_util.find_chain_with_issuer( [fullchain_pem] + alternative_fullchains_pem, preferred_issuer) pem_certificate = OpenSSL.crypto.dump_certificate( OpenSSL.crypto.FILETYPE_PEM, OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, fullchain_pem), ).decode() pem_certificate_chain = fullchain_pem[len(pem_certificate):].lstrip() return pem_certificate, pem_certificate_chain
def _call(cls, fullchains, issuer_cn, **kwargs): from certbot.crypto_util import find_chain_with_issuer return find_chain_with_issuer(fullchains, issuer_cn, kwargs)