def dump_pyopenssl_chain(chain, filetype=crypto.FILETYPE_PEM): """Dump certificate chain into a bundle. :param list chain: List of `crypto.X509` (or wrapped in :class:`josepy.util.ComparableX509`). """ # XXX: returns empty string when no chain is available, which # shuts up RenewableCert, but might not be the best solution... return acme_crypto_util.dump_pyopenssl_chain(chain, filetype)
def finalize_order(self, orderr, deadline, fetch_alternative_chains=False): """Finalize an order and obtain a certificate. :param messages.OrderResource orderr: order to finalize :param datetime.datetime deadline: when to stop polling and timeout :param bool fetch_alternative_chains: whether to also fetch alternative certificate chains :returns: finalized order :rtype: messages.OrderResource """ if self.acme_version == 1: client_v1 = cast(Client, self.client) csr_pem = orderr.csr_pem certr = client_v1.request_issuance( jose.ComparableX509( OpenSSL.crypto.load_certificate_request( OpenSSL.crypto.FILETYPE_PEM, csr_pem)), orderr.authorizations) chain = None while datetime.datetime.now() < deadline: try: chain = client_v1.fetch_chain(certr) break except errors.Error: time.sleep(1) if chain is None: raise errors.TimeoutError( 'Failed to fetch chain. You should not deploy the generated ' 'certificate, please rerun the command for a new one.') cert = OpenSSL.crypto.dump_certificate( OpenSSL.crypto.FILETYPE_PEM, certr.body.wrapped).decode() chain = crypto_util.dump_pyopenssl_chain(chain).decode() return orderr.update(fullchain_pem=(cert + chain)) return cast(ClientV2, self.client).finalize_order(orderr, deadline, fetch_alternative_chains)
def finalize_order(self, orderr, deadline): """Finalize an order and obtain a certificate. :param messages.OrderResource orderr: order to finalize :param datetime.datetime deadline: when to stop polling and timeout :returns: finalized order :rtype: messages.OrderResource """ if self.acme_version == 1: csr_pem = orderr.csr_pem certr = self.client.request_issuance( jose.ComparableX509( OpenSSL.crypto.load_certificate_request(OpenSSL.crypto.FILETYPE_PEM, csr_pem)), orderr.authorizations) chain = None while datetime.datetime.now() < deadline: try: chain = self.client.fetch_chain(certr) break except errors.Error: time.sleep(1) if chain is None: raise errors.TimeoutError( 'Failed to fetch chain. You should not deploy the generated ' 'certificate, please rerun the command for a new one.') cert = OpenSSL.crypto.dump_certificate( OpenSSL.crypto.FILETYPE_PEM, certr.body.wrapped).decode() chain = crypto_util.dump_pyopenssl_chain(chain).decode() return orderr.update(fullchain_pem=(cert + chain)) else: return self.client.finalize_order(orderr, deadline)
def _call(cls, loaded): # pylint: disable=protected-access from acme.crypto_util import dump_pyopenssl_chain return dump_pyopenssl_chain(loaded)