def auth_from_domains_with_key(le_client, config, domains, key): """Authenticate and enroll certificate. :param letsencrypt_gencsr.key_client.KeyClient le_client: The client """ # Note: This can raise errors... caught above us though. lineage = _treat_as_renewal(config, domains) if lineage is not None: # TODO: schoen wishes to reuse key - discussion # https://github.com/letsencrypt/letsencrypt/pull/777/files#r40498574 new_certr, new_chain, new_key, _ = le_client.obtain_certificate_from_key(domains, key) # TODO: Check whether it worked! <- or make sure errors are thrown (jdk) lineage.save_successor( lineage.latest_common_version(), OpenSSL.crypto.dump_certificate( OpenSSL.crypto.FILETYPE_PEM, new_certr.body), new_key.pem, crypto_util.dump_pyopenssl_chain(new_chain)) lineage.update_all_links_to(lineage.latest_common_version()) # TODO: Check return value of save_successor # TODO: Also update lineage renewal config with any relevant # configuration values from this attempt? <- Absolutely (jdkasten) else: # TREAT AS NEW REQUEST lineage = le_client.obtain_and_enroll_certificate(domains) if not lineage: raise errors.Error("Certificate could not be obtained") _report_new_cert(lineage.cert, lineage.fullchain) return lineage
if args.domains and args.csr is not None: # TODO: --csr could have a priority, when --domains is # supplied, check if CSR matches given domains? return "--domains and --csr are mutually exclusive" try: # installers are used in auth mode to determine domain names installer, authenticator = choose_configurator_plugins(args, config, plugins, "certonly") except errors.PluginSelectionError, e: return e.message # TODO: Handle errors from _init_le_client? le_client = init_le_client(args, config, authenticator, installer) # This is a special case; cert and chain are simply saved if args.csr is not None: certr, chain = le_client.obtain_certificate_from_csr(le_util.CSR( file=args.csr[0], data=args.csr[1], form="der")) cert_path, _, cert_fullchain = le_client.save_certificate( certr, chain, args.cert_path, args.chain_path, args.fullchain_path) _report_new_cert(cert_path, cert_fullchain) elif args.private_key: domains = _find_domains(args, installer) auth_from_domains_with_key(le_client, config, domains, key=args.private_key) else: domains = _find_domains(args, installer) _auth_from_domains(le_client, config, domains) _suggest_donate()