def check_cert(self, certr): """Check for new cert. :param certr: Certificate Resource :type certr: `.CertificateResource` :returns: Updated Certificate Resource. :rtype: `.CertificateResource` """ # TODO: acme-spec 5.1 table action should be renamed to # "refresh cert", and this method integrated with self.refresh response, cert = self._get_cert(certr.uri) if 'Location' not in response.headers: raise errors.ClientError('Location header missing') if response.headers['Location'] != certr.uri: raise errors.UnexpectedUpdate(response.text) return certr.update(body=cert)
def _authzr_from_response(self, response, identifier, uri=None, new_cert_uri=None): # pylint: disable=no-self-use if new_cert_uri is None: try: new_cert_uri = response.links['next']['url'] except KeyError: raise errors.ClientError('"next" link missing') authzr = messages.AuthorizationResource( body=messages.Authorization.from_json(response.json()), uri=response.headers.get('Location', uri), new_cert_uri=new_cert_uri) if authzr.body.identifier != identifier: raise errors.UnexpectedUpdate(authzr) return authzr
def answer_challenge(self, challb, response): """Answer challenge. :param challb: Challenge Resource body. :type challb: `.ChallengeBody` :param response: Corresponding Challenge response :type response: `.challenges.ChallengeResponse` :returns: Challenge Resource with updated body. :rtype: `.ChallengeResource` :raises .UnexpectedUpdate: """ # Because sending keyAuthorization in a response challenge has been removed from the ACME # spec, it is not included in the KeyAuthorizationResponseChallenge JSON by default. # However as a migration path, we temporarily expect a malformed error from the server, # and fallback by resending the challenge response with the keyAuthorization field. # TODO: Remove this fallback for Certbot 0.34.0 try: response = self._post(challb.uri, response) except messages.Error as error: if (error.code == 'malformed' and isinstance(response, challenges.KeyAuthorizationChallengeResponse)): logger.debug('Error while responding to a challenge without keyAuthorization ' 'in the JWS, your ACME CA server may not support it:\n%s', error) logger.debug('Retrying request with keyAuthorization set.') response._dump_authorization_key(True) # pylint: disable=protected-access response = self._post(challb.uri, response) else: raise try: authzr_uri = response.links['up']['url'] except KeyError: raise errors.ClientError('"up" Link header missing') challr = messages.ChallengeResource( authzr_uri=authzr_uri, body=messages.ChallengeBody.from_json(response.json())) # TODO: check that challr.uri == response.headers['Location']? if challr.uri != challb.uri: raise errors.UnexpectedUpdate(challr.uri) return challr
def register(self, contact=messages.Registration._fields['contact'].default): """Register. :param contact: Contact list, as accepted by `.Registration` :type contact: `tuple` :returns: Registration Resource. :rtype: `.RegistrationResource` :raises .UnexpectedUpdate: """ new_reg = messages.Registration(contact=contact) response = self._post(self.new_reg_uri, new_reg) assert response.status_code == httplib.CREATED # TODO: handle errors regr = self._regr_from_response(response) if regr.body.key != self.key.public() or regr.body.contact != contact: raise errors.UnexpectedUpdate(regr) return regr