mirror of https://github.com/moepman/acertmgr.git
authority.v1/2: do not re-authorize already valid domains
Skipping re-authorization when not necessary speeds up cert renewal.
This commit is contained in:
Kishi85
parent
fd8c4ec443
commit
989d3b585a
|
|
@ -94,6 +94,7 @@ class ACMEAuthority(AbstractACMEAuthority):
|
|||
|
||||
challenges = dict()
|
||||
tokens = dict()
|
||||
authdomains = list()
|
||||
# verify each domain
|
||||
try:
|
||||
for domain in domains:
|
||||
|
|
@ -108,7 +109,11 @@ class ACMEAuthority(AbstractACMEAuthority):
|
|||
raise ValueError("Error requesting challenges: {0} {1}".format(code, result))
|
||||
|
||||
# create the challenge
|
||||
challenges[domain] = [c for c in json.loads(result.decode('utf8'))['challenges'] if
|
||||
authz = json.loads(result.decode('utf8'))
|
||||
if authz.get('status', 'no-status-found') == 'valid':
|
||||
log("{} has already been verified".format(domain))
|
||||
continue
|
||||
challenges[domain] = [c for c in authz['challenges'] if
|
||||
c['type'] == challenge_handlers[domain].get_challenge_type()][0]
|
||||
tokens[domain] = re.sub(r"[^A-Za-z0-9_\-]", "_", challenges[domain]['token'])
|
||||
|
||||
|
|
@ -116,9 +121,10 @@ class ACMEAuthority(AbstractACMEAuthority):
|
|||
raise ValueError("No challenge handler given for domain: {0}".format(domain))
|
||||
|
||||
challenge_handlers[domain].create_challenge(domain, account_thumbprint, tokens[domain])
|
||||
authdomains.append(domain)
|
||||
|
||||
# after all challenges are created, start processing authorizations
|
||||
for domain in domains:
|
||||
for domain in authdomains:
|
||||
challenge_handlers[domain].start_challenge(domain, account_thumbprint, tokens[domain])
|
||||
try:
|
||||
log("Starting key authorization")
|
||||
|
|
|
|||
|
|
@ -169,20 +169,26 @@ class ACMEAuthority(AbstractACMEAuthority):
|
|||
|
||||
authorization['_domain'] = "*.{}".format(authorization['identifier']['value']) if \
|
||||
'wildcard' in authorization and authorization['wildcard'] else authorization['identifier']['value']
|
||||
|
||||
if authorization.get('status', 'no-status-found') == 'valid':
|
||||
log("{} has already been authorized".format(authorization['_domain']))
|
||||
continue
|
||||
if authorization['_domain'] not in challenge_handlers:
|
||||
raise ValueError("No challenge handler given for domain: {0}".format(authorization['_domain']))
|
||||
log("Authorizing {0}".format(authorization['_domain']))
|
||||
|
||||
# create the challenge
|
||||
matching_challenges = [c for c in authorization['challenges'] if
|
||||
c['type'] == challenge_handlers[authorization['_domain']].get_challenge_type()]
|
||||
ctype = challenge_handlers[authorization['_domain']].get_challenge_type()
|
||||
matching_challenges = [c for c in authorization['challenges'] if c['type'] == ctype]
|
||||
if len(matching_challenges) == 0:
|
||||
raise ValueError("Error no challenge matching {0} found: {1}".format(
|
||||
challenge_handlers[authorization['_domain']].get_challenge_type(), authorization))
|
||||
raise ValueError("Error no challenge matching {0} found: {1}".format(ctype, authorization))
|
||||
|
||||
authorization['_challenge'] = matching_challenges[0]
|
||||
if authorization['_challenge'].get('status', 'no-status-found') == 'valid':
|
||||
log("{} has already been authorized using {}".format(authorization['_domain'], ctype))
|
||||
continue
|
||||
|
||||
authorization['_token'] = re.sub(r"[^A-Za-z0-9_\-]", "_", authorization['_challenge']['token'])
|
||||
|
||||
if authorization['_domain'] not in challenge_handlers:
|
||||
raise ValueError("No challenge handler given for domain: {0}".format(authorization['_domain']))
|
||||
|
||||
challenge_handlers[authorization['_domain']].create_challenge(authorization['identifier']['value'],
|
||||
account_thumbprint,
|
||||
authorization['_token'])
|
||||
|
|
|
|||
Loading…
Reference in New Issue