moepman/acertmgr
1
0
Fork 0
mirror of https://github.com/moepman/acertmgr.git synced 2024-12-29 09:21:51 +01:00
Code Releases Activity

authority.v1/2: do not re-authorize already valid domains

Browse Source 
Skipping re-authorization when not necessary speeds up cert renewal.
This commit is contained in:
Kishi85 2019-04-02 10:24:58 +02:00
parent fd8c4ec443
commit 989d3b585a
2 changed files with 22 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
acertmgr/authority/v1.py
View File

@ -94,6 +94,7 @@ class ACMEAuthority(AbstractACMEAuthority):
challenges = dict() challenges = dict()
tokens = dict() tokens = dict()
authdomains = list()
# verify each domain # verify each domain
try: try:
for domain in domains: for domain in domains:
@ -108,7 +109,11 @@ class ACMEAuthority(AbstractACMEAuthority):
raise ValueError("Error requesting challenges: {0} {1}".format(code, result)) raise ValueError("Error requesting challenges: {0} {1}".format(code, result))
# create the challenge # create the challenge
challenges[domain] = [c for c in json.loads(result.decode('utf8'))['challenges'] if authz = json.loads(result.decode('utf8'))
if authz.get('status', 'no-status-found') == 'valid':
log("{} has already been verified".format(domain))
continue
challenges[domain] = [c for c in authz['challenges'] if
c['type'] == challenge_handlers[domain].get_challenge_type()][0] c['type'] == challenge_handlers[domain].get_challenge_type()][0]
tokens[domain] = re.sub(r"[^A-Za-z0-9_\-]", "_", challenges[domain]['token']) tokens[domain] = re.sub(r"[^A-Za-z0-9_\-]", "_", challenges[domain]['token'])
@ -116,9 +121,10 @@ class ACMEAuthority(AbstractACMEAuthority):
raise ValueError("No challenge handler given for domain: {0}".format(domain)) raise ValueError("No challenge handler given for domain: {0}".format(domain))
challenge_handlers[domain].create_challenge(domain, account_thumbprint, tokens[domain]) challenge_handlers[domain].create_challenge(domain, account_thumbprint, tokens[domain])
authdomains.append(domain)
# after all challenges are created, start processing authorizations # after all challenges are created, start processing authorizations
for domain in domains: for domain in authdomains:
challenge_handlers[domain].start_challenge(domain, account_thumbprint, tokens[domain]) challenge_handlers[domain].start_challenge(domain, account_thumbprint, tokens[domain])
try: try:
log("Starting key authorization") log("Starting key authorization")

22
acertmgr/authority/v2.py
View File

@ -169,20 +169,26 @@ class ACMEAuthority(AbstractACMEAuthority):
authorization['_domain'] = "*.{}".format(authorization['identifier']['value']) if \ authorization['_domain'] = "*.{}".format(authorization['identifier']['value']) if \
'wildcard' in authorization and authorization['wildcard'] else authorization['identifier']['value'] 'wildcard' in authorization and authorization['wildcard'] else authorization['identifier']['value']
if authorization.get('status', 'no-status-found') == 'valid':
log("{} has already been authorized".format(authorization['_domain']))
continue
if authorization['_domain'] not in challenge_handlers:
raise ValueError("No challenge handler given for domain: {0}".format(authorization['_domain']))
log("Authorizing {0}".format(authorization['_domain'])) log("Authorizing {0}".format(authorization['_domain']))
# create the challenge # create the challenge
matching_challenges = [c for c in authorization['challenges'] if ctype = challenge_handlers[authorization['_domain']].get_challenge_type()
c['type'] == challenge_handlers[authorization['_domain']].get_challenge_type()] matching_challenges = [c for c in authorization['challenges'] if c['type'] == ctype]
if len(matching_challenges) == 0: if len(matching_challenges) == 0:
raise ValueError("Error no challenge matching {0} found: {1}".format( raise ValueError("Error no challenge matching {0} found: {1}".format(ctype, authorization))
challenge_handlers[authorization['_domain']].get_challenge_type(), authorization))
authorization['_challenge'] = matching_challenges[0] authorization['_challenge'] = matching_challenges[0]
if authorization['_challenge'].get('status', 'no-status-found') == 'valid':
log("{} has already been authorized using {}".format(authorization['_domain'], ctype))
continue
authorization['_token'] = re.sub(r"[^A-Za-z0-9_\-]", "_", authorization['_challenge']['token']) authorization['_token'] = re.sub(r"[^A-Za-z0-9_\-]", "_", authorization['_challenge']['token'])
if authorization['_domain'] not in challenge_handlers:
raise ValueError("No challenge handler given for domain: {0}".format(authorization['_domain']))
challenge_handlers[authorization['_domain']].create_challenge(authorization['identifier']['value'], challenge_handlers[authorization['_domain']].create_challenge(authorization['identifier']['value'],
account_thumbprint, account_thumbprint,
authorization['_token']) authorization['_token'])