1
0
mirror of https://github.com/moepman/acertmgr.git synced 2024-12-29 09:21:51 +01:00

authority.v1/2: do not re-authorize already valid domains

Skipping re-authorization when not necessary speeds up cert renewal.
This commit is contained in:
Kishi85 2019-04-02 10:24:58 +02:00
parent fd8c4ec443
commit 989d3b585a
2 changed files with 22 additions and 10 deletions

View File

@ -94,6 +94,7 @@ class ACMEAuthority(AbstractACMEAuthority):
challenges = dict()
tokens = dict()
authdomains = list()
# verify each domain
try:
for domain in domains:
@ -108,7 +109,11 @@ class ACMEAuthority(AbstractACMEAuthority):
raise ValueError("Error requesting challenges: {0} {1}".format(code, result))
# create the challenge
challenges[domain] = [c for c in json.loads(result.decode('utf8'))['challenges'] if
authz = json.loads(result.decode('utf8'))
if authz.get('status', 'no-status-found') == 'valid':
log("{} has already been verified".format(domain))
continue
challenges[domain] = [c for c in authz['challenges'] if
c['type'] == challenge_handlers[domain].get_challenge_type()][0]
tokens[domain] = re.sub(r"[^A-Za-z0-9_\-]", "_", challenges[domain]['token'])
@ -116,9 +121,10 @@ class ACMEAuthority(AbstractACMEAuthority):
raise ValueError("No challenge handler given for domain: {0}".format(domain))
challenge_handlers[domain].create_challenge(domain, account_thumbprint, tokens[domain])
authdomains.append(domain)
# after all challenges are created, start processing authorizations
for domain in domains:
for domain in authdomains:
challenge_handlers[domain].start_challenge(domain, account_thumbprint, tokens[domain])
try:
log("Starting key authorization")

View File

@ -169,20 +169,26 @@ class ACMEAuthority(AbstractACMEAuthority):
authorization['_domain'] = "*.{}".format(authorization['identifier']['value']) if \
'wildcard' in authorization and authorization['wildcard'] else authorization['identifier']['value']
if authorization.get('status', 'no-status-found') == 'valid':
log("{} has already been authorized".format(authorization['_domain']))
continue
if authorization['_domain'] not in challenge_handlers:
raise ValueError("No challenge handler given for domain: {0}".format(authorization['_domain']))
log("Authorizing {0}".format(authorization['_domain']))
# create the challenge
matching_challenges = [c for c in authorization['challenges'] if
c['type'] == challenge_handlers[authorization['_domain']].get_challenge_type()]
ctype = challenge_handlers[authorization['_domain']].get_challenge_type()
matching_challenges = [c for c in authorization['challenges'] if c['type'] == ctype]
if len(matching_challenges) == 0:
raise ValueError("Error no challenge matching {0} found: {1}".format(
challenge_handlers[authorization['_domain']].get_challenge_type(), authorization))
raise ValueError("Error no challenge matching {0} found: {1}".format(ctype, authorization))
authorization['_challenge'] = matching_challenges[0]
if authorization['_challenge'].get('status', 'no-status-found') == 'valid':
log("{} has already been authorized using {}".format(authorization['_domain'], ctype))
continue
authorization['_token'] = re.sub(r"[^A-Za-z0-9_\-]", "_", authorization['_challenge']['token'])
if authorization['_domain'] not in challenge_handlers:
raise ValueError("No challenge handler given for domain: {0}".format(authorization['_domain']))
challenge_handlers[authorization['_domain']].create_challenge(authorization['identifier']['value'],
account_thumbprint,
authorization['_token'])