AuthHandler(auth, acme_client, account, pref_challs)¶
ACME Authorization Handler for a client.
Retrieve all authorizations, perform all challenges required to validate these authorizations, then poll and wait for the authorization to be checked. :param acme.messages.OrderResource orderr: must have authorizations filled in :param bool best_effort: if True, not all authorizations need to be validated (eg. renew) :param int max_retries: maximum number of retries to poll authorizations :returns: list of all validated authorizations :rtype: List
Raises: AuthorizationError – If unable to retrieve all authorizations
Poll the ACME CA server, to wait for confirmation that authorizations have their challenges all verified. The poll may occur several times, until all authorizations are checked (valid or invalid), or after a maximum of retries.
Retrieve necessary and pending challenges to satisfy server. NB: Necessary and already validated challenges are not retrieved, as they can be reused for a certificate issuance.
Return list of challenge preferences.
Parameters: domain (str) – domain for which you are requesting preferences
Parameters: achalls (
certbot.achallenges.AnnotatedChallenge) – annotated challenges to cleanup
Construct Namedtuple Challenges
- authzr (messages.AuthorizationResource) – authorization
- path (list) – List of indices from
achalls, list of challenge type
Return type: Raises:
errors.Error – if challenge type is not recognized
challb_to_achall(challb, account_key, domain)¶
Converts a ChallengeBody object to an AnnotatedChallenge.
- challb (ChallengeBody) – ChallengeBody
- account_key (JWK) – Authorized Account Key
- domain (str) – Domain of the challb
gen_challenge_path(challbs, preferences, combinations)¶
Generate a plan to get authority over the identity.
This can be possibly be rewritten to use resolved_combinations.
- challbs (tuple) – A tuple of challenges
acme.messages.AuthorizationResourceto be fulfilled by the client in order to prove possession of the identifier.
- preferences (list) – List of challenge preferences for domain
- combinations (tuple) – A collection of sets of challenges from
acme.messages.Challenge, each of which would be sufficient to prove possession of the identifier.
tuple of indices from
Return type: Raises:
certbot.errors.AuthorizationError – If a path cannot be created that satisfies the CA given the preferences and combinations.
- challbs (tuple) – A tuple of challenges (
_find_smart_path(challbs, preferences, combinations)¶
Find challenge path with server hints.
Can be called if combinations is included. Function uses a simple ranking system to choose the combo with the lowest cost.
Find challenge path without server hints.
Should be called if the combinations hint is not included by the server. This function either returns a path containing all challenges provided by the CA or raises an exception.
Logs and raises an error that no satisfiable chall path exists.
Parameters: challbs – challenges from the authorization that can’t be satisfied
Notifies the user about failed authorizations.
Creates a user friendly error message about failed challenges.
Parameters: failed_achalls (list) – A list of failed
certbot.achallenges.AnnotatedChallengewith the same error type.
Returns: A formatted error message for the client. Return type: str