txacme.client module¶
ACME client API (like acme.client
) implementation for Twisted.
-
class
txacme.client.
Client
(directory, reactor, key, jws_client)[source]¶ ACME client interface.
-
agree_to_tos
(regr)[source]¶ Accept the terms-of-service for a registration.
Parameters: regr (RegistrationResource) – The registration to update. Returns: The updated registration resource. Return type: Deferred[ RegistrationResource
]
-
answer_challenge
(challenge_body, response)[source]¶ Respond to an authorization challenge.
Parameters: - challenge_body (ChallengeBody) – The challenge being responded to.
- response (ChallengeResponse) – The response to the challenge.
Returns: The updated challenge resource.
Return type: Deferred[
ChallengeResource
]
-
fetch_chain
(certr, max_length=10)[source]¶ Fetch the intermediary chain for a certificate.
Parameters: - certr (acme.messages.CertificateResource) – The certificate to fetch the chain for.
- max_length (int) – The maximum length of the chain that will be fetched.
Return type: Deferred[List[
acme.messages.CertificateResource
]]Returns: The issuer certificate chain, ordered with the trust anchor last.
-
classmethod
from_url
(reactor, url, key, alg=RS256, jws_client=None)[source]¶ Construct a client from an ACME directory at a given URL.
Parameters: - url – The
twisted.python.url.URL
to fetch the directory from. - reactor – The Twisted reactor to use.
- key (JWK) – The client key to use.
- alg – The signing algorithm to use. Needs to be compatible with the type of key used.
- jws_client (JWSClient) – The underlying client to use, or
None
to construct one.
Returns: The constructed client.
Return type: Deferred[
Client
]- url – The
-
register
(new_reg=None)[source]¶ Create a new registration with the ACME server.
Parameters: new_reg (NewRegistration) – The registration message to use, or None
to construct one.Returns: The registration resource. Return type: Deferred[ RegistrationResource
]
-
request_challenges
(identifier)[source]¶ Create a new authorization.
Parameters: identifier (Identifier) – The identifier to authorize. Returns: The new authorization resource. Return type: Deferred[ AuthorizationResource
]
-
request_issuance
(csr)[source]¶ Request a certificate.
Authorizations should have already been completed for all of the names requested in the CSR.
Note that unlike
acme.client.Client.request_issuance
, the certificate resource will have the body data as raw bytes.See also
Todo
Delayed issuance is not currently supported, the server must issue the requested certificate immediately.
Parameters: csr – A certificate request message: normally txacme.messages.CertificateRequest
oracme.messages.CertificateRequest
.Return type: Deferred[ acme.messages.CertificateResource
]Returns: The issued certificate.
-
classmethod
retry_after
(response, default=5, _now=<built-in function time>)[source]¶ Parse the Retry-After value from a response.
-
update_registration
(regr, uri=None)[source]¶ Submit a registration to the server to update it.
Parameters: - regr (RegistrationResource) – The registration to
update. Can be a
NewRegistration
instead, in order to create a new registration. - uri (str) – The url to submit to. Must be
specified if a
NewRegistration
is provided.
Returns: The updated registration resource.
Return type: Deferred[
RegistrationResource
]- regr (RegistrationResource) – The registration to
update. Can be a
-
-
class
txacme.client.
JWSClient
(treq_client, key, alg, user_agent='txacme/0.9.0+0.g14e475b.dirty')[source]¶ HTTP client using JWS-signed messages.
-
get
(url, content_type='application/json', **kwargs)[source]¶ Send GET request and check response.
Parameters: Raises: - txacme.client.ServerError – If server response body carries HTTP Problem (draft-ietf-appsawg-http-problem-00).
- acme.errors.ClientError – In case of other protocol errors.
Returns: Deferred firing with the checked HTTP response.
-
head
(url, *args, **kwargs)[source]¶ Send HEAD request without checking the response.
Note that
_check_response
is not called, as there will be no response body to check.Parameters: url (str) – The URL to make the request to.
-
post
(url, obj, content_type='application/json', **kwargs)[source]¶ POST an object and check the response.
Parameters: - url (str) – The URL to request.
- obj (JSONDeSerializable) – The serializable payload of the request.
- content_type (bytes) – The expected content type of the response. By default, JSON.
Raises: - txacme.client.ServerError – If server response body carries HTTP Problem (draft-ietf-appsawg-http-problem-00).
- acme.errors.ClientError – In case of other protocol errors.
-
-
exception
txacme.client.
ServerError
(message, response)[source]¶ acme.messages.Error
isn’t usable as an asynchronous exception, because it doesn’t allow setting the__traceback__
attribute like Twisted wants to do when cleaning Failures. This type exists to wrap such an error, as well as provide access to the original response.
-
txacme.client.
fqdn_identifier
(fqdn)[source]¶ Construct an identifier from an FQDN.
Trivial implementation, just saves on typing.
Parameters: fqdn (str) – The domain name. Returns: The identifier. Return type: Identifier
-
txacme.client.
answer_challenge
(authzr, client, responders)[source]¶ Complete an authorization using a responder.
Parameters: - auth (AuthorizationResource) – The authorization to complete.
- client (Client) – The ACME client.
- responders (List[
IResponder
]) – A list of responders that can be used to complete the challenge with.
Returns: A deferred firing when the authorization is verified.
-
txacme.client.
poll_until_valid
(authzr, clock, client, timeout=300.0)[source]¶ Poll an authorization until it is in a state other than pending or processing.
Parameters: - auth (AuthorizationResource) – The authorization to complete.
- clock – The
IReactorTime
implementation to use; usually the reactor, when not testing. - client (Client) – The ACME client.
- timeout (float) – Maximum time to poll in seconds, before giving up.
Raises: txacme.client.AuthorizationFailed – if the authorization is no longer in the pending, processing, or valid states.
Raises: twisted.internet.defer.CancelledError
if the authorization was still in pending or processing state when the timeout was reached.Return type: Deferred[
AuthorizationResource
]Returns: A deferred firing when the authorization has completed/failed; if the authorization is valid, the authorization resource will be returned.