Challenges¶
ACME Identifier Validation Challenges.
-
class
acme.challenges.
Challenge
(**kwargs)[source]¶ Bases:
josepy.json_util.TypedJSONObjectWithFields
ACME challenge.
-
classmethod
from_json
(jobj)[source]¶ Deserialize ACME object from valid JSON object.
Raises: josepy.errors.UnrecognizedTypeError – if type of the ACME object has not been registered.
-
classmethod
-
class
acme.challenges.
ChallengeResponse
(**kwargs)[source]¶ Bases:
josepy.json_util.TypedJSONObjectWithFields
ACME challenge response.
-
class
acme.challenges.
UnrecognizedChallenge
(jobj)[source]¶ Bases:
acme.challenges.Challenge
Unrecognized challenge.
ACME specification defines a generic framework for challenges and defines some standard challenges that are implemented in this module. However, other implementations (including peers) might define additional challenge types, which should be ignored if unrecognized.
Variables: jobj – Original JSON decoded object. -
to_partial_json
()[source]¶ Get JSON serializable object.
Returns: Serializable JSON object representing ACME typed object. validate()
will almost certainly not work, due to reasons explained injosepy.interfaces.IJSONSerializable
.Return type: dict
-
classmethod
from_json
(jobj)[source]¶ Deserialize ACME object from valid JSON object.
Raises: josepy.errors.UnrecognizedTypeError – if type of the ACME object has not been registered.
-
-
class
acme.challenges.
_TokenChallenge
(**kwargs)[source]¶ Bases:
acme.challenges.Challenge
Challenge with token.
Variables: token (bytes) – -
TOKEN_SIZE
= 16¶ Minimum size of the
token
in bytes.
-
-
class
acme.challenges.
KeyAuthorizationChallengeResponse
(**kwargs)[source]¶ Bases:
acme.challenges.ChallengeResponse
Response to Challenges based on Key Authorization.
Parameters: key_authorization (unicode) –
-
class
acme.challenges.
KeyAuthorizationChallenge
(**kwargs)[source]¶ Bases:
acme.challenges._TokenChallenge
Challenge based on Key Authorization.
Parameters: - response_cls – Subclass of
KeyAuthorizationChallengeResponse
that will be used to generateresponse
. - typ (str) – type of the challenge
Generate Key Authorization.
Parameters: account_key (JWK) – Rtype unicode:
-
response
(account_key)[source]¶ Generate response to the challenge.
Parameters: account_key (JWK) – Returns: Response (initialized response_cls
) to the challenge.Return type: KeyAuthorizationChallengeResponse
-
validation
(account_key, **kwargs)[source]¶ Generate validation for the challenge.
Subclasses must implement this method, but they are likely to return completely different data structures, depending on what’s necessary to complete the challenge. Interpretation of that return value must be known to the caller.
Parameters: account_key (JWK) – Returns: Challenge-specific validation.
-
response_and_validation
(account_key, *args, **kwargs)[source]¶ Generate response and validation.
Convenience function that return results of
response
andvalidation
.Parameters: account_key (JWK) – Return type: tuple
- response_cls – Subclass of
-
class
acme.challenges.
DNS01Response
(**kwargs)[source]¶ Bases:
acme.challenges.KeyAuthorizationChallengeResponse
ACME dns-01 challenge response.
-
simple_verify
(chall, domain, account_public_key)[source]¶ Simple verify.
This method no longer checks DNS records and is a simple wrapper around
KeyAuthorizationChallengeResponse.verify
.Parameters: - chall (challenges.DNS01) – Corresponding challenge.
- domain (unicode) – Domain name being verified.
- account_public_key (JWK) – Public key for the key pair being authorized.
Returns: True
iff verification of the key authorization was successful.Return type:
-
-
class
acme.challenges.
DNS01
(**kwargs)[source]¶ Bases:
acme.challenges.KeyAuthorizationChallenge
ACME dns-01 challenge.
-
response_cls
¶ alias of
DNS01Response
-
LABEL
= '_acme-challenge'¶ Label clients prepend to the domain name being validated.
-
-
class
acme.challenges.
HTTP01Response
(**kwargs)[source]¶ Bases:
acme.challenges.KeyAuthorizationChallengeResponse
ACME http-01 challenge response.
-
PORT
= 80¶ Verification port as defined by the protocol.
You can override it (e.g. for testing) by passing
port
tosimple_verify
.
-
WHITESPACE_CUTSET
= '\n\r\t '¶ Whitespace characters which should be ignored at the end of the body.
-
simple_verify
(chall, domain, account_public_key, port=None)[source]¶ Simple verify.
Parameters: - chall (challenges.SimpleHTTP) – Corresponding challenge.
- domain (unicode) – Domain name being verified.
- account_public_key (JWK) – Public key for the key pair being authorized.
- port (int) – Port used in the validation.
Returns: True
iff validation with the files currently served by the HTTP server is successful.Return type:
-
-
class
acme.challenges.
HTTP01
(**kwargs)[source]¶ Bases:
acme.challenges.KeyAuthorizationChallenge
ACME http-01 challenge.
-
response_cls
¶ alias of
HTTP01Response
-
URI_ROOT_PATH
= '.well-known/acme-challenge'¶ URI root path for the server provisioned resource.
-
path
¶ Path (starting with ‘/’) for provisioned resource.
Return type: string
-
-
class
acme.challenges.
TLSALPN01Response
(**kwargs)[source]¶ Bases:
acme.challenges.KeyAuthorizationChallengeResponse
ACME TLS-ALPN-01 challenge response.
This class only allows initiating a TLS-ALPN-01 challenge returned from the CA. Full support for responding to TLS-ALPN-01 challenges by generating and serving the expected response certificate is not currently provided.
-
class
acme.challenges.
TLSALPN01
(**kwargs)[source]¶ Bases:
acme.challenges.KeyAuthorizationChallenge
ACME tls-alpn-01 challenge.
This class simply allows parsing the TLS-ALPN-01 challenge returned from the CA. Full TLS-ALPN-01 support is not currently provided.
-
response_cls
¶ alias of
TLSALPN01Response
-
-
class
acme.challenges.
DNS
(**kwargs)[source]¶ Bases:
acme.challenges._TokenChallenge
ACME “dns” challenge.
-
LABEL
= '_acme-challenge'¶ Label clients prepend to the domain name being validated.
-
gen_validation
(account_key, alg=RS256, **kwargs)[source]¶ Generate validation.
Parameters: - account_key (JWK) – Private account key.
- alg (JWA) –
Returns: This challenge wrapped in
JWS
Return type: JWS
-
check_validation
(validation, account_public_key)[source]¶ Check validation.
Parameters: - validation (JWS) –
- account_public_key (JWK) –
Return type:
-
-
class
acme.challenges.
DNSResponse
(**kwargs)[source]¶ Bases:
acme.challenges.ChallengeResponse
ACME “dns” challenge response.
Parameters: validation (JWS) – -
check_validation
(chall, account_public_key)[source]¶ Check validation.
Parameters: - chall (challenges.DNS) –
- account_public_key (JWK) –
Return type:
-