Spec and Boulder compatibility fixes.

Relevant acme-spec: - https://github.com/letsencrypt/acme-spec/issues/127 - https://github.com/letsencrypt/acme-spec/pull/119 - https://github.com/letsencrypt/acme-spec/issues/98 - https://github.com/letsencrypt/acme-spec/issues/92 Relevant boulder: - https://github.com/letsencrypt/boulder/pull/170 - https://github.com/letsencrypt/boulder/issues/128
2026-01-21 19:01:07 +03:00 · 2015-05-19 19:21:19 +00:00
parent 2cadfdaae1
commit 41115bfc77
4 changed files with 12 additions and 16 deletions
--- a/acme/messages2.py
+++ b/acme/messages2.py
@@ -18,11 +18,9 @@ class Error(jose.JSONObjectWithFields, Exception):
        'badCSR': 'The CSR is unacceptable (e.g., due to a short key)',
    }

-    # TODO: Boulder omits 'type' and 'instance', spec requires, boulder#128
    typ = jose.Field('type', omitempty=True)
    title = jose.Field('title', omitempty=True)
    detail = jose.Field('detail')
-    instance = jose.Field('instance', omitempty=True)

    @typ.encoder
    def typ(value):  # pylint: disable=missing-docstring,no-self-argument
@@ -227,10 +225,6 @@ class Authorization(ResourceBody):
    challenges = jose.Field('challenges', omitempty=True)
    combinations = jose.Field('combinations', omitempty=True)

-    # TODO: acme-spec #92, #98
-    key = Registration._fields['key']
-    contact = Registration._fields['contact']
-
    status = jose.Field('status', omitempty=True, decoder=Status.from_json)
    # TODO: 'expires' is allowed for Authorization Resources in
    # general, but for Key Authorization '[t]he "expires" field MUST
--- a/letsencrypt/network2.py
+++ b/letsencrypt/network2.py
@@ -248,6 +248,7 @@ class Network(object):

    def _authzr_from_response(self, response, identifier,
                              uri=None, new_cert_uri=None):
+        # pylint: disable=no-self-use
        if new_cert_uri is None:
            try:
                new_cert_uri = response.links['next']['url']
@@ -258,8 +259,7 @@ class Network(object):
            body=messages2.Authorization.from_json(response.json()),
            uri=response.headers.get('Location', uri),
            new_cert_uri=new_cert_uri)
-        if (authzr.body.key != self.key.public()
-                or authzr.body.identifier != identifier):
+        if authzr.body.identifier != identifier:
            raise errors.UnexpectedUpdate(authzr)
        return authzr

--- a/letsencrypt/tests/auth_handler_test.py
+++ b/letsencrypt/tests/auth_handler_test.py
@@ -276,8 +276,6 @@ class PollChallengesTest(unittest.TestCase):
                identifier=authzr.body.identifier,
                challenges=new_challbs,
                combinations=authzr.body.combinations,
-                key=authzr.body.key,
-                contact=authzr.body.contact,
                status=status_,
            ),
        )
--- a/letsencrypt/tests/network2_test.py
+++ b/letsencrypt/tests/network2_test.py
@@ -72,7 +72,7 @@ class NetworkTest(unittest.TestCase):
        self.authz = messages2.Authorization(
            identifier=messages2.Identifier(
                typ=messages2.IDENTIFIER_FQDN, value='example.com'),
-            challenges=(challb,), combinations=None, key=KEY.public())
+            challenges=(challb,), combinations=None)
        self.authzr = messages2.AuthorizationResource(
            body=self.authz, uri=authzr_uri,
            new_cert_uri='https://www.letsencrypt-demo.org/acme/new-cert')
@@ -258,11 +258,10 @@ class NetworkTest(unittest.TestCase):
        # TODO: test POST call arguments

        # TODO: split here and separate test
-        authz_wrong_key = self.authz.update(key=KEY2.public())
-        self.response.json.return_value = authz_wrong_key.to_json()
-        self.assertRaises(
-            errors.UnexpectedUpdate, self.net.request_challenges,
-            self.identifier, self.regr)
+        self.response.json.return_value = self.authz.update(
+            identifier=self.identifier.update(value='foo')).to_json()
+        self.assertRaises(errors.UnexpectedUpdate, self.net.request_challenges,
+                          self.identifier, self.authzr.uri)

    def test_request_challenges_missing_next(self):
        self.response.status_code = httplib.CREATED
@@ -336,6 +335,11 @@ class NetworkTest(unittest.TestCase):
        self.assertEqual((self.authzr, self.response),
                         self.net.poll(self.authzr))

+        # TODO: split here and separate test
+        self.response.json.return_value = self.authz.update(
+            identifier=self.identifier.update(value='foo')).to_json()
+        self.assertRaises(errors.UnexpectedUpdate, self.net.poll, self.authzr)
+
    def test_request_issuance(self):
        self.response.content = CERT.as_der()
        self.response.headers['Location'] = self.certr.uri