From 5d2abc30f0700366196cebb39a5a1a2275fb9d01 Mon Sep 17 00:00:00 2001 From: Garrett Robinson Date: Tue, 7 Apr 2015 17:09:34 -0700 Subject: [PATCH] Add cmd line arg for the authenticator --- letsencrypt/client/client.py | 46 +++++++++++++++++++++++++------- letsencrypt/client/interfaces.py | 6 +++++ letsencrypt/scripts/main.py | 15 ++++++++--- 3 files changed, 54 insertions(+), 13 deletions(-) diff --git a/letsencrypt/client/client.py b/letsencrypt/client/client.py index 2fcb45d40..19b982502 100644 --- a/letsencrypt/client/client.py +++ b/letsencrypt/client/client.py @@ -349,13 +349,29 @@ def init_csr(privkey, names, cert_dir): return le_util.CSR(csr_filename, csr_der, "der") +def list_available_authenticators(avail_auths): + """Return a pretty-printed list of authenticators. + + This is used to provide helpful feedback in the case where a user + specifies an invalid authenticator on the command line. + + """ + output_lines = ["Available authenticators:"] + for auth_name, auth in avail_auths.iteritems(): + output_lines.append(" - %s : %s" % (auth_name, auth.description)) + return '\n'.join(output_lines) + + # This should be controlled by commandline parameters -def determine_authenticator(all_auths): +def determine_authenticator(all_auths, config): """Returns a valid IAuthenticator. :param list all_auths: Where each is a :class:`letsencrypt.client.interfaces.IAuthenticator` object + :param config: Used if an authenticator was specified on the command line. + :type config: :class:`letsencrypt.client.interfaces.IConfig` + :returns: Valid Authenticator object or None :raises letsencrypt.client.errors.LetsEncryptClientError: If no @@ -363,23 +379,33 @@ def determine_authenticator(all_auths): """ # Available Authenticator objects - avail_auths = [] + avail_auths = {} # Error messages for misconfigured authenticators errs = {} - for pot_auth in all_auths: + for auth_name, auth in all_auths.iteritems(): try: - pot_auth.prepare() + auth.prepare() except errors.LetsEncryptMisconfigurationError as err: - errs[pot_auth] = err + errs[auth] = err except errors.LetsEncryptNoInstallationError: continue - avail_auths.append(pot_auth) + avail_auths[auth_name] = auth - if len(avail_auths) > 1: - auth = display_ops.choose_authenticator(avail_auths, errs) - elif len(avail_auths) == 1: - auth = avail_auths[0] + # If an authenticator was specified on the command line, try to use it + if config.authenticator: + try: + auth = avail_auths[config.authenticator] + except KeyError: + logging.error( + "The specified authenticator '%s' could not be found", + config.authenticator) + logging.info(list_available_authenticators(avail_auths)) + return + elif len(avail_auths) > 1: + auth = display_ops.choose_authenticator(avail_auths.values(), errs) + elif len(avail_auths.keys()) == 1: + auth = avail_auths[avail_auths.keys()[0]] else: raise errors.LetsEncryptClientError("No Authenticators available.") diff --git a/letsencrypt/client/interfaces.py b/letsencrypt/client/interfaces.py index 6779d4e1e..0f032a92e 100644 --- a/letsencrypt/client/interfaces.py +++ b/letsencrypt/client/interfaces.py @@ -13,6 +13,10 @@ class IAuthenticator(zope.interface.Interface): """ + description = zope.interface.Attribute( + "Short description of this authenticator. " + "Used in interactive configuration.") + def prepare(): """Prepare the authenticator. @@ -89,6 +93,8 @@ class IConfig(zope.interface.Interface): server = zope.interface.Attribute( "CA hostname (and optionally :port). The server certificate must " "be trusted in order to avoid further modifications to the client.") + authenticator = zope.interface.Attribute( + "Authenticator to use for responding to challenges.") rsa_key_size = zope.interface.Attribute("Size of the RSA key.") config_dir = zope.interface.Attribute("Configuration directory.") diff --git a/letsencrypt/scripts/main.py b/letsencrypt/scripts/main.py index 3b4b7c10d..269f66744 100644 --- a/letsencrypt/scripts/main.py +++ b/letsencrypt/scripts/main.py @@ -32,6 +32,8 @@ SETUPTOOLS_AUTHENTICATORS_ENTRY_POINT = "letsencrypt.authenticators" def init_auths(config): """Find (setuptools entry points) and initialize Authenticators.""" + # TODO: handle collisions in authenticator names. Or is this + # already handled for us by pkg_resources? auths = {} for entrypoint in pkg_resources.iter_entry_points( SETUPTOOLS_AUTHENTICATORS_ENTRY_POINT): @@ -44,7 +46,7 @@ def init_auths(config): "%r object does not provide IAuthenticator, skipping", entrypoint.name) else: - auths[auth] = entrypoint.name + auths[entrypoint.name] = auth return auths @@ -60,6 +62,12 @@ def create_parser(): add("-s", "--server", default="letsencrypt-demo.org:443", help=config_help("server")) + # TODO: we should generate the list of choices from the set of + # available authenticators, but that is tricky due to the + # dependency between init_auths and config. Hardcoding it for now. + add("-a", "--authenticator", dest="authenticator", + help=config_help("authenticator")) + add("-k", "--authkey", type=read_file, help="Path to the authorized key file") add("-B", "--rsa-key-size", type=int, default=2048, metavar="N", @@ -159,9 +167,10 @@ def main(): # pylint: disable=too-many-branches, too-many-statements display_eula() all_auths = init_auths(config) - logging.debug('Initialized authenticators: %s', all_auths.values()) + logging.debug('Initialized authenticators: %s', all_auths.keys()) try: - auth = client.determine_authenticator(all_auths.keys()) + auth = client.determine_authenticator(all_auths, config) + logging.debug("Selected authenticator: %s", auth) except errors.LetsEncryptClientError: logging.critical("No authentication mechanisms were found on your " "system.")