Merge branch 'cli-config-fixes' into renewer-cli

letsencrypt/cli.py

@@ -147,7 +147,7 @@ def install(args, config, plugins):
     acme, doms = _common_run(
         args, config, acc, authenticator=None, installer=installer)
     assert args.cert_path is not None  # required=True in the subparser
-    acme.deploy_certificate(doms, acc.key, args.cert_path, args.chain_path)
+    acme.deploy_certificate(doms, acc.key.file, args.cert_path, args.chain_path)
     acme.enhance_config(doms, args.redirect)
 
 

letsencrypt/client.py

@@ -66,7 +66,7 @@ class Client(object):
         # TODO: Allow for other alg types besides RS256
         self.network = network2.Network(
             config.server, jwk.JWKRSA.load(self.account.key.pem),
-            verify_ssl=config.no_verify_ssl)
+            verify_ssl=(not config.no_verify_ssl))
 
         self.config = config
 
@@ -136,7 +136,7 @@ class Client(object):
         cert_key = crypto_util.init_save_key(
             self.config.rsa_key_size, self.config.key_dir)
         csr = crypto_util.init_save_csr(
-            cert_key, domains, self.config.cert_dir)
+            cert_key, domains, self.config.csr_dir)
 
         # Retrieve certificate
         certr = self.network.request_issuance(

letsencrypt/configuration.py

@@ -19,7 +19,7 @@ class NamespaceConfig(object):
 
       - `accounts_dir`
       - `account_keys_dir`
-      - `cert_dir`
+      - `csr_dir`
       - `cert_key_backup`
       - `in_progress_dir`
       - `key_dir`
@@ -59,15 +59,15 @@ class NamespaceConfig(object):
     def backup_dir(self):  # pylint: disable=missing-docstring
         return os.path.join(self.namespace.work_dir, constants.BACKUP_DIR)
 
-    @property
-    def cert_dir(self):  # pylint: disable=missing-docstring
-        return os.path.join(self.namespace.config_dir, constants.CERT_DIR)
-
     @property
     def cert_key_backup(self):  # pylint: disable=missing-docstring
         return os.path.join(self.namespace.work_dir,
                             constants.CERT_KEY_BACKUP_DIR, self.server_path)
 
+    @property
+    def csr_dir(self):  # pylint: disable=missing-docstring
+        return os.path.join(self.namespace.config_dir, constants.CSR_DIR)
+
     @property
     def in_progress_dir(self):  # pylint: disable=missing-docstring
         return os.path.join(self.namespace.work_dir, constants.IN_PROGRESS_DIR)

letsencrypt/constants.py

@@ -65,7 +65,7 @@ CERT_KEY_BACKUP_DIR = "keys-certs"
 """Directory where all certificates and keys are stored (relative to
 `IConfig.work_dir`). Used for easy revocation."""
 
-CERT_DIR = "certs"
+CSR_DIR = "csrs"
 """Directory (relative to `IConfig.config_dir`) where CSRs are saved."""
 
 IN_PROGRESS_DIR = "IN_PROGRESS"

letsencrypt/crypto_util.py

@@ -55,7 +55,7 @@ def init_save_key(key_size, key_dir, keyname="key-letsencrypt.pem"):
     return le_util.Key(key_path, key_pem)
 
 
-def init_save_csr(privkey, names, cert_dir, csrname="csr-letsencrypt.pem"):
+def init_save_csr(privkey, names, path, csrname="csr-letsencrypt.pem"):
     """Initialize a CSR with the given private key.
 
     :param privkey: Key to include in the CSR
@@ -63,7 +63,7 @@ def init_save_csr(privkey, names, cert_dir, csrname="csr-letsencrypt.pem"):
 
     :param set names: `str` names to include in the CSR
 
-    :param str cert_dir: Certificate save directory.
+    :param str path: Certificate save directory.
 
     :returns: CSR
     :rtype: :class:`letsencrypt.le_util.CSR`
@@ -72,9 +72,9 @@ def init_save_csr(privkey, names, cert_dir, csrname="csr-letsencrypt.pem"):
     csr_pem, csr_der = make_csr(privkey.pem, names)
 
     # Save CSR
-    le_util.make_or_verify_dir(cert_dir, 0o755, os.geteuid())
+    le_util.make_or_verify_dir(path, 0o755, os.geteuid())
     csr_f, csr_filename = le_util.unique_file(
-        os.path.join(cert_dir, csrname), 0o644)
+        os.path.join(path, csrname), 0o644)
     csr_f.write(csr_pem)
     csr_f.close()
 

letsencrypt/interfaces.py

@@ -162,7 +162,7 @@ class IConfig(zope.interface.Interface):
     account_keys_dir = zope.interface.Attribute(
         "Directory where all account keys are stored.")
     backup_dir = zope.interface.Attribute("Configuration backups directory.")
-    cert_dir = zope.interface.Attribute("Certificates and CSRs storage.")
+    csr_dir = zope.interface.Attribute("CSRs storage.")
     cert_key_backup = zope.interface.Attribute(
         "Directory where all certificates and keys are stored. "
         "Used for easy revocation.")

letsencrypt/tests/client_test.py

@@ -1,6 +1,7 @@
 """Tests for letsencrypt.client."""
 import os
 import unittest
+import pkg_resources
 import shutil
 import tempfile
 
@@ -11,7 +12,33 @@ from letsencrypt import configuration
 from letsencrypt import le_util
 
 
+KEY = pkg_resources.resource_string(
+    __name__, os.path.join("testdata", "rsa512_key.pem"))
+
+
+class ClientTest(unittest.TestCase):
+    """Tests for letsencrypt.client.Client."""
+
+    def setUp(self):
+        self.config = mock.MagicMock(no_verify_ssl=False)
+        # pylint: disable=star-args
+        self.account = mock.MagicMock(**{"key.pem": KEY})
+
+        from letsencrypt.client import Client
+        with mock.patch("letsencrypt.client.network2") as network2:
+            self.client = Client(
+                config=self.config, account_=self.account, dv_auth=None,
+                installer=None)
+        self.network2 = network2
+
+    def test_init_network_verify_ssl(self):
+        self.network2.Network.assert_called_once_with(
+            mock.ANY, mock.ANY, verify_ssl=True)
+
+
 class DetermineAccountTest(unittest.TestCase):
+    """Tests for letsencrypt.client.determine_authenticator."""
+
     def setUp(self):
         self.accounts_dir = tempfile.mkdtemp("accounts")
         account_keys_dir = os.path.join(self.accounts_dir, "keys")
@@ -54,7 +81,8 @@ class DetermineAccountTest(unittest.TestCase):
 
 
 class RollbackTest(unittest.TestCase):
-    """Test the rollback function."""
+    """Tests for letsencrypt.client.rollback."""
+
     def setUp(self):
         self.m_install = mock.MagicMock()
 

letsencrypt/tests/configuration_test.py

@@ -33,8 +33,8 @@ class NamespaceConfigTest(unittest.TestCase):
         constants.ACCOUNTS_DIR = 'acc'
         constants.ACCOUNT_KEYS_DIR = 'keys'
         constants.BACKUP_DIR = 'backups'
-        constants.CERT_DIR = 'certs'
         constants.CERT_KEY_BACKUP_DIR = 'c/'
+        constants.CSR_DIR = 'csrs'
         constants.IN_PROGRESS_DIR = '../p'
         constants.KEY_DIR = 'keys'
         constants.REC_TOKEN_DIR = '/r'
@@ -47,7 +47,7 @@ class NamespaceConfigTest(unittest.TestCase):
             self.config.account_keys_dir,
             '/tmp/config/acc/acme-server.org:443/new/keys')
         self.assertEqual(self.config.backup_dir, '/tmp/foo/backups')
-        self.assertEqual(self.config.cert_dir, '/tmp/config/certs')
+        self.assertEqual(self.config.csr_dir, '/tmp/config/csrs')
         self.assertEqual(
             self.config.cert_key_backup, '/tmp/foo/c/acme-server.org:443/new')
         self.assertEqual(self.config.in_progress_dir, '/tmp/foo/../p')