diff options
author | Seth Schoen <schoen@eff.org> | 2016-04-02 04:47:12 +0300 |
---|---|---|
committer | Seth Schoen <schoen@eff.org> | 2016-04-02 04:47:12 +0300 |
commit | e0a1871bb8a04a2868c180d4ff0a2f900e8cdebc (patch) | |
tree | 87807954fdeed6c6c1f3d918e43d9f196454d954 | |
parent | 3d260485cd833571a2e8d4ac1baaa3dd228a292c (diff) |
Initial work on ignoring rate limits on dry rundry_run_ratelimits
-rw-r--r-- | letsencrypt/client.py | 44 | ||||
-rw-r--r-- | letsencrypt/errors.py | 9 |
2 files changed, 45 insertions, 8 deletions
diff --git a/letsencrypt/client.py b/letsencrypt/client.py index da2e1f086..93465379b 100644 --- a/letsencrypt/client.py +++ b/letsencrypt/client.py @@ -218,12 +218,31 @@ class Client(object): logger.debug("CSR: %s, domains: %s", csr, domains) if authzr is None: - authzr = self.auth_handler.get_authorizations(domains) + try: + authzr = self.auth_handler.get_authorizations(domains) + except errors.Error as error: + if error.typ == "urn:acme:error:rateLimited": + if self.config.dry_run: + # We convert this exception into a special one + # that is reported differently. + raise errors.DryRunAuthzRateLimited() + # We re-raise the original error. + raise + + try: + certr = self.acme.request_issuance( + jose.ComparableX509( + OpenSSL.crypto.load_certificate_request(typ, csr.data)), + authzr) + except errors.Error as error: + if error.typ == "urn:acme:error:rateLimited": + if self.config.dry_run: + # We convert this exception into a special one + # that is reported differently. + raise errors.DryRunNewCertRateLimited() + # We re-raise the original error. + raise - certr = self.acme.request_issuance( - jose.ComparableX509( - OpenSSL.crypto.load_certificate_request(typ, csr.data)), - authzr) return certr, self.acme.fetch_chain(certr) def obtain_certificate(self, domains): @@ -240,9 +259,18 @@ class Client(object): :rtype: tuple """ - authzr = self.auth_handler.get_authorizations( - domains, - self.config.allow_subset_of_names) + try: + authzr = self.auth_handler.get_authorizations( + domains, + self.config.allow_subset_of_names) + except errors.Error as error: + if error.typ == "urn:acme:error:rateLimited": + if self.config.dry_run: + # We convert this exception into a special one + # that is reported differently. + raise errors.DryRunAuthzRateLimited() + # We re-raise the original error. + raise domains = [a.body.identifier.value.encode('ascii') for a in authzr] diff --git a/letsencrypt/errors.py b/letsencrypt/errors.py index 532a3a545..ab2d05360 100644 --- a/letsencrypt/errors.py +++ b/letsencrypt/errors.py @@ -94,3 +94,12 @@ class ConfigurationError(Error): class MissingCommandlineFlag(Error): """A command line argument was missing in noninteractive usage""" + +# Dry run rate limit errors to allow treating this event specially during +# a dry run: + +class DryRunAuthzRateLimited(error): + """The server reported a rate limit on newauthz during a dry run.""" + +class DryRunNewCertRateLimited(error): + """The server reported a rate limit on newcert during a dry run.""" |