diff options
| author | Craig Smith <dashaxiong@users.noreply.github.com> | 2017-01-12 05:26:55 +0300 |
|---|---|---|
| committer | Peter Eckersley <pde@users.noreply.github.com> | 2017-01-12 05:26:55 +0300 |
| commit | 94c23479e21d0387d3718639f1fb755c8895ca7b (patch) | |
| tree | 2faf4d22a2c8cb5329ea3bdd7825a07f352a876b /acme | |
| parent | feaf69db08e0d2041bd9ce15ed44531a0adfc703 (diff) | |
Add option to specify revocation reason (#3242) (#3988)
This includes two new tests in the integration test script to check that
boulder gets the correct code. The encoding is specified in RFC5280
5.3.1. The codes that boulder will accept are a subset of that,
specified in `boulder.revocation.reasons.go`.
Diffstat (limited to 'acme')
| -rw-r--r-- | acme/acme/client.py | 8 | ||||
| -rw-r--r-- | acme/acme/client_test.py | 16 | ||||
| -rw-r--r-- | acme/acme/messages.py | 1 |
3 files changed, 21 insertions, 4 deletions
diff --git a/acme/acme/client.py b/acme/acme/client.py index b5db57235..26109352b 100644 --- a/acme/acme/client.py +++ b/acme/acme/client.py @@ -481,17 +481,21 @@ class Client(object): # pylint: disable=too-many-instance-attributes "Recursion limit reached. Didn't get {0}".format(uri)) return chain - def revoke(self, cert): + def revoke(self, cert, rsn): """Revoke certificate. :param .ComparableX509 cert: `OpenSSL.crypto.X509` wrapped in `.ComparableX509` + :param int rsn: Reason code for certificate revocation. + :raises .ClientError: If revocation is unsuccessful. """ response = self.net.post(self.directory[messages.Revocation], - messages.Revocation(certificate=cert), + messages.Revocation( + certificate=cert, + reason=rsn), content_type=None) if response.status_code != http_client.OK: raise errors.ClientError( diff --git a/acme/acme/client_test.py b/acme/acme/client_test.py index e0403ef28..4822a1ae6 100644 --- a/acme/acme/client_test.py +++ b/acme/acme/client_test.py @@ -81,6 +81,9 @@ class ClientTest(unittest.TestCase): uri='https://www.letsencrypt-demo.org/acme/cert/1', cert_chain_uri='https://www.letsencrypt-demo.org/ca') + # Reason code for revocation + self.rsn = 1 + def test_init_downloads_directory(self): uri = 'http://www.letsencrypt-demo.org/directory' from acme.client import Client @@ -427,13 +430,22 @@ class ClientTest(unittest.TestCase): self.assertRaises(errors.Error, self.client.fetch_chain, self.certr) def test_revoke(self): - self.client.revoke(self.certr.body) + self.client.revoke(self.certr.body, self.rsn) self.net.post.assert_called_once_with( self.directory[messages.Revocation], mock.ANY, content_type=None) + def test_revocation_payload(self): + obj = messages.Revocation(certificate=self.certr.body, reason=self.rsn) + self.assertTrue('reason' in obj.to_partial_json().keys()) + self.assertEquals(self.rsn, obj.to_partial_json()['reason']) + def test_revoke_bad_status_raises_error(self): self.response.status_code = http_client.METHOD_NOT_ALLOWED - self.assertRaises(errors.ClientError, self.client.revoke, self.certr) + self.assertRaises( + errors.ClientError, + self.client.revoke, + self.certr, + self.rsn) class ClientNetworkTest(unittest.TestCase): diff --git a/acme/acme/messages.py b/acme/acme/messages.py index a7c86a10c..29d719684 100644 --- a/acme/acme/messages.py +++ b/acme/acme/messages.py @@ -469,3 +469,4 @@ class Revocation(jose.JSONObjectWithFields): resource = fields.Resource(resource_type) certificate = jose.Field( 'certificate', decoder=jose.decode_cert, encoder=jose.encode_cert) + reason = jose.Field('reason') |