Messages

ACME protocol messages.

acme.messages.is_acme_error(err: BaseException) bool[source]

Check if argument is an ACME error.

class acme.messages.IdentifierType(name: str)[source]

ACME identifier type.

class acme.messages.Identifier(**kwargs: Any)[source]

ACME identifier.

Variables
exception acme.messages.Error(**kwargs: Any)[source]

ACME error.

https://datatracker.ietf.org/doc/html/rfc7807

Variables
  • typ (str) –

  • title (str) –

  • detail (str) –

  • identifier (Identifier) –

  • subproblems (tuple) – An array of ACME Errors which may be present when the CA returns multiple errors related to the same request, tuple of Error.

classmethod with_code(code: str, **kwargs: Any) Error[source]

Create an Error instance with an ACME Error code.

Str code

An ACME error code, like ‘dnssec’.

Kwargs

kwargs to pass to Error.

property description: Optional[str]

Hardcoded error description based on its type.

Returns

Description if standard ACME error or None.

Return type

str

property code: Optional[str]

ACME error code.

Basically self.typ without the ERROR_PREFIX.

Returns

error code if standard ACME code or None.

Return type

str

class acme.messages.Status(name: str)[source]

ACME “status” field.

class acme.messages.Directory(jobj: Mapping[str, Any])[source]

Directory.

Directory resources must be accessed by the exact field name in RFC8555 (section 9.7.5).

class Meta(**kwargs: Any)[source]

Directory Meta.

property terms_of_service: str

URL for the CA TOS

to_partial_json() Dict[str, Any][source]

Partially serialize.

Following the example, partial serialization means the following:

assert isinstance(Bar().to_partial_json()[0], Foo)
assert isinstance(Bar().to_partial_json()[1], Foo)

# in particular...
assert Bar().to_partial_json() != ['foo', 'foo']
Raises

josepy.errors.SerializationError – in case of any serialization error.

Returns

Partially serializable object.

classmethod from_json(jobj: MutableMapping[str, Any]) Directory[source]

Deserialize a decoded JSON document.

Parameters

jobj – Python object, composed of only other basic data types, as decoded from JSON document. Not necessarily dict (as decoded from “JSON object” document).

Raises

josepy.errors.DeserializationError – if decoding was unsuccessful, e.g. in case of unparseable X509 certificate, or wrong padding in JOSE base64 encoded string, etc.

class acme.messages.Resource(**kwargs: Any)[source]

ACME Resource.

Variables

body (acme.messages.ResourceBody) – Resource body.

class acme.messages.ResourceWithURI(**kwargs: Any)[source]

ACME Resource with URI.

Variables

uri (str) – Location of the resource.

class acme.messages.ResourceBody(**kwargs: Any)[source]

ACME Resource Body.

class acme.messages.ExternalAccountBinding[source]

ACME External Account Binding

classmethod from_data(account_public_key: JWK, kid: str, hmac_key: str, directory: Directory) Dict[str, Any][source]

Create External Account Binding Resource from contact details, kid and hmac.

class acme.messages.Registration(**kwargs: Any)[source]

Registration Resource Body.

Variables
  • key (jose.JWK) – Public key.

  • contact (tuple) – Contact information following ACME spec, tuple of str.

  • agreement (str) –

classmethod from_data(phone: Optional[str] = None, email: Optional[str] = None, external_account_binding: Optional[Dict[str, Any]] = None, **kwargs: Any) GenericRegistration[source]

Create registration resource from contact details.

The contact keyword being passed to a Registration object is meaningful, so this function represents empty iterables in its kwargs by passing on an empty tuple.

to_partial_json() Dict[str, Any][source]

Modify josepy.JSONDeserializable.to_partial_json()

fields_to_partial_json() Dict[str, Any][source]

Modify josepy.JSONObjectWithFields.fields_to_partial_json()

property phones: Tuple[str, ...]

All phones found in the contact field.

property emails: Tuple[str, ...]

All emails found in the contact field.

class acme.messages.NewRegistration(**kwargs: Any)[source]

New registration.

class acme.messages.UpdateRegistration(**kwargs: Any)[source]

Update registration.

class acme.messages.RegistrationResource(**kwargs: Any)[source]

Registration Resource.

Variables
  • body (acme.messages.Registration) –

  • new_authzr_uri (str) – Deprecated. Do not use.

  • terms_of_service (str) – URL for the CA TOS.

class acme.messages.ChallengeBody(**kwargs: Any)[source]

Challenge Resource Body.

Variables
  • acme.challenges.Challenge – Wrapped challenge. Conveniently, all challenge fields are proxied, i.e. you can call challb.x to get challb.chall.x contents.

  • status (acme.messages.Status) –

  • validated (datetime.datetime) –

  • error (messages.Error) –

encode(name: str) Any[source]

Encode a single field.

Parameters

name (str) – Name of the field to be encoded.

Raises
  • errors.SerializationError – if field cannot be serialized

  • errors.Error – if field could not be found

to_partial_json() Dict[str, Any][source]

Partially serialize.

Following the example, partial serialization means the following:

assert isinstance(Bar().to_partial_json()[0], Foo)
assert isinstance(Bar().to_partial_json()[1], Foo)

# in particular...
assert Bar().to_partial_json() != ['foo', 'foo']
Raises

josepy.errors.SerializationError – in case of any serialization error.

Returns

Partially serializable object.

classmethod fields_from_json(jobj: Mapping[str, Any]) Dict[str, Any][source]

Deserialize fields from JSON.

property uri: str

The URL of this challenge.

class acme.messages.ChallengeResource(**kwargs: Any)[source]

Challenge Resource.

Variables
property uri: str

The URL of the challenge body.

class acme.messages.Authorization(**kwargs: Any)[source]

Authorization Resource Body.

Variables
class acme.messages.NewAuthorization(**kwargs: Any)[source]

New authorization.

class acme.messages.UpdateAuthorization(**kwargs: Any)[source]

Update authorization.

class acme.messages.AuthorizationResource(**kwargs: Any)[source]

Authorization Resource.

Variables
class acme.messages.CertificateRequest(**kwargs: Any)[source]

ACME newOrder request.

Variables

csr (jose.ComparableX509) – OpenSSL.crypto.X509Req wrapped in ComparableX509

class acme.messages.CertificateResource(**kwargs: Any)[source]

Certificate Resource.

Variables
  • body (josepy.util.ComparableX509) – OpenSSL.crypto.X509 wrapped in ComparableX509

  • cert_chain_uri (str) – URI found in the ‘up’ Link header

  • authzrs (tuple) – tuple of AuthorizationResource.

class acme.messages.Revocation(**kwargs: Any)[source]

Revocation message.

Variables

certificate (jose.ComparableX509) – OpenSSL.crypto.X509 wrapped in jose.ComparableX509

class acme.messages.Order(**kwargs: Any)[source]

Order Resource Body.

Variables
  • identifiers (list of Identifier) – List of identifiers for the certificate.

  • status (acme.messages.Status) –

  • authorizations (list of str) – URLs of authorizations.

  • certificate (str) – URL to download certificate as a fullchain PEM.

  • finalize (str) – URL to POST to to request issuance once all authorizations have “valid” status.

  • expires (datetime.datetime) – When the order expires.

  • error (Error) – Any error that occurred during finalization, if applicable.

class acme.messages.OrderResource(**kwargs: Any)[source]

Order Resource.

Variables
  • body (acme.messages.Order) –

  • csr_pem (bytes) – The CSR this Order will be finalized with.

  • authorizations (list of acme.messages.AuthorizationResource) – Fully-fetched AuthorizationResource objects.

  • fullchain_pem (str) – The fetched contents of the certificate URL produced once the order was finalized, if it’s present.

  • alternative_fullchains_pem (list of str) – The fetched contents of alternative certificate chain URLs produced once the order was finalized, if present and requested during finalization.

class acme.messages.NewOrder(**kwargs: Any)[source]

New order.