change: use generic wrapper function for handling acme requests to retry on invalid nonce errors

author: Hendrik Jäger <gitcommit@henk.geekmail.org> 2024-02-03 13:38:31 +0100
committer: Hendrik Jäger <gitcommit@henk.geekmail.org> 2024-02-03 13:38:31 +0100
commit: 8501b85e09c02f9bd18e8f73453a327ddf7c12e1 (patch)
tree: 7f2ccc4003e750a3fb65f3243f74c7298e475a44 /macir.rb
parent: db7ded836d43cf0860b76dfec6f0efa5305b1ede (diff)
1 files changed, 18 insertions, 72 deletions
diff --git a/macir.rb b/macir.rb
index f371c36..8331da4 100644
--- a/macir.rb
+++ b/macir.rb
@@ -185,29 +185,24 @@ def wait_for_challenge_propagation(domain, challenge)
   threads.each(&:join)
 end
 
+def acme_request_with_retries
+  retries ||= 0
+  yield
+rescue Acme::Client::Error::BadNonce
+  retries += 1
+  p 'Retrying because of invalid nonce.'
+  retry if retries <= 5
+end
+
 def wait_for_challenge_validation(challenge, cert_name)
   p 'Requesting validation of challenge'
-  begin
-    retries ||= 0
-    challenge.request_validation
-  rescue Acme::Client::Error::BadNonce
-    retries += 1
-    p 'Retrying because of invalid nonce.'
-    retry if retries <= 5
-  end
+  acme_request_with_retries { challenge.request_validation }
 
   while challenge.status == 'pending'
     p "Cert #{cert_name}: Sleeping because challenge validation is pending"
     sleep(0.1)
     p 'Checking again'
-    begin
-      retries ||= 0
-      challenge.reload
-    rescue Acme::Client::Error::BadNonce
-      retries += 1
-      p 'Retrying because of invalid nonce.'
-      retry if retries <= 5
-    end
+    acme_request_with_retries { challenge.reload }
   end
 end
 
@@ -221,45 +216,17 @@ def get_cert(order, cert_name, domains, domain_key)
     subject: { common_name: domains[0] }
   )
   p "Cert #{cert_name}: Finalize cert order"
-  begin
-    retries ||= 0
-    order.reload
-  rescue Acme::Client::Error::BadNonce
-    retries += 1
-    p 'Retrying because of invalid nonce.'
-    retry if retries <= 5
-  end
-  begin
-    retries ||= 0
-    order.finalize(csr: csr)
-  rescue Acme::Client::Error::BadNonce
-    retries += 1
-    p 'Retrying because of invalid nonce.'
-    retry if retries <= 5
-  end
+  acme_request_with_retries { order.reload }
+  acme_request_with_retries { order.finalize(csr: csr) }
   while order.status == 'processing'
     p "Cert #{cert_name}: Sleep while order is processing"
     sleep(0.1)
     p "Cert #{cert_name}: Rechecking order status"
-    begin
-      retries ||= 0
-      order.reload
-    rescue Acme::Client::Error::BadNonce
-      retries += 1
-      p 'Retrying because of invalid nonce.'
-      retry if retries <= 5
-    end
+    acme_request_with_retries { order.reload }
   end
   # p "order status: #{order.status}"
   # pp order
-  begin
-    retries ||= 0
-    cert = order.certificate
-  rescue Acme::Client::Error::BadNonce
-    retries += 1
-    p 'Retrying because of invalid nonce.'
-    retry if retries <= 5
-  end
+  cert = acme_request_with_retries { order.certificate }
 
   p "Cert #{cert_name}: Writing cert"
   cert_file = File.new("#{path}#{Time.now.to_i}.crt", 'w')
@@ -305,24 +272,10 @@ config['certs'].each_pair do |cert_name, cert_opts|
     p "Cert #{cert_name}: Creating client object for communication with CA"
     client = Acme::Client.new(private_key: private_key, directory: acme_directory_url)
 
-    begin
-      retries ||= 0
-      client.new_account(contact: "mailto:#{email}", terms_of_service_agreed: true)
-    rescue Acme::Client::Error::BadNonce
-      retries += 1
-      p 'Retrying because of invalid nonce.'
-      retry if retries <= 5
-    end
+    acme_request_with_retries { client.new_account(contact: "mailto:#{email}", terms_of_service_agreed: true) }
 
     p "Cert #{cert_name}: Creating order object for cert #{cert_name}"
-    begin
-      retries ||= 0
-      order = client.new_order(identifiers: cert_opts['domain_names'])
-    rescue Acme::Client::Error::BadNonce
-      retries += 1
-      p 'Retrying because of invalid nonce.'
-      retry if retries <= 5
-    end
+    order = acme_request_with_retries { client.new_order(identifiers: cert_opts['domain_names']) }
 
     p "Cert #{cert_name}: order status"
     p order.status
@@ -332,14 +285,7 @@ config['certs'].each_pair do |cert_name, cert_opts|
 
       # TODO: collect dns modifications per primary NS, update all at once
       p "Cert #{cert_name}: Iterating over required authorizations"
-      begin
-        retries ||= 0
-        auths = order.authorizations
-      rescue Acme::Client::Error::BadNonce
-        retries += 1
-        p 'Retrying because of invalid nonce.'
-        retry if retries <= 5
-      end
+      auths = acme_request_with_retries { order.authorizations }
       auths.each do |auth|
         p "Cert #{cert_name}: Processing authorization for #{auth.domain}"
         p "Cert #{cert_name}: Finding challenge type for #{auth.domain}"
author	Hendrik Jäger <gitcommit@henk.geekmail.org>	2024-02-03 13:38:31 +0100
committer	Hendrik Jäger <gitcommit@henk.geekmail.org>	2024-02-03 13:38:31 +0100
commit	8501b85e09c02f9bd18e8f73453a327ddf7c12e1 (patch)
tree	7f2ccc4003e750a3fb65f3243f74c7298e475a44 /macir.rb
parent	db7ded836d43cf0860b76dfec6f0efa5305b1ede (diff)