certbot/letsencrypt/scripts/main.py

#!/usr/bin/env python
"""Parse command line and call the appropriate functions."""
import argparse
import logging
import os
import sys

import zope.component
import zope.interface

from letsencrypt.client import CONFIG
from letsencrypt.client import client
from letsencrypt.client import display
from letsencrypt.client import interfaces
from letsencrypt.client import log
from letsencrypt.client import revoker
from letsencrypt.client.apache import configurator


def main():  # pylint: disable=too-many-statements
    """Command line argument parsing and main script execution."""
    if not os.geteuid() == 0:
        sys.exit(
            "{0}Root is required to run letsencrypt.  Please use sudo.{0}"
            .format(os.linesep))

    parser = argparse.ArgumentParser(
        description="An ACME client that can update Apache configurations.")

    parser.add_argument("-d", "--domains", dest="domains", metavar="DOMAIN",
                        nargs="+")
    parser.add_argument("-s", "--server", dest="server",
                        help="The ACME CA server address.")
    parser.add_argument("-p", "--privkey", dest="privkey", type=read_file,
                        help="Path to the private key file for certificate "
                             "generation.")
    parser.add_argument("-b", "--rollback", dest="rollback", type=int,
                        default=0, metavar="N",
                        help="Revert configuration N number of checkpoints.")
    parser.add_argument("-k", "--revoke", dest="revoke", action="store_true",
                        help="Revoke a certificate.")
    parser.add_argument("-v", "--view-config-changes",
                        dest="view_config_changes",
                        action="store_true",
                        help="View checkpoints and associated configuration "
                             "changes.")
    parser.add_argument("-r", "--redirect", dest="redirect",
                        action="store_const", const=True,
                        help="Automatically redirect all HTTP traffic to HTTPS "
                             "for the newly authenticated vhost.")
    parser.add_argument("-n", "--no-redirect", dest="redirect",
                        action="store_const", const=False,
                        help="Skip the HTTPS redirect question, allowing both "
                             "HTTP and HTTPS.")
    parser.add_argument("-e", "--agree-tos", dest="eula", action="store_true",
                        help="Skip the end user license agreement screen.")
    parser.add_argument("-t", "--text", dest="use_curses", action="store_false",
                        help="Use the text output instead of the curses UI.")
    parser.add_argument("--test", dest="test", action="store_true",
                        help="Run in test mode.")

    args = parser.parse_args()

    # Set up logging
    logger = logging.getLogger()
    logger.setLevel(logging.INFO)
    if args.use_curses:
        logger.addHandler(log.DialogHandler())
        displayer = display.NcursesDisplay()
    else:
        displayer = display.FileDisplay(sys.stdout)
    zope.component.provideUtility(displayer)

    installer = determine_installer()
    server = CONFIG.ACME_SERVER if args.server is None else args.server

    if args.revoke:
        revoc = revoker.Revoker(server, installer)
        revoc.list_certs_keys()
        sys.exit()

    if args.rollback > 0:
        rollback(installer, args.rollback)
        sys.exit()

    if args.view_config_changes:
        view_config_changes(installer)
        sys.exit()

    if not args.eula:
        display_eula()

    # Use the same object if possible
    if interfaces.IAuthenticator.providedBy(installer):
        auth = installer
    else:
        auth = determine_authenticator()

    domains = choose_names(installer) if args.domains is None else args.domains

    # Prepare for init of Client
    if args.privkey is None:
        privkey = client.init_key()
    else:
        privkey = client.Client.Key(args.privkey[0], args.privkey[1])

    acme = client.Client(server, privkey, auth, installer)

    # Validate the key and csr
    client.validate_key_csr(privkey)

    cert_file, chain_file = acme.obtain_certificate(domains)
    acme.deploy_certificate(domains, privkey, cert_file, chain_file)
    acme.enhance_config(domains, args.redirect)


def display_eula():
    """Displays the end user agreement."""
    with open('EULA') as eula_file:
        if not zope.component.getUtility(interfaces.IDisplay).generic_yesno(
                eula_file.read(), "Agree", "Cancel"):
            sys.exit(0)


def choose_names(installer):
    """Display screen to select domains to validate.

    :param installer: An installer object
    :type installer: :class:`letsencrypt.client.interfaces.IInstaller`

    """
    # This function adds all names
    # found within the config to self.names
    # Then filters them based on user selection
    code, names = zope.component.getUtility(
        interfaces.IDisplay).filter_names(get_all_names(installer))
    if code == display.OK and names:
        return names
    else:
        sys.exit(0)


def get_all_names(installer):
    """Return all valid names in the configuration.

    :param installer: An installer object
    :type installer: :class:`letsencrypt.client.interfaces.IInstaller`

    """
    names = list(installer.get_all_names())
    client.sanity_check_names(names)

    if not names:
        logging.fatal("No domain names were found in your installation")
        logging.fatal("Either specify which names you would like "
                      "letsencrypt to validate or add server names "
                      "to your virtual hosts")
        sys.exit(1)

    return names


# This should be controlled by commandline parameters
def determine_authenticator():
    """Returns a valid IAuthenticator."""
    return configurator.ApacheConfigurator()


def determine_installer():
    """Returns a valid IInstaller."""
    return configurator.ApacheConfigurator()


def read_file(filename):
    """Returns the given file's contents with universal new line support.

    :param str filename: Filename

    :returns: A tuple of filename and its contents
    :rtype: tuple

    :raises argparse.ArgumentTypeError: File does not exist or is not readable.

    """
    try:
        return filename, open(filename, 'rU').read()
    except IOError as exc:
        raise argparse.ArgumentTypeError(exc.strerror)


def rollback(installer, checkpoints):
    """Revert configuration the specified number of checkpoints.

    :param installer: Installer object
    :type installer: :class:`letsencrypt.client.interfaces.IInstaller`

    :param int checkpoints: Number of checkpoints to revert.

    """
    installer.rollback_checkpoints(checkpoints)
    installer.restart()


def view_config_changes(installer):
    """View checkpoints and associated configuration changes.

    :param installer: Installer object
    :type installer: :class:`letsencrypt.client.interfaces.IInstaller`

    """
    installer.view_config_changes()

if __name__ == "__main__":
    main()
letsencrypt.py as setuptools console script 2014-11-19 07:28:02 -05:00			`#!/usr/bin/env python`
Clean up imports 2014-11-21 15:06:13 -05:00			`"""Parse command line and call the appropriate functions."""`
Set some defaults for instance attributes used outside of __init__() to make them explicit. 2014-11-26 21:10:04 -05:00			`import argparse`
Refactor logging, "pythonic" DialogHandler 2014-12-10 05:32:22 -05:00			`import logging`
letsencrypt.py as setuptools console script 2014-11-19 07:28:02 -05:00			`import os`
			`import sys`

display using ZCA 2014-12-17 06:02:15 -05:00			`import zope.component`
pylint: 10/10 with missing-docstring 2015-01-24 08:12:45 -05:00			`import zope.interface`
display using ZCA 2014-12-17 06:02:15 -05:00
Clean up imports 2014-11-21 15:06:13 -05:00			`from letsencrypt.client import CONFIG`
letsencrypt.py as setuptools console script 2014-11-19 07:28:02 -05:00			`from letsencrypt.client import client`
			`from letsencrypt.client import display`
Major refactor of client and main 2014-12-17 09:27:21 -05:00			`from letsencrypt.client import interfaces`
Refactor logging, "pythonic" DialogHandler 2014-12-10 05:32:22 -05:00			`from letsencrypt.client import log`
Refactor for revocation 2014-12-21 06:37:29 -05:00			`from letsencrypt.client import revoker`
Refactored/added tests 2014-12-19 18:49:29 -05:00			`from letsencrypt.client.apache import configurator`
letsencrypt.py as setuptools console script 2014-11-19 07:28:02 -05:00
Set some defaults for instance attributes used outside of __init__() to make them explicit. 2014-11-26 21:10:04 -05:00
pylint: 10/10 with missing-docstring 2015-01-24 08:12:45 -05:00			`def main(): # pylint: disable=too-many-statements`
Changes per pylint. 2014-11-26 21:30:42 -05:00			`"""Command line argument parsing and main script execution."""`
letsencrypt.py as setuptools console script 2014-11-19 07:28:02 -05:00			`if not os.geteuid() == 0:`
Changes per pylint. 2014-11-26 21:30:42 -05:00			`sys.exit(`
			`"{0}Root is required to run letsencrypt. Please use sudo.{0}"`
			`.format(os.linesep))`

			`parser = argparse.ArgumentParser(`
			`description="An ACME client that can update Apache configurations.")`

			`parser.add_argument("-d", "--domains", dest="domains", metavar="DOMAIN",`
			`nargs="+")`
			`parser.add_argument("-s", "--server", dest="server",`
			`help="The ACME CA server address.")`
Added namedtuples for key, csr in client 2014-11-30 05:31:44 -05:00			`parser.add_argument("-p", "--privkey", dest="privkey", type=read_file,`
Changes per pylint. 2014-11-26 21:30:42 -05:00			`help="Path to the private key file for certificate "`
			`"generation.")`
			`parser.add_argument("-b", "--rollback", dest="rollback", type=int,`
Clarified --rollback command line option. 2014-11-28 16:47:37 -05:00			`default=0, metavar="N",`
			`help="Revert configuration N number of checkpoints.")`
Changes per pylint. 2014-11-26 21:30:42 -05:00			`parser.add_argument("-k", "--revoke", dest="revoke", action="store_true",`
			`help="Revoke a certificate.")`
Initial attempt at API modification and associated changes 2015-01-15 04:43:54 -05:00			`parser.add_argument("-v", "--view-config-changes",`
			`dest="view_config_changes",`
Changes per pylint. 2014-11-26 21:30:42 -05:00			`action="store_true",`
			`help="View checkpoints and associated configuration "`
			`"changes.")`
			`parser.add_argument("-r", "--redirect", dest="redirect",`
			`action="store_const", const=True,`
			`help="Automatically redirect all HTTP traffic to HTTPS "`
			`"for the newly authenticated vhost.")`
			`parser.add_argument("-n", "--no-redirect", dest="redirect",`
			`action="store_const", const=False,`
			`help="Skip the HTTPS redirect question, allowing both "`
			`"HTTP and HTTPS.")`
Initial attempt at API modification and associated changes 2015-01-15 04:43:54 -05:00			`parser.add_argument("-e", "--agree-tos", dest="eula", action="store_true",`
Changes per pylint. 2014-11-26 21:30:42 -05:00			`help="Skip the end user license agreement screen.")`
Refactor logging, "pythonic" DialogHandler 2014-12-10 05:32:22 -05:00			`parser.add_argument("-t", "--text", dest="use_curses", action="store_false",`
Changes per pylint. 2014-11-26 21:30:42 -05:00			`help="Use the text output instead of the curses UI.")`
			`parser.add_argument("--test", dest="test", action="store_true",`
			`help="Run in test mode.")`
Set some defaults for instance attributes used outside of __init__() to make them explicit. 2014-11-26 21:10:04 -05:00
Various bug, docstring, and PEP8 fixes. 2014-11-29 11:15:56 -05:00			`args = parser.parse_args()`
Set some defaults for instance attributes used outside of __init__() to make them explicit. 2014-11-26 21:10:04 -05:00
Refactor logging, "pythonic" DialogHandler 2014-12-10 05:32:22 -05:00			`# Set up logging`
			`logger = logging.getLogger()`
Refactor for revocation 2014-12-21 06:37:29 -05:00			`logger.setLevel(logging.INFO)`
Refactor logging, "pythonic" DialogHandler 2014-12-10 05:32:22 -05:00			`if args.use_curses:`
			`logger.addHandler(log.DialogHandler())`
display using ZCA 2014-12-17 06:02:15 -05:00			`displayer = display.NcursesDisplay()`
letsencrypt.py as setuptools console script 2014-11-19 07:28:02 -05:00			`else:`
display using ZCA 2014-12-17 06:02:15 -05:00			`displayer = display.FileDisplay(sys.stdout)`
			`zope.component.provideUtility(displayer)`
letsencrypt.py as setuptools console script 2014-11-19 07:28:02 -05:00
Refactor for revocation 2014-12-21 06:37:29 -05:00			`installer = determine_installer()`
Final cleanup 2014-12-21 19:32:01 -05:00			`server = CONFIG.ACME_SERVER if args.server is None else args.server`
Refactor for revocation 2014-12-21 06:37:29 -05:00
			`if args.revoke:`
			`revoc = revoker.Revoker(server, installer)`
			`revoc.list_certs_keys()`
			`sys.exit()`

Set some defaults for instance attributes used outside of __init__() to make them explicit. 2014-11-26 21:10:04 -05:00			`if args.rollback > 0:`
Refactor for revocation 2014-12-21 06:37:29 -05:00			`rollback(installer, args.rollback)`
Set some defaults for instance attributes used outside of __init__() to make them explicit. 2014-11-26 21:10:04 -05:00			`sys.exit()`
letsencrypt.py as setuptools console script 2014-11-19 07:28:02 -05:00
Initial attempt at API modification and associated changes 2015-01-15 04:43:54 -05:00			`if args.view_config_changes:`
			`view_config_changes(installer)`
Set some defaults for instance attributes used outside of __init__() to make them explicit. 2014-11-26 21:10:04 -05:00			`sys.exit()`
letsencrypt.py as setuptools console script 2014-11-19 07:28:02 -05:00
Initial attempt at API modification and associated changes 2015-01-15 04:43:54 -05:00			`if not args.eula:`
			`display_eula()`

Refactor for revocation 2014-12-21 06:37:29 -05:00			`# Use the same object if possible`
			`if interfaces.IAuthenticator.providedBy(installer):`
			`auth = installer`
			`else:`
			`auth = determine_authenticator()`
PEP8 compliance main.py 2014-11-25 03:43:18 -05:00
Major refactor of client and main 2014-12-17 09:27:21 -05:00			`domains = choose_names(installer) if args.domains is None else args.domains`

Added in filename support because configuration files still need to reference the correct place 2014-11-29 19:05:18 -05:00			`# Prepare for init of Client`
Added namedtuples for key, csr in client 2014-11-30 05:31:44 -05:00			`if args.privkey is None:`
Major refactor of client and main 2014-12-17 09:27:21 -05:00			`privkey = client.init_key()`
Added namedtuples for key, csr in client 2014-11-30 05:31:44 -05:00			`else:`
			`privkey = client.Client.Key(args.privkey[0], args.privkey[1])`
Added in filename support because configuration files still need to reference the correct place 2014-11-29 19:05:18 -05:00
Initial attempt at API modification and associated changes 2015-01-15 04:43:54 -05:00			`acme = client.Client(server, privkey, auth, installer)`
Major refactor of client and main 2014-12-17 09:27:21 -05:00
Refactor for revocation 2014-12-21 06:37:29 -05:00			`# Validate the key and csr`
Initial attempt at API modification and associated changes 2015-01-15 04:43:54 -05:00			`client.validate_key_csr(privkey)`
Refactor for revocation 2014-12-21 06:37:29 -05:00
Initial attempt at API modification and associated changes 2015-01-15 04:43:54 -05:00			`cert_file, chain_file = acme.obtain_certificate(domains)`
			`acme.deploy_certificate(domains, privkey, cert_file, chain_file)`
			`acme.enhance_config(domains, args.redirect)`
Major refactor of client and main 2014-12-17 09:27:21 -05:00

			`def display_eula():`
			`"""Displays the end user agreement."""`
			`with open('EULA') as eula_file:`
Make necessary fixes to pull request 2014-12-22 00:41:12 -05:00			`if not zope.component.getUtility(interfaces.IDisplay).generic_yesno(`
Major refactor of client and main 2014-12-17 09:27:21 -05:00			`eula_file.read(), "Agree", "Cancel"):`
			`sys.exit(0)`


			`def choose_names(installer):`
			`"""Display screen to select domains to validate.`

			`:param installer: An installer object`
			:type installer: :class:`letsencrypt.client.interfaces.IInstaller`

			`"""`
			`# This function adds all names`
			`# found within the config to self.names`
			`# Then filters them based on user selection`
Make necessary fixes to pull request 2014-12-22 00:41:12 -05:00			`code, names = zope.component.getUtility(`
Merge branch 'zope.interface' into zope.interface-display Conflicts: letsencrypt/client/client.py letsencrypt/scripts/main.py 2014-12-21 20:26:31 -05:00			`interfaces.IDisplay).filter_names(get_all_names(installer))`
Major refactor of client and main 2014-12-17 09:27:21 -05:00			`if code == display.OK and names:`
Initial challenge refactor/allow multiple names 2015-01-06 04:57:07 -05:00			`return names`
Set some defaults for instance attributes used outside of __init__() to make them explicit. 2014-11-26 21:10:04 -05:00			`else:`
Major refactor of client and main 2014-12-17 09:27:21 -05:00			`sys.exit(0)`


			`def get_all_names(installer):`
			`"""Return all valid names in the configuration.`

			`:param installer: An installer object`
			:type installer: :class:`letsencrypt.client.interfaces.IInstaller`

			`"""`
			`names = list(installer.get_all_names())`
			`client.sanity_check_names(names)`

			`if not names:`
			`logging.fatal("No domain names were found in your installation")`
			`logging.fatal("Either specify which names you would like "`
			`"letsencrypt to validate or add server names "`
			`"to your virtual hosts")`
			`sys.exit(1)`

			`return names`


			`# This should be controlled by commandline parameters`
			`def determine_authenticator():`
Initial attempt at API modification and associated changes 2015-01-15 04:43:54 -05:00			`"""Returns a valid IAuthenticator."""`
pylint: 10/10 with missing-docstring 2015-01-24 08:12:45 -05:00			`return configurator.ApacheConfigurator()`
Major refactor of client and main 2014-12-17 09:27:21 -05:00

			`def determine_installer():`
pylint: 10/10 with missing-docstring 2015-01-24 08:12:45 -05:00			`"""Returns a valid IInstaller."""`
			`return configurator.ApacheConfigurator()`
Changes per pylint. 2014-11-26 21:30:42 -05:00

Work with CSR and private key file contents in the client. 2014-11-28 15:48:04 -05:00			`def read_file(filename):`
			`"""Returns the given file's contents with universal new line support.`
Provide more user-friendly errors when opening file handles. 2014-11-28 11:41:03 -05:00
More unifying after merge with master 2014-11-29 21:07:52 -05:00			`:param str filename: Filename`
Provide more user-friendly errors when opening file handles. 2014-11-28 11:41:03 -05:00
script doc fix 2014-11-30 07:10:23 -05:00			`:returns: A tuple of filename and its contents`
			`:rtype: tuple`
Provide more user-friendly errors when opening file handles. 2014-11-28 11:41:03 -05:00
Various bug, docstring, and PEP8 fixes. 2014-11-29 11:15:56 -05:00			`:raises argparse.ArgumentTypeError: File does not exist or is not readable.`
Provide more user-friendly errors when opening file handles. 2014-11-28 11:41:03 -05:00
Various bug, docstring, and PEP8 fixes. 2014-11-29 11:15:56 -05:00			`"""`
			`try:`
pylint fixes 2014-12-17 03:14:27 -05:00			`return filename, open(filename, 'rU').read()`
Various bug, docstring, and PEP8 fixes. 2014-11-29 11:15:56 -05:00			`except IOError as exc:`
			`raise argparse.ArgumentTypeError(exc.strerror)`
Provide more user-friendly errors when opening file handles. 2014-11-28 11:41:03 -05:00

Initial attempt at API modification and associated changes 2015-01-15 04:43:54 -05:00			`def rollback(installer, checkpoints):`
Changes per pylint. 2014-11-26 21:30:42 -05:00			`"""Revert configuration the specified number of checkpoints.`

Initial attempt at API modification and associated changes 2015-01-15 04:43:54 -05:00			`:param installer: Installer object`
			:type installer: :class:`letsencrypt.client.interfaces.IInstaller`
Moved config object into the main function. 2014-11-26 22:04:25 -05:00
More unifying after merge with master 2014-11-29 21:07:52 -05:00			`:param int checkpoints: Number of checkpoints to revert.`
Changes per pylint. 2014-11-26 21:30:42 -05:00
			`"""`
Initial attempt at API modification and associated changes 2015-01-15 04:43:54 -05:00			`installer.rollback_checkpoints(checkpoints)`
			`installer.restart()`
Changes per pylint. 2014-11-26 21:30:42 -05:00

Initial attempt at API modification and associated changes 2015-01-15 04:43:54 -05:00			`def view_config_changes(installer):`
Moved config object into the main function. 2014-11-26 22:04:25 -05:00			`"""View checkpoints and associated configuration changes.`

Initial attempt at API modification and associated changes 2015-01-15 04:43:54 -05:00			`:param installer: Installer object`
			:type installer: :class:`letsencrypt.client.interfaces.IInstaller`
Moved config object into the main function. 2014-11-26 22:04:25 -05:00
			`"""`
Initial attempt at API modification and associated changes 2015-01-15 04:43:54 -05:00			`installer.view_config_changes()`
Changes per pylint. 2014-11-26 21:30:42 -05:00
			`if __name__ == "__main__":`
			`main()`