upstream/certbot
1
0
Fork 0
mirror of https://github.com/certbot/certbot.git synced 2026-06-08 08:12:15 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Renamed client strings/file names plus a few small changes

Browse source
This commit is contained in:
James Kasten 2014-11-11 23:21:36 -08:00
parent f72836ba14
commit 29b21ebb7a
28 changed files with 166 additions and 157 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

0
trustify.py → letsencrypt.py
View file

0
trustify/__init__.py → letsencrypt/__init__.py
View file

0
trustify/client/.ca_offerings → letsencrypt/client/.ca_offerings
View file

0
trustify/client/.gitignore → letsencrypt/client/.gitignore vendored
View file

25
trustify/client/CONFIG.py → letsencrypt/client/CONFIG.py
View file

@ -1,9 +1,9 @@
# Apache server root directory
SERVER_ROOT = "/etc/apache2/"
# Configuration file directory for trustify
CONFIG_DIR = "/etc/trustify/"
# Working directory for trustify
WORK_DIR = "/var/lib/trustify/"
# Configuration file directory for letsencrypt
CONFIG_DIR = "/etc/letsencrypt/"
# Working directory for letsencrypt
WORK_DIR = "/var/lib/letsencrypt/"
# Directory where configuration backups are stored
BACKUP_DIR = WORK_DIR + "backups/"
# Replaces MODIFIED_FILES, directory where temp checkpoint is created
@ -17,14 +17,15 @@ KEY_DIR = SERVER_ROOT + "ssl/"
# Certificate storage
CERT_DIR = SERVER_ROOT + "certs/"
# Used by openssl to sign challenge certificate with trustify extension
CHOC_CERT_CONF = CONFIG_DIR + "choc_cert_extensions.cnf"
# Used by openssl to sign challenge certificate with letsencrypt extension
# No longer used
#CHOC_CERT_CONF = CONFIG_DIR + "choc_cert_extensions.cnf"
# Contains standard Apache SSL directives
OPTIONS_SSL_CONF = CONFIG_DIR + "options-ssl.conf"
# Trustify SSL vhost configuration extension
TRUSTIFY_VHOST_EXT = "-trustify-ssl.conf"
# Let's Encrypt SSL vhost configuration extension
LE_VHOST_EXT = "-letsencrypt-ssl.conf"
# Temporary file for challenge virtual hosts
APACHE_CHALLENGE_CONF = CONFIG_DIR + "choc_sni_cert_challenge.conf"
APACHE_CHALLENGE_CONF = CONFIG_DIR + "LE_dvsni_cert_challenge.conf"
# Byte size of S and Nonce
S_SIZE = 32
@ -36,9 +37,9 @@ RSA_KEY_SIZE = 2048
# bits of hashcash to generate
difficulty = 23
# Trustify cert and chain files
CERT_PATH = CERT_DIR + "trustify-cert.pem"
CHAIN_PATH = CERT_DIR + "trustify-chain.pem"
# Let's Encrypt cert and chain files
CERT_PATH = CERT_DIR + "letsencrypt-cert.pem"
CHAIN_PATH = CERT_DIR + "letsencrypt-chain.pem"
#Invalid Extension
INVALID_EXT = ".acme.invalid"

0
trustify/client/__init__.py → letsencrypt/client/__init__.py
View file

0
trustify/client/acme.py → letsencrypt/client/acme.py
View file

0
trustify/client/ca_offerings → letsencrypt/client/ca_offerings
View file

2
trustify/client/challenge.py → letsencrypt/client/challenge.py
View file

@ -1,4 +1,4 @@
from trustify.client import logger
from letsencrypt.client import logger
#import logger
class Challenge(object):

0
trustify/client/choc_cert_extensions.cnf → letsencrypt/client/choc_cert_extensions.cnf
View file

44
trustify/client/client.py → letsencrypt/client/client.py
View file

@ -14,16 +14,16 @@ from Crypto.PublicKey import RSA
from Crypto.Signature import PKCS1_v1_5
from Crypto.Hash import SHA256
from trustify.client.acme import acme_object_validate
from trustify.client.sni_challenge import SNI_Challenge
from trustify.client.payment_challenge import Payment_Challenge
from trustify.client import configurator
from trustify.client import logger, display
from trustify.client import trustify_util, crypto_util, display
from trustify.client.CONFIG import NONCE_SIZE, RSA_KEY_SIZE, CERT_PATH
from trustify.client.CONFIG import CHAIN_PATH, SERVER_ROOT, KEY_DIR, CERT_DIR
from trustify.client.CONFIG import CERT_KEY_BACKUP
from trustify.client.CONFIG import CHALLENGE_PREFERENCES, EXCLUSIVE_CHALLENGES
from letsencrypt.client.acme import acme_object_validate
from letsencrypt.client.sni_challenge import SNI_Challenge
from letsencrypt.client.payment_challenge import Payment_Challenge
from letsencrypt.client import configurator
from letsencrypt.client import logger, display
from letsencrypt.client import le_util, crypto_util, display
from letsencrypt.client.CONFIG import NONCE_SIZE, RSA_KEY_SIZE, CERT_PATH
from letsencrypt.client.CONFIG import CHAIN_PATH, SERVER_ROOT, KEY_DIR, CERT_DIR
from letsencrypt.client.CONFIG import CERT_KEY_BACKUP
from letsencrypt.client.CONFIG import CHALLENGE_PREFERENCES, EXCLUSIVE_CHALLENGES
# it's weird to point to chocolate servers via raw IPv6 addresses, and such
# addresses can be %SCARY in some contexts, so out of paranoia let's disable
# them by default
@ -193,7 +193,7 @@ class Client(object):
def store_cert_key(self, encrypt = False):
list_file = CERT_KEY_BACKUP + "LIST"
trustify_util.make_or_verify_dir(CERT_KEY_BACKUP, 0700)
le_util.make_or_verify_dir(CERT_KEY_BACKUP, 0700)
idx = 0
if encrypt:
@ -226,7 +226,7 @@ class Client(object):
certs = []
if not os.path.isfile(CERT_KEY_BACKUP + "LIST"):
logger.info("You don't have any certificates saved from trustify")
logger.info("You don't have any certificates saved from letsencrypt")
return
with open(list_file, 'rb') as csvfile:
@ -272,7 +272,7 @@ class Client(object):
def install_certificate(self, certificate_dict, vhost):
cert_chain_abspath = None
cert_fd, self.cert_file = trustify_util.unique_file(CERT_PATH, 644)
cert_fd, self.cert_file = le_util.unique_file(CERT_PATH, 644)
cert_fd.write(
crypto_util.b64_cert_to_pem(certificate_dict["certificate"]))
cert_fd.close()
@ -280,7 +280,7 @@ class Client(object):
self.cert_file)
if certificate_dict.get("chain", None):
chain_fd, chain_fn = trustify_util.unique_file(CHAIN_PATH, 644)
chain_fd, chain_fn = le_util.unique_file(CHAIN_PATH, 644)
for c in certificate_dict.get("chain", []):
chain_fd.write(crypto_util.b64_cert_to_pem(c))
chain_fd.close()
@ -547,9 +547,9 @@ class Client(object):
if not self.key_file:
key_pem = crypto_util.make_key(RSA_KEY_SIZE)
# Save file
trustify_util.make_or_verify_dir(KEY_DIR, 0700)
key_f, self.key_file = trustify_util.unique_file(
KEY_DIR + "key-trustify.pem", 0600)
le_util.make_or_verify_dir(KEY_DIR, 0700)
key_f, self.key_file = le_util.unique_file(
KEY_DIR + "key-letsencrypt.pem", 0600)
key_f.write(key_pem)
key_f.close()
logger.info("Generating key: %s" % self.key_file)
@ -563,9 +563,9 @@ class Client(object):
if not self.csr_file:
csr_pem, csr_der = crypto_util.make_csr(self.key_file, self.names)
# Save CSR
trustify_util.make_or_verify_dir(CERT_DIR, 0755)
csr_f, self.csr_file = trustify_util.unique_file(
CERT_DIR + "csr-trustify.pem", 0644)
le_util.make_or_verify_dir(CERT_DIR, 0755)
csr_f, self.csr_file = le_util.unique_file(
CERT_DIR + "csr-letsencrypt.pem", 0644)
csr_f.write(csr_pem)
csr_f.close()
logger.info("Creating CSR: %s" % self.csr_file)
@ -600,7 +600,7 @@ class Client(object):
EV_choices = []
choices = []
try:
with open("/etc/trustify/.ca_offerings") as f:
with open("/etc/letsencrypt/.ca_offerings") as f:
for line in f:
choice = line.split(";", 1)
if 'DV' in choice[0]:
@ -627,7 +627,7 @@ class Client(object):
if not self.names:
logger.fatal("No domain names were found in your apache config")
logger.fatal("Either specify which names you would like trustify \
logger.fatal("Either specify which names you would like letsencrypt \
to validate or add server names to your virtual hosts")
sys.exit(1)

117
trustify/client/configurator.py → letsencrypt/client/configurator.py
View file

@ -9,13 +9,13 @@ import time
import shutil
import errno
from trustify.client.CONFIG import SERVER_ROOT, BACKUP_DIR
from trustify.client.CONFIG import REWRITE_HTTPS_ARGS, CONFIG_DIR, WORK_DIR
from trustify.client.CONFIG import TEMP_CHECKPOINT_DIR, IN_PROGRESS_DIR
from trustify.client.CONFIG import OPTIONS_SSL_CONF, TRUSTIFY_VHOST_EXT
from trustify.client import logger, trustify_util
from letsencrypt.client.CONFIG import SERVER_ROOT, BACKUP_DIR
from letsencrypt.client.CONFIG import REWRITE_HTTPS_ARGS, CONFIG_DIR, WORK_DIR
from letsencrypt.client.CONFIG import TEMP_CHECKPOINT_DIR, IN_PROGRESS_DIR
from letsencrypt.client.CONFIG import OPTIONS_SSL_CONF, LE_VHOST_EXT
from letsencrypt.client import logger, le_util
#from CONFIG import SERVER_ROOT, BACKUP_DIR, REWRITE_HTTPS_ARGS, CONFIG_DIR, WORK_DIR, TEMP_CHECKPOINT_DIR, IN_PROGRESS_DIR, OPTIONS_SSL_CONF, TRUSTIFY_VHOST_EXT
#import logger, trustify_util
#import logger, le_util
# Question: Am I missing any attacks that can result from modifying CONFIG file?
# Configurator should be turned into a Singleton
@ -65,7 +65,6 @@ class Configurator(object):
def __init__(self, server_root=SERVER_ROOT):
# TODO: this instantiation can be optimized to only load Httd
# relevant files - I believe -> NO_MODL_AUTOLOAD
# TODO: Use server_root instead SERVER_ROOT
self.server_root = server_root
@ -110,7 +109,7 @@ class Configurator(object):
destination
TODO: Make sure last directive is changed
TODO: Might be nice to remove chain directive if none exists
* This shouldn't happen within trustify though
* This shouldn't happen within letsencrypt though
"""
search = {}
path = {}
@ -272,7 +271,7 @@ class Configurator(object):
Returns list of virtual hosts found in the Apache configuration
"""
#Search sites-available, httpd.conf for possible virtual hosts
paths = self.aug.match("/files%ssites-available//*[label()=~regexp('%s')]" % (SERVER_ROOT, self.case_i('VirtualHost')))
paths = self.aug.match("/files%ssites-available//*[label()=~regexp('%s')]" % (self.server_root, self.case_i('VirtualHost')))
vhs = []
for p in paths:
vhs.append(self.__create_vhost(p))
@ -308,13 +307,13 @@ class Configurator(object):
Directive is added to ports.conf unless the file doesn't exist
It is added to httpd.conf as a backup
"""
aug_file_path = "/files%sports.conf" % SERVER_ROOT
aug_file_path = "/files%sports.conf" % self.server_root
self.add_dir_to_ifmodssl(aug_file_path, "NameVirtualHost", addr)
if len(self.find_directive(self.case_i("NameVirtualHost"), self.case_i(addr))) == 0:
logger.warn("ports.conf is not included in your Apache config...")
logger.warn("Adding NameVirtualHost directive to httpd.conf")
self.add_dir_to_ifmodssl("/files" + SERVER_ROOT + "httpd.conf", "NameVirtualHost", addr)
self.add_dir_to_ifmodssl("/files" + self.server_root + "httpd.conf", "NameVirtualHost", addr)
self.save_notes += 'Setting %s to be NameBasedVirtualHost\n' % addr
@ -349,7 +348,7 @@ class Configurator(object):
if len(self.find_directive(self.case_i("Listen"), "443")) == 0:
logger.debug("No Listen 443 directive found")
logger.debug("Setting the Apache Server to Listen on port 443")
self.add_dir_to_ifmodssl("/files" + SERVER_ROOT + "ports.conf", "Listen", "443")
self.add_dir_to_ifmodssl("/files" + self.server_root + "ports.conf", "Listen", "443")
self.save_notes += "Added Listen 443 directive to ports.conf\n"
# Check for NameVirtualHost
@ -395,7 +394,7 @@ class Configurator(object):
self.aug.set(aug_conf_path + "/directive[last()]/arg["+str(i+1)+"]", arg[i])
def find_directive(self, directive, arg=None, start="/files"+SERVER_ROOT+"apache2.conf"):
def find_directive(self, directive, arg=None, start=""):
"""
Recursively searches through config files to find directives
Directives should be in the form of a case insensitive regex currently
@ -408,7 +407,11 @@ class Configurator(object):
transformation by calling case_i() on everything to maintain
compatibility.
"""
# Cannot place member variable in the definition of the function so...
if not start:
start = "/files%sapache2.conf" % self.server_root
#Debug code
#print "find_dir:", directive, "arg:", arg, " | Looking in:", start
# No regexp code
@ -441,7 +444,6 @@ class Configurator(object):
supported.
"""
#return '[' + "][".join([c.upper()+c.lower() if c.isalpha() else c for c in re.escape(string)]) + ']'
return "".join(["["+c.upper()+c.lower()+"]" if c.isalpha() else c for c in re.escape(string)])
def strip_dir(self, path):
@ -486,7 +488,7 @@ class Configurator(object):
arg = cur_dir + arg
# conf/ is a special variable for ServerRoot in Apache
elif arg.startswith("conf/"):
arg = SERVER_ROOT + arg[5:]
arg = self.server_root + arg[5:]
# TODO: Test if Apache allows ../ or ~/ for Includes
# Attempts to add a transform to the file if one does not already exist
@ -530,23 +532,33 @@ class Configurator(object):
def make_vhost_ssl(self, nonssl_vhost):
"""
Duplicates vhost and adds default ssl options
New vhost will reside as (nonssl_vhost.path) + TRUSTIFY_VHOST_EXT
New vhost will reside as (nonssl_vhost.path) + LE_VHOST_EXT
"""
avail_fp = nonssl_vhost.file
# Copy file
ssl_fp = avail_fp + TRUSTIFY_VHOST_EXT
orig_file = open(avail_fp, 'r')
if avail_fp.endswith(".conf"):
ssl_fp = avail_fp[:-(len(".conf"))] + LE_VHOST_EXT
else:
ssl_fp = avail_fp + LE_VHOST_EXT
# First register the creation so that it is properly removed if
# configuration is rolled back
self.register_file_creation(False, ssl_fp)
new_file = open(ssl_fp, 'w')
new_file.write("<IfModule mod_ssl.c>\n")
for line in orig_file:
new_file.write(line)
new_file.write("</IfModule>\n")
orig_file.close()
new_file.close()
try:
orig_file = open(avail_fp, 'r')
new_file = open(ssl_fp, 'w')
new_file.write("<IfModule mod_ssl.c>\n")
for line in orig_file:
new_file.write(line)
new_file.write("</IfModule>\n")
except:
logger.fatal("Error writing/reading to file in make_vhost_ssl")
sys.exit(49)
finally:
orig_file.close()
new_file.close()
self.aug.load()
# Delete the VH addresses because they may change here
del nonssl_vhost.addrs[:]
@ -640,7 +652,7 @@ class Configurator(object):
returns boolean, integer
The boolean indicates whether the redirection exists...
The integer has the following code:
0 - Existing trustify https rewrite rule is appropriate and in place
0 - Existing letsencrypt https rewrite rule is appropriate and in place
1 - Virtual host contains a Redirect directive
2 - Virtual host contains an unknown RewriteRule
@ -658,11 +670,11 @@ class Configurator(object):
if len(rewrite_path) == len(REWRITE_HTTPS_ARGS):
for idx, m in enumerate(rewrite_path):
if self.aug.get(m) != REWRITE_HTTPS_ARGS[idx]:
# Not a trustify https rewrite
# Not a letsencrypt https rewrite
return True, 2
# Existing trustify https rewrite rule is in place
# Existing letsencrypt https rewrite rule is in place
return True, 0
# Rewrite path exists but is not a trustify https rule
# Rewrite path exists but is not a letsencrypt https rule
return True, 2
def create_redirect_vhost(self, ssl_vhost):
@ -697,16 +709,16 @@ LogLevel warn \n\
# Write out the file
# This is the default name
redirect_filename = "trustify-redirect.conf"
redirect_filename = "letsencrypt-redirect.conf"
# See if a more appropriate name can be applied
if len(ssl_vhost.names) > 0:
# Sanity check...
# make sure servername doesn't exceed filename length restriction
if ssl_vhost.names[0] < (255-23):
redirect_filename = "trustify-redirect-" + ssl_vhost.names[0] + ".conf"
redirect_filename = "letsencrypt-redirect-" + ssl_vhost.names[0] + ".conf"
redirect_filepath = SERVER_ROOT + "sites-available/" + redirect_filename
redirect_filepath = self.server_root + "sites-available/" + redirect_filename
# Register the new file that will be created
# Note: always register the creation before writing to ensure file will
@ -720,7 +732,7 @@ LogLevel warn \n\
self.aug.load()
# Make a new vhost data structure and add it to the lists
new_fp = SERVER_ROOT + "sites-available/" + redirect_filename
new_fp = self.server_root + "sites-available/" + redirect_filename
new_vhost = self.__create_vhost("/files" + new_fp)
self.vhosts.append(new_vhost)
@ -847,7 +859,7 @@ LogLevel warn \n\
avail_fp: string - Should be complete file path
"""
enabled_dir = SERVER_ROOT + "sites-enabled/"
enabled_dir = self.server_root + "sites-enabled/"
for f in os.listdir(enabled_dir):
if os.path.realpath(enabled_dir + f) == avail_fp:
return True
@ -861,7 +873,7 @@ LogLevel warn \n\
TODO: Make sure link is not broken...
"""
if "/sites-available/" in vhost.file:
enabled_path = "%ssites-enabled/%s" % (SERVER_ROOT, os.path.basename(vhost.file))
enabled_path = "%ssites-enabled/%s" % (self.server_root, os.path.basename(vhost.file))
self.register_file_creation(False, enabled_path)
os.symlink(vhost.file, enabled_path)
vhost.enabled = True
@ -918,7 +930,7 @@ LogLevel warn \n\
def save_apache_config(self):
# Not currently used
# Should be safe because it is a protected directory
shutil.copytree(SERVER_ROOT, BACKUP_DIR + "apache2-" + str(time.time()))
shutil.copytree(self.server_root, BACKUP_DIR + "apache2-" + str(time.time()))
def recovery_routine(self):
"""
@ -971,9 +983,9 @@ LogLevel warn \n\
Aim for defensive coding... make sure all input files
have permissions of root
'''
trustify_util.make_or_verify_dir(CONFIG_DIR, 0755)
trustify_util.make_or_verify_dir(WORK_DIR, 0755)
trustify_util.make_or_verify_dir(BACKUP_DIR, 0755)
le_util.make_or_verify_dir(CONFIG_DIR, 0755)
le_util.make_or_verify_dir(WORK_DIR, 0755)
le_util.make_or_verify_dir(BACKUP_DIR, 0755)
def standardize_excl(self):
"""
@ -989,7 +1001,7 @@ LogLevel warn \n\
# I had no luck
# This is a hack... work around... submit to augeas if still not fixed
excl = ["*.augnew", "*.augsave", "*.dpkg-dist", "*.dpkg-bak", "*.dpkg-new", "*.dpkg-old", "*.rpmsave", "*.rpmnew", "*~", SERVER_ROOT + "*.augsave", SERVER_ROOT + "*~", SERVER_ROOT + "*/*augsave", SERVER_ROOT + "*/*~", SERVER_ROOT + "*/*/*.augsave", SERVER_ROOT + "*/*/*~"]
excl = ["*.augnew", "*.augsave", "*.dpkg-dist", "*.dpkg-bak", "*.dpkg-new", "*.dpkg-old", "*.rpmsave", "*.rpmnew", "*~", self.server_root + "*.augsave", self.server_root + "*~", self.server_root + "*/*augsave", self.server_root + "*/*~", self.server_root + "*/*/*.augsave", self.server_root + "*/*/*~"]
for i in range(len(excl)):
self.aug.set("/augeas/load/Httpd/excl[%d]" % (i+1), excl[i])
@ -1177,7 +1189,7 @@ LogLevel warn \n\
return True
def add_to_checkpoint(self, cp_dir, save_files):
trustify_util.make_or_verify_dir(cp_dir, 0755)
le_util.make_or_verify_dir(cp_dir, 0755)
existing_filepaths = []
op_fd = None
@ -1269,21 +1281,6 @@ LogLevel warn \n\
return True, "Successful"
# protected_fd = open(MODIFIED_FILES, 'r+')
# protected_files = protected_fd.read().splitlines()
# for filename in save_files:
# if filename in protected_files:
# protected_fd.close()
# return False, "Attempting to overwrite a reversible file - %s" %filename
# # No protected files are trying to be overwritten
# if reversible:
# for filename in save_files:
# protected_fd.write(filename + "\n")
# protected_fd.close()
# return True, "Successful"
def display_checkpoints(self):
"""
Displays all saved checkpoints
@ -1295,7 +1292,7 @@ LogLevel warn \n\
backups.sort(reverse=True)
if not backups:
print "Trustify has not saved any backups of your apache configuration"
print "Letsencrypt has not saved any backups of your apache configuration"
# Make sure there isn't anything unexpected in the backup folder
# There should only be timestamped (float) directories
try:
@ -1327,7 +1324,7 @@ LogLevel warn \n\
def register_file_creation(self, temporary, *files):
"""
This is used to register the creation of all files during Trustify
This is used to register the creation of all files during Letsencrypt
execution. Call this method before writing to the file to make sure
that the file will be cleaned up if the program exits unexpectedly.
(Before a save occurs)
@ -1337,7 +1334,7 @@ LogLevel warn \n\
else:
cp_dir = IN_PROGRESS_DIR
trustify_util.make_or_verify_dir(cp_dir)
le_util.make_or_verify_dir(cp_dir)
try:
with open(cp_dir + "NEW_FILES", 'a') as fd:
for f in files:

4
trustify/client/crypto_util.py → letsencrypt/client/crypto_util.py
View file

@ -8,8 +8,8 @@ from Crypto.Hash import SHA256
from M2Crypto import EVP, X509, ASN1
from trustify.client import logger
from trustify.client.CONFIG import NONCE_SIZE, RSA_KEY_SIZE
from letsencrypt.client import logger
from letsencrypt.client.CONFIG import NONCE_SIZE, RSA_KEY_SIZE
def b64_cert_to_pem(b64_der_cert):

18
trustify/client/display.py → letsencrypt/client/display.py
View file

@ -1,5 +1,5 @@
import dialog
from trustify.client import logger
from letsencrypt.client import logger
WIDTH = 70
@ -19,6 +19,8 @@ class Display(SingletonD):
raise Exception("Error no display defined")
def generic_menu(self, message, choices, input_text):
raise Exception("Error no display defined")
def generic_input(self, message):
raise Exception("Error no display defined")
def filter_names(self, names):
raise Exception("Error no display defined")
def success_installation(self, domains):
@ -83,6 +85,9 @@ class NcursesDisplay(Display):
return self.d.menu(message, choices = choices,
width=WIDTH, height=HEIGHT)
def generic_input(self, message):
return self.d.inputbox(message)
def filter_names(self, names):
choices = [(n, "", 0) for n in names]
c, s = self.d.checklist("Which names would you like to activate \
@ -156,6 +161,14 @@ class FileDisplay(Display):
return code, selection
def generic_input(self, message):
ans = raw_input("%s (Enter c to cancel)\n" % message)
if ans.startswith('c') or ans.startswith('C'):
return CANCEL, -1
else:
return OK, ans
def filter_names(self, names):
c, s = self.generic_menu(
"Choose the names would you like to upgrade to HTTPS?",
@ -236,6 +249,9 @@ def generic_notification(message):
def generic_menu(message, choices, input_text):
return display.generic_menu(message, choices, input_text)
def generic_input(message):
return display.generic_message(message)
def filter_names(names):
return display.filter_names(names)

6
trustify/client/interactive_challenge.py → letsencrypt/client/interactive_challenge.py
View file

@ -1,5 +1,5 @@
from trustify.client.challenge import Challenge
from trustify.client import logger
from letsencrypt.client.challenge import Challenge
from letsencrypt.client import logger
import textwrap
############################################################
@ -14,7 +14,7 @@ import textwrap
# Interactive challlenge displays the string sent by the CA
# formatted to fit on the screen of the client
# The Challenge also adds proper instructions for how the
# client should continue the trustify process
# client should continue the letsencrypt process
###########################################################
class Interactive_Challenge(Challenge):

4
trustify/client/trustify_util.py → letsencrypt/client/le_util.py
View file

@ -1,10 +1,10 @@
# This file will contain functions useful for all Trustify Classes
# This file will contain functions useful for all Letsencrypt Classes
import errno
import stat
import os, pwd, grp
import M2Crypto
import time
from trustify.client import logger
from letsencrypt.client import logger
#import logger

1
trustify/client/logger.py → letsencrypt/client/logger.py
View file

@ -1,4 +1,3 @@
import sys
import time

0
trustify/client/options-ssl.conf → letsencrypt/client/options-ssl.conf
View file

4
trustify/client/payment_challenge.py → letsencrypt/client/payment_challenge.py
View file

@ -1,5 +1,5 @@
from trustify.client.challenge import Challenge
from trustify.client import logger
from letsencrypt.client.challenge import Challenge
from letsencrypt.client import logger
import dialog
############################################################

6
trustify/client/recovery_contact_challenge.py → letsencrypt/client/recovery_contact_challenge.py
View file

@ -1,6 +1,6 @@
from trustify.client.challenge import Challenge
from trustify.client import logger
from trustify.client.CONFIG import RECOVERY_TOKEN_EXT
from letsencrypt.client.challenge import Challenge
from letsencrypt.client import logger
from letsencrypt.client.CONFIG import RECOVERY_TOKEN_EXT
# TODO: Replace urllib2 because of lack of certificate validation checks
import dialog, urllib2

22
letsencrypt/client/recovery_token_challenge.py Normal file
View file

@ -0,0 +1,22 @@
from letsencrypt.client.challenge import Challenge
from letsencrypt.client import logger
from letsencrypt.client.CONFIG import RECOVERY_TOKEN_EXT
class RecoveryToken(Challenge):
def __init__(self):
self.token = ""
def perform(self, quiet = True):
cancel, self.token = dialog.generic_input("Please Input Recovery Token: ")
if cancel == 1:
return False
return True
def cleanup(self):
pass
def generate_response(self):
return {"type":"recoveryToken", "token":self.token}

0
trustify/client/setup.sh → letsencrypt/client/setup.sh
View file

44
trustify/client/sni_challenge.py → letsencrypt/client/sni_challenge.py
View file

@ -12,20 +12,20 @@ import binascii
import augeas
import jose
from trustify.client import configurator
from letsencrypt.client import configurator
from trustify.client.CONFIG import CONFIG_DIR, WORK_DIR, SERVER_ROOT
from trustify.client.CONFIG import CHOC_CERT_CONF, OPTIONS_SSL_CONF, APACHE_CHALLENGE_CONF, INVALID_EXT
from trustify.client.CONFIG import S_SIZE, NONCE_SIZE
from trustify.client import logger, crypto_util
from trustify.client.challenge import Challenge
from letsencrypt.client.CONFIG import CONFIG_DIR, WORK_DIR, SERVER_ROOT
from letsencrypt.client.CONFIG import OPTIONS_SSL_CONF, APACHE_CHALLENGE_CONF, INVALID_EXT
from letsencrypt.client.CONFIG import S_SIZE, NONCE_SIZE
from letsencrypt.client import logger, crypto_util
from letsencrypt.client.challenge import Challenge
# import configurator
# from CONFIG import CONFIG_DIR, WORK_DIR, SERVER_ROOT
# from CONFIG import CHOC_CERT_CONF, OPTIONS_SSL_CONF, APACHE_CHALLENGE_CONF, INVALID_EXT
# from CONFIG import S_SIZE, NONCE_SIZE
# import logger, trustify_util
# import logger, le_util
# from challenge import Challenge
@ -136,9 +136,9 @@ DocumentRoot " + CONFIG_DIR + "challenge_page/ \n \
nonce: string - hex
key: string - file path to key
result: certificate created at getChocCertFile(nonce)
result: certificate created at getDvsniCertFile(nonce)
"""
self.createCHOC_CERT_CONF(name, ext)
#self.createCHOC_CERT_CONF(name, ext)
self.configurator.register_file_creation(True, self.getDvsniCertFile(nonce))
cert_pem = crypto_util.make_ss_cert(key, [nonce + INVALID_EXT, name, ext])
@ -151,21 +151,21 @@ DocumentRoot " + CONFIG_DIR + "challenge_page/ \n \
#subprocess.call(["openssl", "x509", "-req", "-days", "21", "-extfile", CHOC_CERT_CONF, "-extensions", "v3_ca", "-signkey", key, "-out", self.getDvsniCertFile(nonce), "-in", csr], stdout=open("/dev/null", 'w'), stderr=open("/dev/null", 'w'))
def createCHOC_CERT_CONF(self, name, ext):
"""
Generates an OpenSSL certificate configuration file
"""
# def createCHOC_CERT_CONF(self, name, ext):
# """
# Generates an OpenSSL certificate configuration file
# """
text = " # OpenSSL configuration file. \n\n \
[ v3_ca ] \n \
basicConstraints = CA:TRUE\n\
subjectAltName = @alt_names\n\n\
[ alt_names ]\n"
# text = " # OpenSSL configuration file. \n\n \
# [ v3_ca ] \n \
# basicConstraints = CA:TRUE\n\
# subjectAltName = @alt_names\n\n\
# [ alt_names ]\n"
with open(CHOC_CERT_CONF, 'w') as f:
f.write(text)
f.write("DNS:1 = %s\n" % name)
f.write("DNS:2 = %s\n" % ext)
# with open(CHOC_CERT_CONF, 'w') as f:
# f.write(text)
# f.write("DNS:1 = %s\n" % name)
# f.write("DNS:2 = %s\n" % ext)
def generateExtension(self, r, s):
"""

0
trustify/client/validator.py → letsencrypt/client/validator.py
View file

0
trustify/protocol/__init__.py → letsencrypt/protocol/__init__.py
View file

0
trustify/protocol/chocolate.proto → letsencrypt/protocol/chocolate.proto
View file

0
trustify/protocol/hashcash.py → letsencrypt/protocol/hashcash.py
View file

26
trustify/client/recovery_token_challenge.py
View file

@ -1,26 +0,0 @@
from trustify.client.challenge import Challenge
from trustify.client import logger
from trustify.client.CONFIG import RECOVERY_TOKEN_EXT
import dialog
class RecoveryToken(Challenge):
def __init__(self):
self.token = ""
def perform(self, quiet = True):
if quiet:
cancel, self.token = dialog.Dialog().inputbox("Please Input Recovery Token")
if cancel == 1:
return False
else:
self.token = raw_input("Enter the Recovery Token: ")
return True
def cleanup(self):
pass
def generate_response(self):
return {"type":"recoveryToken", "token":self.token}