diff --git a/trustify.py b/letsencrypt.py
similarity index 100%
rename from trustify.py
rename to letsencrypt.py
diff --git a/trustify/__init__.py b/letsencrypt/__init__.py
similarity index 100%
rename from trustify/__init__.py
rename to letsencrypt/__init__.py
diff --git a/trustify/client/.ca_offerings b/letsencrypt/client/.ca_offerings
similarity index 100%
rename from trustify/client/.ca_offerings
rename to letsencrypt/client/.ca_offerings
diff --git a/trustify/client/.gitignore b/letsencrypt/client/.gitignore
similarity index 100%
rename from trustify/client/.gitignore
rename to letsencrypt/client/.gitignore
diff --git a/trustify/client/CONFIG.py b/letsencrypt/client/CONFIG.py
similarity index 70%
rename from trustify/client/CONFIG.py
rename to letsencrypt/client/CONFIG.py
index af817a793..607b17ed1 100644
--- a/trustify/client/CONFIG.py
+++ b/letsencrypt/client/CONFIG.py
@@ -1,9 +1,9 @@
# Apache server root directory
SERVER_ROOT = "/etc/apache2/"
-# Configuration file directory for trustify
-CONFIG_DIR = "/etc/trustify/"
-# Working directory for trustify
-WORK_DIR = "/var/lib/trustify/"
+# Configuration file directory for letsencrypt
+CONFIG_DIR = "/etc/letsencrypt/"
+# Working directory for letsencrypt
+WORK_DIR = "/var/lib/letsencrypt/"
# Directory where configuration backups are stored
BACKUP_DIR = WORK_DIR + "backups/"
# Replaces MODIFIED_FILES, directory where temp checkpoint is created
@@ -17,14 +17,15 @@ KEY_DIR = SERVER_ROOT + "ssl/"
# Certificate storage
CERT_DIR = SERVER_ROOT + "certs/"
-# Used by openssl to sign challenge certificate with trustify extension
-CHOC_CERT_CONF = CONFIG_DIR + "choc_cert_extensions.cnf"
+# Used by openssl to sign challenge certificate with letsencrypt extension
+# No longer used
+#CHOC_CERT_CONF = CONFIG_DIR + "choc_cert_extensions.cnf"
# Contains standard Apache SSL directives
OPTIONS_SSL_CONF = CONFIG_DIR + "options-ssl.conf"
-# Trustify SSL vhost configuration extension
-TRUSTIFY_VHOST_EXT = "-trustify-ssl.conf"
+# Let's Encrypt SSL vhost configuration extension
+LE_VHOST_EXT = "-letsencrypt-ssl.conf"
# Temporary file for challenge virtual hosts
-APACHE_CHALLENGE_CONF = CONFIG_DIR + "choc_sni_cert_challenge.conf"
+APACHE_CHALLENGE_CONF = CONFIG_DIR + "LE_dvsni_cert_challenge.conf"
# Byte size of S and Nonce
S_SIZE = 32
@@ -36,9 +37,9 @@ RSA_KEY_SIZE = 2048
# bits of hashcash to generate
difficulty = 23
-# Trustify cert and chain files
-CERT_PATH = CERT_DIR + "trustify-cert.pem"
-CHAIN_PATH = CERT_DIR + "trustify-chain.pem"
+# Let's Encrypt cert and chain files
+CERT_PATH = CERT_DIR + "letsencrypt-cert.pem"
+CHAIN_PATH = CERT_DIR + "letsencrypt-chain.pem"
#Invalid Extension
INVALID_EXT = ".acme.invalid"
diff --git a/trustify/client/__init__.py b/letsencrypt/client/__init__.py
similarity index 100%
rename from trustify/client/__init__.py
rename to letsencrypt/client/__init__.py
diff --git a/trustify/client/acme.py b/letsencrypt/client/acme.py
similarity index 100%
rename from trustify/client/acme.py
rename to letsencrypt/client/acme.py
diff --git a/trustify/client/ca_offerings b/letsencrypt/client/ca_offerings
similarity index 100%
rename from trustify/client/ca_offerings
rename to letsencrypt/client/ca_offerings
diff --git a/trustify/client/challenge.py b/letsencrypt/client/challenge.py
similarity index 91%
rename from trustify/client/challenge.py
rename to letsencrypt/client/challenge.py
index b8d2e9a08..f55183d24 100644
--- a/trustify/client/challenge.py
+++ b/letsencrypt/client/challenge.py
@@ -1,4 +1,4 @@
-from trustify.client import logger
+from letsencrypt.client import logger
#import logger
class Challenge(object):
diff --git a/trustify/client/choc_cert_extensions.cnf b/letsencrypt/client/choc_cert_extensions.cnf
similarity index 100%
rename from trustify/client/choc_cert_extensions.cnf
rename to letsencrypt/client/choc_cert_extensions.cnf
diff --git a/trustify/client/client.py b/letsencrypt/client/client.py
similarity index 94%
rename from trustify/client/client.py
rename to letsencrypt/client/client.py
index 187927be8..6c184b5ef 100755
--- a/trustify/client/client.py
+++ b/letsencrypt/client/client.py
@@ -14,16 +14,16 @@ from Crypto.PublicKey import RSA
from Crypto.Signature import PKCS1_v1_5
from Crypto.Hash import SHA256
-from trustify.client.acme import acme_object_validate
-from trustify.client.sni_challenge import SNI_Challenge
-from trustify.client.payment_challenge import Payment_Challenge
-from trustify.client import configurator
-from trustify.client import logger, display
-from trustify.client import trustify_util, crypto_util, display
-from trustify.client.CONFIG import NONCE_SIZE, RSA_KEY_SIZE, CERT_PATH
-from trustify.client.CONFIG import CHAIN_PATH, SERVER_ROOT, KEY_DIR, CERT_DIR
-from trustify.client.CONFIG import CERT_KEY_BACKUP
-from trustify.client.CONFIG import CHALLENGE_PREFERENCES, EXCLUSIVE_CHALLENGES
+from letsencrypt.client.acme import acme_object_validate
+from letsencrypt.client.sni_challenge import SNI_Challenge
+from letsencrypt.client.payment_challenge import Payment_Challenge
+from letsencrypt.client import configurator
+from letsencrypt.client import logger, display
+from letsencrypt.client import le_util, crypto_util, display
+from letsencrypt.client.CONFIG import NONCE_SIZE, RSA_KEY_SIZE, CERT_PATH
+from letsencrypt.client.CONFIG import CHAIN_PATH, SERVER_ROOT, KEY_DIR, CERT_DIR
+from letsencrypt.client.CONFIG import CERT_KEY_BACKUP
+from letsencrypt.client.CONFIG import CHALLENGE_PREFERENCES, EXCLUSIVE_CHALLENGES
# it's weird to point to chocolate servers via raw IPv6 addresses, and such
# addresses can be %SCARY in some contexts, so out of paranoia let's disable
# them by default
@@ -193,7 +193,7 @@ class Client(object):
def store_cert_key(self, encrypt = False):
list_file = CERT_KEY_BACKUP + "LIST"
- trustify_util.make_or_verify_dir(CERT_KEY_BACKUP, 0700)
+ le_util.make_or_verify_dir(CERT_KEY_BACKUP, 0700)
idx = 0
if encrypt:
@@ -226,7 +226,7 @@ class Client(object):
certs = []
if not os.path.isfile(CERT_KEY_BACKUP + "LIST"):
- logger.info("You don't have any certificates saved from trustify")
+ logger.info("You don't have any certificates saved from letsencrypt")
return
with open(list_file, 'rb') as csvfile:
@@ -272,7 +272,7 @@ class Client(object):
def install_certificate(self, certificate_dict, vhost):
cert_chain_abspath = None
- cert_fd, self.cert_file = trustify_util.unique_file(CERT_PATH, 644)
+ cert_fd, self.cert_file = le_util.unique_file(CERT_PATH, 644)
cert_fd.write(
crypto_util.b64_cert_to_pem(certificate_dict["certificate"]))
cert_fd.close()
@@ -280,7 +280,7 @@ class Client(object):
self.cert_file)
if certificate_dict.get("chain", None):
- chain_fd, chain_fn = trustify_util.unique_file(CHAIN_PATH, 644)
+ chain_fd, chain_fn = le_util.unique_file(CHAIN_PATH, 644)
for c in certificate_dict.get("chain", []):
chain_fd.write(crypto_util.b64_cert_to_pem(c))
chain_fd.close()
@@ -547,9 +547,9 @@ class Client(object):
if not self.key_file:
key_pem = crypto_util.make_key(RSA_KEY_SIZE)
# Save file
- trustify_util.make_or_verify_dir(KEY_DIR, 0700)
- key_f, self.key_file = trustify_util.unique_file(
- KEY_DIR + "key-trustify.pem", 0600)
+ le_util.make_or_verify_dir(KEY_DIR, 0700)
+ key_f, self.key_file = le_util.unique_file(
+ KEY_DIR + "key-letsencrypt.pem", 0600)
key_f.write(key_pem)
key_f.close()
logger.info("Generating key: %s" % self.key_file)
@@ -563,9 +563,9 @@ class Client(object):
if not self.csr_file:
csr_pem, csr_der = crypto_util.make_csr(self.key_file, self.names)
# Save CSR
- trustify_util.make_or_verify_dir(CERT_DIR, 0755)
- csr_f, self.csr_file = trustify_util.unique_file(
- CERT_DIR + "csr-trustify.pem", 0644)
+ le_util.make_or_verify_dir(CERT_DIR, 0755)
+ csr_f, self.csr_file = le_util.unique_file(
+ CERT_DIR + "csr-letsencrypt.pem", 0644)
csr_f.write(csr_pem)
csr_f.close()
logger.info("Creating CSR: %s" % self.csr_file)
@@ -600,7 +600,7 @@ class Client(object):
EV_choices = []
choices = []
try:
- with open("/etc/trustify/.ca_offerings") as f:
+ with open("/etc/letsencrypt/.ca_offerings") as f:
for line in f:
choice = line.split(";", 1)
if 'DV' in choice[0]:
@@ -627,7 +627,7 @@ class Client(object):
if not self.names:
logger.fatal("No domain names were found in your apache config")
- logger.fatal("Either specify which names you would like trustify \
+ logger.fatal("Either specify which names you would like letsencrypt \
to validate or add server names to your virtual hosts")
sys.exit(1)
diff --git a/trustify/client/configurator.py b/letsencrypt/client/configurator.py
similarity index 94%
rename from trustify/client/configurator.py
rename to letsencrypt/client/configurator.py
index 1e85fe2b1..a55a245ba 100644
--- a/trustify/client/configurator.py
+++ b/letsencrypt/client/configurator.py
@@ -9,13 +9,13 @@ import time
import shutil
import errno
-from trustify.client.CONFIG import SERVER_ROOT, BACKUP_DIR
-from trustify.client.CONFIG import REWRITE_HTTPS_ARGS, CONFIG_DIR, WORK_DIR
-from trustify.client.CONFIG import TEMP_CHECKPOINT_DIR, IN_PROGRESS_DIR
-from trustify.client.CONFIG import OPTIONS_SSL_CONF, TRUSTIFY_VHOST_EXT
-from trustify.client import logger, trustify_util
+from letsencrypt.client.CONFIG import SERVER_ROOT, BACKUP_DIR
+from letsencrypt.client.CONFIG import REWRITE_HTTPS_ARGS, CONFIG_DIR, WORK_DIR
+from letsencrypt.client.CONFIG import TEMP_CHECKPOINT_DIR, IN_PROGRESS_DIR
+from letsencrypt.client.CONFIG import OPTIONS_SSL_CONF, LE_VHOST_EXT
+from letsencrypt.client import logger, le_util
#from CONFIG import SERVER_ROOT, BACKUP_DIR, REWRITE_HTTPS_ARGS, CONFIG_DIR, WORK_DIR, TEMP_CHECKPOINT_DIR, IN_PROGRESS_DIR, OPTIONS_SSL_CONF, TRUSTIFY_VHOST_EXT
-#import logger, trustify_util
+#import logger, le_util
# Question: Am I missing any attacks that can result from modifying CONFIG file?
# Configurator should be turned into a Singleton
@@ -65,7 +65,6 @@ class Configurator(object):
def __init__(self, server_root=SERVER_ROOT):
# TODO: this instantiation can be optimized to only load Httd
# relevant files - I believe -> NO_MODL_AUTOLOAD
- # TODO: Use server_root instead SERVER_ROOT
self.server_root = server_root
@@ -110,7 +109,7 @@ class Configurator(object):
destination
TODO: Make sure last directive is changed
TODO: Might be nice to remove chain directive if none exists
- * This shouldn't happen within trustify though
+ * This shouldn't happen within letsencrypt though
"""
search = {}
path = {}
@@ -272,7 +271,7 @@ class Configurator(object):
Returns list of virtual hosts found in the Apache configuration
"""
#Search sites-available, httpd.conf for possible virtual hosts
- paths = self.aug.match("/files%ssites-available//*[label()=~regexp('%s')]" % (SERVER_ROOT, self.case_i('VirtualHost')))
+ paths = self.aug.match("/files%ssites-available//*[label()=~regexp('%s')]" % (self.server_root, self.case_i('VirtualHost')))
vhs = []
for p in paths:
vhs.append(self.__create_vhost(p))
@@ -308,13 +307,13 @@ class Configurator(object):
Directive is added to ports.conf unless the file doesn't exist
It is added to httpd.conf as a backup
"""
- aug_file_path = "/files%sports.conf" % SERVER_ROOT
+ aug_file_path = "/files%sports.conf" % self.server_root
self.add_dir_to_ifmodssl(aug_file_path, "NameVirtualHost", addr)
if len(self.find_directive(self.case_i("NameVirtualHost"), self.case_i(addr))) == 0:
logger.warn("ports.conf is not included in your Apache config...")
logger.warn("Adding NameVirtualHost directive to httpd.conf")
- self.add_dir_to_ifmodssl("/files" + SERVER_ROOT + "httpd.conf", "NameVirtualHost", addr)
+ self.add_dir_to_ifmodssl("/files" + self.server_root + "httpd.conf", "NameVirtualHost", addr)
self.save_notes += 'Setting %s to be NameBasedVirtualHost\n' % addr
@@ -349,7 +348,7 @@ class Configurator(object):
if len(self.find_directive(self.case_i("Listen"), "443")) == 0:
logger.debug("No Listen 443 directive found")
logger.debug("Setting the Apache Server to Listen on port 443")
- self.add_dir_to_ifmodssl("/files" + SERVER_ROOT + "ports.conf", "Listen", "443")
+ self.add_dir_to_ifmodssl("/files" + self.server_root + "ports.conf", "Listen", "443")
self.save_notes += "Added Listen 443 directive to ports.conf\n"
# Check for NameVirtualHost
@@ -395,7 +394,7 @@ class Configurator(object):
self.aug.set(aug_conf_path + "/directive[last()]/arg["+str(i+1)+"]", arg[i])
- def find_directive(self, directive, arg=None, start="/files"+SERVER_ROOT+"apache2.conf"):
+ def find_directive(self, directive, arg=None, start=""):
"""
Recursively searches through config files to find directives
Directives should be in the form of a case insensitive regex currently
@@ -408,7 +407,11 @@ class Configurator(object):
transformation by calling case_i() on everything to maintain
compatibility.
"""
-
+
+ # Cannot place member variable in the definition of the function so...
+ if not start:
+ start = "/files%sapache2.conf" % self.server_root
+
#Debug code
#print "find_dir:", directive, "arg:", arg, " | Looking in:", start
# No regexp code
@@ -441,7 +444,6 @@ class Configurator(object):
supported.
"""
- #return '[' + "][".join([c.upper()+c.lower() if c.isalpha() else c for c in re.escape(string)]) + ']'
return "".join(["["+c.upper()+c.lower()+"]" if c.isalpha() else c for c in re.escape(string)])
def strip_dir(self, path):
@@ -486,7 +488,7 @@ class Configurator(object):
arg = cur_dir + arg
# conf/ is a special variable for ServerRoot in Apache
elif arg.startswith("conf/"):
- arg = SERVER_ROOT + arg[5:]
+ arg = self.server_root + arg[5:]
# TODO: Test if Apache allows ../ or ~/ for Includes
# Attempts to add a transform to the file if one does not already exist
@@ -530,23 +532,33 @@ class Configurator(object):
def make_vhost_ssl(self, nonssl_vhost):
"""
Duplicates vhost and adds default ssl options
- New vhost will reside as (nonssl_vhost.path) + TRUSTIFY_VHOST_EXT
+ New vhost will reside as (nonssl_vhost.path) + LE_VHOST_EXT
"""
avail_fp = nonssl_vhost.file
# Copy file
- ssl_fp = avail_fp + TRUSTIFY_VHOST_EXT
- orig_file = open(avail_fp, 'r')
+ if avail_fp.endswith(".conf"):
+ ssl_fp = avail_fp[:-(len(".conf"))] + LE_VHOST_EXT
+ else:
+ ssl_fp = avail_fp + LE_VHOST_EXT
# First register the creation so that it is properly removed if
# configuration is rolled back
self.register_file_creation(False, ssl_fp)
- new_file = open(ssl_fp, 'w')
- new_file.write("\n")
- for line in orig_file:
- new_file.write(line)
- new_file.write("\n")
- orig_file.close()
- new_file.close()
+
+ try:
+ orig_file = open(avail_fp, 'r')
+ new_file = open(ssl_fp, 'w')
+ new_file.write("\n")
+ for line in orig_file:
+ new_file.write(line)
+ new_file.write("\n")
+ except:
+ logger.fatal("Error writing/reading to file in make_vhost_ssl")
+ sys.exit(49)
+ finally:
+ orig_file.close()
+ new_file.close()
+
self.aug.load()
# Delete the VH addresses because they may change here
del nonssl_vhost.addrs[:]
@@ -640,7 +652,7 @@ class Configurator(object):
returns boolean, integer
The boolean indicates whether the redirection exists...
The integer has the following code:
- 0 - Existing trustify https rewrite rule is appropriate and in place
+ 0 - Existing letsencrypt https rewrite rule is appropriate and in place
1 - Virtual host contains a Redirect directive
2 - Virtual host contains an unknown RewriteRule
@@ -658,11 +670,11 @@ class Configurator(object):
if len(rewrite_path) == len(REWRITE_HTTPS_ARGS):
for idx, m in enumerate(rewrite_path):
if self.aug.get(m) != REWRITE_HTTPS_ARGS[idx]:
- # Not a trustify https rewrite
+ # Not a letsencrypt https rewrite
return True, 2
- # Existing trustify https rewrite rule is in place
+ # Existing letsencrypt https rewrite rule is in place
return True, 0
- # Rewrite path exists but is not a trustify https rule
+ # Rewrite path exists but is not a letsencrypt https rule
return True, 2
def create_redirect_vhost(self, ssl_vhost):
@@ -697,16 +709,16 @@ LogLevel warn \n\
# Write out the file
# This is the default name
- redirect_filename = "trustify-redirect.conf"
+ redirect_filename = "letsencrypt-redirect.conf"
# See if a more appropriate name can be applied
if len(ssl_vhost.names) > 0:
# Sanity check...
# make sure servername doesn't exceed filename length restriction
if ssl_vhost.names[0] < (255-23):
- redirect_filename = "trustify-redirect-" + ssl_vhost.names[0] + ".conf"
+ redirect_filename = "letsencrypt-redirect-" + ssl_vhost.names[0] + ".conf"
- redirect_filepath = SERVER_ROOT + "sites-available/" + redirect_filename
+ redirect_filepath = self.server_root + "sites-available/" + redirect_filename
# Register the new file that will be created
# Note: always register the creation before writing to ensure file will
@@ -720,7 +732,7 @@ LogLevel warn \n\
self.aug.load()
# Make a new vhost data structure and add it to the lists
- new_fp = SERVER_ROOT + "sites-available/" + redirect_filename
+ new_fp = self.server_root + "sites-available/" + redirect_filename
new_vhost = self.__create_vhost("/files" + new_fp)
self.vhosts.append(new_vhost)
@@ -847,7 +859,7 @@ LogLevel warn \n\
avail_fp: string - Should be complete file path
"""
- enabled_dir = SERVER_ROOT + "sites-enabled/"
+ enabled_dir = self.server_root + "sites-enabled/"
for f in os.listdir(enabled_dir):
if os.path.realpath(enabled_dir + f) == avail_fp:
return True
@@ -861,7 +873,7 @@ LogLevel warn \n\
TODO: Make sure link is not broken...
"""
if "/sites-available/" in vhost.file:
- enabled_path = "%ssites-enabled/%s" % (SERVER_ROOT, os.path.basename(vhost.file))
+ enabled_path = "%ssites-enabled/%s" % (self.server_root, os.path.basename(vhost.file))
self.register_file_creation(False, enabled_path)
os.symlink(vhost.file, enabled_path)
vhost.enabled = True
@@ -918,7 +930,7 @@ LogLevel warn \n\
def save_apache_config(self):
# Not currently used
# Should be safe because it is a protected directory
- shutil.copytree(SERVER_ROOT, BACKUP_DIR + "apache2-" + str(time.time()))
+ shutil.copytree(self.server_root, BACKUP_DIR + "apache2-" + str(time.time()))
def recovery_routine(self):
"""
@@ -971,9 +983,9 @@ LogLevel warn \n\
Aim for defensive coding... make sure all input files
have permissions of root
'''
- trustify_util.make_or_verify_dir(CONFIG_DIR, 0755)
- trustify_util.make_or_verify_dir(WORK_DIR, 0755)
- trustify_util.make_or_verify_dir(BACKUP_DIR, 0755)
+ le_util.make_or_verify_dir(CONFIG_DIR, 0755)
+ le_util.make_or_verify_dir(WORK_DIR, 0755)
+ le_util.make_or_verify_dir(BACKUP_DIR, 0755)
def standardize_excl(self):
"""
@@ -989,7 +1001,7 @@ LogLevel warn \n\
# I had no luck
# This is a hack... work around... submit to augeas if still not fixed
- excl = ["*.augnew", "*.augsave", "*.dpkg-dist", "*.dpkg-bak", "*.dpkg-new", "*.dpkg-old", "*.rpmsave", "*.rpmnew", "*~", SERVER_ROOT + "*.augsave", SERVER_ROOT + "*~", SERVER_ROOT + "*/*augsave", SERVER_ROOT + "*/*~", SERVER_ROOT + "*/*/*.augsave", SERVER_ROOT + "*/*/*~"]
+ excl = ["*.augnew", "*.augsave", "*.dpkg-dist", "*.dpkg-bak", "*.dpkg-new", "*.dpkg-old", "*.rpmsave", "*.rpmnew", "*~", self.server_root + "*.augsave", self.server_root + "*~", self.server_root + "*/*augsave", self.server_root + "*/*~", self.server_root + "*/*/*.augsave", self.server_root + "*/*/*~"]
for i in range(len(excl)):
self.aug.set("/augeas/load/Httpd/excl[%d]" % (i+1), excl[i])
@@ -1177,7 +1189,7 @@ LogLevel warn \n\
return True
def add_to_checkpoint(self, cp_dir, save_files):
- trustify_util.make_or_verify_dir(cp_dir, 0755)
+ le_util.make_or_verify_dir(cp_dir, 0755)
existing_filepaths = []
op_fd = None
@@ -1269,21 +1281,6 @@ LogLevel warn \n\
return True, "Successful"
-
- # protected_fd = open(MODIFIED_FILES, 'r+')
- # protected_files = protected_fd.read().splitlines()
- # for filename in save_files:
- # if filename in protected_files:
- # protected_fd.close()
- # return False, "Attempting to overwrite a reversible file - %s" %filename
- # # No protected files are trying to be overwritten
- # if reversible:
- # for filename in save_files:
- # protected_fd.write(filename + "\n")
-
- # protected_fd.close()
- # return True, "Successful"
-
def display_checkpoints(self):
"""
Displays all saved checkpoints
@@ -1295,7 +1292,7 @@ LogLevel warn \n\
backups.sort(reverse=True)
if not backups:
- print "Trustify has not saved any backups of your apache configuration"
+ print "Letsencrypt has not saved any backups of your apache configuration"
# Make sure there isn't anything unexpected in the backup folder
# There should only be timestamped (float) directories
try:
@@ -1327,7 +1324,7 @@ LogLevel warn \n\
def register_file_creation(self, temporary, *files):
"""
- This is used to register the creation of all files during Trustify
+ This is used to register the creation of all files during Letsencrypt
execution. Call this method before writing to the file to make sure
that the file will be cleaned up if the program exits unexpectedly.
(Before a save occurs)
@@ -1337,7 +1334,7 @@ LogLevel warn \n\
else:
cp_dir = IN_PROGRESS_DIR
- trustify_util.make_or_verify_dir(cp_dir)
+ le_util.make_or_verify_dir(cp_dir)
try:
with open(cp_dir + "NEW_FILES", 'a') as fd:
for f in files:
diff --git a/trustify/client/crypto_util.py b/letsencrypt/client/crypto_util.py
similarity index 97%
rename from trustify/client/crypto_util.py
rename to letsencrypt/client/crypto_util.py
index 95ee912a4..2b77fa757 100644
--- a/trustify/client/crypto_util.py
+++ b/letsencrypt/client/crypto_util.py
@@ -8,8 +8,8 @@ from Crypto.Hash import SHA256
from M2Crypto import EVP, X509, ASN1
-from trustify.client import logger
-from trustify.client.CONFIG import NONCE_SIZE, RSA_KEY_SIZE
+from letsencrypt.client import logger
+from letsencrypt.client.CONFIG import NONCE_SIZE, RSA_KEY_SIZE
def b64_cert_to_pem(b64_der_cert):
diff --git a/trustify/client/display.py b/letsencrypt/client/display.py
similarity index 94%
rename from trustify/client/display.py
rename to letsencrypt/client/display.py
index 20ec233d4..583330d1b 100644
--- a/trustify/client/display.py
+++ b/letsencrypt/client/display.py
@@ -1,5 +1,5 @@
import dialog
-from trustify.client import logger
+from letsencrypt.client import logger
WIDTH = 70
@@ -19,6 +19,8 @@ class Display(SingletonD):
raise Exception("Error no display defined")
def generic_menu(self, message, choices, input_text):
raise Exception("Error no display defined")
+ def generic_input(self, message):
+ raise Exception("Error no display defined")
def filter_names(self, names):
raise Exception("Error no display defined")
def success_installation(self, domains):
@@ -83,6 +85,9 @@ class NcursesDisplay(Display):
return self.d.menu(message, choices = choices,
width=WIDTH, height=HEIGHT)
+ def generic_input(self, message):
+ return self.d.inputbox(message)
+
def filter_names(self, names):
choices = [(n, "", 0) for n in names]
c, s = self.d.checklist("Which names would you like to activate \
@@ -156,6 +161,14 @@ class FileDisplay(Display):
return code, selection
+ def generic_input(self, message):
+ ans = raw_input("%s (Enter c to cancel)\n" % message)
+
+ if ans.startswith('c') or ans.startswith('C'):
+ return CANCEL, -1
+ else:
+ return OK, ans
+
def filter_names(self, names):
c, s = self.generic_menu(
"Choose the names would you like to upgrade to HTTPS?",
@@ -236,6 +249,9 @@ def generic_notification(message):
def generic_menu(message, choices, input_text):
return display.generic_menu(message, choices, input_text)
+def generic_input(message):
+ return display.generic_message(message)
+
def filter_names(names):
return display.filter_names(names)
diff --git a/trustify/client/interactive_challenge.py b/letsencrypt/client/interactive_challenge.py
similarity index 90%
rename from trustify/client/interactive_challenge.py
rename to letsencrypt/client/interactive_challenge.py
index a18ba1eaa..2543f7635 100644
--- a/trustify/client/interactive_challenge.py
+++ b/letsencrypt/client/interactive_challenge.py
@@ -1,5 +1,5 @@
-from trustify.client.challenge import Challenge
-from trustify.client import logger
+from letsencrypt.client.challenge import Challenge
+from letsencrypt.client import logger
import textwrap
############################################################
@@ -14,7 +14,7 @@ import textwrap
# Interactive challlenge displays the string sent by the CA
# formatted to fit on the screen of the client
# The Challenge also adds proper instructions for how the
-# client should continue the trustify process
+# client should continue the letsencrypt process
###########################################################
class Interactive_Challenge(Challenge):
diff --git a/trustify/client/trustify_util.py b/letsencrypt/client/le_util.py
similarity index 92%
rename from trustify/client/trustify_util.py
rename to letsencrypt/client/le_util.py
index f93c963a1..252ea739b 100644
--- a/trustify/client/trustify_util.py
+++ b/letsencrypt/client/le_util.py
@@ -1,10 +1,10 @@
-# This file will contain functions useful for all Trustify Classes
+# This file will contain functions useful for all Letsencrypt Classes
import errno
import stat
import os, pwd, grp
import M2Crypto
import time
-from trustify.client import logger
+from letsencrypt.client import logger
#import logger
diff --git a/trustify/client/logger.py b/letsencrypt/client/logger.py
similarity index 99%
rename from trustify/client/logger.py
rename to letsencrypt/client/logger.py
index 0656f4777..9cc57b012 100644
--- a/trustify/client/logger.py
+++ b/letsencrypt/client/logger.py
@@ -1,4 +1,3 @@
-
import sys
import time
diff --git a/trustify/client/options-ssl.conf b/letsencrypt/client/options-ssl.conf
similarity index 100%
rename from trustify/client/options-ssl.conf
rename to letsencrypt/client/options-ssl.conf
diff --git a/trustify/client/payment_challenge.py b/letsencrypt/client/payment_challenge.py
similarity index 95%
rename from trustify/client/payment_challenge.py
rename to letsencrypt/client/payment_challenge.py
index 84fd73e28..d00aa44e2 100644
--- a/trustify/client/payment_challenge.py
+++ b/letsencrypt/client/payment_challenge.py
@@ -1,5 +1,5 @@
-from trustify.client.challenge import Challenge
-from trustify.client import logger
+from letsencrypt.client.challenge import Challenge
+from letsencrypt.client import logger
import dialog
############################################################
diff --git a/trustify/client/recovery_contact_challenge.py b/letsencrypt/client/recovery_contact_challenge.py
similarity index 94%
rename from trustify/client/recovery_contact_challenge.py
rename to letsencrypt/client/recovery_contact_challenge.py
index c17abf522..18a0d2816 100644
--- a/trustify/client/recovery_contact_challenge.py
+++ b/letsencrypt/client/recovery_contact_challenge.py
@@ -1,6 +1,6 @@
-from trustify.client.challenge import Challenge
-from trustify.client import logger
-from trustify.client.CONFIG import RECOVERY_TOKEN_EXT
+from letsencrypt.client.challenge import Challenge
+from letsencrypt.client import logger
+from letsencrypt.client.CONFIG import RECOVERY_TOKEN_EXT
# TODO: Replace urllib2 because of lack of certificate validation checks
import dialog, urllib2
diff --git a/letsencrypt/client/recovery_token_challenge.py b/letsencrypt/client/recovery_token_challenge.py
new file mode 100644
index 000000000..abd233c3f
--- /dev/null
+++ b/letsencrypt/client/recovery_token_challenge.py
@@ -0,0 +1,22 @@
+from letsencrypt.client.challenge import Challenge
+from letsencrypt.client import logger
+from letsencrypt.client.CONFIG import RECOVERY_TOKEN_EXT
+
+class RecoveryToken(Challenge):
+
+ def __init__(self):
+ self.token = ""
+
+ def perform(self, quiet = True):
+
+ cancel, self.token = dialog.generic_input("Please Input Recovery Token: ")
+ if cancel == 1:
+ return False
+
+ return True
+
+ def cleanup(self):
+ pass
+
+ def generate_response(self):
+ return {"type":"recoveryToken", "token":self.token}
diff --git a/trustify/client/setup.sh b/letsencrypt/client/setup.sh
similarity index 100%
rename from trustify/client/setup.sh
rename to letsencrypt/client/setup.sh
diff --git a/trustify/client/sni_challenge.py b/letsencrypt/client/sni_challenge.py
similarity index 90%
rename from trustify/client/sni_challenge.py
rename to letsencrypt/client/sni_challenge.py
index 4c1607cf2..7da001aae 100755
--- a/trustify/client/sni_challenge.py
+++ b/letsencrypt/client/sni_challenge.py
@@ -12,20 +12,20 @@ import binascii
import augeas
import jose
-from trustify.client import configurator
+from letsencrypt.client import configurator
-from trustify.client.CONFIG import CONFIG_DIR, WORK_DIR, SERVER_ROOT
-from trustify.client.CONFIG import CHOC_CERT_CONF, OPTIONS_SSL_CONF, APACHE_CHALLENGE_CONF, INVALID_EXT
-from trustify.client.CONFIG import S_SIZE, NONCE_SIZE
-from trustify.client import logger, crypto_util
-from trustify.client.challenge import Challenge
+from letsencrypt.client.CONFIG import CONFIG_DIR, WORK_DIR, SERVER_ROOT
+from letsencrypt.client.CONFIG import OPTIONS_SSL_CONF, APACHE_CHALLENGE_CONF, INVALID_EXT
+from letsencrypt.client.CONFIG import S_SIZE, NONCE_SIZE
+from letsencrypt.client import logger, crypto_util
+from letsencrypt.client.challenge import Challenge
# import configurator
# from CONFIG import CONFIG_DIR, WORK_DIR, SERVER_ROOT
# from CONFIG import CHOC_CERT_CONF, OPTIONS_SSL_CONF, APACHE_CHALLENGE_CONF, INVALID_EXT
# from CONFIG import S_SIZE, NONCE_SIZE
-# import logger, trustify_util
+# import logger, le_util
# from challenge import Challenge
@@ -136,9 +136,9 @@ DocumentRoot " + CONFIG_DIR + "challenge_page/ \n \
nonce: string - hex
key: string - file path to key
- result: certificate created at getChocCertFile(nonce)
+ result: certificate created at getDvsniCertFile(nonce)
"""
- self.createCHOC_CERT_CONF(name, ext)
+ #self.createCHOC_CERT_CONF(name, ext)
self.configurator.register_file_creation(True, self.getDvsniCertFile(nonce))
cert_pem = crypto_util.make_ss_cert(key, [nonce + INVALID_EXT, name, ext])
@@ -151,21 +151,21 @@ DocumentRoot " + CONFIG_DIR + "challenge_page/ \n \
#subprocess.call(["openssl", "x509", "-req", "-days", "21", "-extfile", CHOC_CERT_CONF, "-extensions", "v3_ca", "-signkey", key, "-out", self.getDvsniCertFile(nonce), "-in", csr], stdout=open("/dev/null", 'w'), stderr=open("/dev/null", 'w'))
- def createCHOC_CERT_CONF(self, name, ext):
- """
- Generates an OpenSSL certificate configuration file
- """
+ # def createCHOC_CERT_CONF(self, name, ext):
+ # """
+ # Generates an OpenSSL certificate configuration file
+ # """
- text = " # OpenSSL configuration file. \n\n \
- [ v3_ca ] \n \
- basicConstraints = CA:TRUE\n\
- subjectAltName = @alt_names\n\n\
- [ alt_names ]\n"
+ # text = " # OpenSSL configuration file. \n\n \
+ # [ v3_ca ] \n \
+ # basicConstraints = CA:TRUE\n\
+ # subjectAltName = @alt_names\n\n\
+ # [ alt_names ]\n"
- with open(CHOC_CERT_CONF, 'w') as f:
- f.write(text)
- f.write("DNS:1 = %s\n" % name)
- f.write("DNS:2 = %s\n" % ext)
+ # with open(CHOC_CERT_CONF, 'w') as f:
+ # f.write(text)
+ # f.write("DNS:1 = %s\n" % name)
+ # f.write("DNS:2 = %s\n" % ext)
def generateExtension(self, r, s):
"""
diff --git a/trustify/client/validator.py b/letsencrypt/client/validator.py
similarity index 100%
rename from trustify/client/validator.py
rename to letsencrypt/client/validator.py
diff --git a/trustify/protocol/__init__.py b/letsencrypt/protocol/__init__.py
similarity index 100%
rename from trustify/protocol/__init__.py
rename to letsencrypt/protocol/__init__.py
diff --git a/trustify/protocol/chocolate.proto b/letsencrypt/protocol/chocolate.proto
similarity index 100%
rename from trustify/protocol/chocolate.proto
rename to letsencrypt/protocol/chocolate.proto
diff --git a/trustify/protocol/hashcash.py b/letsencrypt/protocol/hashcash.py
similarity index 100%
rename from trustify/protocol/hashcash.py
rename to letsencrypt/protocol/hashcash.py
diff --git a/trustify/client/recovery_token_challenge.py b/trustify/client/recovery_token_challenge.py
deleted file mode 100644
index 367a2fe67..000000000
--- a/trustify/client/recovery_token_challenge.py
+++ /dev/null
@@ -1,26 +0,0 @@
-from trustify.client.challenge import Challenge
-from trustify.client import logger
-from trustify.client.CONFIG import RECOVERY_TOKEN_EXT
-import dialog
-
-class RecoveryToken(Challenge):
-
- def __init__(self):
- self.token = ""
-
- def perform(self, quiet = True):
-
- if quiet:
- cancel, self.token = dialog.Dialog().inputbox("Please Input Recovery Token")
- if cancel == 1:
- return False
- else:
- self.token = raw_input("Enter the Recovery Token: ")
-
- return True
-
- def cleanup(self):
- pass
-
- def generate_response(self):
- return {"type":"recoveryToken", "token":self.token}