From 2c9629046ad79253c719e9080cb68e3ce5c2ec5f Mon Sep 17 00:00:00 2001 From: James Kasten Date: Mon, 30 Jul 2012 18:19:40 -0400 Subject: [PATCH] Made quick changes to client to allow for deployment of cert on test servers --- client-webserver/client.py | 17 ++++++++++++- client-webserver/configurator.py | 41 +++++++++++++++++++++++--------- 2 files changed, 46 insertions(+), 12 deletions(-) diff --git a/client-webserver/client.py b/client-webserver/client.py index d988768b3..79f14441c 100755 --- a/client-webserver/client.py +++ b/client-webserver/client.py @@ -110,14 +110,26 @@ if r.failure.IsInitialized(): sys.exit(1) sni_todo = [] +dn = [] for chall in r.challenge: print chall if chall.type == r.DomainValidateSNI: dvsni_nonce, dvsni_y, dvsni_ext = chall.data sni_todo.append( (chall.name, dvsni_y, dvsni_nonce, dvsni_ext) ) + dn.append(chall.name) + print sni_todo import sni_challenge +import configurator + +config = Configurator() +config.get_virtual_hosts() +vhost = set() +for name in dn: + host = config.choose_virtual_host(name) + if host is not None: + vhost.add(host) sni_challenge.perform_sni_cert_challenge(sni_todo, req_file, key_file) @@ -143,7 +155,10 @@ if r.success.IsInitialized(): with open(chain_file, "w") as f: f.write(r.success.chain) print "Server issued certificate; certificate written to " + cert_file - if r.success.chain: print "Cert chain written to " + chain_file + if r.success.chain: + print "Cert chain written to " + chain_file + for host in vhost: + config.deploy_cert(host, cert_file, chain_file, key_file) elif r.failure.IsInitialized(): print "Server reported failure." sys.exit(1) diff --git a/client-webserver/configurator.py b/client-webserver/configurator.py index 689fdab34..658854a41 100644 --- a/client-webserver/configurator.py +++ b/client-webserver/configurator.py @@ -75,23 +75,37 @@ class Configurator(object): print "DEBUG - in ", vhost.path print "VirtualHost was not modified" # Presumably break here so that the virtualhost is not modified - return - - # Testing printout - #for k in path.iterkeys(): - # print self.aug.get(path[k][0]) + return False self.aug.set(path["cert_file"][0], cert) self.aug.set(path["cert_key"][0], key) if cert_chain is not None: self.aug.set(path["cert_chain"][0], cert_chain) - # Testing printout - #for k in path.iterkeys(): - # print "Changed: ", path[k][0] - # print self.aug.get(path[k][0]) - - self.aug.save() + try: + self.aug.save() + except IOError: + print "Unable to save config - Is the script running as root?" + return False + return True + + def choose_virtual_host(self, name): + """ + TODO: Finish this function correctly + This is currently just a very basic demo version + """ + for v in self.vhosts: + for n in v.names: + # TODO: Or a converted FQDN address + if n == name: + return v + for v in self.vhosts: + for a in v.addrs: + if a == "_default_:443": + return v + return None + + def add_servernames(self, host): """ @@ -376,6 +390,11 @@ def main(): print a, config.is_name_vhost(a) print config.make_server_sni_ready("example.com:443") + setHost = set() + setHost.add(config.choose_virtual_host("example.com")) + setHost.add(config.choose_virtual_host("example2.com")) + for s in setHost: + print s.path #for m in config.aug.match("/augeas/load/Httpd/incl"): # print m, config.aug.get(m)