re-structured project folder..

* Removed `ConfigParser.py` (ACK by Daniel). * Removed MTAConfigGenerator-stub and renamed to `PostfixConfigGenerator.py` * Moved all text/csv processing scripts to `tools/`. * Moved all configuration files into dedicated `examples/` directory. * unified all shebangs to `#!/usr/bin/env python` (default system python). * Moved domain CSV and text-files to `share/`.
2026-06-07 07:42:08 -04:00 · 2016-02-24 21:38:31 +01:00 · 2016-02-24 21:38:31 +01:00 · 4d14423a21
commit 4d14423a21
parent 959e943de8
12 changed files with 10 additions and 128 deletions
--- a/ConfigParser.py
+++ b/ConfigParser.py
@ -1,115 +0,0 @@
-#!/usr/bin/env python
-
-import sys
-import json
-from datetime import datetime
-import string
-import collections
-
-def parse_timestamp(ts):
-  try:
-    int(ts)
-    dt = datetime.fromtimestamp(ts)
-    return dt
-  except:
-    raise ValueError, "Invalid timestamp integer: " + `ts`
-
-legal = string.letters + string.digits + ".-"
-known_tlds =["com","org","net","biz","info",] # xxx make me from an ICANN list
-def looks_like_a_domain(s):
-  "Return true if string looks like a domain, as best we can tell..."
-  global known_tlds
-  try:
-    domain = s.lower()
-    assert domain[0].islower()
-    assert all([c in legal for c in domain])
-    tld = s.split(".")[-1]
-    if tld not in known_tlds:
-      # XXX perform DNS query to determine that this TLD exists
-      pass
-    return True
-  except:
-    return False
-
-class Config:
-  def __init__(self, cfg_file_name = "config.json"):
-    f = open(cfg_file_name)
-    self.cfg = json.loads(f.read())
-    self.tls_policies = {}
-    self.mx_map = {}
-    for atr, val in self.cfg.items():
-      # Verify each attribute of the structure
-      if atr.startswith("comment"):
-        continue
-      if atr == "author":
-        if type(val) not in [str, unicode]:
-          raise TypeError, "Author must be a string: " + `val`
-      elif atr == "timestamp":
-        self.timestamp = parse_timestamp(val)
-      elif atr == "expires":
-        self.expires = parse_timestamp(val)
-      elif atr == "tls-policies":
-        for domain, policies in self.check_tls_policy_domains(val):
-          if type(policies) != dict:
-            raise TypeError, domain + "'s policies should be a dict: " + `policies`
-          self.tls_policies[domain] = {} # being here enforces TLS at all
-          for policy, v in policies.items():
-            value = str(v).lower()
-            if policy == "require-tls":
-              if value in ("true", "1", "yes"):
-                self.tls_policies[domain]["required"] = True
-              elif value in ("false", "0", "no"):
-                self.tls_policies[domain]["required"] = False
-              else:
-                raise ValueError, "Unknown require-tls value " + `value`
-            elif policy == "min-tls-version":
-              reasonable = ["TLS", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"]
-              reasonable = map(string.lower, reasonable)
-              if not value in reasonable:
-                raise ValueError, "Not a valid TLS version string: " + `value`
-              self.tls_policies[domain]["min-tls-version"] = str(value)
-            elif policy == "enforce-mode":
-              if value == "enforce":
-                self.tls_policies[domain]["enforce"] = True
-              elif value == "log-only":
-                self.tls_policies[domain]["enforce"] = False
-              else:
-                raise ValueError, "Not a known enoforcement policy " + `value`
-      elif atr == "acceptable-mxs":
-        self.acceptable_mxs = val
-        self.mx_domain_to_address_domains = collections.defaultdict(set)
-        for address_domain, properties in self.acceptable_mxs.items():
-          mx_list = properties["accept-mx-domains"]
-          if len(mx_list) > 1:
-            print "Lists of multiple accept-mx-domains not yet supported, skipping ", address_domain
-          mx_domain = mx_list[0]
-          self.mx_domain_to_address_domains[mx_domain].add(address_domain)
-        pass
-      else:
-        sys.stderr.write("Unknown attribute: " + `atr` + "\n")
-    # XXX is it ever permissible to have a domain with an acceptable-mx 
-    # that does not point to a TLS security policy?  If not, check/warn/fail
-    # here
-    print self.tls_policies
-
-  def get_address_domains(self, mx_hostname):
-    labels = mx_hostname.split(".")
-    for n in range(1, len(labels)):
-      parent = "." + ".".join(labels[n:])
-      if parent in self.mx_domain_to_address_domains:
-        return self.mx_domain_to_address_domains[parent]
-    return None
-
-  def check_tls_policy_domains(self, val):
-    if type(val) != dict:
-      raise TypeError, "tls-policies should be a dict" + `val`
-    for domain, policies in val.items():
-      try:
-        assert type(domain) == unicode
-        d = str(domain) # convert from unicode
-      except:
-        raise TypeError, "tls-policy domain not a string" + `domain`
-      yield (d, policies)
-
-if __name__ == "__main__":
-  c = Config()
--- a/examples/bigger_test_config.json
+++ b/examples/bigger_test_config.json
--- a/examples/config.json
+++ b/examples/config.json
--- a/examples/starttls-everywhere.json
+++ b/examples/starttls-everywhere.json
--- a/letsencrypt-postfix/Config.py
+++ b/letsencrypt-postfix/Config.py
@ -1,3 +1,4 @@
+#!/usr/bin/env python
 from datetime import datetime
 from dateutil import parser as dateutil_parser
 import collections
--- a/letsencrypt-postfix/PostfixConfigGenerator.py
+++ b/letsencrypt-postfix/PostfixConfigGenerator.py
@ -1,5 +1,4 @@
 #!/usr/bin/env python
-
 import sys
 import string
 import os, os.path
@ -18,18 +17,14 @@ def parse_line(line_data):
        return None
    return (num, left.strip(), right.strip())

-class MTAConfigGenerator:
-    def __init__(self, policy_config):
-        self.policy_config = policy_config
-
 class ExistingConfigError(ValueError): pass

-class PostfixConfigGenerator(MTAConfigGenerator):
+class PostfixConfigGenerator:
    def __init__(self, policy_config, postfix_dir, fixup=False):
-        self.fixup = fixup
-        self.postfix_dir = postfix_dir
-        self.policy_file = os.path.join(postfix_dir, "starttls_everywhere_policy")
-        MTAConfigGenerator.__init__(self, policy_config)
+        self.fixup          = fixup
+        self.postfix_dir    = postfix_dir
+        self.policy_config  = policy_config
+        self.policy_file    = os.path.join(postfix_dir, "starttls_everywhere_policy")

    def ensure_cf_var(self, var, ideal, also_acceptable):
        """
--- a/letsencrypt-postfix/PostfixLogSummary.py
+++ b/letsencrypt-postfix/PostfixLogSummary.py
@ -1,4 +1,4 @@
-#!/usr/bin/python2.7
+#!/usr/bin/env python
 import re
 import sys
 import collections
--- a/letsencrypt-postfix/TestConfig.py
+++ b/letsencrypt-postfix/TestConfig.py
@ -1,3 +1,4 @@
+#!/usr/bin/env python
 import copy
 import itertools
 import logging
--- a/share/golden-domains.txt
+++ b/share/golden-domains.txt
--- a/share/google-starttls-domains.csv
+++ b/share/google-starttls-domains.csv
--- a/tools/CheckSTARTTLS.py
+++ b/tools/CheckSTARTTLS.py
@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/env python
 import sys
 import os
 import errno
--- a/tools/ProcessGoogleSTARTTLSDomains.py
+++ b/tools/ProcessGoogleSTARTTLSDomains.py
@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/env python
 """
 Process Google's TLS delivery data from
 https://www.google.com/transparencyreport/saferemail/data/?hl=en