upstream/certbot
1
0
Fork 0
mirror of https://github.com/certbot/certbot.git synced 2026-06-06 15:22:38 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Fixed several TODOs, added more support for renewals

Browse source
This commit is contained in:
James Kasten 2012-08-28 21:34:21 -04:00
parent f514abe664
commit 5ce632b03d
2 changed files with 61 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
trustify/client/client.py
View file

@ -187,6 +187,21 @@ def make_request(server, m, csr, quiet=False):
def sign(key, m):
m.request.sig = rsa_sign(key, ("(%d) (%s) (%s)" % (m.request.timestamp, m.request.recipient, m.request.csr)))
def old_cert(cert_filename, days_left):
cert = M2Crypto.X509.load_cert(cert_filename)
exp_time = cert.get_not_before().get_datetime()
cur_time = datetime.datetime.utcnow()
# exp_time is returned in UTC time as defined by M2Crypto
# The datetime object is aware and cannot be compared to the naive utcnow()
# object. Thus, the tzinfo is stripped from exp_time assuming both objects
# are UTC. Base python doesn't seem to support instantiations of tzinfo
# objects without 3rd party support. It is easier just to strip tzinfo from
# exp_time rather than add the utc timezone to cur_time
if (exp_time.replace(tzinfo=None) - cur_time).days < days_left:
return True
return False
def save_key_csr(key, csr):
"""
This function saves the newly generated key and csr to new files
@ -382,9 +397,9 @@ def authenticate():
for host in vhost:
config.deploy_cert(host, os.path.abspath(cert_file), os.path.abspath(key_file), cert_chain_abspath)
# Enable any vhost that was issued to, but not enabled
if not config.is_site_enabled(host.file):
if not host.enabled:
output("Enabling Site " + host.file)
config.enable_site(host.file)
config.enable_site(host)
# sites may have been enabled / final cleanup
config.restart(quiet=curses)

82
trustify/client/configurator.py
View file

@ -12,16 +12,16 @@ from trustify.client.CONFIG import REWRITE_HTTPS_ARGS
#TODO - Stop Augeas from loading up backup emacs files in sites-available
#TODO - Need an initialization routine... make sure directories exist..ect
#TODO - Only check for conflicting enabled sites during redirection
#TODO - Update vhosts in config when new vhosts are created
#TODO - Test - Only check for conflicting enabled sites during redirection
class VH(object):
def __init__(self, filename_path, vh_path, vh_addrs, is_ssl):
def __init__(self, filename_path, vh_path, vh_addrs, is_ssl, is_enabled):
self.file = filename_path
self.path = vh_path
self.addrs = vh_addrs
self.names = []
self.ssl = is_ssl
self.enabled = is_enabled
def set_names(self, listOfNames):
self.names = listOfNames
@ -59,8 +59,9 @@ class Configurator(object):
the "included" confs. The function verifies that it has located
the three directives and finally modifies them to point to the correct
destination
TODO: Should add/remove chain directives
TODO: Make sure last directive is changed
TODO: Might be nice to remove chain directive if none exists
* This shouldn't happen within trustify though
"""
search = {}
path = {}
@ -97,8 +98,7 @@ class Configurator(object):
Chooses a virtual host based on the given domain name
returns: VH object
TODO: This should return vhost of :443 if both 80 and 443 exist
This is currently just a very basic demo version
TODO: This should return list if no obvious answer is presented
"""
# TODO: TEST
for dn, vh in self.assoc:
@ -161,7 +161,22 @@ class Configurator(object):
args = self.aug.match(name + "/*")
for arg in args:
host.add_name(self.aug.get(arg))
# Test this new setup
def __create_vhost(self, path):
addrs = []
args = self.aug.match(p + "/arg")
for arg in args:
addrs.append(self.aug.get(arg))
is_ssl = False
if len(self.find_directive("SSLEngine", "on", p)) > 0:
is_ssl = True
filename = self.get_file_path(p)
is_enabled = self.is_site_enabled(filename)
vhost = VH(filename, p, addrs, is_ssl, is_enabled)
self.__add_servernames(vhost)
return vhost
def get_virtual_hosts(self):
"""
@ -171,17 +186,7 @@ class Configurator(object):
paths = self.aug.match("/files" + SERVER_ROOT + "sites-available//VirtualHost")
vhs = []
for p in paths:
addrs = []
args = self.aug.match(p + "/arg")
for arg in args:
addrs.append(self.aug.get(arg))
is_ssl = False
if len(self.find_directive("SSLEngine", "on", p)) > 0:
is_ssl = True
vhs.append(VH(self.get_file_path(p), p, addrs, is_ssl))
for host in vhs:
self.__add_servernames(host)
vhs.append(self.__create_vhost(p))
return vhs
@ -429,8 +434,7 @@ class Configurator(object):
# reload configurator vhosts
self.vhosts = self.get_virtual_hosts()
# TODO: At some point site should be enabled
return
return ssl_fp
def redirect_all_ssl(self, ssl_vhost):
"""
@ -455,7 +459,6 @@ class Configurator(object):
print "Unknown redirect exists for this vhost"
return False, self.get_file_path(general_v.path)
#Add directives to server
# TODO: Test
self.add_dir(general_v.path, "RewriteEngine", "On")
self.add_dir(general_v.path, "RewriteRule", REWRITE_HTTPS_ARGS)
self.save("Redirect all to ssl")
@ -503,16 +506,17 @@ class Configurator(object):
ssl_a_vhttp = ssl_tup[0] + ":80"
# Search for a conflicting host...
for v in self.vhosts:
for a in v.addrs:
# Convert :* to standard ip address
if a.endswith(":*"):
a = a[:len(a)-2]
# Would have to use NameBasedVirtualHosts, too complicated?
# Maybe do later... right now just return false
# or overlapping addresses... order matters
if a == ssl_a_vhttp or a == ssl_tup[0]:
# We have found a conflicting host... just return
return False, self.get_path_name(v.path)
if v.enabled:
for a in v.addrs:
# Convert :* to standard ip address
if a.endswith(":*"):
a = a[:len(a)-2]
# Would require NameBasedVirtualHosts,too complicated?
# Maybe do later... right now just return false
# or overlapping addresses... order matters
if a == ssl_a_vhttp or a == ssl_tup[0]:
# We have found a conflicting host... just return
return False, self.get_path_name(v.path)
redirect_addrs = redirect_addrs + ssl_a_vhttp
@ -549,14 +553,15 @@ LogLevel warn \n\
print "Created redirect file:", redirect_filename
self.aug.load()
return True, SERVER_ROOT + "sites-available/" + redirect_filename
new_fp = SERVER_ROOT + "sites-available/" + redirect_filename
self.vhosts.add(self.__create_vhost("/files" + new_fp))
return True, new_fp
def __general_vhost(self, ssl_vhost):
"""
Function needs to be throughly tested and perhaps improved
Will not do well with malformed configurations
Consider changing this into a dict check
TODO: make default search for *:80 also...
"""
# _default_:443 check
# Instead... should look for vhost of the form *:80
@ -595,7 +600,6 @@ LogLevel warn \n\
file_paths.add(self.aug.get(p))
return file_paths
def get_file_path(self, vhost_path):
# Strip off /files
@ -626,14 +630,16 @@ LogLevel warn \n\
return False
def enable_site(self, avail_fp):
def enable_site(self, vhost):
"""
Enables an available site, Apache restart required
TODO: This function should number subdomains before the domain vhost
"""
if "/sites-available/" in avail_fp:
index = avail_fp.rfind("/")
os.symlink(avail_fp, SERVER_ROOT + "sites-enabled/" + avail_fp[index:])
if "/sites-available/" in vhost.file:
index = vhost.file.rfind("/")
os.symlink(vhost.file, SERVER_ROOT + "sites-enabled/" + vhost.file[index:])
#TODO: add vh.enabled = True
vhost.enabled = True
return True
return False