Merge branch 'master' of github.com:research/chocolate

trustify/client/client.py

@@ -177,9 +177,10 @@ def make_request(server, m, csr, quiet=False):
     m.request.csr = csr
     hashcash_cmd = ["hashcash", "-P", "-m", "-z", "12", "-b", `difficulty`, "-r", server]
     if quiet:
-        hashcash = subprocess.check_output(hashcash_cmd, preexec_fn=drop_privs, shell=False, stderr=open("/dev/null", "w")).rstrip()
+        hashcash = subprocess.Popen(hashcash_cmd, preexec_fn=drop_privs, shell= False, stdout=subprocess.PIPE, stderr=open("/dev/null", "w")).communicate()[0].rstrip()
     else:
-        hashcash = subprocess.check_output(hashcash_cmd, preexec_fn=drop_privs, shell=False).rstrip()
+        hashcash = subprocess.Popen(hashcash_cmd, preexec_fn=drop_privs, shell= False, stdout=subprocess.PIPE).communicate()[0].rstrip()
+
     if hashcash: m.request.clientpuzzle = hashcash
 
 def sign(key, m):

trustify/client/configurator.py

@@ -63,21 +63,23 @@ class Configurator(object):
         if cert_chain is not None:
             path["cert_chain"] = self.find_directive("SSLCertificateChainFile", None, vhost.path)
         
-        for k in path.iterkeys():
-            if len(path[k]) == 0:
-                # Throw some "can't find all of the directives error"
-                print "DEBUG - Error: cannot find ", search[k]
-                print "DEBUG - in ", vhost.path
-                print "VirtualHost was not modified"
-                # Presumably break here so that the virtualhost is not modified
-                return False
+        if len(path["cert_file"]) == 0 or len(path["cert_key"]) == 0:
+            # Throw some "can't find all of the directives error"
+            print "DEBUG - Error: cannot find a cert or key directive"
+            print "DEBUG - in ", vhost.path
+            print "VirtualHost was not modified"
+            # Presumably break here so that the virtualhost is not modified
+            return False
         
         #print "Deploying Certificate to VirtualHost"
             
         self.aug.set(path["cert_file"][0], cert)
         self.aug.set(path["cert_key"][0], key)
         if cert_chain is not None:
-            self.aug.set(path["cert_chain"][0], cert_chain)
+            if len(path["cert_chain"]) == 0:
+                self.add_dir(vhost.path, "SSLCertificateChainFile", cert_chain)
+            else:
+                self.aug.set(path["cert_chain"][0], cert_chain)
         
         return self.save("Virtual Server - deploying certificate")
 
@@ -366,7 +368,7 @@ class Configurator(object):
         Checks apache2ctl to get loaded module list
         """
         try:
-            #p = subprocess.check_output(["sudo", "/usr/sbin/apache2ctl", "-M"], stderr=open("/dev/null", 'w'))
+            #p = subprocess.check_output(['sudo', '/usr/sbin/apache2ctl', '-M'], stderr=open("/dev/null", 'w'))
             p = subprocess.Popen(['sudo', '/usr/sbin/apache2ctl', '-M'], stdout=subprocess.PIPE, stderr=open("/dev/null", 'w')).communicate()[0]
         except:
             print "Error accessing apache2ctl for loaded modules!"
@@ -518,11 +520,14 @@ class Configurator(object):
         Enables mod_ssl
         TODO: TEST
         """
-        # Use check_output so the command will finish before reloading
-        #subprocess.check_output(["sudo", "a2enmod", "ssl"], stdout=open("/dev/null", 'w'), stderr=open("/dev/null", 'w'))
-        # Hopefully this waits for output
-        text = subprocess.Popen(['sudo', 'a2enmod', 'ssl'], stdout=subprocess.PIPE, stderr=open("/dev/null", 'w')).communicate()[0]
-        subprocess.call(["sudo", "/etc/init.d/apache2", "reload"], stdout=open("/dev/null", 'w'))
+        try:
+	    # Use check_output so the command will finish before reloading      
+            subprocess.check_call(["sudo", "a2enmod", "ssl"], stdout=open("/dev/null", 'w'), stderr=open("/dev/null", 'w'))
+            # Hopefully this waits for output                                   
+            subprocess.check_call(["sudo", "/etc/init.d/apache2", "reload"], stdout=open("/dev/null", 'w'), stderr=open("/dev/null", 'w'))
+        except:
+	    print "Error enabling mod_ssl"
+            sys.exit(1)
 
     def fnmatch_to_re(self, cleanFNmatch):
         """
@@ -626,11 +631,11 @@ def main():
             config.redirect_all_ssl(vh, ["localhost"])
     config.save()
     """
-    """
+    
     for vh in config.vhosts:
         if len(vh.names) > 0:
-            config.deploy_cert(vh, "/home/james/Documents/apache_choc/req.pem", "/home/james/Documents/apache_choc/key.pem")
-    """
+            config.deploy_cert(vh, "/home/james/Documents/apache_choc/req.pem", "/home/james/Documents/apache_choc/key.pem", "/home/james/Downloads/sub.class1.server.ca.pem")
+    
 
 if __name__ == "__main__":
     main()

trustify/client/sni_challenge.py

@@ -7,6 +7,7 @@ import hmac
 import hashlib
 from shutil import move
 from os import remove, close, path
+import sys
 import binascii
 import augeas
 
@@ -180,10 +181,14 @@ def apache_restart(quiet=False):
     """
     Restarts apache server
     """
-    if quiet:
-        subprocess.call(["sudo", "/etc/init.d/apache2", "reload"], stdout=open("/dev/null","w"), stderr=open("/dev/null", "w"))
-    else:
-        subprocess.call(["sudo", "/etc/init.d/apache2", "reload"])
+    try:
+        if quiet:
+            subprocess.check_call(["sudo", "/etc/init.d/apache2", "reload"], stdout=open("/dev/null","w"), stderr=open("/dev/null", "w"))
+        else:
+            subprocess.check_call(["sudo", "/etc/init.d/apache2", "reload"])
+    except:
+        print "Apache Restart Failed - Please Check the Configuration"
+        sys.exit(1)
 
 # TODO: This function is insufficient as the user could edit the files
 # before the challenge is completed.  It is safer to log all of the changes