diff --git a/trustify/client/client.py b/trustify/client/client.py index 50d7fc703..6fad4f0a7 100644 --- a/trustify/client/client.py +++ b/trustify/client/client.py @@ -177,9 +177,10 @@ def make_request(server, m, csr, quiet=False): m.request.csr = csr hashcash_cmd = ["hashcash", "-P", "-m", "-z", "12", "-b", `difficulty`, "-r", server] if quiet: - hashcash = subprocess.check_output(hashcash_cmd, preexec_fn=drop_privs, shell=False, stderr=open("/dev/null", "w")).rstrip() + hashcash = subprocess.Popen(hashcash_cmd, preexec_fn=drop_privs, shell= False, stdout=subprocess.PIPE, stderr=open("/dev/null", "w")).communicate()[0].rstrip() else: - hashcash = subprocess.check_output(hashcash_cmd, preexec_fn=drop_privs, shell=False).rstrip() + hashcash = subprocess.Popen(hashcash_cmd, preexec_fn=drop_privs, shell= False, stdout=subprocess.PIPE).communicate()[0].rstrip() + if hashcash: m.request.clientpuzzle = hashcash def sign(key, m): diff --git a/trustify/client/configurator.py b/trustify/client/configurator.py index e805e01d3..ac45fb56b 100644 --- a/trustify/client/configurator.py +++ b/trustify/client/configurator.py @@ -63,21 +63,23 @@ class Configurator(object): if cert_chain is not None: path["cert_chain"] = self.find_directive("SSLCertificateChainFile", None, vhost.path) - for k in path.iterkeys(): - if len(path[k]) == 0: - # Throw some "can't find all of the directives error" - print "DEBUG - Error: cannot find ", search[k] - print "DEBUG - in ", vhost.path - print "VirtualHost was not modified" - # Presumably break here so that the virtualhost is not modified - return False + if len(path["cert_file"]) == 0 or len(path["cert_key"]) == 0: + # Throw some "can't find all of the directives error" + print "DEBUG - Error: cannot find a cert or key directive" + print "DEBUG - in ", vhost.path + print "VirtualHost was not modified" + # Presumably break here so that the virtualhost is not modified + return False #print "Deploying Certificate to VirtualHost" self.aug.set(path["cert_file"][0], cert) self.aug.set(path["cert_key"][0], key) if cert_chain is not None: - self.aug.set(path["cert_chain"][0], cert_chain) + if len(path["cert_chain"]) == 0: + self.add_dir(vhost.path, "SSLCertificateChainFile", cert_chain) + else: + self.aug.set(path["cert_chain"][0], cert_chain) return self.save("Virtual Server - deploying certificate") @@ -366,7 +368,7 @@ class Configurator(object): Checks apache2ctl to get loaded module list """ try: - #p = subprocess.check_output(["sudo", "/usr/sbin/apache2ctl", "-M"], stderr=open("/dev/null", 'w')) + #p = subprocess.check_output(['sudo', '/usr/sbin/apache2ctl', '-M'], stderr=open("/dev/null", 'w')) p = subprocess.Popen(['sudo', '/usr/sbin/apache2ctl', '-M'], stdout=subprocess.PIPE, stderr=open("/dev/null", 'w')).communicate()[0] except: print "Error accessing apache2ctl for loaded modules!" @@ -518,11 +520,14 @@ class Configurator(object): Enables mod_ssl TODO: TEST """ - # Use check_output so the command will finish before reloading - #subprocess.check_output(["sudo", "a2enmod", "ssl"], stdout=open("/dev/null", 'w'), stderr=open("/dev/null", 'w')) - # Hopefully this waits for output - text = subprocess.Popen(['sudo', 'a2enmod', 'ssl'], stdout=subprocess.PIPE, stderr=open("/dev/null", 'w')).communicate()[0] - subprocess.call(["sudo", "/etc/init.d/apache2", "reload"], stdout=open("/dev/null", 'w')) + try: + # Use check_output so the command will finish before reloading + subprocess.check_call(["sudo", "a2enmod", "ssl"], stdout=open("/dev/null", 'w'), stderr=open("/dev/null", 'w')) + # Hopefully this waits for output + subprocess.check_call(["sudo", "/etc/init.d/apache2", "reload"], stdout=open("/dev/null", 'w'), stderr=open("/dev/null", 'w')) + except: + print "Error enabling mod_ssl" + sys.exit(1) def fnmatch_to_re(self, cleanFNmatch): """ @@ -626,11 +631,11 @@ def main(): config.redirect_all_ssl(vh, ["localhost"]) config.save() """ - """ + for vh in config.vhosts: if len(vh.names) > 0: - config.deploy_cert(vh, "/home/james/Documents/apache_choc/req.pem", "/home/james/Documents/apache_choc/key.pem") - """ + config.deploy_cert(vh, "/home/james/Documents/apache_choc/req.pem", "/home/james/Documents/apache_choc/key.pem", "/home/james/Downloads/sub.class1.server.ca.pem") + if __name__ == "__main__": main() diff --git a/trustify/client/sni_challenge.py b/trustify/client/sni_challenge.py index 8fcde01d0..ebaf23d74 100644 --- a/trustify/client/sni_challenge.py +++ b/trustify/client/sni_challenge.py @@ -7,6 +7,7 @@ import hmac import hashlib from shutil import move from os import remove, close, path +import sys import binascii import augeas @@ -180,10 +181,14 @@ def apache_restart(quiet=False): """ Restarts apache server """ - if quiet: - subprocess.call(["sudo", "/etc/init.d/apache2", "reload"], stdout=open("/dev/null","w"), stderr=open("/dev/null", "w")) - else: - subprocess.call(["sudo", "/etc/init.d/apache2", "reload"]) + try: + if quiet: + subprocess.check_call(["sudo", "/etc/init.d/apache2", "reload"], stdout=open("/dev/null","w"), stderr=open("/dev/null", "w")) + else: + subprocess.check_call(["sudo", "/etc/init.d/apache2", "reload"]) + except: + print "Apache Restart Failed - Please Check the Configuration" + sys.exit(1) # TODO: This function is insufficient as the user could edit the files # before the challenge is completed. It is safer to log all of the changes