Random small changes

This commit is contained in:
James Kasten 2014-12-01 03:05:06 -08:00
parent cf9c861331
commit cb9263cc4a
5 changed files with 86 additions and 42 deletions

2
EULA
View file

@ -2,4 +2,4 @@ This is a PREVIEW RELEASE of a client application for the Let's Encrypt certific
Until publicly-trusted certificates can be issued by Let's Encrypt, this software CANNOT OBTAIN A PUBLICLY-TRUSTED CERTIFICATE FOR YOUR WEB SERVER. You should only use this program if you are a developer interested in experimenting with the ACME protocol or in helping to improve this software. If you want to configure your web site with HTTPS in the meantime, please obtain a certificate from a different authority.
For updates on the status of Let's Encrypt, please visit the Let's Encrypt home page at https://www.letsencrypt.org/.
For updates on the status of Let's Encrypt, please visit the Let's Encrypt home page at https://letsencrypt.org/.

View file

@ -370,7 +370,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator):
Checks if addr has a NameVirtualHost directive in the Apache config
:param str addr: vhost address ie. \*:443
:param str addr: vhost address ie. *:443
:returns: Success
:rtype: bool
@ -1176,26 +1176,7 @@ LogLevel warn \n\
:rtype: bool
"""
# TODO: This should be written to use the process returncode
try:
proc = subprocess.Popen(['/etc/init.d/apache2', 'restart'],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
text = proc.communicate()
if proc.returncode != 0:
# Enter recovery routine...
logger.error("Configtest failed")
logger.error(text[0])
logger.error(text[1])
return False
except (OSError, ValueError):
logger.fatal(("Apache Restart Failed - "
"Please Check the Configuration"))
sys.exit(1)
return True
return apache_restart(quiet)
def _add_httpd_transform(self, incl):
"""Add a transform to Augeas.
@ -1240,6 +1221,9 @@ LogLevel warn \n\
# Challenges Section
###########################################################################
# TODO: Change list_sni_tuple to namedtuple. Also include key within tuple.
# This allows the keys to be different for each SNI challenge
def perform(self, chall_dict):
"""Perform the configuration related challenge.
@ -1254,11 +1238,14 @@ LogLevel warn \n\
def dvsni_perform(self, chall_dict):
"""Peform a DVSNI challenge.
Composed of
list_sni_tuple: List of tuples with form (addr, r, nonce)
addr (string), r (base64 string), nonce (hex string)
chall_dict composed of:
dvsni_key: namedtuple - client.Client.Key()
list_sni_tuple:
List of tuples with form `(addr, r, nonce)`
`addr` (`string`), `r` (base64 `str`), `nonce` (hex `str`)
dvsni_key:
:class:`client.Client.Key`
:param dict chall_dict: dvsni challenge - see documentation
@ -1327,12 +1314,12 @@ LogLevel warn \n\
Result: Apache config includes virtual servers for issued challs
:param list_sni_tuple: list of tuples with the form (addr, y, nonce)
addr (string), y (byte array), nonce (hex str)
:type list_sni_tuple: list
:param list list_sni_tuple: list of tuples with the form
`(addr, y, nonce)`, where `addr` is `str`, y is `byte array`,
`nonce` is `str`
:param dvsni_key: Namedtuple with file, pem
:type dvsni_key: `client.Client.Key` - namedtuple
:type dvsni_key: :class:`client.Client.Key`
:param list ll_addrs: list of list of addresses to apply
@ -1447,6 +1434,29 @@ def check_ssl_loaded():
return False
def apache_restart(quiet=False):
# TODO: This should be written to use the process returncode
try:
proc = subprocess.Popen(['/etc/init.d/apache2', 'restart'],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
text = proc.communicate()
if proc.returncode != 0:
# Enter recovery routine...
logger.error("Configtest failed")
logger.error(text[0])
logger.error(text[1])
return False
except (OSError, ValueError):
logger.fatal(("Apache Restart Failed - "
"Please Check the Configuration"))
sys.exit(1)
return True
def verify_setup():
"""Verify the setup to ensure safe operating environment.

View file

@ -64,10 +64,10 @@ class Client(object):
try:
self._validate_csr_key_cli()
except errors.LetsEncryptClientError as e:
except errors.LetsEncryptClientError as exc:
# TODO: Something nice here...
logger.fatal(("%s - until the programmers get their act together, "
"we are just going to exit" % str(e)))
"we are just going to exit" % str(exc)))
sys.exit(1)
self.server_url = "https://%s/acme/" % self.server
@ -91,8 +91,6 @@ class Client(object):
if not self.config.config_test():
sys.exit(1)
self.redirect = redirect
# Display preview warning
if not eula:
with open('EULA') as eula_file:
@ -141,7 +139,7 @@ class Client(object):
cert_file = self.install_certificate(certificate_dict, vhost)
# Perform optimal config changes
self.optimize_config(vhost)
self.optimize_config(vhost, redirect)
self.config.save("Completed Let's Encrypt Authentication")
@ -428,11 +426,19 @@ class Client(object):
return cert_file
def optimize_config(self, vhost):
if self.redirect is None:
self.redirect = display.redirect_by_default()
def optimize_config(self, vhost, redirect):
"""Optimize the configuration.
if self.redirect:
:param vhost: vhost to optimize
:type vhost: :class:`apache_configurator.VH`
:param bool redirect: If traffic should be forwarded from HTTP to HTTPS
"""
if redirect is None:
redirect = display.redirect_by_default()
if redirect:
self.redirect_to_ssl(vhost)
self.config.restart(quiet=self.curses)
@ -447,6 +453,11 @@ class Client(object):
# continue
def cleanup_challenges(self, challenges):
"""Cleanup configuration challenges
:param dict challenges: challenges from a challenge message
"""
logger.info("Cleaning up challenges...")
for chall in challenges:
if chall["type"] in CONFIG.CONFIG_CHALLENGES:
@ -541,6 +552,12 @@ class Client(object):
return True
def redirect_to_ssl(self, vhost):
"""Redirect all traffic from HTTP to HTTPS
:param vhost: list of ssl_vhosts
:type vhost: :class:`apache_configurator.VH`
"""
for ssl_vh in vhost:
success, redirect_vhost = self.config.enable_redirect(ssl_vh)
logger.info("\nRedirect vhost: " + redirect_vhost.file +
@ -550,6 +567,14 @@ class Client(object):
self.config.enable_site(redirect_vhost)
def get_virtual_hosts(self, domains):
"""Retrieve the appropriate virtual host for the domain
:param list domains: Domains to find ssl vhosts for
:returns: associated vhosts
:rtype: :class:`apache_configurator.VH`
"""
vhost = set()
for name in domains:
host = self.config.choose_virtual_host(name)

View file

@ -1,4 +1,9 @@
"""Recovery Contact Identifier Validation Challenge."""
"""Recovery Contact Identifier Validation Challenge.
NOTE: THIS CLASS IS NOT FULLY IMPLEMENTED INTO THE PROJECT
YET.
"""
import time
import dialog
@ -101,7 +106,6 @@ class RecoveryContact(challenge.Challenge):
return ans.startswith('y') or ans.startswith('Y')
def generate_response(self):
if not self.token:
return {"type": "recoveryContact"}

View file

@ -1,4 +1,9 @@
"""Recovery Token Identifier Validation Challenge."""
"""Recovery Token Identifier Validation Challenge.
NOTE: THIS CHALLENGE IS NOT IMPLEMENTED OR INCLUDED
IN THE PROJECT CURRENTLY
"""
import dialog
from letsencrypt.client import challenge