From 4089faa997ffc5242a16250ebdd1f25381598117 Mon Sep 17 00:00:00 2001 From: Markus Hauschild Date: Tue, 12 Jan 2016 17:41:48 +0100 Subject: [PATCH] Improve error handling and tempfile creation --- acertmgr.py | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/acertmgr.py b/acertmgr.py index 70207d1..aa5bf49 100755 --- a/acertmgr.py +++ b/acertmgr.py @@ -12,6 +12,7 @@ import dateutil.relativedelta import os import re import subprocess +import tempfile import yaml @@ -21,6 +22,10 @@ ACME_CONFD=ACME_DIR + "domains.d/" LE_CA="https://acme-staging.api.letsencrypt.org" +class FileNotFoundError(OSError): + pass + + class InvalidCertificateError(Exception): pass @@ -73,10 +78,8 @@ def cert_get(domain, settings): if not os.path.isfile(acc_file): raise FileNotFoundError("The account key file (%s) is missing!" % acc_file) - csr_file = "/tmp/%s.csr" % domain - crt_file = "/tmp/%s.crt" % domain - if os.path.lexists(csr_file) or os.path.lexists(crt_file): - raise FileExistsError("A temporary file already exists!") + _, csr_file = tempfile.mkstemp(".csr", "%s." % domain) + _, crt_file = tempfile.mkstemp(".crt", "%s." % domain) challenge_dir = settings.get("webdir", "/var/www/acme-challenge/") if not os.path.isdir(challenge_dir): @@ -89,18 +92,19 @@ def cert_get(domain, settings): crt = acme_tiny.get_crt(acc_file, csr_file, challenge_dir, CA = LE_CA) with open(crt_file, "w") as crt_fd: crt_fd.write(crt) - except Exception: - os.remove(csr_file) - raise # TODO check if resulting certificate is valid - - os.remove(csr_file) - # TODO store resulting certificate at final location + except Exception: + raise -# @brief put new certificate in plcae + finally: + os.remove(csr_file) + os.remove(crt_file) + + +# @brief put new certificate in place # @param domain string containing the domain name # @param settings the domain's configuration options def cert_put(domain, settings):