1
0
mirror of https://github.com/moepman/acertmgr.git synced 2025-01-04 01:25:24 +01:00

Improve error handling and tempfile creation

This commit is contained in:
Markus 2016-01-12 17:41:48 +01:00
parent bd8b672e75
commit 4089faa997

View File

@ -12,6 +12,7 @@ import dateutil.relativedelta
import os import os
import re import re
import subprocess import subprocess
import tempfile
import yaml import yaml
@ -21,6 +22,10 @@ ACME_CONFD=ACME_DIR + "domains.d/"
LE_CA="https://acme-staging.api.letsencrypt.org" LE_CA="https://acme-staging.api.letsencrypt.org"
class FileNotFoundError(OSError):
pass
class InvalidCertificateError(Exception): class InvalidCertificateError(Exception):
pass pass
@ -73,10 +78,8 @@ def cert_get(domain, settings):
if not os.path.isfile(acc_file): if not os.path.isfile(acc_file):
raise FileNotFoundError("The account key file (%s) is missing!" % acc_file) raise FileNotFoundError("The account key file (%s) is missing!" % acc_file)
csr_file = "/tmp/%s.csr" % domain _, csr_file = tempfile.mkstemp(".csr", "%s." % domain)
crt_file = "/tmp/%s.crt" % domain _, crt_file = tempfile.mkstemp(".crt", "%s." % domain)
if os.path.lexists(csr_file) or os.path.lexists(crt_file):
raise FileExistsError("A temporary file already exists!")
challenge_dir = settings.get("webdir", "/var/www/acme-challenge/") challenge_dir = settings.get("webdir", "/var/www/acme-challenge/")
if not os.path.isdir(challenge_dir): if not os.path.isdir(challenge_dir):
@ -89,18 +92,19 @@ def cert_get(domain, settings):
crt = acme_tiny.get_crt(acc_file, csr_file, challenge_dir, CA = LE_CA) crt = acme_tiny.get_crt(acc_file, csr_file, challenge_dir, CA = LE_CA)
with open(crt_file, "w") as crt_fd: with open(crt_file, "w") as crt_fd:
crt_fd.write(crt) crt_fd.write(crt)
except Exception:
os.remove(csr_file)
raise
# TODO check if resulting certificate is valid # TODO check if resulting certificate is valid
os.remove(csr_file)
# TODO store resulting certificate at final location # TODO store resulting certificate at final location
except Exception:
raise
# @brief put new certificate in plcae finally:
os.remove(csr_file)
os.remove(crt_file)
# @brief put new certificate in place
# @param domain string containing the domain name # @param domain string containing the domain name
# @param settings the domain's configuration options # @param settings the domain's configuration options
def cert_put(domain, settings): def cert_put(domain, settings):