configuration: Simplify too complex IDNA conversion

README.md

@@ -12,7 +12,7 @@ Requirements
 ------------
 
   * Python (2.7+ and 3.5+ should work)
-  * cryptography>=2.1 (older versions break idna handling)
+  * cryptography>=0.6
 
 Optional requirements (to use specified features)
 ------------------------------------------------------

acertmgr/configuration.py

@@ -90,9 +90,14 @@ def parse_config_entry(entry, globalconfig, runtimeconfig):
     config['id'] = hashlib.md5(domains.encode('utf-8')).hexdigest()
 
     # Convert unicode to IDNA domains
-    config['domaintranslation'] = idna_convert(config['domainlist'])
-    if len(config['domaintranslation']) > 0:
-        config['domainlist'] = [x for x, _ in config['domaintranslation']]
+    config['domainlist_idna_mapped'] = {}
+    for idx in range(0, len(config['domainlist'])):
+        if any(ord(c) >= 128 for c in config['domainlist'][idx]):
+            domain_human = config['domainlist'][idx]
+            domain_idna = idna_convert(domain_human)
+            if domain_idna != domain_human:
+                config['domainlist'][idx] = domain_idna  # Update domain with idna counterpart
+                config['domainlist_idna_mapped'][domain_idna] = domain_human  # Store original domain for reference
 
     # Action config defaults
     config['defaults'] = globalconfig.get('defaults', {})
@@ -162,8 +167,8 @@ def parse_config_entry(entry, globalconfig, runtimeconfig):
             cfg.update(genericfgs[0])
 
         # Update handler config with more specific values (use original names for translated unicode domains)
-        _domain = _domaintranslation_dict.get(domain, domain)
-        specificcfgs = [x for x in handlerconfigs if 'domain' in x and x['domain'] == _domain]
+        specificcfgs = [x for x in handlerconfigs if
+                        'domain' in x and x['domain'] == config['domainlist_idna_mapped'].get(domain, domain)]
         if len(specificcfgs) > 0:
             cfg.update(specificcfgs[0])
 

acertmgr/tools.py

@@ -384,26 +384,19 @@ def target_is_current(target, file):
     return target_date >= crt_date
 
 
-# @brief convert domain list to idna representation (if applicable
-def idna_convert(domainlist):
-    if any(ord(c) >= 128 for c in ''.join(domainlist)):
-        try:
-            domaintranslation = list()
-            for domain in domainlist:
-                if any(ord(c) >= 128 for c in domain):
-                    # Translate IDNA domain name from a unicode domain (handle wildcards separately)
-                    if domain.startswith('*.'):
-                        idna_domain = "*.{}".format(domain[2:].encode('idna').decode('ascii'))
-                    else:
-                        idna_domain = domain.encode('idna').decode('ascii')
-                    result = idna_domain, domain
-                else:
-                    result = domain, domain
-                domaintranslation.append(result)
-            return domaintranslation
-        except Exception as e:
-            log("Unicode domain(s) found but IDNA names could not be translated due to error: {}".format(e), error=True)
-    return [(x, x) for x in domainlist]
+# @brief convert domain to idna representation (if applicable
+def idna_convert(domain):
+    try:
+        if any(ord(c) >= 128 for c in domain):
+            # Translate IDNA domain name from a unicode domain (handle wildcards separately)
+            if domain.startswith('*.'):
+                idna_domain = "*.{}".format(domain[2:].encode('idna').decode('ascii'))
+            else:
+                idna_domain = domain.encode('idna').decode('ascii')
+            return idna_domain
+    except Exception as e:
+        log("Unicode domain(s) found but IDNA names could not be translated due to error: {}".format(e), error=True)
+    return domain
 
 
 # @brief validate the OCSP status for a given certificate by the given issuer