diff --git a/README.md b/README.md index 61b1ca1..347f884 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ Requirements ------------ * Python (2.7+ and 3.5+ should work) - * cryptography>=2.1 (older versions break idna handling) + * cryptography>=0.6 Optional requirements (to use specified features) ------------------------------------------------------ diff --git a/acertmgr/configuration.py b/acertmgr/configuration.py index 6a0ac0c..8303cca 100644 --- a/acertmgr/configuration.py +++ b/acertmgr/configuration.py @@ -90,9 +90,14 @@ def parse_config_entry(entry, globalconfig, runtimeconfig): config['id'] = hashlib.md5(domains.encode('utf-8')).hexdigest() # Convert unicode to IDNA domains - config['domaintranslation'] = idna_convert(config['domainlist']) - if len(config['domaintranslation']) > 0: - config['domainlist'] = [x for x, _ in config['domaintranslation']] + config['domainlist_idna_mapped'] = {} + for idx in range(0, len(config['domainlist'])): + if any(ord(c) >= 128 for c in config['domainlist'][idx]): + domain_human = config['domainlist'][idx] + domain_idna = idna_convert(domain_human) + if domain_idna != domain_human: + config['domainlist'][idx] = domain_idna # Update domain with idna counterpart + config['domainlist_idna_mapped'][domain_idna] = domain_human # Store original domain for reference # Action config defaults config['defaults'] = globalconfig.get('defaults', {}) @@ -162,8 +167,8 @@ def parse_config_entry(entry, globalconfig, runtimeconfig): cfg.update(genericfgs[0]) # Update handler config with more specific values (use original names for translated unicode domains) - _domain = _domaintranslation_dict.get(domain, domain) - specificcfgs = [x for x in handlerconfigs if 'domain' in x and x['domain'] == _domain] + specificcfgs = [x for x in handlerconfigs if + 'domain' in x and x['domain'] == config['domainlist_idna_mapped'].get(domain, domain)] if len(specificcfgs) > 0: cfg.update(specificcfgs[0]) diff --git a/acertmgr/tools.py b/acertmgr/tools.py index 213a893..8fdce6a 100644 --- a/acertmgr/tools.py +++ b/acertmgr/tools.py @@ -384,26 +384,19 @@ def target_is_current(target, file): return target_date >= crt_date -# @brief convert domain list to idna representation (if applicable -def idna_convert(domainlist): - if any(ord(c) >= 128 for c in ''.join(domainlist)): - try: - domaintranslation = list() - for domain in domainlist: - if any(ord(c) >= 128 for c in domain): - # Translate IDNA domain name from a unicode domain (handle wildcards separately) - if domain.startswith('*.'): - idna_domain = "*.{}".format(domain[2:].encode('idna').decode('ascii')) - else: - idna_domain = domain.encode('idna').decode('ascii') - result = idna_domain, domain - else: - result = domain, domain - domaintranslation.append(result) - return domaintranslation - except Exception as e: - log("Unicode domain(s) found but IDNA names could not be translated due to error: {}".format(e), error=True) - return [(x, x) for x in domainlist] +# @brief convert domain to idna representation (if applicable +def idna_convert(domain): + try: + if any(ord(c) >= 128 for c in domain): + # Translate IDNA domain name from a unicode domain (handle wildcards separately) + if domain.startswith('*.'): + idna_domain = "*.{}".format(domain[2:].encode('idna').decode('ascii')) + else: + idna_domain = domain.encode('idna').decode('ascii') + return idna_domain + except Exception as e: + log("Unicode domain(s) found but IDNA names could not be translated due to error: {}".format(e), error=True) + return domain # @brief validate the OCSP status for a given certificate by the given issuer