1
0
mirror of https://github.com/moepman/acertmgr.git synced 2024-12-29 08:11:51 +01:00

configuration: Simplify too complex IDNA conversion

This commit is contained in:
Kishi85 2021-06-21 22:18:31 +02:00 committed by Markus Hauschild
parent e2f7b09b18
commit 460b0119ac
3 changed files with 24 additions and 26 deletions

View File

@ -12,7 +12,7 @@ Requirements
------------ ------------
* Python (2.7+ and 3.5+ should work) * Python (2.7+ and 3.5+ should work)
* cryptography>=2.1 (older versions break idna handling) * cryptography>=0.6
Optional requirements (to use specified features) Optional requirements (to use specified features)
------------------------------------------------------ ------------------------------------------------------

View File

@ -90,9 +90,14 @@ def parse_config_entry(entry, globalconfig, runtimeconfig):
config['id'] = hashlib.md5(domains.encode('utf-8')).hexdigest() config['id'] = hashlib.md5(domains.encode('utf-8')).hexdigest()
# Convert unicode to IDNA domains # Convert unicode to IDNA domains
config['domaintranslation'] = idna_convert(config['domainlist']) config['domainlist_idna_mapped'] = {}
if len(config['domaintranslation']) > 0: for idx in range(0, len(config['domainlist'])):
config['domainlist'] = [x for x, _ in config['domaintranslation']] if any(ord(c) >= 128 for c in config['domainlist'][idx]):
domain_human = config['domainlist'][idx]
domain_idna = idna_convert(domain_human)
if domain_idna != domain_human:
config['domainlist'][idx] = domain_idna # Update domain with idna counterpart
config['domainlist_idna_mapped'][domain_idna] = domain_human # Store original domain for reference
# Action config defaults # Action config defaults
config['defaults'] = globalconfig.get('defaults', {}) config['defaults'] = globalconfig.get('defaults', {})
@ -162,8 +167,8 @@ def parse_config_entry(entry, globalconfig, runtimeconfig):
cfg.update(genericfgs[0]) cfg.update(genericfgs[0])
# Update handler config with more specific values (use original names for translated unicode domains) # Update handler config with more specific values (use original names for translated unicode domains)
_domain = _domaintranslation_dict.get(domain, domain) specificcfgs = [x for x in handlerconfigs if
specificcfgs = [x for x in handlerconfigs if 'domain' in x and x['domain'] == _domain] 'domain' in x and x['domain'] == config['domainlist_idna_mapped'].get(domain, domain)]
if len(specificcfgs) > 0: if len(specificcfgs) > 0:
cfg.update(specificcfgs[0]) cfg.update(specificcfgs[0])

View File

@ -384,26 +384,19 @@ def target_is_current(target, file):
return target_date >= crt_date return target_date >= crt_date
# @brief convert domain list to idna representation (if applicable # @brief convert domain to idna representation (if applicable
def idna_convert(domainlist): def idna_convert(domain):
if any(ord(c) >= 128 for c in ''.join(domainlist)):
try: try:
domaintranslation = list()
for domain in domainlist:
if any(ord(c) >= 128 for c in domain): if any(ord(c) >= 128 for c in domain):
# Translate IDNA domain name from a unicode domain (handle wildcards separately) # Translate IDNA domain name from a unicode domain (handle wildcards separately)
if domain.startswith('*.'): if domain.startswith('*.'):
idna_domain = "*.{}".format(domain[2:].encode('idna').decode('ascii')) idna_domain = "*.{}".format(domain[2:].encode('idna').decode('ascii'))
else: else:
idna_domain = domain.encode('idna').decode('ascii') idna_domain = domain.encode('idna').decode('ascii')
result = idna_domain, domain return idna_domain
else:
result = domain, domain
domaintranslation.append(result)
return domaintranslation
except Exception as e: except Exception as e:
log("Unicode domain(s) found but IDNA names could not be translated due to error: {}".format(e), error=True) log("Unicode domain(s) found but IDNA names could not be translated due to error: {}".format(e), error=True)
return [(x, x) for x in domainlist] return domain
# @brief validate the OCSP status for a given certificate by the given issuer # @brief validate the OCSP status for a given certificate by the given issuer