1
0
mirror of https://github.com/moepman/acertmgr.git synced 2024-11-14 18:35:27 +01:00

Implement cert_put and use live API

This commit is contained in:
Markus 2016-01-21 16:43:49 +01:00
parent 554b96cea8
commit 60ae8f2452

View File

@ -1,4 +1,4 @@
#!/usr/bin/env python #!/usr/bin/env python2
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# Automated Certificate Manager using ACME # Automated Certificate Manager using ACME
@ -9,7 +9,9 @@ import acme_tiny
import datetime import datetime
import dateutil.parser import dateutil.parser
import dateutil.relativedelta import dateutil.relativedelta
import grp
import os import os
import pwd
import re import re
import shutil import shutil
import subprocess import subprocess
@ -20,7 +22,6 @@ import yaml
ACME_DIR="/etc/acme/" ACME_DIR="/etc/acme/"
ACME_CONF=ACME_DIR + "acme.conf" ACME_CONF=ACME_DIR + "acme.conf"
ACME_CONFD=ACME_DIR + "domains.d/" ACME_CONFD=ACME_DIR + "domains.d/"
LE_CA="https://acme-staging.api.letsencrypt.org"
class FileNotFoundError(OSError): class FileNotFoundError(OSError):
@ -42,13 +43,13 @@ def cert_isValid(crt_file, ttl_days):
# check validity using OpenSSL # check validity using OpenSSL
vc = subprocess.check_output(['openssl', 'x509', '-in', crt_file, '-noout', '-dates']) vc = subprocess.check_output(['openssl', 'x509', '-in', crt_file, '-noout', '-dates'])
m = re.search("notBefore=(.+)", vc) m = re.search(b"notBefore=(.+)", vc)
if m: if m:
valid_from = dateutil.parser.parse(m.group(1), ignoretz=True) valid_from = dateutil.parser.parse(m.group(1), ignoretz=True)
else: else:
raise InvalidCertificateError("No notBefore date found") raise InvalidCertificateError("No notBefore date found")
m = re.search("notAfter=(.+)", vc) m = re.search(b"notAfter=(.+)", vc)
if m: if m:
valid_to = dateutil.parser.parse(m.group(1), ignoretz=True) valid_to = dateutil.parser.parse(m.group(1), ignoretz=True)
else: else:
@ -90,7 +91,7 @@ def cert_get(domain, settings):
cr = subprocess.check_output(['openssl', 'req', '-new', '-sha256', '-key', key_file, '-out', csr_file, '-subj', '/CN=%s' % domain]) cr = subprocess.check_output(['openssl', 'req', '-new', '-sha256', '-key', key_file, '-out', csr_file, '-subj', '/CN=%s' % domain])
# get certificate # get certificate
crt = acme_tiny.get_crt(acc_file, csr_file, challenge_dir, CA = LE_CA) crt = acme_tiny.get_crt(acc_file, csr_file, challenge_dir)
with open(crt_file, "w") as crt_fd: with open(crt_file, "w") as crt_fd:
crt_fd.write(crt) crt_fd.write(crt)
@ -113,20 +114,34 @@ def cert_put(domain, settings):
crt_group = settings['group'] crt_group = settings['group']
crt_perm = settings['perm'] crt_perm = settings['perm']
crt_path = settings['path'] crt_path = settings['path']
crt_format = settings['format'] crt_format = settings['format'].split(",")
crt_notify = settings['notify'] crt_notify = settings['notify']
key_file = ACME_DIR + "server.key"
crt_final = ACME_DIR + "%s.crt" % domain crt_final = ACME_DIR + "%s.crt" % domain
if crt_format == 'split': with open(crt_path, "w+") as crt_fd:
# TODO copy key for fmt in crt_format:
# TODO copy crt if fmt == "crt":
# TODO copy CA src_fd = open(crt_final, "r")
# TODO set permissions crt_fd.write(src_fd.read())
else: src_fd.close()
# TODO error: unknown format if fmt == "key":
src_fd = open(key_file, "r")
crt_fd.write(src_fd.read())
src_fd.close()
else:
# TODO error handling
pass
# TODO restart/reload service # set owner and permissions
uid = pwd.getpwnam(crt_user).pw_uid
gid = grp.getgrnam(crt_group).gr_gid
os.chown(crt_path, uid, gid)
os.chmod(crt_path, int(crt_perm, 8))
# restart/reload service
subprocess.call(crt_notify.split())
# @brief augment configuration with defaults # @brief augment configuration with defaults