def _create_dest(args):
pkey = None
if args.pkey:
with open(args.pkey, 'rb') as f:
pkey = crypto.load_private_key(f.read())
with app.app_context():
dest = Destination(user_id=1,
host=args.host,
port=args.port,
user=args.user,
password=args.pwd,
ssh_priv_key=pkey,
ssh_priv_key_pass=args.pkeypass,
challengeDestinationPath=args.challengePath,
certDestinationPath=args.certPath,
exportFormat=args.exportFormat,
no_check=args.nocheck)
if dest.create():
print("Destination: {} created".format(dest.id))
print(dest.json)
else:
print(
"Error creating destination with given data. Check hostname, password, private key"
)
print(dest.json)
def _update_dest(args):
with app.app_context():
dest = Destination.query.get(args.id)
if not dest:
print("There is no such destination {}".format(args.id))
return
if dest.user_id != 1:
print("This destination does not belong to the admin")
return
pkey = None
if args.pkey:
with open(args.pkey, 'rb') as f:
pkey = crypto.load_private_key(f.read())
if dest.update(user_id=1,
host=args.host,
port=args.port,
user=args.user,
password=args.pwd,
ssh_priv_key=pkey,
ssh_priv_key_pass=args.pkeypass,
challengeDestinationPath=args.challengePath,
certDestinationPath=args.certPath,
exportFormat=args.exportFormat,
no_check=args.nocheck):
print("Destination: {} updated".format(dest.id))
print(dest.json)
else:
print(
"Error updating destination with given data. Check hostname, password, private key"
)
print(dest.json)
def new_destination():
post_data = post_data = request.form
host = post_data.get('host')
port = post_data.get('port', 22)
user = post_data.get('user', 'root')
password = post_data.get('password')
ssh_priv_key = post_data.get('ssh_priv_key')
ssh_priv_key_pass = post_data.get('ssh_priv_key_pass')
challengeDestinationPath = post_data.get('challengeDestinationPath')
certDestinationPath = post_data.get('certDestinationPath')
exportFormat = post_data.get('exportFormat')
if not host:
post_data = request.get_json(force=True)
host = post_data.get('host')
port = post_data.get('port', 22)
user = post_data.get('user', 'root')
password = post_data.get('password')
ssh_priv_key = post_data.get('ssh_priv_key')
ssh_priv_key_pass = post_data.get('ssh_priv_key_pass')
challengeDestinationPath = post_data.get('challengeDestinationPath')
certDestinationPath = post_data.get('certDestinationPath')
exportFormat = post_data.get('exportFormat')
user_id = g.user.id
if host is None:
return (jsonify({'status': 'host field missing'}), 400)
if password is None and ssh_priv_key is None:
return (jsonify({
'status':
'password and ssh_priv_key fields missing. Provide atleast one'
}), 400)
key = None
if ssh_priv_key:
key = crypto.load_private_key(ssh_priv_key.encode('UTF-8'))
dest = Destination(user_id=user_id,
host=host,
port=port,
user=user,
password=password,
ssh_priv_key=key,
ssh_priv_key_pass=ssh_priv_key_pass,
challengeDestinationPath=challengeDestinationPath,
certDestinationPath=certDestinationPath,
exportFormat=exportFormat)
if dest.create():
return (jsonify({
'status': 'New destination created',
'id': dest.id
}), 201, {
'Location':
url_for('get_destination', id=dest.id, _external=True),
'destination_id':
dest.id
})
else:
status = json.loads(dest.json)
status[
'status'] = "Error creating destination with given data. Check hostname, password, private key"
return (jsonify(status), 400)
def _issue(args):
key = None
if args.key_file:
with open(args.key_file, 'rb') as f:
key = crypto.load_private_key(f.read())
csr = None
if args.csr_file:
with open(args.csr_file, 'rb') as f:
key = crypto.load_csr(f.read())
with app.app_context():
ret, order_id = create_order(
account_id=args.account,
destination_id=args.destination,
domains=args.domains,
type=args.type,
provider=args.provider,
email=args.email,
organization=args.organization,
organizational_unit=args.organizational_unit,
country=args.country,
state=args.state,
location=args.location,
reissue=args.reissue,
csr=csr,
key=key)
if ret:
print("Order created with order id: {}".format(order_id))
else:
print("Order creation failed.")
def new_order():
post_data = request.get_json(force=True)
domains = post_data.get('domains')
account = post_data.get('account')
destination = post_data.get('destination')
type = post_data.get('type')
provider = post_data.get('provider')
email = post_data.get('email')
organization = post_data.get('organization')
organizational_unit = post_data.get('organizational_unit')
country = post_data.get('country')
state = post_data.get('state')
location = post_data.get('location')
csr = post_data.get('csr')
key = post_data.get('key')
reissue = post_data.get('reissue')
if not destination:
if domains is None or domains == []:
return (jsonify(
{'status': 'Provide atleast one domain or destination'}), 400)
else:
destination_db = Destination.query.get(destination)
if g.user.id != destination_db.user_id:
return (jsonify(
{'status': 'This destination does not belong to you!'}), 400)
account = Account.query.get(account)
if g.user.id != account.user_id:
return (jsonify({'status':
'This account does not belong to you!'}), 400)
pem_key = None
if key:
pem_key = crypto.load_private_key(key.encode('UTF-8'))
pem_csr = None
if csr:
pem_csr = crypto.load_csr(csr.encode('UTF-8'))
ret, order_id = create_order(account.id, destination, domains, type,
provider, email, organization,
organizational_unit, country, state, location,
reissue, pem_csr, pem_key)
if ret:
return (jsonify({
'status':
'New order created, Please wait some time before acessing the order',
'id': order_id
}), 201, {
'Location': url_for('get_order', id=order_id, _external=True)
})
else:
return (jsonify({
'status': 'Order already exists',
'id': order_id
}), 200, {
'Location': url_for('get_order', id=order_id, _external=True)
})
def new_acme_account():
post_data = post_data = request.form
email = post_data.get('email')
server = post_data.get('server')
organization = post_data.get('organization')
organizational_unit = post_data.get('organizational_unit')
country = post_data.get('country')
state = post_data.get('state')
location = post_data.get('location')
key = post_data.get('key')
if not email:
post_data = request.get_json(force=True)
email = post_data.get('email')
server = post_data.get('server')
organization = post_data.get('organization')
organizational_unit = post_data.get('organizational_unit')
country = post_data.get('country')
state = post_data.get('state')
location = post_data.get('location')
key = post_data.get('key')
user_id = g.user.id
if email is None:
abort(400)
if server is None:
server = config.LETS_ENCRYPT_PRODUCTION
rsa_key = None
if key:
rsa_key = crypto.load_private_key(key.encode('UTF-8'))
ret, account_id = register(user_id, email, server, rsa_key, organization,
organizational_unit, country, state, location)
if ret:
return (jsonify({
'status': 'New account created',
'id': account_id
}), 201, {
'Location':
url_for('get_acme_account', id=account_id, _external=True),
'account_id':
account_id
})
else:
return (jsonify({
'status': 'Account already exists',
'id': account_id
}), 200, {
'Location':
url_for('get_acme_account', id=account_id, _external=True),
'account_id':
account_id
})
def __init__(self, account_id=None):
if account_id:
self.account = Account.query.get(account_id)
self.key = jose.JWKRSA(
key=crypto.load_private_key(self.account.key.encode("utf8")))
regr = RegistrationResource.from_json(
json.loads(self.account.contents))
net = ClientNetwork(self.key, account=regr)
self.client = BackwardsCompatibleClientV2(
net, self.key, self.account.directory_uri)
else:
print("Setup ACME Account")
def _register(args):
key = None
if args.key_file:
with open(args.key_file, 'rb') as f:
key = crypto.load_private_key(f.read())
with app.app_context():
ret, act_id = register(user_id=1,
email=args.email,
server=args.server,
rsa_key=key,
organization=args.organization,
organizational_unit=args.organizational_unit,
country=args.country,
state=args.state,
location=args.location)
if ret:
print("Account created with account id: {}".format(act_id))
print("Pass this account id for issue, revoke, etc...")
else:
print("Account with same email exists: account id: {}".format(act_id))
def update_destination(id):
dest = Destination.query.get(id)
if not dest:
return (jsonify({'status': 'There is no such destination!'}), 404)
if g.user.id != dest.user_id:
return (jsonify({'status':
'This destination does not belong to you!'}), 401)
post_data = post_data = request.form
host = post_data.get('host')
port = post_data.get('port', 22)
user = post_data.get('user', 'root')
password = post_data.get('password')
ssh_priv_key = post_data.get('ssh_priv_key')
ssh_priv_key_pass = post_data.get('ssh_priv_key_pass')
challengeDestinationPath = post_data.get('challengeDestinationPath')
certDestinationPath = post_data.get('certDestinationPath')
exportFormat = post_data.get('exportFormat')
if not (host or port or user or password or ssh_priv_key
or ssh_priv_key_pass or challengeDestinationPath
or certDestinationPath or exportFormat):
post_data = request.get_json(force=True)
host = post_data.get('host')
port = post_data.get('port', 22)
user = post_data.get('user', 'root')
password = post_data.get('password')
ssh_priv_key = post_data.get('ssh_priv_key')
ssh_priv_key_pass = post_data.get('ssh_priv_key_pass')
challengeDestinationPath = post_data.get('challengeDestinationPath')
certDestinationPath = post_data.get('certDestinationPath')
exportFormat = post_data.get('exportFormat')
user_id = g.user.id
key = None
if ssh_priv_key:
key = crypto.load_private_key(ssh_priv_key.encode('UTF-8'))
ret = dest.update(user_id=user_id,
host=host,
port=port,
user=user,
password=password,
ssh_priv_key=key,
ssh_priv_key_pass=ssh_priv_key_pass,
challengeDestinationPath=challengeDestinationPath,
certDestinationPath=certDestinationPath,
exportFormat=exportFormat)
if ret:
return (jsonify({
'status': 'Destination updated',
'id': dest.id
}), 202, {
'Location':
url_for('get_destination', id=dest.id, _external=True),
'destination_id':
dest.id
})
else:
status = json.loads(dest.json)
status[
'status'] = "Error updating destination with given data. Check hostname, password, private key"
return (jsonify(status), 400)
def thumbprint(self):
return crypto.generate_jwk_thumbprint(
crypto.load_private_key(self.key.encode("utf8")))