Ejemplo n.º 1
0
 def _config_load(self):
     """" load config from file """
     # pylint: disable=R0912, R0915
     self.logger.debug('CAhandler._config_load()')
     config_dic = load_config(self.logger, 'Hooks')
     if 'Hooks' in config_dic and 'save_path' in config_dic['Hooks']:
         self.save_path = config_dic['Hooks']['save_path']
    def _certificate_extensions_load(self):
        """ verify certificate chain """
        self.logger.debug('CAhandler._certificate_extensions_load()')

        file_dic = dict(load_config(self.logger, None, self.openssl_conf))

        cert_extention_dic = {}
        if 'extensions' in file_dic:
            for extension in file_dic['extensions']:

                cert_extention_dic[extension] = {}
                parameters = file_dic['extensions'][extension].split(',')

                # set crititcal task if applicable
                if parameters[0] == 'critical':
                    cert_extention_dic[extension]['critical'] = bool(parameters.pop(0))
                else:
                    cert_extention_dic[extension]['critical'] = False

                # remove leading blank from first element
                parameters[0] = parameters[0].lstrip()

                # check if we have an issuer option (if so remove it and mark it as to be set)
                if 'issuer:' in parameters[-1]:
                    cert_extention_dic[extension]['issuer'] = bool(parameters.pop(-1))

                # check if we have an issuer option (if so remove it and mark it as to be set)
                if 'subject:' in parameters[-1]:
                    cert_extention_dic[extension]['subject'] = bool(parameters.pop(-1))

                # combine the remaining items and put them in as values
                cert_extention_dic[extension]['value'] = ','.join(parameters)

        self.logger.debug('CAhandler._certificate_extensions_load() ended')
        return cert_extention_dic
    def _config_load(self):
        """" load config from file """
        self.logger.debug('CAhandler._config_load()')
        config_dic = load_config(self.logger, 'CAhandler')

        if 'xdb_file' in config_dic['CAhandler']:
            self.xdb_file = config_dic['CAhandler']['xdb_file']

        if 'passphrase_variable' in config_dic['CAhandler']:
            try:
                self.passphrase = os.environ[config_dic['CAhandler']['passphrase_variable']]
            except BaseException as err:
                self.logger.error('CAhandler._config_load() could not load passphrase_variable:{0}'.format(err))

        if 'passphrase' in config_dic['CAhandler']:
            # overwrite passphrase specified in variable
            if self.passphrase:
                self.logger.info('CAhandler._config_load() overwrite passphrase_variable')
            self.passphrase = config_dic['CAhandler']['passphrase']

        if 'issuing_ca_name' in config_dic['CAhandler']:
            self.issuing_ca_name = config_dic['CAhandler']['issuing_ca_name']

        if 'issuing_ca_key' in config_dic['CAhandler']:
            self.issuing_ca_key = config_dic['CAhandler']['issuing_ca_key']

        if 'ca_cert_chain_list' in config_dic['CAhandler']:
            try:
                self.ca_cert_chain_list = json.loads(config_dic['CAhandler']['ca_cert_chain_list'])
            except BaseException:
                self.logger.error('CAhandler._config_load(): parameter "ca_cert_chain_list" cannot be loaded')

        if 'template_name' in config_dic['CAhandler']:
            self.template_name = config_dic['CAhandler']['template_name']
Ejemplo n.º 4
0
    def _config_load(self):
        """" load config from file """
        self.logger.debug('Account._config_load()')
        config_dic = load_config()
        if 'Account' in config_dic:
            self.inner_header_nonce_allow = config_dic.getboolean('Account', 'inner_header_nonce_allow', fallback=False)
            self.ecc_only = config_dic.getboolean('Account', 'ecc_only', fallback=False)
            self.tos_check_disable = config_dic.getboolean('Account', 'tos_check_disable', fallback=False)
            self.contact_check_disable = config_dic.getboolean('Account', 'contact_check_disable', fallback=False)

        if 'EABhandler' in config_dic:
            self.logger.debug('Account._config.load(): loading eab_handler')
            # mandate eab check regardless if handler is configured or could get loaded or not
            self.eab_check = True
            if 'eab_handler_file' in config_dic['EABhandler']:
                # load eab_handler according to configuration
                eab_handler_module = eab_handler_load(self.logger, config_dic)
                if eab_handler_module:
                    # store handler in variable
                    self.eab_handler = eab_handler_module.EABhandler
                else:
                    self.logger.critical('Account._config_load(): EABHandler could not get loaded')
            else:
                self.logger.critical('Account._config_load(): EABHandler configuration incomplete')

        if 'Directory' in config_dic:
            if 'tos_url' in config_dic['Directory']:
                self.tos_url = config_dic['Directory']['tos_url']
            if 'url_prefix' in config_dic['Directory']:
                self.path_dic = {k: config_dic['Directory']['url_prefix'] + v for k, v in self.path_dic.items()}
        self.logger.debug('Account._config_load() ended')
 def _config_load(self):
     """" load config from file """
     self.logger.debug('CAhandler._config_load()')
     config_dic = load_config()
     self.keyfile = config_dic['CAhandler']['acme_keyfile']
     self.url = config_dic['CAhandler']['acme_url']
     self.account = config_dic['CAhandler']['acme_account']
     self.logger.debug('CAhandler._config_load() ended')
Ejemplo n.º 6
0
    def _config_load(self):
        """" load config from file """
        self.logger.debug('CAhandler._config_load()')
        config_dic = load_config()
        if 'CAhandler' in config_dic:
            if 'acme_keyfile' in config_dic['CAhandler']:
                self.keyfile = config_dic['CAhandler']['acme_keyfile']
            else:
                self.logger.error(
                    'CAhandler._config_load() configuration incomplete: "acme_keyfile" parameter is missing in config file'
                )

            if 'acme_url' in config_dic['CAhandler']:
                self.url = config_dic['CAhandler']['acme_url']
                self.url_dic = parse_url(self.logger, self.url)
            else:
                self.logger.error(
                    'CAhandler._config_load() configuration incomplete: "acme_url" parameter is missing in config file'
                )

            if 'acme_account' in config_dic['CAhandler']:
                self.account = config_dic['CAhandler']['acme_account']

            if 'account_path' in config_dic['CAhandler']:
                self.path_dic['acct_path'] = config_dic['CAhandler'][
                    'account_path']

            if 'directory_path' in config_dic['CAhandler']:
                self.path_dic['directory_path'] = config_dic['CAhandler'][
                    'directory_path']

            if 'acme_account_keysize' in config_dic['CAhandler']:
                self.key_size = config_dic['CAhandler']['acme_account_keysize']

            if 'acme_account_email' in config_dic['CAhandler']:
                self.email = config_dic['CAhandler']['acme_account_email']

            if 'allowed_domainlist' in config_dic['CAhandler']:
                try:
                    self.allowed_domainlist = json.loads(
                        config_dic['CAhandler']['allowed_domainlist'])
                except Exception as err:
                    self.logger.error(
                        'CAhandler._config_load(): failed to parse allowed_domainlist: {0}'
                        .format(err))

            if 'eab_kid' in config_dic['CAhandler']:
                self.eab_kid = config_dic['CAhandler']['eab_kid']

            if 'eab_hmac_key' in config_dic['CAhandler']:
                self.eab_hmac_key = config_dic['CAhandler']['eab_hmac_key']

            self.logger.debug('CAhandler._config_load() ended')
        else:
            self.logger.error(
                'CAhandler._config_load() configuration incomplete: "CAhandler" section is missing in config file'
            )
Ejemplo n.º 7
0
    def _config_load(self):
        """ " load config from file"""
        self.logger.debug("CAhandler._config_load()")
        config_dic = load_config(self.logger, "CAhandler")

        if 'CAhandler' in config_dic:
            if 'host_variable' in config_dic['CAhandler']:
                try:
                    self.host = os.environ[config_dic['CAhandler']['host_variable']]
                except Exception as err:
                    self.logger.error('CAhandler._config_load() could not load host_variable:{0}'.format(err))
            if 'host' in config_dic['CAhandler']:
                if self.host:
                    self.logger.info('CAhandler._config_load() overwrite host')
                self.host = config_dic['CAhandler']['host']

            if 'user_variable' in config_dic['CAhandler']:
                try:
                    self.user = os.environ[config_dic['CAhandler']['user_variable']]
                except Exception as err:
                    self.logger.error('CAhandler._config_load() could not load user_variable:{0}'.format(err))
            if 'user' in config_dic['CAhandler']:
                if self.user:
                    self.logger.info('CAhandler._config_load() overwrite user')
                self.user = config_dic['CAhandler']['user']

            if 'password_variable' in config_dic['CAhandler']:
                try:
                    self.password = os.environ[config_dic['CAhandler']['password_variable']]
                except Exception as err:
                    self.logger.error('CAhandler._config_load() could not load password_variable:{0}'.format(err))
            if 'password' in config_dic['CAhandler']:
                if self.password:
                    self.logger.info('CAhandler._config_load() overwrite password')
                self.password = config_dic['CAhandler']['password']

            if 'target_domain' in config_dic['CAhandler']:
                self.target_domain = config_dic['CAhandler']['target_domain']
            if 'domain_controller' in config_dic['CAhandler']:
                self.domain_controller = config_dic['CAhandler']['domain_controller']
            if 'ca_name' in config_dic['CAhandler']:
                self.ca_name = config_dic['CAhandler']['ca_name']
            if 'ca_bundle' in config_dic['CAhandler']:
                self.ca_bundle = config_dic['CAhandler']['ca_bundle']
            if 'template' in config_dic['CAhandler']:
                self.template = config_dic['CAhandler']['template']

        if 'DEFAULT' in config_dic and 'proxy_server_list' in config_dic['DEFAULT']:
            try:
                proxy_list = json.loads(config_dic['DEFAULT']['proxy_server_list'])
                proxy_server = proxy_check(self.logger, self.host, proxy_list)
                self.proxy = {'http': proxy_server, 'https': proxy_server}
            except Exception as err_:
                self.logger.warning('CAhandler._config_load() proxy_server_list failed with error: {0}'.format(err_))

        self.logger.debug("CAhandler._config_load() ended")
Ejemplo n.º 8
0
    def _config_load(self):
        """" load config from file """
        self.logger.debug('EABhandler._config_load()')

        config_dic = load_config(self.logger, 'EABhandler')
        if 'EABhandler' in config_dic:
            if 'key_file' in config_dic['EABhandler']:
                self.key_file = config_dic['EABhandler']['key_file']

        self.logger.debug('EABhandler._config_load() ended')
Ejemplo n.º 9
0
    def _config_load(self):
        """" load config from file """
        self.logger.debug('CAhandler._config_load()')

        config_dic = load_config(self.logger, 'CAhandler')
        if 'CAhandler' in config_dic:
            if 'parameter' in config_dic['CAhandler']:
                self.parameter = config_dic['CAhandler']['parameter']

        self.logger.debug('CAhandler._config_load() ended')
Ejemplo n.º 10
0
 def _config_load(self):
     """" load config from file """
     # pylint: disable=R0912, R0915
     self.logger.debug('CAhandler._config_load()')
     config_dic = load_config(self.logger, 'Hooks')
     if 'Hooks' in config_dic:
         self.raise_pre_hook_exception = config_dic.getboolean(
             'Hooks', 'raise_pre_hook_exception', fallback=False)
         self.raise_success_hook_exception = config_dic.getboolean(
             'Hooks', 'raise_success_hook_exception', fallback=False)
         self.raise_post_hook_exception = config_dic.getboolean(
             'Hooks', 'raise_post_hook_exception', fallback=False)
Ejemplo n.º 11
0
 def __init__(self, debug=None, srv_name=None, logger=None):
     self.debug = debug
     self.logger = logger
     self.dbstore = DBstore(self.debug, self.logger)
     self.server_name = srv_name
     cfg = load_config()
     if 'Directory' in cfg:
         if 'url_prefix' in cfg['Directory']:
             self.revocation_path = cfg['Directory'][
                 'url_prefix'] + '/acme/revokecert'
         else:
             self.revocation_path = '/acme/revokecert'
Ejemplo n.º 12
0
    def _config_load(self):
        """" load config from file """
        self.logger.debug('CAhandler._config_load()')
        config_dic = load_config(self.logger, 'CAhandler')
        if 'CAhandler' in config_dic:

            if 'host_variable' in config_dic['CAhandler']:
                try:
                    self.host = os.environ[config_dic['CAhandler']
                                           ['host_variable']]
                except BaseException as err:
                    self.logger.error(
                        'CAhandler._config_load() could not load host_variable:{0}'
                        .format(err))
            if 'host' in config_dic['CAhandler']:
                if self.host:
                    self.logger.info('CAhandler._config_load() overwrite host')
                self.host = config_dic['CAhandler']['host']
            if 'user_variable' in config_dic['CAhandler']:
                try:
                    self.user = os.environ[config_dic['CAhandler']
                                           ['user_variable']]
                except BaseException as err:
                    self.logger.error(
                        'CAhandler._config_load() could not load user_variable:{0}'
                        .format(err))
            if 'user' in config_dic['CAhandler']:
                if self.user:
                    self.logger.info('CAhandler._config_load() overwrite user')
                self.user = config_dic['CAhandler']['user']
            if 'password_variable' in config_dic['CAhandler']:
                try:
                    self.password = os.environ[config_dic['CAhandler']
                                               ['password_variable']]
                except BaseException as err:
                    self.logger.error(
                        'CAhandler._config_load() could not load password_variable:{0}'
                        .format(err))
            if 'password' in config_dic['CAhandler']:
                if self.password:
                    self.logger.info(
                        'CAhandler._config_load() overwrite password')
                self.password = config_dic['CAhandler']['password']
            if 'template' in config_dic['CAhandler']:
                self.template = config_dic['CAhandler']['template']
            if 'auth_method' in config_dic['CAhandler'] and config_dic[
                    'CAhandler']['auth_method'] == 'ntlm':
                self.auth_method = config_dic['CAhandler']['auth_method']
            # check if we get a ca bundle for verification
            if 'ca_bundle' in config_dic['CAhandler']:
                self.ca_bundle = config_dic['CAhandler']['ca_bundle']
        self.logger.debug('CAhandler._config_load() ended')
Ejemplo n.º 13
0
    def _config_load(self):
        """" load config from file """
        self.logger.debug('CAhandler._config_load()')
        config_dic = load_config(self.logger, 'CAhandler')
        if 'CAhandler' in config_dic:
            if 'api_host' in config_dic['CAhandler']:
                self.api_host = config_dic['CAhandler']['api_host']
            if 'api_user_variable' in config_dic['CAhandler']:
                try:
                    self.credential_dic['api_user'] = os.environ[
                        config_dic['CAhandler']['api_user_variable']]
                except BaseException as err:
                    self.logger.error(
                        'CAhandler._config_load() could not load user_variable:{0}'
                        .format(err))
            if 'api_user' in config_dic['CAhandler']:
                if self.credential_dic['api_user']:
                    self.logger.info(
                        'CAhandler._config_load() overwrite api_user')
                self.credential_dic['api_user'] = config_dic['CAhandler'][
                    'api_user']
            if 'api_password_variable' in config_dic['CAhandler']:
                try:
                    self.credential_dic['api_password'] = os.environ[
                        config_dic['CAhandler']['api_password_variable']]
                except BaseException as err:
                    self.logger.error(
                        'CAhandler._config_load() could not load password_variable:{0}'
                        .format(err))
            if 'api_password' in config_dic['CAhandler']:
                if self.credential_dic['api_password']:
                    self.logger.info(
                        'CAhandler._config_load() overwrite api_password')
                self.credential_dic['api_password'] = config_dic['CAhandler'][
                    'api_password']
            if 'ca_name' in config_dic['CAhandler']:
                self.ca_name = config_dic['CAhandler']['ca_name']
            if 'tsg_name' in config_dic['CAhandler']:
                self.tsg_info_dic['name'] = config_dic['CAhandler']['tsg_name']
            if 'template_name' in config_dic['CAhandler']:
                self.template_info_dic['name'] = config_dic['CAhandler'][
                    'template_name']

            # check if we get a ca bundle for verification
            if 'ca_bundle' in config_dic['CAhandler']:
                try:
                    self.ca_bundle = config_dic.getboolean(
                        'CAhandler', 'ca_bundle')
                except BaseException:
                    self.ca_bundle = config_dic['CAhandler']['ca_bundle']
        self.logger.debug('CAhandler._config_load() ended')
Ejemplo n.º 14
0
    def _config_load(self):
        """" load config from file """
        self.logger.debug('CAhandler._config_load()')
        config_dic = load_config(self.logger, 'CAhandler')
        if 'CAhandler' in config_dic:

            if 'host_variable' in config_dic['CAhandler']:
                try:
                    self.host = os.environ[config_dic['CAhandler']['host_variable']]
                except BaseException as err:
                    self.logger.error('CAhandler._config_load() could not load host_variable:{0}'.format(err))
            if 'host' in config_dic['CAhandler']:
                if self.host:
                    self.logger.info('CAhandler._config_load() overwrite host')
                self.host = config_dic['CAhandler']['host']
            if 'user_variable' in config_dic['CAhandler']:
                try:
                    self.user = os.environ[config_dic['CAhandler']['user_variable']]
                except BaseException as err:
                    self.logger.error('CAhandler._config_load() could not load user_variable:{0}'.format(err))
            if 'user' in config_dic['CAhandler']:
                if self.user:
                    self.logger.info('CAhandler._config_load() overwrite user')
                self.user = config_dic['CAhandler']['user']
            if 'password_variable' in config_dic['CAhandler']:
                try:
                    self.password = os.environ[config_dic['CAhandler']['password_variable']]
                except BaseException as err:
                    self.logger.error('CAhandler._config_load() could not load password_variable:{0}'.format(err))
            if 'password' in config_dic['CAhandler']:
                if self.password:
                    self.logger.info('CAhandler._config_load() overwrite password')
                self.password = config_dic['CAhandler']['password']
            if 'template' in config_dic['CAhandler']:
                self.template = config_dic['CAhandler']['template']
            if 'auth_method' in config_dic['CAhandler'] and config_dic['CAhandler']['auth_method'] == 'ntlm':
                self.auth_method = config_dic['CAhandler']['auth_method']
            # check if we get a ca bundle for verification
            if 'ca_bundle' in config_dic['CAhandler']:
                self.ca_bundle = config_dic['CAhandler']['ca_bundle']

        if 'DEFAULT' in config_dic and 'proxy_server_list' in config_dic['DEFAULT']:
            try:
                proxy_list = json.loads(config_dic['DEFAULT']['proxy_server_list'])
                proxy_server = proxy_check(self.logger, self.host, proxy_list)
                self.proxy = {'http': proxy_server, 'https': proxy_server}
            except BaseException as err_:
                self.logger.warning('Challenge._config_load() proxy_server_list failed with error: {0}'.format(err_))

        self.logger.debug('CAhandler._config_load() ended')
Ejemplo n.º 15
0
    def _config_load(self):
        """" load config from file """
        self.logger.debug('Certificate._config_load()')
        config_dic = load_config()
        if 'Order' in config_dic:
            self.tnauthlist_support = config_dic.getboolean(
                'Order', 'tnauthlist_support', fallback=False)
        if 'CAhandler' in config_dic and 'handler_file' in config_dic[
                'CAhandler']:
            try:
                ca_handler_module = importlib.import_module(
                    ca_handler_get(self.logger,
                                   config_dic['CAhandler']['handler_file']))
            except BaseException as err_:
                self.logger.critical(
                    'Certificate._config_load(): loading CAhandler configured in cfg failed with err: {0}'
                    .format(err_))
                try:
                    ca_handler_module = importlib.import_module(
                        'acme_srv.ca_handler')
                except BaseException as err_:
                    ca_handler_module = None
                    self.logger.critical(
                        'Certificate._config_load(): loading default EABHandler failed with err: {0}'
                        .format(err_))
        else:
            if 'CAhandler' in config_dic:
                ca_handler_module = importlib.import_module(
                    'acme_srv.ca_handler')
            else:
                self.logger.error(
                    'Certificate._config_load(): CAhandler configuration missing in config file'
                )
                ca_handler_module = None

        if ca_handler_module:
            # store handler in variable
            self.cahandler = ca_handler_module.CAhandler

        if 'Directory' in config_dic:
            if 'url_prefix' in config_dic['Directory']:
                self.path_dic = {
                    k: config_dic['Directory']['url_prefix'] + v
                    for k, v in self.path_dic.items()
                }

        self.logger.debug('ca_handler: {0}'.format(ca_handler_module))
        self.logger.debug('Certificate._config_load() ended.')
    def _config_load(self):
        """" load config from file """
        self.logger.debug('CAhandler._config_load()')
        config_dic = load_config(self.logger, 'CAhandler')

        if 'issuing_ca_key' in config_dic['CAhandler']:
            self.issuer_dict['issuing_ca_key'] = config_dic['CAhandler']['issuing_ca_key']
        if 'issuing_ca_cert' in config_dic['CAhandler']:
            self.issuer_dict['issuing_ca_cert'] = config_dic['CAhandler']['issuing_ca_cert']
        if 'issuing_ca_key_passphrase_variable' in config_dic['CAhandler']:
            try:
                self.issuer_dict['passphrase'] = os.environ[config_dic['CAhandler']['issuing_ca_key_passphrase_variable']]
            except BaseException as err:
                self.logger.error('CAhandler._config_load() could not load issuing_ca_key_passphrase_variable:{0}'.format(err))
        if 'issuing_ca_key_passphrase' in config_dic['CAhandler']:
            if 'passphrase' in self.issuer_dict and self.issuer_dict['passphrase']:
                self.logger.info('CAhandler._config_load() overwrite issuing_ca_key_passphrase_variable')
            self.issuer_dict['passphrase'] = config_dic['CAhandler']['issuing_ca_key_passphrase']
        if 'ca_cert_chain_list' in config_dic['CAhandler']:
            self.ca_cert_chain_list = json.loads(config_dic['CAhandler']['ca_cert_chain_list'])
        if 'cert_validity_days' in config_dic['CAhandler']:
            self.cert_validity_days = int(config_dic['CAhandler']['cert_validity_days'])
        if 'cert_save_path' in config_dic['CAhandler']:
            self.cert_save_path = config_dic['CAhandler']['cert_save_path']
        if 'issuing_ca_crl' in config_dic['CAhandler']:
            self.issuer_dict['issuing_ca_crl'] = config_dic['CAhandler']['issuing_ca_crl']
        # convert passphrase
        if 'passphrase' in self.issuer_dict:
            self.issuer_dict['passphrase'] = self.issuer_dict['passphrase'].encode('ascii')
        if 'openssl_conf' in config_dic['CAhandler']:
            self.openssl_conf = config_dic['CAhandler']['openssl_conf']
        if 'allowed_domainlist' in config_dic['CAhandler']:
            self.allowed_domainlist = json.loads(config_dic['CAhandler']['allowed_domainlist'])
        if 'blocked_domainlist' in config_dic['CAhandler']:
            self.blocked_domainlist = json.loads(config_dic['CAhandler']['blocked_domainlist'])
        if 'whitelist' in config_dic['CAhandler']:
            self.allowed_domainlist = json.loads(config_dic['CAhandler']['whitelist'])
            self.logger.error('CAhandler._config_load() found "whitelist" parameter in configfile which should be renamed to "allowed_domainlist"')
        if 'blacklist' in config_dic['CAhandler']:
            self.blocked_domainlist = json.loads(config_dic['CAhandler']['blacklist'])
            self.logger.error('CAhandler._config_load() found "blacklist" parameter in configfile which should be renamed to "blocked_domainlist"')
        try:
            self.cn_enforce = config_dic.getboolean('CAhandler', 'cn_enforce', fallback=False)
        except BaseException:
            self.logger.error('CAhandler._config_load() variable cn_enforce cannot be parsed')

        self.save_cert_as_hex = config_dic.getboolean('CAhandler', 'save_cert_as_hex', fallback=False)
        self.logger.debug('CAhandler._config_load() ended')
Ejemplo n.º 17
0
    def _config_load(self):
        """" load config from file """
        self.logger.debug('Challenge._config_load()')
        config_dic = load_config()
        if 'Challenge' in config_dic:
            self.challenge_validation_disable = config_dic.getboolean(
                'Challenge', 'challenge_validation_disable', fallback=False)
            if 'dns_server_list' in config_dic['Challenge']:
                try:
                    self.dns_server_list = json.loads(
                        config_dic['Challenge']['dns_server_list'])
                except Exception as err_:
                    self.logger.warning(
                        'Challenge._config_load() dns_server_list failed with error: {0}'
                        .format(err_))
            if 'challenge_validation_timeout' in config_dic['Challenge']:
                try:
                    self.challenge_validation_timeout = int(
                        config_dic['Challenge']
                        ['challenge_validation_timeout'])
                except Exception as err_:
                    self.logger.warning(
                        'Challenge._config_load() failed to load challenge_validation_timeout: {0}'
                        .format(err_))

        if 'Order' in config_dic:
            self.tnauthlist_support = config_dic.getboolean(
                'Order', 'tnauthlist_support', fallback=False)

        if 'Directory' in config_dic:
            if 'url_prefix' in config_dic['Directory']:
                self.path_dic = {
                    k: config_dic['Directory']['url_prefix'] + v
                    for k, v in self.path_dic.items()
                }

        if 'DEFAULT' in config_dic and 'proxy_server_list' in config_dic[
                'DEFAULT']:
            try:
                self.proxy_server_list = json.loads(
                    config_dic['DEFAULT']['proxy_server_list'])
            except Exception as err_:
                self.logger.warning(
                    'Challenge._config_load() proxy_server_list failed with error: {0}'
                    .format(err_))

        self.logger.debug('Challenge._config_load() ended.')
Ejemplo n.º 18
0
    def _config_load(self):
        """" load config from file """
        self.logger.debug('_config_load()')
        config_dic = load_config()
        if 'Nonce' in config_dic:
            self.disable_dic['nonce_check_disable'] = config_dic.getboolean(
                'Nonce', 'nonce_check_disable', fallback=False)
            self.disable_dic[
                'signature_check_disable'] = config_dic.getboolean(
                    'Nonce', 'signature_check_disable', fallback=False)

        if 'Directory' in config_dic:
            if 'url_prefix' in config_dic['Directory']:
                self.path_dic = {
                    k: config_dic['Directory']['url_prefix'] + v
                    for k, v in self.path_dic.items()
                }
Ejemplo n.º 19
0
    def _config_load(self):
        """" load config from file """
        self.logger.debug('Certificate._config_load()')
        config_dic = load_config()
        if 'Order' in config_dic:
            self.tnauthlist_support = config_dic.getboolean('Order', 'tnauthlist_support', fallback=False)

        ca_handler_module = ca_handler_load(self.logger, config_dic)
        if ca_handler_module:
            # store handler in variable
            try:
                self.cahandler = ca_handler_module.CAhandler
            except Exception as err_:
                self.logger.critical('Certificate._config_load(): loading CAhandler failed with err: {0}'.format(err_))

        self.logger.debug('ca_handler: {0}'.format(ca_handler_module))
        self.logger.debug('Certificate._config_load() ended.')
Ejemplo n.º 20
0
    def _config_load(self):
        """" load config from file """
        self.logger.debug('Order._config_load()')
        config_dic = load_config()
        if 'Order' in config_dic:
            self.tnauthlist_support = config_dic.getboolean(
                'Order', 'tnauthlist_support', fallback=False)
            self.expiry_check_disable = config_dic.getboolean(
                'Order', 'expiry_check_disable', fallback=False)
            if 'retry_after_timeout' in config_dic['Order']:
                try:
                    self.retry_after = int(
                        config_dic['Order']['retry_after_timeout'])
                except BaseException:
                    self.logger.warning(
                        'Order._config_load(): failed to parse retry_after: {0}'
                        .format(config_dic['Order']['retry_after_timeout']))
            if 'validity' in config_dic['Order']:
                try:
                    self.validity = int(config_dic['Order']['validity'])
                except BaseException:
                    self.logger.warning(
                        'Order._config_load(): failed to parse validity: {0}'.
                        format(config_dic['Order']['validity']))
        if 'Authorization' in config_dic:
            if 'validity' in config_dic['Authorization']:
                try:
                    self.authz_validity = int(
                        config_dic['Authorization']['validity'])
                except BaseException:
                    self.logger.warning(
                        'Order._config_load(): failed to parse authz validity: {0}'
                        .format(config_dic['Authorization']['validity']))

        if 'Directory' in config_dic:
            if 'url_prefix' in config_dic['Directory']:
                self.path_dic = {
                    k: config_dic['Directory']['url_prefix'] + v
                    for k, v in self.path_dic.items()
                }

        self.logger.debug('Order._config_load() ended.')
Ejemplo n.º 21
0
 def _config_load(self):
     """" load config from file """
     self.logger.debug('Authorization._config_load()')
     config_dic = load_config()
     if 'Authorization' in config_dic:
         self.expiry_check_disable = config_dic.getboolean(
             'Authorization', 'expiry_check_disable', fallback=False)
         if 'validity' in config_dic['Authorization']:
             try:
                 self.validity = int(
                     config_dic['Authorization']['validity'])
             except BaseException:
                 self.logger.warning(
                     'Authorization._config_load(): failed to parse validity: {0}'
                     .format(config_dic['Authorization']['validity']))
     if 'Directory' in config_dic:
         if 'url_prefix' in config_dic['Directory']:
             self.path_dic = {
                 k: config_dic['Directory']['url_prefix'] + v
                 for k, v in self.path_dic.items()
             }
     self.logger.debug('Authorization._config_load() ended.')
Ejemplo n.º 22
0
    def _config_load(self):
        """" load config from file """
        self.logger.debug('Account._config_load()')
        config_dic = load_config()
        if 'Account' in config_dic:
            self.inner_header_nonce_allow = config_dic.getboolean('Account', 'inner_header_nonce_allow', fallback=False)
            self.ecc_only = config_dic.getboolean('Account', 'ecc_only', fallback=False)
            self.tos_check_disable = config_dic.getboolean('Account', 'tos_check_disable', fallback=False)
            self.contact_check_disable = config_dic.getboolean('Account', 'contact_check_disable', fallback=False)

        if 'EABhandler' in config_dic:
            self.logger.debug('Account._config.load(): loading eab_handler')
            if 'eab_handler_file' in config_dic['EABhandler']:
                # mandate eab check regardless if handler could get loaded or not
                self.eab_check = True
                try:
                    eab_handler_module = importlib.import_module(ca_handler_get(self.logger, config_dic['EABhandler']['eab_handler_file']))
                except BaseException as err_:
                    self.logger.critical('Account._config_load(): loading EABHandler configured in cfg failed with err: {0}'.format(err_))
                    try:
                        eab_handler_module = importlib.import_module('acme_srv.eab_handler')
                    except BaseException as err_:
                        eab_handler_module = None
                        self.logger.critical('Account._config_load(): loading default EABHandler failed with err: {0}'.format(err_))

                if eab_handler_module:
                    # store handler in variable
                    self.eab_handler = eab_handler_module.EABhandler
                else:
                    self.logger.critical('Account._config_load(): EABHandler configuration is missing in config file')

        if 'Directory' in config_dic:
            if 'tos_url' in config_dic['Directory']:
                self.tos_url = config_dic['Directory']['tos_url']
            if 'url_prefix' in config_dic['Directory']:
                self.path_dic = {k: config_dic['Directory']['url_prefix'] + v for k, v in self.path_dic.items()}
        self.logger.debug('Account._config_load() ended')
    def _config_load(self):
        """" load config from file """
        self.logger.debug('_config_load()')
        config_dic = load_config(self.logger, 'CAhandler')
        if 'CAhandler' in config_dic:
            if 'api_host' in config_dic['CAhandler']:
                self.api_host = config_dic['CAhandler']['api_host']
            else:
                self.logger.error(
                    'CAhandler._config_load() configuration incomplete: "api_host" parameter is missing in config file'
                )

            if 'api_user' in config_dic[
                    'CAhandler'] or 'api_user_variable' in config_dic[
                        'CAhandler']:
                if 'api_user_variable' in config_dic['CAhandler']:
                    try:
                        self.api_user = os.environ[config_dic['CAhandler']
                                                   ['api_user_variable']]
                    except BaseException as err:
                        self.logger.error(
                            'CAhandler._config_load() could not load user_variable:{0}'
                            .format(err))
                if 'api_user' in config_dic['CAhandler']:
                    if self.api_user:
                        self.logger.info(
                            'CAhandler._config_load() overwrite api_user')
                    self.api_user = config_dic['CAhandler']['api_user']
            else:
                self.logger.error(
                    'CAhandler._config_load() configuration incomplete: "api_user" parameter is missing in config file'
                )

            if 'api_password' in config_dic[
                    'CAhandler'] or 'api_password_variable' in config_dic[
                        'CAhandler']:
                if 'api_password_variable' in config_dic['CAhandler']:
                    try:
                        self.api_password = os.environ[
                            config_dic['CAhandler']['api_password_variable']]
                    except BaseException as err:
                        self.logger.error(
                            'CAhandler._config_load() could not load passphrase_variable:{0}'
                            .format(err))
                if 'api_password' in config_dic['CAhandler']:
                    if self.api_password:
                        self.logger.info(
                            'CAhandler._config_load() overwrite api_password_variable'
                        )
                    self.api_password = config_dic['CAhandler']['api_password']
            else:
                self.logger.error(
                    'CAhandler._config_load() configuration incomplete: "api_password" parameter is missing in config file'
                )

            if 'ca_name' in config_dic['CAhandler']:
                self.ca_name = config_dic['CAhandler']['ca_name']
            else:
                self.logger.error(
                    'CAhandler._config_load() configuration incomplete: "ca_name" parameter is missing in config file'
                )
            if 'polling_timeout' in config_dic['CAhandler']:
                self.polling_timeout = int(
                    config_dic['CAhandler']['polling_timeout'])
            # check if we get a ca bundle for verification
            if 'ca_bundle' in config_dic['CAhandler']:
                try:
                    self.ca_bundle = config_dic.getboolean(
                        'CAhandler', 'ca_bundle')
                except BaseException:
                    self.ca_bundle = config_dic['CAhandler']['ca_bundle']

        if 'DEFAULT' in config_dic and 'proxy_server_list' in config_dic[
                'DEFAULT']:
            try:
                proxy_list = json.loads(
                    config_dic['DEFAULT']['proxy_server_list'])
                url_dic = parse_url(self.logger, self.api_host)
                if 'host' in url_dic:
                    (fqdn, _port) = url_dic['host'].split(':')
                    proxy_server = proxy_check(self.logger, fqdn, proxy_list)
                    self.proxy = {'http': proxy_server, 'https': proxy_server}
            except BaseException as err_:
                self.logger.warning(
                    'Challenge._config_load() proxy_server_list failed with error: {0}'
                    .format(err_))

        self.logger.debug('CAhandler._config_load() ended')
Ejemplo n.º 24
0
    2. Add a URL to urlpatterns:  url(r'^$', views.home, name='home')
Class-based views
    1. Add an import:  from other_app.views import Home
    2. Add a URL to urlpatterns:  url(r'^$', Home.as_view(), name='home')
Including another URLconf
    1. Import the include() function: from django.conf.urls import url, include
    2. Add a URL to urlpatterns:  url(r'^blog/', include('blog.urls'))
"""
# pylint: disable=C0330
from django.conf.urls import include, url
from django.contrib import admin
from acme_srv import views
from acme_srv.helper import load_config

# load config to set url_prefix
CONFIG = load_config()

if 'Directory' in CONFIG and 'url_prefix' in CONFIG['Directory']:
    prefix = CONFIG['Directory']['url_prefix'] + '/'
    if prefix.startswith('/'):
        prefix = prefix.lstrip('/')
else:
    prefix = ''

urlpatterns = [
    url(r'^admin/', admin.site.urls),
    url(r'^$', views.directory, name='index'),
    url(r'^directory$', views.directory, name='directory'),
    url(r'^{0}get_servername$'.format(prefix),
        views.servername_get,
        name='servername_get'),
Ejemplo n.º 25
0
 def _config_load(self):
     """ load config from file """
     self.logger.debug('Housekeeping._config_load()')
     config_dic = load_config()
     if 'Housekeeping' in config_dic:
         pass
    def _config_load(self):
        """" load config from file """
        self.logger.debug('_config_load()')
        config_dic = load_config(self.logger, 'CAhandler')
        if 'CAhandler' in config_dic:
            if 'api_host' in config_dic['CAhandler']:
                self.api_host = config_dic['CAhandler']['api_host']
            else:
                self.logger.error(
                    'CAhandler._config_load() configuration incomplete: "api_host" parameter is missing in config file'
                )

            if 'api_user' in config_dic[
                    'CAhandler'] or 'api_user_variable' in config_dic[
                        'CAhandler']:
                if 'api_user_variable' in config_dic['CAhandler']:
                    try:
                        self.api_user = os.environ[config_dic['CAhandler']
                                                   ['api_user_variable']]
                    except BaseException as err:
                        self.logger.error(
                            'CAhandler._config_load() could not load user_variable:{0}'
                            .format(err))
                if 'api_user' in config_dic['CAhandler']:
                    if self.api_user:
                        self.logger.info(
                            'CAhandler._config_load() overwrite api_user')
                    self.api_user = config_dic['CAhandler']['api_user']
            else:
                self.logger.error(
                    'CAhandler._config_load() configuration incomplete: "api_user" parameter is missing in config file'
                )

            if 'api_password' in config_dic[
                    'CAhandler'] or 'api_password_variable' in config_dic[
                        'CAhandler']:
                if 'api_password_variable' in config_dic['CAhandler']:
                    try:
                        self.api_password = os.environ[
                            config_dic['CAhandler']['api_password_variable']]
                    except BaseException as err:
                        self.logger.error(
                            'CAhandler._config_load() could not load passphrase_variable:{0}'
                            .format(err))
                if 'api_password' in config_dic['CAhandler']:
                    if self.api_password:
                        self.logger.info(
                            'CAhandler._config_load() overwrite api_password_variable'
                        )
                    self.api_password = config_dic['CAhandler']['api_password']
            else:
                self.logger.error(
                    'CAhandler._config_load() configuration incomplete: "api_password" parameter is missing in config file'
                )

            if 'ca_name' in config_dic['CAhandler']:
                self.ca_name = config_dic['CAhandler']['ca_name']
            else:
                self.logger.error(
                    'CAhandler._config_load() configuration incomplete: "ca_name" parameter is missing in config file'
                )
            if 'polling_timeout' in config_dic['CAhandler']:
                self.polling_timeout = int(
                    config_dic['CAhandler']['polling_timeout'])
            # check if we get a ca bundle for verification
            if 'ca_bundle' in config_dic['CAhandler']:
                try:
                    self.ca_bundle = config_dic.getboolean(
                        'CAhandler', 'ca_bundle')
                except BaseException:
                    self.ca_bundle = config_dic['CAhandler']['ca_bundle']

        self.logger.debug('CAhandler._config_load() ended')
Ejemplo n.º 27
0
    def _config_load(self):
        """" load config from file """
        self.logger.debug('CAhandler._config_load()')
        config_dic = load_config(self.logger, 'CAhandler')
        if 'CAhandler' in config_dic:
            if 'api_host' in config_dic['CAhandler']:
                self.api_host = config_dic['CAhandler']['api_host']
            if 'api_user_variable' in config_dic['CAhandler']:
                try:
                    self.credential_dic['api_user'] = os.environ[
                        config_dic['CAhandler']['api_user_variable']]
                except BaseException as err:
                    self.logger.error(
                        'CAhandler._config_load() could not load user_variable:{0}'
                        .format(err))
            if 'api_user' in config_dic['CAhandler']:
                if self.credential_dic['api_user']:
                    self.logger.info(
                        'CAhandler._config_load() overwrite api_user')
                self.credential_dic['api_user'] = config_dic['CAhandler'][
                    'api_user']
            if 'api_password_variable' in config_dic['CAhandler']:
                try:
                    self.credential_dic['api_password'] = os.environ[
                        config_dic['CAhandler']['api_password_variable']]
                except BaseException as err:
                    self.logger.error(
                        'CAhandler._config_load() could not load password_variable:{0}'
                        .format(err))
            if 'api_password' in config_dic['CAhandler']:
                if self.credential_dic['api_password']:
                    self.logger.info(
                        'CAhandler._config_load() overwrite api_password')
                self.credential_dic['api_password'] = config_dic['CAhandler'][
                    'api_password']
            if 'ca_name' in config_dic['CAhandler']:
                self.ca_name = config_dic['CAhandler']['ca_name']
            if 'tsg_name' in config_dic['CAhandler']:
                self.tsg_info_dic['name'] = config_dic['CAhandler']['tsg_name']
            if 'template_name' in config_dic['CAhandler']:
                self.template_info_dic['name'] = config_dic['CAhandler'][
                    'template_name']

            # check if we get a ca bundle for verification
            if 'ca_bundle' in config_dic['CAhandler']:
                try:
                    self.ca_bundle = config_dic.getboolean(
                        'CAhandler', 'ca_bundle')
                except BaseException:
                    self.ca_bundle = config_dic['CAhandler']['ca_bundle']

        if 'DEFAULT' in config_dic and 'proxy_server_list' in config_dic[
                'DEFAULT']:
            try:
                proxy_list = json.loads(
                    config_dic['DEFAULT']['proxy_server_list'])
                url_dic = parse_url(self.logger, self.api_host)
                if 'host' in url_dic:
                    (fqdn, _port) = url_dic['host'].split(':')
                    proxy_server = proxy_check(self.logger, fqdn, proxy_list)
                    self.proxy = {'http': proxy_server, 'https': proxy_server}
            except BaseException as err_:
                self.logger.warning(
                    'Challenge._config_load() proxy_server_list failed with error: {0}'
                    .format(err_))

        self.logger.debug('CAhandler._config_load() ended')
Ejemplo n.º 28
0
    def _config_load(self):
        """" load config from file """
        # pylint: disable=R0912, R0915
        self.logger.debug('CAhandler._config_load()')
        config_dic = load_config(self.logger, 'CAhandler')

        if 'CAhandler' in config_dic:
            if 'est_host_variable' in config_dic['CAhandler']:
                try:
                    self.est_host = os.environ[config_dic['CAhandler'][
                        'est_host_variable']] + '/.well-known/est'
                except Exception as err:
                    self.logger.error(
                        'CAhandler._config_load() could not load est_host_variable:{0}'
                        .format(err))
            if 'est_host' in config_dic['CAhandler']:
                if self.est_host:
                    self.logger.info(
                        'CAhandler._config_load() overwrite est_host')
                self.est_host = config_dic['CAhandler'][
                    'est_host'] + '/.well-known/est'
            if not self.est_host:
                self.logger.error(
                    'CAhandler._config_load(): missing "est_host" parameter')

            # check if we need to use clientauth
            if 'est_client_cert' in config_dic[
                    'CAhandler'] and 'est_client_key' in config_dic[
                        'CAhandler']:
                self.est_client_cert = []
                self.est_client_cert.append(
                    config_dic['CAhandler']['est_client_cert'])
                self.est_client_cert.append(
                    config_dic['CAhandler']['est_client_key'])
            elif 'est_client_cert' in config_dic[
                    'CAhandler'] or 'est_client_key' in config_dic['CAhandler']:
                self.logger.error(
                    'CAhandler._config_load() configuration incomplete: either "est_client_cert or "est_client_key" parameter is missing in config file'
                )

            # check if we need to use user-auth
            if 'est_user_variable' in config_dic['CAhandler']:
                try:
                    self.est_user = os.environ[config_dic['CAhandler']
                                               ['est_user_variable']]
                except Exception as err:
                    self.logger.error(
                        'CAhandler._config_load() could not load est_user_variable:{0}'
                        .format(err))
            if 'est_user' in config_dic['CAhandler']:
                if self.est_user:
                    self.logger.info(
                        'CAhandler._config_load() overwrite est_user')
                self.est_user = config_dic['CAhandler']['est_user']
            if 'est_password_variable' in config_dic['CAhandler']:
                try:
                    self.est_password = os.environ[config_dic['CAhandler']
                                                   ['est_password_variable']]
                except Exception as err:
                    self.logger.error(
                        'CAhandler._config_load() could not load est_password:{0}'
                        .format(err))
            if 'est_password' in config_dic['CAhandler']:
                if self.est_password:
                    self.logger.info(
                        'CAhandler._config_load() overwrite est_password')
                self.est_password = config_dic['CAhandler']['est_password']
            if (self.est_user
                    and not self.est_password) or (self.est_password
                                                   and not self.est_user):
                self.logger.error(
                    'CAhandler._config_load() configuration incomplete: either "est_user" or "est_password" parameter is missing in config file'
                )

            # check if we have one authentication scheme
            if not self.est_client_cert and not self.est_user:
                self.logger.error(
                    'CAhandler._config_load() configuration incomplete: either user or client authentication must be configured'
                )
            elif self.est_client_cert and self.est_user:
                self.logger.error(
                    'CAhandler._config_load() configuration wrong: user and client authentication cannot be configured together'
                )

            # check if we get a ca bundle for verification
            if 'ca_bundle' in config_dic['CAhandler']:
                try:
                    self.ca_bundle = config_dic.getboolean(
                        'CAhandler', 'ca_bundle')
                except Exception:
                    self.ca_bundle = config_dic['CAhandler']['ca_bundle']

        if 'DEFAULT' in config_dic and 'proxy_server_list' in config_dic[
                'DEFAULT']:
            try:
                proxy_list = json.loads(
                    config_dic['DEFAULT']['proxy_server_list'])
                url_dic = parse_url(self.logger, self.est_host)
                if 'host' in url_dic:
                    (fqdn, _port) = url_dic['host'].split(':')
                    proxy_server = proxy_check(self.logger, fqdn, proxy_list)
                    self.proxy = {'http': proxy_server, 'https': proxy_server}
            except Exception as err_:
                self.logger.warning(
                    'Challenge._config_load() proxy_server_list failed with error: {0}'
                    .format(err_))

        self.logger.debug('CAhandler._config_load() ended')
Ejemplo n.º 29
0
    def _config_load(self):
        """" load config from file """
        self.logger.debug('CAhandler._config_load()')
        config_dic = load_config()
        if 'CAhandler' in config_dic:
            if 'acme_keyfile' in config_dic['CAhandler']:
                self.keyfile = config_dic['CAhandler']['acme_keyfile']
            else:
                self.logger.error(
                    'CAhandler._config_load() configuration incomplete: "acme_keyfile" parameter is missing in config file'
                )

            if 'acme_url' in config_dic['CAhandler']:
                self.url = config_dic['CAhandler']['acme_url']
            else:
                self.logger.error(
                    'CAhandler._config_load() configuration incomplete: "acme_url" parameter is missing in config file'
                )

            if 'acme_account' in config_dic['CAhandler']:
                self.account = config_dic['CAhandler']['acme_account']
            # else:
            # try to fetch acme-account id from housekeeping table
            # self.account = self.dbstore.hkparameter_get('acme_account')
            # if self.account:
            #    self.logger.debug('CAhandler._config_load() found acme_account in housekeeping table: {0}'.format(self.account))

            if 'account_path' in config_dic['CAhandler']:
                self.path_dic['acct_path'] = config_dic['CAhandler'][
                    'account_path']

            if 'directory_path' in config_dic['CAhandler']:
                self.path_dic['directory_path'] = config_dic['CAhandler'][
                    'directory_path']

            if 'acme_account_keysize' in config_dic['CAhandler']:
                self.key_size = config_dic['CAhandler']['acme_account_keysize']

            if 'acme_account_email' in config_dic['CAhandler']:
                self.email = config_dic['CAhandler']['acme_account_email']

            if 'allowed_domainlist' in config_dic['CAhandler']:
                try:
                    self.allowed_domainlist = json.loads(
                        config_dic['CAhandler']['allowed_domainlist'])
                except BaseException as err:
                    self.logger.error(
                        'CAhandler._config_load(): failed to parse allowed_domainlist: {0}'
                        .format(err))

            if 'eab_kid' in config_dic['CAhandler']:
                self.eab_kid = config_dic['CAhandler']['eab_kid']

            if 'eab_hmac_key' in config_dic['CAhandler']:
                self.eab_hmac_key = config_dic['CAhandler']['eab_hmac_key']

            self.logger.debug('CAhandler._config_load() ended')
        else:
            self.logger.error(
                'CAhandler._config_load() configuration incomplete: "CAhandler" section is missing in config file'
            )
Ejemplo n.º 30
0
    def _config_load(self):
        """" load config from file """
        # pylint: disable=R0912, R0915
        self.logger.debug('CAhandler._config_load()')
        config_dic = load_config(self.logger, 'CAhandler')

        if 'CAhandler' in config_dic:
            for ele in config_dic['CAhandler']:
                if ele.startswith('cmp_'):
                    if ele == 'cmp_openssl_bin':
                        self.openssl_bin = config_dic['CAhandler']['cmp_openssl_bin']
                    elif ele == 'cmp_recipient':
                        if config_dic['CAhandler']['cmp_recipient'].startswith('/'):
                            value = config_dic['CAhandler'][ele]
                        else:
                            value = '/' + config_dic['CAhandler'][ele]
                        value = value.replace(', ', '/')
                        value = value.replace(',', '/')
                        self.config_dic['recipient'] = value
                    elif ele == 'cmp_ref_variable':
                        try:
                            self.ref = os.environ[config_dic['CAhandler']['cmp_ref_variable']]
                        except Exception as err:
                            self.logger.error('CAhandler._config_load() could not load cmp_ref:{0}'.format(err))
                    elif ele == 'cmp_secret_variable':
                        try:
                            self.secret = os.environ[config_dic['CAhandler']['cmp_secret_variable']]
                        except Exception as err:
                            self.logger.error('CAhandler._config_load() could not load cmp_secret_variable:{0}'.format(err))
                    elif ele in ('cmp_secret', 'cmp_ref'):
                        continue
                    else:
                        if config_dic['CAhandler'][ele] == 'True' or config_dic['CAhandler'][ele] == 'False':
                            self.config_dic[ele[4:]] = config_dic.getboolean('CAhandler', ele, fallback=False)
                        else:
                            self.config_dic[ele[4:]] = config_dic['CAhandler'][ele]

        if 'CAhandler' in config_dic and 'cmp_ref' in config_dic['CAhandler']:
            if self.ref:
                self.logger.info('CAhandler._config_load() overwrite cmp_ref variable')
            self.ref = config_dic['CAhandler']['cmp_ref']
        if 'CAhandler' in config_dic and 'cmp_secret' in config_dic['CAhandler']:
            if self.secret:
                self.logger.info('CAhandler._config_load() overwrite cmp_secret variable')
            self.secret = config_dic['CAhandler']['cmp_secret']

        if 'cmd' not in self.config_dic:
            self.config_dic['cmd'] = 'ir'
        if 'popo' not in self.config_dic:
            self.config_dic['popo'] = 0

        # create temporary directory
        self.tmp_dir = tempfile.mkdtemp()

        # defaulting openssl_bin
        if not self.openssl_bin:
            self.logger.warning('CAhandler config error: "cmp_openssl_bin" parameter not in config_file. Using default (/usr/bin/openssl)')
            self.openssl_bin = '/usr/bin/openssl'

        if not self.recipient:
            self.logger.error('CAhandler config error: "cmp_recipient" is missing in config_file.')

        self.logger.debug('CAhandler._config_load() ended')