Ejemplo n.º 1
0
    def deploy_certificate(self, domains, privkey_path,
                           cert_path, chain_path, fullchain_path):
        """Install certificate

        :param list domains: list of domains to install the certificate
        :param str privkey_path: path to certificate private key
        :param str cert_path: certificate file path (optional)
        :param str chain_path: chain file path

        """
        if self.installer is None:
            logger.warning("No installer specified, client is unable to deploy"
                           "the certificate")
            raise errors.Error("No installer available")

        chain_path = None if chain_path is None else os.path.abspath(chain_path)

        with error_handler.ErrorHandler(self.installer.recovery_routine):
            for dom in domains:
                self.installer.deploy_cert(
                    domain=dom, cert_path=os.path.abspath(cert_path),
                    key_path=os.path.abspath(privkey_path),
                    chain_path=chain_path,
                    fullchain_path=fullchain_path)
                self.installer.save()  # needed by the Apache plugin

            self.installer.save("Deployed Let's Encrypt Certificate")

        # sites may have been enabled / final cleanup
        with error_handler.ErrorHandler(self._rollback_and_restart):
            self.installer.restart()
Ejemplo n.º 2
0
    def setUp(self):
        from letsencrypt import error_handler

        self.init_func = mock.MagicMock()
        self.handler = error_handler.ErrorHandler(self.init_func)
        # pylint: disable=protected-access
        self.signals = error_handler._SIGNALS
Ejemplo n.º 3
0
    def apply_enhancement(self, domains, enhancement, options=None):
        """Applies an enhacement on all domains.

        :param domains: list of ssl_vhosts
        :type list of str

        :param enhancement: name of enhancement, e.g. ensure-http-header
        :type str

        .. note:: when more options are need make options a list.
        :param options: options to enhancement, e.g. Strict-Transport-Security
        :type str

        :raises .errors.PluginError: If Enhancement is not supported, or if
            there is any other problem with the enhancement.


        """
        msg = ("We were unable to set up enhancement %s for your server, "
               "however, we successfully installed your certificate."
               % (enhancement))
        with error_handler.ErrorHandler(self._recovery_routine_with_msg, msg):
            for dom in domains:
                try:
                    self.installer.enhance(dom, enhancement, options)
                except errors.PluginEnhancementAlreadyPresent:
                    logger.warn("Enhancement %s was already set.",
                            enhancement)
                except errors.PluginError:
                    logger.warn("Unable to set enhancement %s for %s",
                            enhancement, dom)
                    raise

            self.installer.save("Add enhancement %s" % (enhancement))
Ejemplo n.º 4
0
    def deploy_certificate(self, domains, privkey_path, cert_path, chain_path):
        """Install certificate

        :param list domains: list of domains to install the certificate
        :param str privkey_path: path to certificate private key
        :param str cert_path: certificate file path (optional)
        :param str chain_path: chain file path

        """
        if self.installer is None:
            logger.warning("No installer specified, client is unable to deploy"
                           "the certificate")
            raise errors.Error("No installer available")

        chain_path = None if chain_path is None else os.path.abspath(
            chain_path)

        with error_handler.ErrorHandler(self.installer.recovery_routine):
            for dom in domains:
                # TODO: Provide a fullchain reference for installers like
                #       nginx that want it
                self.installer.deploy_cert(dom, os.path.abspath(cert_path),
                                           os.path.abspath(privkey_path),
                                           chain_path)

            self.installer.save("Deployed Let's Encrypt Certificate")
            # sites may have been enabled / final cleanup
            self.installer.restart()
Ejemplo n.º 5
0
    def setUp(self):
        from letsencrypt import error_handler

        self.init_func = mock.MagicMock()
        self.init_args = set((42,))
        self.init_kwargs = {'foo': 'bar'}
        self.handler = error_handler.ErrorHandler(self.init_func,
                                                  *self.init_args,
                                                  **self.init_kwargs)
        # pylint: disable=protected-access
        self.signals = error_handler._SIGNALS
Ejemplo n.º 6
0
    def _solve_challenges(self):
        """Get Responses for challenges from authenticators."""
        resp = []
        with error_handler.ErrorHandler(self._cleanup_challenges):
            try:
                if self.achalls:
                    resp = self.auth.perform(self.achalls)
            except errors.AuthorizationError:
                logger.critical("Failure in setting up challenges.")
                logger.info("Attempting to clean up outstanding challenges...")
                raise

        assert len(resp) == len(self.achalls)

        return resp
Ejemplo n.º 7
0
    def update_all_links_to(self, version):
        """Change all member objects to point to the specified version.

        :param int version: the desired version

        """
        with error_handler.ErrorHandler(self._fix_symlinks):
            previous_links = self._previous_symlinks()
            for kind, link in previous_links:
                os.symlink(self.current_target(kind), link)

            for kind in ALL_FOUR:
                self._update_link_to(kind, version)

            for _, link in previous_links:
                os.unlink(link)
Ejemplo n.º 8
0
    def redirect_to_ssl(self, domains):
        """Redirect all traffic from HTTP to HTTPS

        :param vhost: list of ssl_vhosts
        :type vhost: :class:`letsencrypt.interfaces.IInstaller`

        """
        with error_handler.ErrorHandler(self.installer.recovery_routine):
            for dom in domains:
                try:
                    self.installer.enhance(dom, "redirect")
                except errors.PluginError:
                    logger.warn("Unable to perform redirect for %s", dom)
                    raise

            self.installer.save("Add Redirects")
            self.installer.restart()
Ejemplo n.º 9
0
    def enhance_config(self, domains, config):
        """Enhance the configuration.

        :param list domains: list of domains to configure

        :ivar config: Namespace typically produced by
            :meth:`argparse.ArgumentParser.parse_args`.
            it must have the redirect, hsts and uir attributes.
        :type namespace: :class:`argparse.Namespace`

        :raises .errors.Error: if no installer is specified in the
            client.

        """

        if self.installer is None:
            logger.warning("No installer is specified, there isn't any "
                           "configuration to enhance.")
            raise errors.Error("No installer available")

        if config is None:
            logger.warning("No config is specified.")
            raise errors.Error("No config available")

        supported = self.installer.supported_enhancements()
        redirect = config.redirect if "redirect" in supported else False
        hsts = config.hsts if "ensure-http-header" in supported else False
        uir = config.uir if "ensure-http-header" in supported else False

        if redirect is None:
            redirect = enhancements.ask("redirect")

        if redirect:
            self.apply_enhancement(domains, "redirect")

        if hsts:
            self.apply_enhancement(domains, "ensure-http-header",
                    "Strict-Transport-Security")
        if uir:
            self.apply_enhancement(domains, "ensure-http-header",
                    "Upgrade-Insecure-Requests")

        msg = ("We were unable to restart web server")
        if redirect or hsts or uir:
            with error_handler.ErrorHandler(self._rollback_and_restart, msg):
                self.installer.restart()