def _config_load(self):
"""" load config from file """
# pylint: disable=R0912, R0915
self.logger.debug('CAhandler._config_load()')
config_dic = load_config(self.logger, 'Hooks')
if 'Hooks' in config_dic and 'save_path' in config_dic['Hooks']:
self.save_path = config_dic['Hooks']['save_path']
def _certificate_extensions_load(self):
""" verify certificate chain """
self.logger.debug('CAhandler._certificate_extensions_load()')
file_dic = dict(load_config(self.logger, None, self.openssl_conf))
cert_extention_dic = {}
if 'extensions' in file_dic:
for extension in file_dic['extensions']:
cert_extention_dic[extension] = {}
parameters = file_dic['extensions'][extension].split(',')
# set crititcal task if applicable
if parameters[0] == 'critical':
cert_extention_dic[extension]['critical'] = bool(parameters.pop(0))
else:
cert_extention_dic[extension]['critical'] = False
# remove leading blank from first element
parameters[0] = parameters[0].lstrip()
# check if we have an issuer option (if so remove it and mark it as to be set)
if 'issuer:' in parameters[-1]:
cert_extention_dic[extension]['issuer'] = bool(parameters.pop(-1))
# check if we have an issuer option (if so remove it and mark it as to be set)
if 'subject:' in parameters[-1]:
cert_extention_dic[extension]['subject'] = bool(parameters.pop(-1))
# combine the remaining items and put them in as values
cert_extention_dic[extension]['value'] = ','.join(parameters)
self.logger.debug('CAhandler._certificate_extensions_load() ended')
return cert_extention_dic
def _config_load(self):
"""" load config from file """
self.logger.debug('CAhandler._config_load()')
config_dic = load_config(self.logger, 'CAhandler')
if 'xdb_file' in config_dic['CAhandler']:
self.xdb_file = config_dic['CAhandler']['xdb_file']
if 'passphrase_variable' in config_dic['CAhandler']:
try:
self.passphrase = os.environ[config_dic['CAhandler']['passphrase_variable']]
except BaseException as err:
self.logger.error('CAhandler._config_load() could not load passphrase_variable:{0}'.format(err))
if 'passphrase' in config_dic['CAhandler']:
# overwrite passphrase specified in variable
if self.passphrase:
self.logger.info('CAhandler._config_load() overwrite passphrase_variable')
self.passphrase = config_dic['CAhandler']['passphrase']
if 'issuing_ca_name' in config_dic['CAhandler']:
self.issuing_ca_name = config_dic['CAhandler']['issuing_ca_name']
if 'issuing_ca_key' in config_dic['CAhandler']:
self.issuing_ca_key = config_dic['CAhandler']['issuing_ca_key']
if 'ca_cert_chain_list' in config_dic['CAhandler']:
try:
self.ca_cert_chain_list = json.loads(config_dic['CAhandler']['ca_cert_chain_list'])
except BaseException:
self.logger.error('CAhandler._config_load(): parameter "ca_cert_chain_list" cannot be loaded')
if 'template_name' in config_dic['CAhandler']:
self.template_name = config_dic['CAhandler']['template_name']
def _config_load(self):
"""" load config from file """
self.logger.debug('Account._config_load()')
config_dic = load_config()
if 'Account' in config_dic:
self.inner_header_nonce_allow = config_dic.getboolean('Account', 'inner_header_nonce_allow', fallback=False)
self.ecc_only = config_dic.getboolean('Account', 'ecc_only', fallback=False)
self.tos_check_disable = config_dic.getboolean('Account', 'tos_check_disable', fallback=False)
self.contact_check_disable = config_dic.getboolean('Account', 'contact_check_disable', fallback=False)
if 'EABhandler' in config_dic:
self.logger.debug('Account._config.load(): loading eab_handler')
# mandate eab check regardless if handler is configured or could get loaded or not
self.eab_check = True
if 'eab_handler_file' in config_dic['EABhandler']:
# load eab_handler according to configuration
eab_handler_module = eab_handler_load(self.logger, config_dic)
if eab_handler_module:
# store handler in variable
self.eab_handler = eab_handler_module.EABhandler
else:
self.logger.critical('Account._config_load(): EABHandler could not get loaded')
else:
self.logger.critical('Account._config_load(): EABHandler configuration incomplete')
if 'Directory' in config_dic:
if 'tos_url' in config_dic['Directory']:
self.tos_url = config_dic['Directory']['tos_url']
if 'url_prefix' in config_dic['Directory']:
self.path_dic = {k: config_dic['Directory']['url_prefix'] + v for k, v in self.path_dic.items()}
self.logger.debug('Account._config_load() ended')
def _config_load(self):
"""" load config from file """
self.logger.debug('CAhandler._config_load()')
config_dic = load_config()
self.keyfile = config_dic['CAhandler']['acme_keyfile']
self.url = config_dic['CAhandler']['acme_url']
self.account = config_dic['CAhandler']['acme_account']
self.logger.debug('CAhandler._config_load() ended')
def _config_load(self):
"""" load config from file """
self.logger.debug('CAhandler._config_load()')
config_dic = load_config()
if 'CAhandler' in config_dic:
if 'acme_keyfile' in config_dic['CAhandler']:
self.keyfile = config_dic['CAhandler']['acme_keyfile']
else:
self.logger.error(
'CAhandler._config_load() configuration incomplete: "acme_keyfile" parameter is missing in config file'
)
if 'acme_url' in config_dic['CAhandler']:
self.url = config_dic['CAhandler']['acme_url']
self.url_dic = parse_url(self.logger, self.url)
else:
self.logger.error(
'CAhandler._config_load() configuration incomplete: "acme_url" parameter is missing in config file'
)
if 'acme_account' in config_dic['CAhandler']:
self.account = config_dic['CAhandler']['acme_account']
if 'account_path' in config_dic['CAhandler']:
self.path_dic['acct_path'] = config_dic['CAhandler'][
'account_path']
if 'directory_path' in config_dic['CAhandler']:
self.path_dic['directory_path'] = config_dic['CAhandler'][
'directory_path']
if 'acme_account_keysize' in config_dic['CAhandler']:
self.key_size = config_dic['CAhandler']['acme_account_keysize']
if 'acme_account_email' in config_dic['CAhandler']:
self.email = config_dic['CAhandler']['acme_account_email']
if 'allowed_domainlist' in config_dic['CAhandler']:
try:
self.allowed_domainlist = json.loads(
config_dic['CAhandler']['allowed_domainlist'])
except Exception as err:
self.logger.error(
'CAhandler._config_load(): failed to parse allowed_domainlist: {0}'
.format(err))
if 'eab_kid' in config_dic['CAhandler']:
self.eab_kid = config_dic['CAhandler']['eab_kid']
if 'eab_hmac_key' in config_dic['CAhandler']:
self.eab_hmac_key = config_dic['CAhandler']['eab_hmac_key']
self.logger.debug('CAhandler._config_load() ended')
else:
self.logger.error(
'CAhandler._config_load() configuration incomplete: "CAhandler" section is missing in config file'
)
def _config_load(self):
""" " load config from file"""
self.logger.debug("CAhandler._config_load()")
config_dic = load_config(self.logger, "CAhandler")
if 'CAhandler' in config_dic:
if 'host_variable' in config_dic['CAhandler']:
try:
self.host = os.environ[config_dic['CAhandler']['host_variable']]
except Exception as err:
self.logger.error('CAhandler._config_load() could not load host_variable:{0}'.format(err))
if 'host' in config_dic['CAhandler']:
if self.host:
self.logger.info('CAhandler._config_load() overwrite host')
self.host = config_dic['CAhandler']['host']
if 'user_variable' in config_dic['CAhandler']:
try:
self.user = os.environ[config_dic['CAhandler']['user_variable']]
except Exception as err:
self.logger.error('CAhandler._config_load() could not load user_variable:{0}'.format(err))
if 'user' in config_dic['CAhandler']:
if self.user:
self.logger.info('CAhandler._config_load() overwrite user')
self.user = config_dic['CAhandler']['user']
if 'password_variable' in config_dic['CAhandler']:
try:
self.password = os.environ[config_dic['CAhandler']['password_variable']]
except Exception as err:
self.logger.error('CAhandler._config_load() could not load password_variable:{0}'.format(err))
if 'password' in config_dic['CAhandler']:
if self.password:
self.logger.info('CAhandler._config_load() overwrite password')
self.password = config_dic['CAhandler']['password']
if 'target_domain' in config_dic['CAhandler']:
self.target_domain = config_dic['CAhandler']['target_domain']
if 'domain_controller' in config_dic['CAhandler']:
self.domain_controller = config_dic['CAhandler']['domain_controller']
if 'ca_name' in config_dic['CAhandler']:
self.ca_name = config_dic['CAhandler']['ca_name']
if 'ca_bundle' in config_dic['CAhandler']:
self.ca_bundle = config_dic['CAhandler']['ca_bundle']
if 'template' in config_dic['CAhandler']:
self.template = config_dic['CAhandler']['template']
if 'DEFAULT' in config_dic and 'proxy_server_list' in config_dic['DEFAULT']:
try:
proxy_list = json.loads(config_dic['DEFAULT']['proxy_server_list'])
proxy_server = proxy_check(self.logger, self.host, proxy_list)
self.proxy = {'http': proxy_server, 'https': proxy_server}
except Exception as err_:
self.logger.warning('CAhandler._config_load() proxy_server_list failed with error: {0}'.format(err_))
self.logger.debug("CAhandler._config_load() ended")
def _config_load(self):
"""" load config from file """
self.logger.debug('EABhandler._config_load()')
config_dic = load_config(self.logger, 'EABhandler')
if 'EABhandler' in config_dic:
if 'key_file' in config_dic['EABhandler']:
self.key_file = config_dic['EABhandler']['key_file']
self.logger.debug('EABhandler._config_load() ended')
def _config_load(self):
"""" load config from file """
self.logger.debug('CAhandler._config_load()')
config_dic = load_config(self.logger, 'CAhandler')
if 'CAhandler' in config_dic:
if 'parameter' in config_dic['CAhandler']:
self.parameter = config_dic['CAhandler']['parameter']
self.logger.debug('CAhandler._config_load() ended')
def _config_load(self):
"""" load config from file """
# pylint: disable=R0912, R0915
self.logger.debug('CAhandler._config_load()')
config_dic = load_config(self.logger, 'Hooks')
if 'Hooks' in config_dic:
self.raise_pre_hook_exception = config_dic.getboolean(
'Hooks', 'raise_pre_hook_exception', fallback=False)
self.raise_success_hook_exception = config_dic.getboolean(
'Hooks', 'raise_success_hook_exception', fallback=False)
self.raise_post_hook_exception = config_dic.getboolean(
'Hooks', 'raise_post_hook_exception', fallback=False)
def __init__(self, debug=None, srv_name=None, logger=None):
self.debug = debug
self.logger = logger
self.dbstore = DBstore(self.debug, self.logger)
self.server_name = srv_name
cfg = load_config()
if 'Directory' in cfg:
if 'url_prefix' in cfg['Directory']:
self.revocation_path = cfg['Directory'][
'url_prefix'] + '/acme/revokecert'
else:
self.revocation_path = '/acme/revokecert'
def _config_load(self):
"""" load config from file """
self.logger.debug('CAhandler._config_load()')
config_dic = load_config(self.logger, 'CAhandler')
if 'CAhandler' in config_dic:
if 'host_variable' in config_dic['CAhandler']:
try:
self.host = os.environ[config_dic['CAhandler']
['host_variable']]
except BaseException as err:
self.logger.error(
'CAhandler._config_load() could not load host_variable:{0}'
.format(err))
if 'host' in config_dic['CAhandler']:
if self.host:
self.logger.info('CAhandler._config_load() overwrite host')
self.host = config_dic['CAhandler']['host']
if 'user_variable' in config_dic['CAhandler']:
try:
self.user = os.environ[config_dic['CAhandler']
['user_variable']]
except BaseException as err:
self.logger.error(
'CAhandler._config_load() could not load user_variable:{0}'
.format(err))
if 'user' in config_dic['CAhandler']:
if self.user:
self.logger.info('CAhandler._config_load() overwrite user')
self.user = config_dic['CAhandler']['user']
if 'password_variable' in config_dic['CAhandler']:
try:
self.password = os.environ[config_dic['CAhandler']
['password_variable']]
except BaseException as err:
self.logger.error(
'CAhandler._config_load() could not load password_variable:{0}'
.format(err))
if 'password' in config_dic['CAhandler']:
if self.password:
self.logger.info(
'CAhandler._config_load() overwrite password')
self.password = config_dic['CAhandler']['password']
if 'template' in config_dic['CAhandler']:
self.template = config_dic['CAhandler']['template']
if 'auth_method' in config_dic['CAhandler'] and config_dic[
'CAhandler']['auth_method'] == 'ntlm':
self.auth_method = config_dic['CAhandler']['auth_method']
# check if we get a ca bundle for verification
if 'ca_bundle' in config_dic['CAhandler']:
self.ca_bundle = config_dic['CAhandler']['ca_bundle']
self.logger.debug('CAhandler._config_load() ended')
def _config_load(self):
"""" load config from file """
self.logger.debug('CAhandler._config_load()')
config_dic = load_config(self.logger, 'CAhandler')
if 'CAhandler' in config_dic:
if 'api_host' in config_dic['CAhandler']:
self.api_host = config_dic['CAhandler']['api_host']
if 'api_user_variable' in config_dic['CAhandler']:
try:
self.credential_dic['api_user'] = os.environ[
config_dic['CAhandler']['api_user_variable']]
except BaseException as err:
self.logger.error(
'CAhandler._config_load() could not load user_variable:{0}'
.format(err))
if 'api_user' in config_dic['CAhandler']:
if self.credential_dic['api_user']:
self.logger.info(
'CAhandler._config_load() overwrite api_user')
self.credential_dic['api_user'] = config_dic['CAhandler'][
'api_user']
if 'api_password_variable' in config_dic['CAhandler']:
try:
self.credential_dic['api_password'] = os.environ[
config_dic['CAhandler']['api_password_variable']]
except BaseException as err:
self.logger.error(
'CAhandler._config_load() could not load password_variable:{0}'
.format(err))
if 'api_password' in config_dic['CAhandler']:
if self.credential_dic['api_password']:
self.logger.info(
'CAhandler._config_load() overwrite api_password')
self.credential_dic['api_password'] = config_dic['CAhandler'][
'api_password']
if 'ca_name' in config_dic['CAhandler']:
self.ca_name = config_dic['CAhandler']['ca_name']
if 'tsg_name' in config_dic['CAhandler']:
self.tsg_info_dic['name'] = config_dic['CAhandler']['tsg_name']
if 'template_name' in config_dic['CAhandler']:
self.template_info_dic['name'] = config_dic['CAhandler'][
'template_name']
# check if we get a ca bundle for verification
if 'ca_bundle' in config_dic['CAhandler']:
try:
self.ca_bundle = config_dic.getboolean(
'CAhandler', 'ca_bundle')
except BaseException:
self.ca_bundle = config_dic['CAhandler']['ca_bundle']
self.logger.debug('CAhandler._config_load() ended')
def _config_load(self):
"""" load config from file """
self.logger.debug('CAhandler._config_load()')
config_dic = load_config(self.logger, 'CAhandler')
if 'CAhandler' in config_dic:
if 'host_variable' in config_dic['CAhandler']:
try:
self.host = os.environ[config_dic['CAhandler']['host_variable']]
except BaseException as err:
self.logger.error('CAhandler._config_load() could not load host_variable:{0}'.format(err))
if 'host' in config_dic['CAhandler']:
if self.host:
self.logger.info('CAhandler._config_load() overwrite host')
self.host = config_dic['CAhandler']['host']
if 'user_variable' in config_dic['CAhandler']:
try:
self.user = os.environ[config_dic['CAhandler']['user_variable']]
except BaseException as err:
self.logger.error('CAhandler._config_load() could not load user_variable:{0}'.format(err))
if 'user' in config_dic['CAhandler']:
if self.user:
self.logger.info('CAhandler._config_load() overwrite user')
self.user = config_dic['CAhandler']['user']
if 'password_variable' in config_dic['CAhandler']:
try:
self.password = os.environ[config_dic['CAhandler']['password_variable']]
except BaseException as err:
self.logger.error('CAhandler._config_load() could not load password_variable:{0}'.format(err))
if 'password' in config_dic['CAhandler']:
if self.password:
self.logger.info('CAhandler._config_load() overwrite password')
self.password = config_dic['CAhandler']['password']
if 'template' in config_dic['CAhandler']:
self.template = config_dic['CAhandler']['template']
if 'auth_method' in config_dic['CAhandler'] and config_dic['CAhandler']['auth_method'] == 'ntlm':
self.auth_method = config_dic['CAhandler']['auth_method']
# check if we get a ca bundle for verification
if 'ca_bundle' in config_dic['CAhandler']:
self.ca_bundle = config_dic['CAhandler']['ca_bundle']
if 'DEFAULT' in config_dic and 'proxy_server_list' in config_dic['DEFAULT']:
try:
proxy_list = json.loads(config_dic['DEFAULT']['proxy_server_list'])
proxy_server = proxy_check(self.logger, self.host, proxy_list)
self.proxy = {'http': proxy_server, 'https': proxy_server}
except BaseException as err_:
self.logger.warning('Challenge._config_load() proxy_server_list failed with error: {0}'.format(err_))
self.logger.debug('CAhandler._config_load() ended')
def _config_load(self):
"""" load config from file """
self.logger.debug('Certificate._config_load()')
config_dic = load_config()
if 'Order' in config_dic:
self.tnauthlist_support = config_dic.getboolean(
'Order', 'tnauthlist_support', fallback=False)
if 'CAhandler' in config_dic and 'handler_file' in config_dic[
'CAhandler']:
try:
ca_handler_module = importlib.import_module(
ca_handler_get(self.logger,
config_dic['CAhandler']['handler_file']))
except BaseException as err_:
self.logger.critical(
'Certificate._config_load(): loading CAhandler configured in cfg failed with err: {0}'
.format(err_))
try:
ca_handler_module = importlib.import_module(
'acme_srv.ca_handler')
except BaseException as err_:
ca_handler_module = None
self.logger.critical(
'Certificate._config_load(): loading default EABHandler failed with err: {0}'
.format(err_))
else:
if 'CAhandler' in config_dic:
ca_handler_module = importlib.import_module(
'acme_srv.ca_handler')
else:
self.logger.error(
'Certificate._config_load(): CAhandler configuration missing in config file'
)
ca_handler_module = None
if ca_handler_module:
# store handler in variable
self.cahandler = ca_handler_module.CAhandler
if 'Directory' in config_dic:
if 'url_prefix' in config_dic['Directory']:
self.path_dic = {
k: config_dic['Directory']['url_prefix'] + v
for k, v in self.path_dic.items()
}
self.logger.debug('ca_handler: {0}'.format(ca_handler_module))
self.logger.debug('Certificate._config_load() ended.')
def _config_load(self):
"""" load config from file """
self.logger.debug('CAhandler._config_load()')
config_dic = load_config(self.logger, 'CAhandler')
if 'issuing_ca_key' in config_dic['CAhandler']:
self.issuer_dict['issuing_ca_key'] = config_dic['CAhandler']['issuing_ca_key']
if 'issuing_ca_cert' in config_dic['CAhandler']:
self.issuer_dict['issuing_ca_cert'] = config_dic['CAhandler']['issuing_ca_cert']
if 'issuing_ca_key_passphrase_variable' in config_dic['CAhandler']:
try:
self.issuer_dict['passphrase'] = os.environ[config_dic['CAhandler']['issuing_ca_key_passphrase_variable']]
except BaseException as err:
self.logger.error('CAhandler._config_load() could not load issuing_ca_key_passphrase_variable:{0}'.format(err))
if 'issuing_ca_key_passphrase' in config_dic['CAhandler']:
if 'passphrase' in self.issuer_dict and self.issuer_dict['passphrase']:
self.logger.info('CAhandler._config_load() overwrite issuing_ca_key_passphrase_variable')
self.issuer_dict['passphrase'] = config_dic['CAhandler']['issuing_ca_key_passphrase']
if 'ca_cert_chain_list' in config_dic['CAhandler']:
self.ca_cert_chain_list = json.loads(config_dic['CAhandler']['ca_cert_chain_list'])
if 'cert_validity_days' in config_dic['CAhandler']:
self.cert_validity_days = int(config_dic['CAhandler']['cert_validity_days'])
if 'cert_save_path' in config_dic['CAhandler']:
self.cert_save_path = config_dic['CAhandler']['cert_save_path']
if 'issuing_ca_crl' in config_dic['CAhandler']:
self.issuer_dict['issuing_ca_crl'] = config_dic['CAhandler']['issuing_ca_crl']
# convert passphrase
if 'passphrase' in self.issuer_dict:
self.issuer_dict['passphrase'] = self.issuer_dict['passphrase'].encode('ascii')
if 'openssl_conf' in config_dic['CAhandler']:
self.openssl_conf = config_dic['CAhandler']['openssl_conf']
if 'allowed_domainlist' in config_dic['CAhandler']:
self.allowed_domainlist = json.loads(config_dic['CAhandler']['allowed_domainlist'])
if 'blocked_domainlist' in config_dic['CAhandler']:
self.blocked_domainlist = json.loads(config_dic['CAhandler']['blocked_domainlist'])
if 'whitelist' in config_dic['CAhandler']:
self.allowed_domainlist = json.loads(config_dic['CAhandler']['whitelist'])
self.logger.error('CAhandler._config_load() found "whitelist" parameter in configfile which should be renamed to "allowed_domainlist"')
if 'blacklist' in config_dic['CAhandler']:
self.blocked_domainlist = json.loads(config_dic['CAhandler']['blacklist'])
self.logger.error('CAhandler._config_load() found "blacklist" parameter in configfile which should be renamed to "blocked_domainlist"')
try:
self.cn_enforce = config_dic.getboolean('CAhandler', 'cn_enforce', fallback=False)
except BaseException:
self.logger.error('CAhandler._config_load() variable cn_enforce cannot be parsed')
self.save_cert_as_hex = config_dic.getboolean('CAhandler', 'save_cert_as_hex', fallback=False)
self.logger.debug('CAhandler._config_load() ended')
def _config_load(self):
"""" load config from file """
self.logger.debug('Challenge._config_load()')
config_dic = load_config()
if 'Challenge' in config_dic:
self.challenge_validation_disable = config_dic.getboolean(
'Challenge', 'challenge_validation_disable', fallback=False)
if 'dns_server_list' in config_dic['Challenge']:
try:
self.dns_server_list = json.loads(
config_dic['Challenge']['dns_server_list'])
except Exception as err_:
self.logger.warning(
'Challenge._config_load() dns_server_list failed with error: {0}'
.format(err_))
if 'challenge_validation_timeout' in config_dic['Challenge']:
try:
self.challenge_validation_timeout = int(
config_dic['Challenge']
['challenge_validation_timeout'])
except Exception as err_:
self.logger.warning(
'Challenge._config_load() failed to load challenge_validation_timeout: {0}'
.format(err_))
if 'Order' in config_dic:
self.tnauthlist_support = config_dic.getboolean(
'Order', 'tnauthlist_support', fallback=False)
if 'Directory' in config_dic:
if 'url_prefix' in config_dic['Directory']:
self.path_dic = {
k: config_dic['Directory']['url_prefix'] + v
for k, v in self.path_dic.items()
}
if 'DEFAULT' in config_dic and 'proxy_server_list' in config_dic[
'DEFAULT']:
try:
self.proxy_server_list = json.loads(
config_dic['DEFAULT']['proxy_server_list'])
except Exception as err_:
self.logger.warning(
'Challenge._config_load() proxy_server_list failed with error: {0}'
.format(err_))
self.logger.debug('Challenge._config_load() ended.')
def _config_load(self):
"""" load config from file """
self.logger.debug('_config_load()')
config_dic = load_config()
if 'Nonce' in config_dic:
self.disable_dic['nonce_check_disable'] = config_dic.getboolean(
'Nonce', 'nonce_check_disable', fallback=False)
self.disable_dic[
'signature_check_disable'] = config_dic.getboolean(
'Nonce', 'signature_check_disable', fallback=False)
if 'Directory' in config_dic:
if 'url_prefix' in config_dic['Directory']:
self.path_dic = {
k: config_dic['Directory']['url_prefix'] + v
for k, v in self.path_dic.items()
}
def _config_load(self):
"""" load config from file """
self.logger.debug('Certificate._config_load()')
config_dic = load_config()
if 'Order' in config_dic:
self.tnauthlist_support = config_dic.getboolean('Order', 'tnauthlist_support', fallback=False)
ca_handler_module = ca_handler_load(self.logger, config_dic)
if ca_handler_module:
# store handler in variable
try:
self.cahandler = ca_handler_module.CAhandler
except Exception as err_:
self.logger.critical('Certificate._config_load(): loading CAhandler failed with err: {0}'.format(err_))
self.logger.debug('ca_handler: {0}'.format(ca_handler_module))
self.logger.debug('Certificate._config_load() ended.')
def _config_load(self):
"""" load config from file """
self.logger.debug('Order._config_load()')
config_dic = load_config()
if 'Order' in config_dic:
self.tnauthlist_support = config_dic.getboolean(
'Order', 'tnauthlist_support', fallback=False)
self.expiry_check_disable = config_dic.getboolean(
'Order', 'expiry_check_disable', fallback=False)
if 'retry_after_timeout' in config_dic['Order']:
try:
self.retry_after = int(
config_dic['Order']['retry_after_timeout'])
except BaseException:
self.logger.warning(
'Order._config_load(): failed to parse retry_after: {0}'
.format(config_dic['Order']['retry_after_timeout']))
if 'validity' in config_dic['Order']:
try:
self.validity = int(config_dic['Order']['validity'])
except BaseException:
self.logger.warning(
'Order._config_load(): failed to parse validity: {0}'.
format(config_dic['Order']['validity']))
if 'Authorization' in config_dic:
if 'validity' in config_dic['Authorization']:
try:
self.authz_validity = int(
config_dic['Authorization']['validity'])
except BaseException:
self.logger.warning(
'Order._config_load(): failed to parse authz validity: {0}'
.format(config_dic['Authorization']['validity']))
if 'Directory' in config_dic:
if 'url_prefix' in config_dic['Directory']:
self.path_dic = {
k: config_dic['Directory']['url_prefix'] + v
for k, v in self.path_dic.items()
}
self.logger.debug('Order._config_load() ended.')
def _config_load(self):
"""" load config from file """
self.logger.debug('Authorization._config_load()')
config_dic = load_config()
if 'Authorization' in config_dic:
self.expiry_check_disable = config_dic.getboolean(
'Authorization', 'expiry_check_disable', fallback=False)
if 'validity' in config_dic['Authorization']:
try:
self.validity = int(
config_dic['Authorization']['validity'])
except BaseException:
self.logger.warning(
'Authorization._config_load(): failed to parse validity: {0}'
.format(config_dic['Authorization']['validity']))
if 'Directory' in config_dic:
if 'url_prefix' in config_dic['Directory']:
self.path_dic = {
k: config_dic['Directory']['url_prefix'] + v
for k, v in self.path_dic.items()
}
self.logger.debug('Authorization._config_load() ended.')
def _config_load(self):
"""" load config from file """
self.logger.debug('Account._config_load()')
config_dic = load_config()
if 'Account' in config_dic:
self.inner_header_nonce_allow = config_dic.getboolean('Account', 'inner_header_nonce_allow', fallback=False)
self.ecc_only = config_dic.getboolean('Account', 'ecc_only', fallback=False)
self.tos_check_disable = config_dic.getboolean('Account', 'tos_check_disable', fallback=False)
self.contact_check_disable = config_dic.getboolean('Account', 'contact_check_disable', fallback=False)
if 'EABhandler' in config_dic:
self.logger.debug('Account._config.load(): loading eab_handler')
if 'eab_handler_file' in config_dic['EABhandler']:
# mandate eab check regardless if handler could get loaded or not
self.eab_check = True
try:
eab_handler_module = importlib.import_module(ca_handler_get(self.logger, config_dic['EABhandler']['eab_handler_file']))
except BaseException as err_:
self.logger.critical('Account._config_load(): loading EABHandler configured in cfg failed with err: {0}'.format(err_))
try:
eab_handler_module = importlib.import_module('acme_srv.eab_handler')
except BaseException as err_:
eab_handler_module = None
self.logger.critical('Account._config_load(): loading default EABHandler failed with err: {0}'.format(err_))
if eab_handler_module:
# store handler in variable
self.eab_handler = eab_handler_module.EABhandler
else:
self.logger.critical('Account._config_load(): EABHandler configuration is missing in config file')
if 'Directory' in config_dic:
if 'tos_url' in config_dic['Directory']:
self.tos_url = config_dic['Directory']['tos_url']
if 'url_prefix' in config_dic['Directory']:
self.path_dic = {k: config_dic['Directory']['url_prefix'] + v for k, v in self.path_dic.items()}
self.logger.debug('Account._config_load() ended')
def _config_load(self):
"""" load config from file """
self.logger.debug('_config_load()')
config_dic = load_config(self.logger, 'CAhandler')
if 'CAhandler' in config_dic:
if 'api_host' in config_dic['CAhandler']:
self.api_host = config_dic['CAhandler']['api_host']
else:
self.logger.error(
'CAhandler._config_load() configuration incomplete: "api_host" parameter is missing in config file'
)
if 'api_user' in config_dic[
'CAhandler'] or 'api_user_variable' in config_dic[
'CAhandler']:
if 'api_user_variable' in config_dic['CAhandler']:
try:
self.api_user = os.environ[config_dic['CAhandler']
['api_user_variable']]
except BaseException as err:
self.logger.error(
'CAhandler._config_load() could not load user_variable:{0}'
.format(err))
if 'api_user' in config_dic['CAhandler']:
if self.api_user:
self.logger.info(
'CAhandler._config_load() overwrite api_user')
self.api_user = config_dic['CAhandler']['api_user']
else:
self.logger.error(
'CAhandler._config_load() configuration incomplete: "api_user" parameter is missing in config file'
)
if 'api_password' in config_dic[
'CAhandler'] or 'api_password_variable' in config_dic[
'CAhandler']:
if 'api_password_variable' in config_dic['CAhandler']:
try:
self.api_password = os.environ[
config_dic['CAhandler']['api_password_variable']]
except BaseException as err:
self.logger.error(
'CAhandler._config_load() could not load passphrase_variable:{0}'
.format(err))
if 'api_password' in config_dic['CAhandler']:
if self.api_password:
self.logger.info(
'CAhandler._config_load() overwrite api_password_variable'
)
self.api_password = config_dic['CAhandler']['api_password']
else:
self.logger.error(
'CAhandler._config_load() configuration incomplete: "api_password" parameter is missing in config file'
)
if 'ca_name' in config_dic['CAhandler']:
self.ca_name = config_dic['CAhandler']['ca_name']
else:
self.logger.error(
'CAhandler._config_load() configuration incomplete: "ca_name" parameter is missing in config file'
)
if 'polling_timeout' in config_dic['CAhandler']:
self.polling_timeout = int(
config_dic['CAhandler']['polling_timeout'])
# check if we get a ca bundle for verification
if 'ca_bundle' in config_dic['CAhandler']:
try:
self.ca_bundle = config_dic.getboolean(
'CAhandler', 'ca_bundle')
except BaseException:
self.ca_bundle = config_dic['CAhandler']['ca_bundle']
if 'DEFAULT' in config_dic and 'proxy_server_list' in config_dic[
'DEFAULT']:
try:
proxy_list = json.loads(
config_dic['DEFAULT']['proxy_server_list'])
url_dic = parse_url(self.logger, self.api_host)
if 'host' in url_dic:
(fqdn, _port) = url_dic['host'].split(':')
proxy_server = proxy_check(self.logger, fqdn, proxy_list)
self.proxy = {'http': proxy_server, 'https': proxy_server}
except BaseException as err_:
self.logger.warning(
'Challenge._config_load() proxy_server_list failed with error: {0}'
.format(err_))
self.logger.debug('CAhandler._config_load() ended')
2. Add a URL to urlpatterns: url(r'^$', views.home, name='home')
Class-based views
1. Add an import: from other_app.views import Home
2. Add a URL to urlpatterns: url(r'^$', Home.as_view(), name='home')
Including another URLconf
1. Import the include() function: from django.conf.urls import url, include
2. Add a URL to urlpatterns: url(r'^blog/', include('blog.urls'))
"""
# pylint: disable=C0330
from django.conf.urls import include, url
from django.contrib import admin
from acme_srv import views
from acme_srv.helper import load_config
# load config to set url_prefix
CONFIG = load_config()
if 'Directory' in CONFIG and 'url_prefix' in CONFIG['Directory']:
prefix = CONFIG['Directory']['url_prefix'] + '/'
if prefix.startswith('/'):
prefix = prefix.lstrip('/')
else:
prefix = ''
urlpatterns = [
url(r'^admin/', admin.site.urls),
url(r'^$', views.directory, name='index'),
url(r'^directory$', views.directory, name='directory'),
url(r'^{0}get_servername$'.format(prefix),
views.servername_get,
name='servername_get'),
def _config_load(self):
""" load config from file """
self.logger.debug('Housekeeping._config_load()')
config_dic = load_config()
if 'Housekeeping' in config_dic:
pass
def _config_load(self):
"""" load config from file """
self.logger.debug('_config_load()')
config_dic = load_config(self.logger, 'CAhandler')
if 'CAhandler' in config_dic:
if 'api_host' in config_dic['CAhandler']:
self.api_host = config_dic['CAhandler']['api_host']
else:
self.logger.error(
'CAhandler._config_load() configuration incomplete: "api_host" parameter is missing in config file'
)
if 'api_user' in config_dic[
'CAhandler'] or 'api_user_variable' in config_dic[
'CAhandler']:
if 'api_user_variable' in config_dic['CAhandler']:
try:
self.api_user = os.environ[config_dic['CAhandler']
['api_user_variable']]
except BaseException as err:
self.logger.error(
'CAhandler._config_load() could not load user_variable:{0}'
.format(err))
if 'api_user' in config_dic['CAhandler']:
if self.api_user:
self.logger.info(
'CAhandler._config_load() overwrite api_user')
self.api_user = config_dic['CAhandler']['api_user']
else:
self.logger.error(
'CAhandler._config_load() configuration incomplete: "api_user" parameter is missing in config file'
)
if 'api_password' in config_dic[
'CAhandler'] or 'api_password_variable' in config_dic[
'CAhandler']:
if 'api_password_variable' in config_dic['CAhandler']:
try:
self.api_password = os.environ[
config_dic['CAhandler']['api_password_variable']]
except BaseException as err:
self.logger.error(
'CAhandler._config_load() could not load passphrase_variable:{0}'
.format(err))
if 'api_password' in config_dic['CAhandler']:
if self.api_password:
self.logger.info(
'CAhandler._config_load() overwrite api_password_variable'
)
self.api_password = config_dic['CAhandler']['api_password']
else:
self.logger.error(
'CAhandler._config_load() configuration incomplete: "api_password" parameter is missing in config file'
)
if 'ca_name' in config_dic['CAhandler']:
self.ca_name = config_dic['CAhandler']['ca_name']
else:
self.logger.error(
'CAhandler._config_load() configuration incomplete: "ca_name" parameter is missing in config file'
)
if 'polling_timeout' in config_dic['CAhandler']:
self.polling_timeout = int(
config_dic['CAhandler']['polling_timeout'])
# check if we get a ca bundle for verification
if 'ca_bundle' in config_dic['CAhandler']:
try:
self.ca_bundle = config_dic.getboolean(
'CAhandler', 'ca_bundle')
except BaseException:
self.ca_bundle = config_dic['CAhandler']['ca_bundle']
self.logger.debug('CAhandler._config_load() ended')
def _config_load(self):
"""" load config from file """
self.logger.debug('CAhandler._config_load()')
config_dic = load_config(self.logger, 'CAhandler')
if 'CAhandler' in config_dic:
if 'api_host' in config_dic['CAhandler']:
self.api_host = config_dic['CAhandler']['api_host']
if 'api_user_variable' in config_dic['CAhandler']:
try:
self.credential_dic['api_user'] = os.environ[
config_dic['CAhandler']['api_user_variable']]
except BaseException as err:
self.logger.error(
'CAhandler._config_load() could not load user_variable:{0}'
.format(err))
if 'api_user' in config_dic['CAhandler']:
if self.credential_dic['api_user']:
self.logger.info(
'CAhandler._config_load() overwrite api_user')
self.credential_dic['api_user'] = config_dic['CAhandler'][
'api_user']
if 'api_password_variable' in config_dic['CAhandler']:
try:
self.credential_dic['api_password'] = os.environ[
config_dic['CAhandler']['api_password_variable']]
except BaseException as err:
self.logger.error(
'CAhandler._config_load() could not load password_variable:{0}'
.format(err))
if 'api_password' in config_dic['CAhandler']:
if self.credential_dic['api_password']:
self.logger.info(
'CAhandler._config_load() overwrite api_password')
self.credential_dic['api_password'] = config_dic['CAhandler'][
'api_password']
if 'ca_name' in config_dic['CAhandler']:
self.ca_name = config_dic['CAhandler']['ca_name']
if 'tsg_name' in config_dic['CAhandler']:
self.tsg_info_dic['name'] = config_dic['CAhandler']['tsg_name']
if 'template_name' in config_dic['CAhandler']:
self.template_info_dic['name'] = config_dic['CAhandler'][
'template_name']
# check if we get a ca bundle for verification
if 'ca_bundle' in config_dic['CAhandler']:
try:
self.ca_bundle = config_dic.getboolean(
'CAhandler', 'ca_bundle')
except BaseException:
self.ca_bundle = config_dic['CAhandler']['ca_bundle']
if 'DEFAULT' in config_dic and 'proxy_server_list' in config_dic[
'DEFAULT']:
try:
proxy_list = json.loads(
config_dic['DEFAULT']['proxy_server_list'])
url_dic = parse_url(self.logger, self.api_host)
if 'host' in url_dic:
(fqdn, _port) = url_dic['host'].split(':')
proxy_server = proxy_check(self.logger, fqdn, proxy_list)
self.proxy = {'http': proxy_server, 'https': proxy_server}
except BaseException as err_:
self.logger.warning(
'Challenge._config_load() proxy_server_list failed with error: {0}'
.format(err_))
self.logger.debug('CAhandler._config_load() ended')
def _config_load(self):
"""" load config from file """
# pylint: disable=R0912, R0915
self.logger.debug('CAhandler._config_load()')
config_dic = load_config(self.logger, 'CAhandler')
if 'CAhandler' in config_dic:
if 'est_host_variable' in config_dic['CAhandler']:
try:
self.est_host = os.environ[config_dic['CAhandler'][
'est_host_variable']] + '/.well-known/est'
except Exception as err:
self.logger.error(
'CAhandler._config_load() could not load est_host_variable:{0}'
.format(err))
if 'est_host' in config_dic['CAhandler']:
if self.est_host:
self.logger.info(
'CAhandler._config_load() overwrite est_host')
self.est_host = config_dic['CAhandler'][
'est_host'] + '/.well-known/est'
if not self.est_host:
self.logger.error(
'CAhandler._config_load(): missing "est_host" parameter')
# check if we need to use clientauth
if 'est_client_cert' in config_dic[
'CAhandler'] and 'est_client_key' in config_dic[
'CAhandler']:
self.est_client_cert = []
self.est_client_cert.append(
config_dic['CAhandler']['est_client_cert'])
self.est_client_cert.append(
config_dic['CAhandler']['est_client_key'])
elif 'est_client_cert' in config_dic[
'CAhandler'] or 'est_client_key' in config_dic['CAhandler']:
self.logger.error(
'CAhandler._config_load() configuration incomplete: either "est_client_cert or "est_client_key" parameter is missing in config file'
)
# check if we need to use user-auth
if 'est_user_variable' in config_dic['CAhandler']:
try:
self.est_user = os.environ[config_dic['CAhandler']
['est_user_variable']]
except Exception as err:
self.logger.error(
'CAhandler._config_load() could not load est_user_variable:{0}'
.format(err))
if 'est_user' in config_dic['CAhandler']:
if self.est_user:
self.logger.info(
'CAhandler._config_load() overwrite est_user')
self.est_user = config_dic['CAhandler']['est_user']
if 'est_password_variable' in config_dic['CAhandler']:
try:
self.est_password = os.environ[config_dic['CAhandler']
['est_password_variable']]
except Exception as err:
self.logger.error(
'CAhandler._config_load() could not load est_password:{0}'
.format(err))
if 'est_password' in config_dic['CAhandler']:
if self.est_password:
self.logger.info(
'CAhandler._config_load() overwrite est_password')
self.est_password = config_dic['CAhandler']['est_password']
if (self.est_user
and not self.est_password) or (self.est_password
and not self.est_user):
self.logger.error(
'CAhandler._config_load() configuration incomplete: either "est_user" or "est_password" parameter is missing in config file'
)
# check if we have one authentication scheme
if not self.est_client_cert and not self.est_user:
self.logger.error(
'CAhandler._config_load() configuration incomplete: either user or client authentication must be configured'
)
elif self.est_client_cert and self.est_user:
self.logger.error(
'CAhandler._config_load() configuration wrong: user and client authentication cannot be configured together'
)
# check if we get a ca bundle for verification
if 'ca_bundle' in config_dic['CAhandler']:
try:
self.ca_bundle = config_dic.getboolean(
'CAhandler', 'ca_bundle')
except Exception:
self.ca_bundle = config_dic['CAhandler']['ca_bundle']
if 'DEFAULT' in config_dic and 'proxy_server_list' in config_dic[
'DEFAULT']:
try:
proxy_list = json.loads(
config_dic['DEFAULT']['proxy_server_list'])
url_dic = parse_url(self.logger, self.est_host)
if 'host' in url_dic:
(fqdn, _port) = url_dic['host'].split(':')
proxy_server = proxy_check(self.logger, fqdn, proxy_list)
self.proxy = {'http': proxy_server, 'https': proxy_server}
except Exception as err_:
self.logger.warning(
'Challenge._config_load() proxy_server_list failed with error: {0}'
.format(err_))
self.logger.debug('CAhandler._config_load() ended')
def _config_load(self):
"""" load config from file """
self.logger.debug('CAhandler._config_load()')
config_dic = load_config()
if 'CAhandler' in config_dic:
if 'acme_keyfile' in config_dic['CAhandler']:
self.keyfile = config_dic['CAhandler']['acme_keyfile']
else:
self.logger.error(
'CAhandler._config_load() configuration incomplete: "acme_keyfile" parameter is missing in config file'
)
if 'acme_url' in config_dic['CAhandler']:
self.url = config_dic['CAhandler']['acme_url']
else:
self.logger.error(
'CAhandler._config_load() configuration incomplete: "acme_url" parameter is missing in config file'
)
if 'acme_account' in config_dic['CAhandler']:
self.account = config_dic['CAhandler']['acme_account']
# else:
# try to fetch acme-account id from housekeeping table
# self.account = self.dbstore.hkparameter_get('acme_account')
# if self.account:
# self.logger.debug('CAhandler._config_load() found acme_account in housekeeping table: {0}'.format(self.account))
if 'account_path' in config_dic['CAhandler']:
self.path_dic['acct_path'] = config_dic['CAhandler'][
'account_path']
if 'directory_path' in config_dic['CAhandler']:
self.path_dic['directory_path'] = config_dic['CAhandler'][
'directory_path']
if 'acme_account_keysize' in config_dic['CAhandler']:
self.key_size = config_dic['CAhandler']['acme_account_keysize']
if 'acme_account_email' in config_dic['CAhandler']:
self.email = config_dic['CAhandler']['acme_account_email']
if 'allowed_domainlist' in config_dic['CAhandler']:
try:
self.allowed_domainlist = json.loads(
config_dic['CAhandler']['allowed_domainlist'])
except BaseException as err:
self.logger.error(
'CAhandler._config_load(): failed to parse allowed_domainlist: {0}'
.format(err))
if 'eab_kid' in config_dic['CAhandler']:
self.eab_kid = config_dic['CAhandler']['eab_kid']
if 'eab_hmac_key' in config_dic['CAhandler']:
self.eab_hmac_key = config_dic['CAhandler']['eab_hmac_key']
self.logger.debug('CAhandler._config_load() ended')
else:
self.logger.error(
'CAhandler._config_load() configuration incomplete: "CAhandler" section is missing in config file'
)
def _config_load(self):
"""" load config from file """
# pylint: disable=R0912, R0915
self.logger.debug('CAhandler._config_load()')
config_dic = load_config(self.logger, 'CAhandler')
if 'CAhandler' in config_dic:
for ele in config_dic['CAhandler']:
if ele.startswith('cmp_'):
if ele == 'cmp_openssl_bin':
self.openssl_bin = config_dic['CAhandler']['cmp_openssl_bin']
elif ele == 'cmp_recipient':
if config_dic['CAhandler']['cmp_recipient'].startswith('/'):
value = config_dic['CAhandler'][ele]
else:
value = '/' + config_dic['CAhandler'][ele]
value = value.replace(', ', '/')
value = value.replace(',', '/')
self.config_dic['recipient'] = value
elif ele == 'cmp_ref_variable':
try:
self.ref = os.environ[config_dic['CAhandler']['cmp_ref_variable']]
except Exception as err:
self.logger.error('CAhandler._config_load() could not load cmp_ref:{0}'.format(err))
elif ele == 'cmp_secret_variable':
try:
self.secret = os.environ[config_dic['CAhandler']['cmp_secret_variable']]
except Exception as err:
self.logger.error('CAhandler._config_load() could not load cmp_secret_variable:{0}'.format(err))
elif ele in ('cmp_secret', 'cmp_ref'):
continue
else:
if config_dic['CAhandler'][ele] == 'True' or config_dic['CAhandler'][ele] == 'False':
self.config_dic[ele[4:]] = config_dic.getboolean('CAhandler', ele, fallback=False)
else:
self.config_dic[ele[4:]] = config_dic['CAhandler'][ele]
if 'CAhandler' in config_dic and 'cmp_ref' in config_dic['CAhandler']:
if self.ref:
self.logger.info('CAhandler._config_load() overwrite cmp_ref variable')
self.ref = config_dic['CAhandler']['cmp_ref']
if 'CAhandler' in config_dic and 'cmp_secret' in config_dic['CAhandler']:
if self.secret:
self.logger.info('CAhandler._config_load() overwrite cmp_secret variable')
self.secret = config_dic['CAhandler']['cmp_secret']
if 'cmd' not in self.config_dic:
self.config_dic['cmd'] = 'ir'
if 'popo' not in self.config_dic:
self.config_dic['popo'] = 0
# create temporary directory
self.tmp_dir = tempfile.mkdtemp()
# defaulting openssl_bin
if not self.openssl_bin:
self.logger.warning('CAhandler config error: "cmp_openssl_bin" parameter not in config_file. Using default (/usr/bin/openssl)')
self.openssl_bin = '/usr/bin/openssl'
if not self.recipient:
self.logger.error('CAhandler config error: "cmp_recipient" is missing in config_file.')
self.logger.debug('CAhandler._config_load() ended')