def create_file(session, cls, tid, raw_key): db_cfg = load_tls_dict(session, tid) db_cfg['ssl_key'] = raw_key config = ConfigFactory(session, tid) pkv = cls.validator() ok, _ = pkv.validate(db_cfg) if ok: config.set_val('https_priv_key', raw_key) config.set_val('https_priv_gen', False) return ok
def create_file(session, cls, tid, raw_chain): config = ConfigFactory(session, tid) db_cfg = load_tls_dict(session, tid) db_cfg['ssl_intermediate'] = raw_chain cv = cls.validator() ok, _ = cv.validate(db_cfg) if ok: config.set_val('https_chain', raw_chain) return ok
def create_file(session, cls, tid, raw_cert): config = ConfigFactory(session, tid) db_cfg = load_tls_dict(session, tid) db_cfg['ssl_cert'] = raw_cert cv = cls.validator() ok, _ = cv.validate(db_cfg) if ok: config.set_val('https_cert', raw_cert) State.tenant_cache[tid].https_cert = raw_cert return ok
def try_to_enable_https(session, tid): config = ConfigFactory(session, tid) cv = tls.ChainValidator() tls_config = load_tls_dict(session, tid) tls_config['https_enabled'] = False ok, _ = cv.validate(tls_config) if not ok: raise errors.InputValidationError() config.set_val('https_enabled', True) State.tenant_cache[tid].https_enabled = True State.snimap.load(tid, tls_config)
def perform_action(session, tid, csr_fields): db_cfg = load_tls_dict(session, tid) pkv = tls.PrivKeyValidator() ok, _ = pkv.validate(db_cfg) if not ok: raise errors.InputValidationError() key_pair = db_cfg['ssl_key'] try: csr_txt = tls.gen_x509_csr_pem(key_pair, csr_fields, Settings.csr_sign_bits) log.debug("Generated a new CSR") return csr_txt except Exception as e: log.err(e) raise errors.InputValidationError('CSR gen failed')
def cert_expiration_checks(self, session, tid): priv_fact = models.config.ConfigFactory(session, tid) if not priv_fact.get_val('https_enabled'): return cert = load_certificate(FILETYPE_PEM, priv_fact.get_val('https_cert')) expiration_date = letsencrypt.convert_asn1_date(cert.get_notAfter()) expiration_date_iso = datetime_to_ISO8601(expiration_date) # Acme renewal checks if priv_fact.get_val('acme') and datetime.now( ) > expiration_date - timedelta(days=self.acme_try_renewal): try: db_acme_cert_request(session, tid) except Exception as exc: log.err('Automatic HTTPS renewal failed: %s', exc, tid=tid) # Send an email to the admin cause this requires user intervention if not self.state.tenant_cache[ tid].notification.disable_admin_notification_emails: self.certificate_mail_creation( session, 'https_certificate_renewal_failure', tid, expiration_date_iso) tls_config = load_tls_dict(session, tid) self.state.snimap.unload(tid) self.state.snimap.load(tid, tls_config) # Regular certificates expiration checks elif datetime.now() > expiration_date - timedelta( days=self.notify_expr_within): log.info('The HTTPS Certificate is expiring on %s', expiration_date, tid=tid) if not self.state.tenant_cache[ tid].notification.disable_admin_notification_emails: self.certificate_mail_creation(session, 'https_certificate_expiration', tid, expiration_date_iso)