def setUp(self):
display.set_display(display.NcursesDisplay())
self.temp_dir = os.path.join(tempfile.mkdtemp("temp"),
"debian_apache_2_4")
self.config_dir = tempfile.mkdtemp("config")
self.work_dir = tempfile.mkdtemp("work")
shutil.copytree(UBUNTU_CONFIGS, self.temp_dir, symlinks=True)
temp_options = pkg_resources.resource_filename(
"letsencrypt.client", os.path.basename(CONFIG.OPTIONS_SSL_CONF))
shutil.copyfile(temp_options,
os.path.join(self.config_dir, "options-ssl.conf"))
# Final slash is currently important
self.config_path = os.path.join(self.temp_dir, "two_vhost_80/apache2/")
self.ssl_options = os.path.join(self.config_dir, "options-ssl.conf")
backups = os.path.join(self.work_dir, "backups")
with mock.patch("letsencrypt.client.apache_configurator."
"subprocess.Popen") as mock_popen:
# This just states that the ssl module is already loaded
mock_popen().communicate.return_value = ("ssl_module", "")
self.config = apache_configurator.ApacheConfigurator(
self.config_path, {
"backup": backups,
"temp": os.path.join(self.work_dir, "temp_checkpoint"),
"progress": os.path.join(backups, "IN_PROGRESS"),
"config": self.config_dir,
"work": self.work_dir,
}, self.ssl_options, (2, 4, 7))
prefix = os.path.join(self.temp_dir,
"two_vhost_80/apache2/sites-available")
aug_pre = "/files" + prefix
self.vh_truth = [
apache_configurator.VH(
os.path.join(prefix, "encryption-example.conf"),
os.path.join(aug_pre, "encryption-example.conf/VirtualHost"),
["*:80"], False, True, ["encryption-example.demo"]),
apache_configurator.VH(
os.path.join(prefix, "default-ssl.conf"),
os.path.join(aug_pre, "default-ssl.conf/IfModule/VirtualHost"),
["_default_:443"], True, False),
apache_configurator.VH(
os.path.join(prefix, "000-default.conf"),
os.path.join(aug_pre, "000-default.conf/VirtualHost"),
["*:80"], False, True, ["ip-172-30-0-17"]),
apache_configurator.VH(
os.path.join(prefix, "letsencrypt.conf"),
os.path.join(aug_pre, "letsencrypt.conf/VirtualHost"),
["*:80"], False, True, ["letsencrypt.demo"]),
]
def main():
"""Command line argument parsing and main script execution."""
if not os.geteuid() == 0:
sys.exit(
"{0}Root is required to run letsencrypt. Please use sudo.{0}".
format(os.linesep))
parser = argparse.ArgumentParser(
description="An ACME client that can update Apache configurations.")
parser.add_argument("-d",
"--domains",
dest="domains",
metavar="DOMAIN",
nargs="+")
parser.add_argument("-s",
"--server",
dest="server",
help="The ACME CA server address.")
parser.add_argument("-p",
"--privkey",
dest="privkey",
type=file,
help="Path to the private key file for certificate "
"generation.")
parser.add_argument("-c",
"--csr",
dest="csr",
type=file,
help="Path to the certificate signing request file "
"corresponding to the private key file. The "
"private key file argument is required if this "
"argument is specified.")
parser.add_argument("-b",
"--rollback",
dest="rollback",
type=int,
default=0,
help="Revert configuration <ROLLBACK> number of "
"checkpoints.")
parser.add_argument("-k",
"--revoke",
dest="revoke",
action="store_true",
help="Revoke a certificate.")
parser.add_argument("-v",
"--view-checkpoints",
dest="view_checkpoints",
action="store_true",
help="View checkpoints and associated configuration "
"changes.")
parser.add_argument(
"-r",
"--redirect",
dest="redirect",
action="store_const",
const=True,
help="Automatically redirect all HTTP traffic to HTTPS "
"for the newly authenticated vhost.")
parser.add_argument("-n",
"--no-redirect",
dest="redirect",
action="store_const",
const=False,
help="Skip the HTTPS redirect question, allowing both "
"HTTP and HTTPS.")
parser.add_argument("-e",
"--agree-eula",
dest="eula",
action="store_true",
help="Skip the end user license agreement screen.")
parser.add_argument("-t",
"--text",
dest="curses",
action="store_false",
help="Use the text output instead of the curses UI.")
parser.add_argument("--test",
dest="test",
action="store_true",
help="Run in test mode.")
args = parser.parse_args()
# Enforce --privkey is set along with --csr.
if args.csr and not args.privkey:
parser.print_usage()
parser.error(
"private key file (--privkey) must be specified along{}"
"with the certificate signing request file (--csr)".format(
os.linesep))
if args.curses:
display.set_display(display.NcursesDisplay())
else:
display.set_display(display.FileDisplay(sys.stdout))
if args.rollback > 0:
rollback(apache_configurator.ApacheConfigurator(), args.rollback)
sys.exit()
if args.view_checkpoints:
view_checkpoints(apache_configurator.ApacheConfigurator())
sys.exit()
server = args.server is None and CONFIG.ACME_SERVER or args.server
acme = client.Client(server, args.csr, args.privkey, args.curses)
if args.revoke:
acme.list_certs_keys()
else:
acme.authenticate(args.domains, args.redirect, args.eula)
def main(): # pylint: disable=too-many-branches
"""Command line argument parsing and main script execution."""
# note: arg parser internally handles --help (and exits afterwards)
args = create_parser().parse_args()
config = configuration.NamespaceConfig(args)
# note: check is done after arg parsing as --help should work w/o root also.
if not os.geteuid() == 0:
sys.exit(
"{0}Root is required to run letsencrypt. Please use sudo.{0}".
format(os.linesep))
# Set up logging
logger = logging.getLogger()
logger.setLevel(logging.INFO)
if args.use_curses:
logger.addHandler(log.DialogHandler())
displayer = display.NcursesDisplay()
else:
displayer = display.FileDisplay(sys.stdout)
zope.component.provideUtility(displayer)
if args.view_config_changes:
client.view_config_changes(config)
sys.exit()
if args.revoke:
client.revoke(config)
sys.exit()
if args.rollback > 0:
client.rollback(args.rollback, config)
sys.exit()
if not args.eula:
display_eula()
# Make sure we actually get an installer that is functioning properly
# before we begin to try to use it.
try:
installer = client.determine_installer(config)
except errors.LetsEncryptMisconfigurationError as err:
logging.fatal(
"Please fix your configuration before proceeding. "
"The Installer exited with the following message: "
"%s", err)
sys.exit(1)
# Use the same object if possible
if interfaces.IAuthenticator.providedBy(installer): # pylint: disable=no-member
auth = installer
else:
auth = client.determine_authenticator(config)
doms = choose_names(installer) if args.domains is None else args.domains
# Prepare for init of Client
if args.privkey is None:
privkey = client.init_key(args.rsa_key_size, config.key_dir)
else:
privkey = le_util.Key(args.privkey[0], args.privkey[1])
acme = client.Client(config, privkey, auth, installer)
# Validate the key and csr
client.validate_key_csr(privkey)
# This more closely mimics the capabilities of the CLI
# It should be possible for reconfig only, install-only, no-install
# I am not sure the best way to handle all of the unimplemented abilities,
# but this code should be safe on all environments.
if auth is not None:
cert_file, chain_file = acme.obtain_certificate(doms)
if installer is not None and cert_file is not None:
acme.deploy_certificate(doms, privkey, cert_file, chain_file)
if installer is not None:
acme.enhance_config(doms, args.redirect)
def main():
# Check to make sure user is root
if not os.geteuid() == 0:
sys.exit("\nOnly root can run letsencrypt.\n")
# Parse options
try:
opts, args = getopt.getopt(sys.argv[1:], "", ["text", "test",
"view-checkpoints",
"privkey=", "csr=",
"server=", "rollback=",
"revoke", "agree-eula",
"redirect",
"no-redirect",
"max-security"])
except getopt.GetoptError as err:
# print help info and exit
print str(err)
usage()
sys.exit(2)
server = None
csr = None
privkey = None
curses = True
names = args
flag_revoke = False
redirect = None
eula = False
for o, a in opts:
if o == "--text":
curses = False
elif o == "--csr":
csr = a
elif o == "--privkey":
privkey = a
elif o == "--server":
server = a
elif o == "--rollback":
from letsencrypt.client import configurator, logger
logger.setLogger(logger.FileLogger(sys.stdout))
logger.setLogLevel(logger.INFO)
config = configurator.Configurator()
config.rollback_checkpoints(a)
config.restart()
sys.exit(0)
elif o == "--view-checkpoints":
from letsencrypt.client import configurator, logger
logger.setLogger(logger.FileLogger(sys.stdout))
logger.setLogLevel(logger.INFO)
config = configurator.Configurator()
config.display_checkpoints()
sys.exit(0)
elif o == "--revoke":
# Do Stuff
flag_revoke = True
elif o == "--redirect":
redirect = True
elif o == "--no-redirect":
redirect = False
elif o == "--agree-eula":
eula = True
elif o == "--test":
#put any temporary tests in here
continue
if curses:
display.setDisplay(display.NcursesDisplay())
else:
display.setDisplay(display.FileDisplay(sys.stdout))
if not server:
server = ACME_SERVER
c = client.Client(server, csr, privkey, curses)
if flag_revoke:
c.list_certs_keys()
else:
c.authenticate(args, redirect, eula)