def create_marathon_acme(storage_dir, acme_directory, acme_email, marathon_addrs, mlb_addrs, group, reactor): """ Create a marathon-acme instance. :param storage_dir: Path to the storage directory for certificates and the client key. :param acme_directory: Address for the ACME directory to use. :param acme_email: Email address to use when registering with the ACME service. :param marathon_addr: Address for the Marathon instance to find app domains that require certificates. :param mlb_addrs: List of addresses for marathon-lb instances to reload when a new certificate is issued. :param group: The marathon-lb group (``HAPROXY_GROUP``) to consider when finding app domains. :param reactor: The reactor to use. """ storage_path, certs_path = init_storage_dir(storage_dir) acme_url = URL.fromText(_to_unicode(acme_directory)) key = maybe_key(storage_path) return MarathonAcme(MarathonClient(marathon_addrs, reactor=reactor), group, DirectoryStore(certs_path), MarathonLbClient(mlb_addrs, reactor=reactor), create_txacme_client_creator(reactor, acme_url, key), reactor, acme_email)
def __init__( self, acme_key=None, staging=True, pem_path=pem_path, clock=reactor, responder=None, ): if responder is None: responder = HTTP01ResponderWithProxy() # Keep an easy reference to this responder self._responder = responder if acme_key is None: _ensure_dirs(pem_path) acme_key = load_or_create_client_key(pem_path) if staging: acme_url = txacme.urls.LETSENCRYPT_STAGING_DIRECTORY else: acme_url = txacme.urls.LETSENCRYPT_DIRECTORY # Keep track of factories used with this AcmeService self._factories = set() super(AcmeService, self).__init__( clock=clock, client_creator=partial( Client.from_url, reactor=clock, url=acme_url, key=acme_key ), cert_store=DirectoryStore(pem_path), responders=[responder], )
def action(secret): password = secret if driver_name == 'gandi': responders = [ GandiV5Responder(api_key=password, zone_name=zone_name) ] elif driver_name == 'cloudflare': responders = [ CloudflareV4Responder(email=user_name, api_key=password, zone_name=zone_name) ] else: responders = [ LibcloudDNSResponder.create(reactor, driver_name, user_name, password, zone_name) ] acme_key = maybe_key(acme_path) cert_store = DirectoryStore(acme_path) if staging: le_url = LETSENCRYPT_STAGING_DIRECTORY else: le_url = LETSENCRYPT_DIRECTORY client_creator = partial(Client.from_url, reactor=reactor, url=le_url, key=acme_key, alg=RS256) clock = reactor service = AcmeIssuingService(cert_store, client_creator, clock, responders) service.startService() forever = Deferred() return forever
def getCertStore(self): """ Return the certificate store for these tests. """ # FIXME # rever to trial mktemp. tmpdir = tempfile.mkdtemp() subdir = os.path.join(tmpdir, self._testMethodName) os.mkdir(subdir) self.addCleanup(shutil.rmtree, tmpdir) return DirectoryStore(FilePath(tmpdir))
def action(secret): password = secret responders = [ LibcloudDNSResponder.create(reactor, driver_name, user_name, password, zone_name) ] acme_key = maybe_key(acme_path) cert_store = DirectoryStore(acme_path) client_creator = partial(Client.from_url, reactor=reactor, url=LETSENCRYPT_DIRECTORY, key=acme_key, alg=RS256) clock = reactor service = AcmeIssuingService(cert_store, client_creator, clock, responders) service.startService() forever = Deferred() return forever
def _parse(reactor, directory, pemdir, *args, **kwargs): """ Parse a txacme endpoint description. :param reactor: The Twisted reactor. :param directory: ``twisted.python.url.URL`` for the ACME directory to use for issuing certs. :param str pemdir: The path to the certificate directory to use. """ def colon_join(items): return ':'.join([item.replace(':', '\\:') for item in items]) sub = colon_join(list(args) + ['='.join(item) for item in kwargs.items()]) pem_path = FilePath(pemdir).asTextMode() acme_key = load_or_create_client_key(pem_path) return AutoTLSEndpoint( reactor=reactor, directory=directory, client_creator=partial(Client.from_url, key=acme_key, alg=RS256), cert_store=DirectoryStore(pem_path), cert_mapping=HostDirectoryMap(pem_path), sub_endpoint=serverFromString(reactor, sub))
def test_filepath_mode(self): """ The given ``FilePath`` is always converted to text mode. """ store = DirectoryStore(FilePath(b'bytesbytesbytes')) self.assertIsInstance(store.path.path, unicode)
def setUp(self): super(DirectoryStoreTests, self).setUp() temp_dir = self.useFixture(TempDir()) self.cert_store = DirectoryStore(FilePath(temp_dir.path))
def makeService(config): ini = ConfigParser.RawConfigParser() ini.read(config['config']) configPath = FilePath(config['config']).parent() rproxyConf = dict(ini.items("rproxy")) hostsConf = dict(ini.items("hosts")) hosts = {} for k, v in hostsConf.items(): k = k.lower() hostname, part = k.rsplit("_", 1) if hostname not in hosts: hosts[hostname] = {} hosts[hostname][part] = v if not hosts: raise ValueError("No hosts configured.") for i in hosts: if "port" not in hosts[i]: raise ValueError("All hosts need a port.") if "host" not in hosts[i]: print("%s does not have a host, making localhost" % (i, )) hosts[i]["host"] = "localhost" if "wwwtoo" not in hosts[i]: print("%s does not have an wwwtoo setting, making True" % (i, )) hosts[i]["wwwtoo"] = "True" if "proxysecure" not in hosts[i]: print("%s does not have an proxysecure setting, making False" % (i, )) hosts[i]["proxysecure"] = False hosts[i]["wwwtoo"] = True if hosts[i]["wwwtoo"] == "True" else False hosts[i]["proxysecure"] = True if hosts[i][ "proxysecure"] == "True" else False hosts[i]["sendhsts"] = True if hosts[i].get( "sendhsts") == "True" else False from twisted.internet import reactor pool = HTTPConnectionPool(reactor) resource = EncodingResourceWrapper( RProxyResource(hosts, rproxyConf.get("clacks"), pool, reactor, {}, False), [server.GzipEncoderFactory()]) responder = HTTP01Responder() site = server.Site(EnsureHTTPS(resource, responder.resource), ) multiService = service.MultiService() certificates = rproxyConf.get("certificates", None) if certificates: try: configPath.child(certificates).makedirs() except: pass certificates = configPath.child(certificates).path for i in rproxyConf.get("https_ports").split(","): print("Starting HTTPS on port " + i) multiService.addService( strports.service('txsni:' + certificates + ':tcp:' + i, site)) for host in hosts.keys(): with open(FilePath(certificates).child(host + ".pem").path, 'w'): # Open it so that txacme can find it pass if hosts[host]["wwwtoo"]: with open( FilePath(certificates).child("www." + host + ".pem").path, 'w'): # Open it so that txacme can find it pass for i in rproxyConf.get("http_ports", "").split(","): print("Starting HTTP on port " + i) multiService.addService(strports.service('tcp:' + i, site)) issuingService = AcmeIssuingService( cert_store=DirectoryStore(FilePath(certificates)), client_creator=(lambda: Client.from_url( reactor=reactor, url=LETSENCRYPT_DIRECTORY, key=load_or_create_client_key(FilePath(certificates)), alg=RS256, )), clock=reactor, responders=[responder], ) issuingService.setServiceParent(multiService) return multiService