def create_file(session, cls, tid, raw_key):
db_cfg = load_tls_dict(session, tid)
db_cfg['ssl_key'] = raw_key
config = ConfigFactory(session, tid)
pkv = cls.validator()
ok, _ = pkv.validate(db_cfg)
if ok:
config.set_val('https_priv_key', raw_key)
config.set_val('https_priv_gen', False)
return ok
def create_file(session, cls, tid, raw_chain):
config = ConfigFactory(session, tid)
db_cfg = load_tls_dict(session, tid)
db_cfg['ssl_intermediate'] = raw_chain
cv = cls.validator()
ok, _ = cv.validate(db_cfg)
if ok:
config.set_val('https_chain', raw_chain)
return ok
def create_file(session, cls, tid, raw_cert):
config = ConfigFactory(session, tid)
db_cfg = load_tls_dict(session, tid)
db_cfg['ssl_cert'] = raw_cert
cv = cls.validator()
ok, _ = cv.validate(db_cfg)
if ok:
config.set_val('https_cert', raw_cert)
State.tenant_cache[tid].https_cert = raw_cert
return ok
def try_to_enable_https(session, tid):
config = ConfigFactory(session, tid)
cv = tls.ChainValidator()
tls_config = load_tls_dict(session, tid)
tls_config['https_enabled'] = False
ok, _ = cv.validate(tls_config)
if not ok:
raise errors.InputValidationError()
config.set_val('https_enabled', True)
State.tenant_cache[tid].https_enabled = True
State.snimap.load(tid, tls_config)
def perform_action(session, tid, csr_fields):
db_cfg = load_tls_dict(session, tid)
pkv = tls.PrivKeyValidator()
ok, _ = pkv.validate(db_cfg)
if not ok:
raise errors.InputValidationError()
key_pair = db_cfg['ssl_key']
try:
csr_txt = tls.gen_x509_csr_pem(key_pair, csr_fields, Settings.csr_sign_bits)
log.debug("Generated a new CSR")
return csr_txt
except Exception as e:
log.err(e)
raise errors.InputValidationError('CSR gen failed')
def cert_expiration_checks(self, session, tid):
priv_fact = models.config.ConfigFactory(session, tid)
if not priv_fact.get_val('https_enabled'):
return
cert = load_certificate(FILETYPE_PEM, priv_fact.get_val('https_cert'))
expiration_date = letsencrypt.convert_asn1_date(cert.get_notAfter())
expiration_date_iso = datetime_to_ISO8601(expiration_date)
# Acme renewal checks
if priv_fact.get_val('acme') and datetime.now(
) > expiration_date - timedelta(days=self.acme_try_renewal):
try:
db_acme_cert_request(session, tid)
except Exception as exc:
log.err('Automatic HTTPS renewal failed: %s', exc, tid=tid)
# Send an email to the admin cause this requires user intervention
if not self.state.tenant_cache[
tid].notification.disable_admin_notification_emails:
self.certificate_mail_creation(
session, 'https_certificate_renewal_failure', tid,
expiration_date_iso)
tls_config = load_tls_dict(session, tid)
self.state.snimap.unload(tid)
self.state.snimap.load(tid, tls_config)
# Regular certificates expiration checks
elif datetime.now() > expiration_date - timedelta(
days=self.notify_expr_within):
log.info('The HTTPS Certificate is expiring on %s',
expiration_date,
tid=tid)
if not self.state.tenant_cache[
tid].notification.disable_admin_notification_emails:
self.certificate_mail_creation(session,
'https_certificate_expiration',
tid, expiration_date_iso)
