コード例 #1
0
ファイル: configurator.py プロジェクト: NEOatNHNG/letsencrypt
    def _create_redirect_vhost(self, ssl_vhost):
        """Creates an http_vhost specifically to redirect for the ssl_vhost.

        :param ssl_vhost: ssl vhost
        :type ssl_vhost: :class:`~letsencrypt_apache.obj.VirtualHost`

        :returns: tuple of the form
            (`success`, :class:`~letsencrypt_apache.obj.VirtualHost`)
        :rtype: tuple

        """
        text = self._get_redirect_config_str(ssl_vhost)

        redirect_filepath = self._write_out_redirect(ssl_vhost, text)

        self.aug.load()
        # Make a new vhost data structure and add it to the lists
        new_vhost = self._create_vhost(parser.get_aug_path(redirect_filepath))
        self.vhosts.append(new_vhost)

        # Finally create documentation for the change
        self.save_notes += "Created a port 80 vhost, %s, for redirection to " "ssl vhost %s\n" % (
            new_vhost.filep,
            ssl_vhost.filep,
        )
コード例 #2
0
ファイル: configurator.py プロジェクト: tkfu/letsencrypt
    def prepare_server_https(self, port, temp=False):
        """Prepare the server for HTTPS.

        Make sure that the ssl_module is loaded and that the server
        is appropriately listening on port.

        :param str port: Port to listen on

        """
        if "ssl_module" not in self.parser.modules:
            self.enable_mod("ssl", temp=temp)

        # Check for Listen <port>
        # Note: This could be made to also look for ip:443 combo
        if not self.parser.find_dir("Listen", port):
            logger.debug("No Listen %s directive found. Setting the "
                         "Apache Server to Listen on port %s", port, port)

            if port == "443":
                args = [port]
            else:
                # Non-standard ports should specify https protocol
                args = [port, "https"]

            self.parser.add_dir_to_ifmodssl(
                parser.get_aug_path(
                    self.parser.loc["listen"]), "Listen", args)
            self.save_notes += "Added Listen %s directive to %s\n" % (
                port, self.parser.loc["listen"])
コード例 #3
0
ファイル: configurator.py プロジェクト: jmaurice/letsencrypt
    def prepare_server_https(self, port, temp=False):
        """Prepare the server for HTTPS.

        Make sure that the ssl_module is loaded and that the server
        is appropriately listening on port.

        :param str port: Port to listen on

        """
        if "ssl_module" not in self.parser.modules:
            logger.info("Loading mod_ssl into Apache Server")
            self.enable_mod("ssl", temp=temp)

        # Check for Listen <port>
        # Note: This could be made to also look for ip:443 combo
        if not self.parser.find_dir("Listen", port):
            logger.debug("No Listen %s directive found. Setting the "
                         "Apache Server to Listen on port %s", port, port)

            if port == "443":
                args = [port]
            else:
                # Non-standard ports should specify https protocol
                args = [port, "https"]

            self.parser.add_dir_to_ifmodssl(
                parser.get_aug_path(
                    self.parser.loc["listen"]), "Listen", args)
            self.save_notes += "Added Listen %s directive to %s\n" % (
                port, self.parser.loc["listen"])
コード例 #4
0
ファイル: tls_sni_01.py プロジェクト: Advertile/letsencrypt
    def _conf_include_check(self, main_config):
        """Add TLS-SNI-01 challenge conf file into configuration.

        Adds TLS-SNI-01 challenge include file if it does not already exist
        within mainConfig

        :param str main_config: file path to main user apache config file

        """
        if len(self.configurator.parser.find_dir(
                parser.case_i("Include"), self.challenge_conf)) == 0:
            # print "Including challenge virtual host(s)"
            logger.debug("Adding Include %s to %s",
                         self.challenge_conf, parser.get_aug_path(main_config))
            self.configurator.parser.add_dir(
                parser.get_aug_path(main_config),
                "Include", self.challenge_conf)
コード例 #5
0
ファイル: tls_sni_01.py プロジェクト: zhiblin/letsencrypt
    def _conf_include_check(self, main_config):
        """Add TLS-SNI-01 challenge conf file into configuration.

        Adds TLS-SNI-01 challenge include file if it does not already exist
        within mainConfig

        :param str main_config: file path to main user apache config file

        """
        if len(
                self.configurator.parser.find_dir(parser.case_i("Include"),
                                                  self.challenge_conf)) == 0:
            # print "Including challenge virtual host(s)"
            logger.debug("Adding Include %s to %s", self.challenge_conf,
                         parser.get_aug_path(main_config))
            self.configurator.parser.add_dir(parser.get_aug_path(main_config),
                                             "Include", self.challenge_conf)
コード例 #6
0
 def verify_fnmatch(self, arg, hit=True):
     """Test if Include was correctly parsed."""
     from letsencrypt_apache import parser
     self.parser.add_dir(parser.get_aug_path(self.parser.loc["default"]),
                         "Include", [arg])
     if hit:
         self.assertTrue(self.parser.find_dir("FNMATCH_DIRECTIVE"))
     else:
         self.assertFalse(self.parser.find_dir("FNMATCH_DIRECTIVE"))
コード例 #7
0
 def verify_fnmatch(self, arg, hit=True):
     """Test if Include was correctly parsed."""
     from letsencrypt_apache import parser
     self.parser.add_dir(parser.get_aug_path(self.parser.loc["default"]),
                         "Include", [arg])
     if hit:
         self.assertTrue(self.parser.find_dir("FNMATCH_DIRECTIVE"))
     else:
         self.assertFalse(self.parser.find_dir("FNMATCH_DIRECTIVE"))
コード例 #8
0
ファイル: configurator.py プロジェクト: rsumnerz/certbot
    def add_name_vhost(self, addr):
        """Adds NameVirtualHost directive for given address.

        :param str addr: Address that will be added as NameVirtualHost directive

        """
        path = self.parser.add_dir_to_ifmodssl(
            parser.get_aug_path(self.parser.loc["name"]), "NameVirtualHost",
            str(addr))

        self.save_notes += "Setting %s to be NameBasedVirtualHost\n" % addr
        self.save_notes += "\tDirective added to %s\n" % path
コード例 #9
0
ファイル: configurator.py プロジェクト: davbo/letsencrypt
    def add_name_vhost(self, addr):
        """Adds NameVirtualHost directive for given address.

        :param str addr: Address that will be added as NameVirtualHost directive

        """
        path = self.parser.add_dir_to_ifmodssl(
            parser.get_aug_path(
                self.parser.loc["name"]), "NameVirtualHost", str(addr))

        self.save_notes += "Setting %s to be NameBasedVirtualHost\n" % addr
        self.save_notes += "\tDirective added to %s\n" % path
コード例 #10
0
ファイル: parser_test.py プロジェクト: wh0dat/letsencrypt
    def test_add_dir_to_ifmodssl_multiple(self):
        from letsencrypt_apache.parser import get_aug_path
        # This makes sure that find_dir will work
        self.parser.modules.add("mod_ssl.c")

        self.parser.add_dir_to_ifmodssl(
            get_aug_path(self.parser.loc["default"]), "FakeDirective",
            ["123", "456", "789"])

        matches = self.parser.find_dir("FakeDirective")

        self.assertEqual(len(matches), 3)
        self.assertTrue("IfModule" in matches[0])
コード例 #11
0
ファイル: parser_test.py プロジェクト: kuba/letsencrypt
    def test_add_dir_to_ifmodssl_multiple(self):
        from letsencrypt_apache.parser import get_aug_path
        # This makes sure that find_dir will work
        self.parser.modules.add("mod_ssl.c")

        self.parser.add_dir_to_ifmodssl(
            get_aug_path(self.parser.loc["default"]),
            "FakeDirective", ["123", "456", "789"])

        matches = self.parser.find_dir("FakeDirective")

        self.assertEqual(len(matches), 3)
        self.assertTrue("IfModule" in matches[0])
コード例 #12
0
    def test_add_dir_to_ifmodssl(self):
        """test add_dir_to_ifmodssl.

        Path must be valid before attempting to add to augeas

        """
        from letsencrypt_apache.parser import get_aug_path
        self.parser.add_dir_to_ifmodssl(
            get_aug_path(self.parser.loc["default"]), "FakeDirective", "123")

        matches = self.parser.find_dir("FakeDirective", "123")

        self.assertEqual(len(matches), 1)
        self.assertTrue("IfModule" in matches[0])
コード例 #13
0
ファイル: parser_test.py プロジェクト: davbo/letsencrypt
    def test_add_dir_to_ifmodssl(self):
        """test add_dir_to_ifmodssl.

        Path must be valid before attempting to add to augeas

        """
        from letsencrypt_apache.parser import get_aug_path
        self.parser.add_dir_to_ifmodssl(
            get_aug_path(self.parser.loc["default"]),
            "FakeDirective", "123")

        matches = self.parser.find_dir("FakeDirective", "123")

        self.assertEqual(len(matches), 1)
        self.assertTrue("IfModule" in matches[0])
コード例 #14
0
ファイル: configurator.py プロジェクト: NEOatNHNG/letsencrypt
    def add_name_vhost(self, addr):
        """Adds NameVirtualHost directive for given address.

        :param addr: Address that will be added as NameVirtualHost directive
        :type addr: :class:`~letsencrypt_apache.obj.Addr`

        """
        loc = parser.get_aug_path(self.parser.loc["name"])

        if addr.get_port() == "443":
            path = self.parser.add_dir_to_ifmodssl(loc, "NameVirtualHost", [str(addr)])
        else:
            path = self.parser.add_dir(loc, "NameVirtualHost", [str(addr)])

        msg = "Setting %s to be NameBasedVirtualHost\n" "\tDirective added to %s\n" % (addr, path)
        logger.debug(msg)
        self.save_notes += msg
コード例 #15
0
ファイル: configurator.py プロジェクト: tkfu/letsencrypt
    def add_name_vhost(self, addr):
        """Adds NameVirtualHost directive for given address.

        :param addr: Address that will be added as NameVirtualHost directive
        :type addr: :class:`~letsencrypt_apache.obj.Addr`

        """
        loc = parser.get_aug_path(self.parser.loc["name"])

        if addr.get_port() == "443":
            path = self.parser.add_dir_to_ifmodssl(
                loc, "NameVirtualHost", [str(addr)])
        else:
            path = self.parser.add_dir(loc, "NameVirtualHost", [str(addr)])

        msg = ("Setting %s to be NameBasedVirtualHost\n"
               "\tDirective added to %s\n" % (addr, path))
        logger.debug(msg)
        self.save_notes += msg
コード例 #16
0
    def _prepare_server_https(self):
        """Prepare the server for HTTPS.

        Make sure that the ssl_module is loaded and that the server
        is appropriately listening on port 443.

        """
        if not self.mod_loaded("ssl_module"):
            logger.info("Loading mod_ssl into Apache Server")
            self.enable_mod("ssl")

        # Check for Listen 443
        # Note: This could be made to also look for ip:443 combo
        # TODO: Need to search only open directives and IfMod mod_ssl.c
        if len(self.parser.find_dir(parser.case_i("Listen"), "443")) == 0:
            logger.debug("No Listen 443 directive found. Setting the "
                         "Apache Server to Listen on port 443")
            path = self.parser.add_dir_to_ifmodssl(
                parser.get_aug_path(self.parser.loc["listen"]), "Listen", "443")
            self.save_notes += "Added Listen 443 directive to %s\n" % path
コード例 #17
0
ファイル: configurator.py プロジェクト: tkfu/letsencrypt
    def _create_redirect_vhost(self, ssl_vhost):
        """Creates an http_vhost specifically to redirect for the ssl_vhost.

        :param ssl_vhost: ssl vhost
        :type ssl_vhost: :class:`~letsencrypt_apache.obj.VirtualHost`

        :returns: tuple of the form
            (`success`, :class:`~letsencrypt_apache.obj.VirtualHost`)
        :rtype: tuple

        """
        text = self._get_redirect_config_str(ssl_vhost)

        redirect_filepath = self._write_out_redirect(ssl_vhost, text)

        self.aug.load()
        # Make a new vhost data structure and add it to the lists
        new_vhost = self._create_vhost(parser.get_aug_path(redirect_filepath))
        self.vhosts.append(new_vhost)

        # Finally create documentation for the change
        self.save_notes += ("Created a port 80 vhost, %s, for redirection to "
                            "ssl vhost %s\n" %
                            (new_vhost.filep, ssl_vhost.filep))
コード例 #18
0
ファイル: parser_test.py プロジェクト: davbo/letsencrypt
 def test_get_aug_path(self):
     from letsencrypt_apache.parser import get_aug_path
     self.assertEqual("/files/etc/apache", get_aug_path("/etc/apache"))
コード例 #19
0
ファイル: configurator.py プロジェクト: rsumnerz/certbot
    def _create_redirect_vhost(self, ssl_vhost):
        """Creates an http_vhost specifically to redirect for the ssl_vhost.

        :param ssl_vhost: ssl vhost
        :type ssl_vhost: :class:`~letsencrypt_apache.obj.VirtualHost`

        :returns: tuple of the form
            (`success`, :class:`~letsencrypt_apache.obj.VirtualHost`)
        :rtype: tuple

        """
        # Consider changing this to a dictionary check
        # Make sure adding the vhost will be safe
        conflict, host_or_addrs = self._conflicting_host(ssl_vhost)
        if conflict:
            raise errors.PluginError(
                "Unable to create a redirection vhost - {}".format(
                    host_or_addrs))

        redirect_addrs = host_or_addrs

        # get servernames and serveraliases
        serveralias = ""
        servername = ""
        size_n = len(ssl_vhost.names)
        if size_n > 0:
            servername = "ServerName " + ssl_vhost.names[0]
            if size_n > 1:
                serveralias = " ".join(ssl_vhost.names[1:size_n])
                serveralias = "ServerAlias " + serveralias
        redirect_file = (
            "<VirtualHost" + redirect_addrs + ">\n"
            "%s \n"
            "%s \n"
            "ServerSignature Off\n"
            "\n"
            "RewriteEngine On\n"
            "RewriteRule %s\n"
            "\n"
            "ErrorLog /var/log/apache2/redirect.error.log\n"
            "LogLevel warn\n"
            "</VirtualHost>\n" %
            (servername, serveralias, " ".join(constants.REWRITE_HTTPS_ARGS)))

        # Write out the file
        # This is the default name
        redirect_filename = "le-redirect.conf"

        # See if a more appropriate name can be applied
        if len(ssl_vhost.names) > 0:
            # Sanity check...
            # make sure servername doesn't exceed filename length restriction
            if ssl_vhost.names[0] < (255 - 23):
                redirect_filename = "le-redirect-%s.conf" % ssl_vhost.names[0]

        redirect_filepath = os.path.join(self.parser.root, "sites-available",
                                         redirect_filename)

        # Register the new file that will be created
        # Note: always register the creation before writing to ensure file will
        # be removed in case of unexpected program exit
        self.reverter.register_file_creation(False, redirect_filepath)

        # Write out file
        with open(redirect_filepath, "w") as redirect_fd:
            redirect_fd.write(redirect_file)
        logger.info("Created redirect file: %s", redirect_filename)

        self.aug.load()
        # Make a new vhost data structure and add it to the lists
        new_vhost = self._create_vhost(parser.get_aug_path(redirect_filepath))
        self.vhosts.append(new_vhost)

        # Finally create documentation for the change
        self.save_notes += ("Created a port 80 vhost, %s, for redirection to "
                            "ssl vhost %s\n" %
                            (new_vhost.filep, ssl_vhost.filep))
コード例 #20
0
ファイル: configurator.py プロジェクト: davbo/letsencrypt
    def _create_redirect_vhost(self, ssl_vhost):
        """Creates an http_vhost specifically to redirect for the ssl_vhost.

        :param ssl_vhost: ssl vhost
        :type ssl_vhost: :class:`~letsencrypt_apache.obj.VirtualHost`

        :returns: tuple of the form
            (`success`, :class:`~letsencrypt_apache.obj.VirtualHost`)
        :rtype: tuple

        """
        # Consider changing this to a dictionary check
        # Make sure adding the vhost will be safe
        conflict, host_or_addrs = self._conflicting_host(ssl_vhost)
        if conflict:
            raise errors.PluginError(
                "Unable to create a redirection vhost - {}".format(
                    host_or_addrs))

        redirect_addrs = host_or_addrs

        # get servernames and serveraliases
        serveralias = ""
        servername = ""
        size_n = len(ssl_vhost.names)
        if size_n > 0:
            servername = "ServerName " + ssl_vhost.names[0]
            if size_n > 1:
                serveralias = " ".join(ssl_vhost.names[1:size_n])
                serveralias = "ServerAlias " + serveralias
        redirect_file = ("<VirtualHost" + redirect_addrs + ">\n"
                         "%s \n"
                         "%s \n"
                         "ServerSignature Off\n"
                         "\n"
                         "RewriteEngine On\n"
                         "RewriteRule %s\n"
                         "\n"
                         "ErrorLog /var/log/apache2/redirect.error.log\n"
                         "LogLevel warn\n"
                         "</VirtualHost>\n"
                         % (servername, serveralias,
                            " ".join(constants.REWRITE_HTTPS_ARGS)))

        # Write out the file
        # This is the default name
        redirect_filename = "le-redirect.conf"

        # See if a more appropriate name can be applied
        if len(ssl_vhost.names) > 0:
            # Sanity check...
            # make sure servername doesn't exceed filename length restriction
            if ssl_vhost.names[0] < (255-23):
                redirect_filename = "le-redirect-%s.conf" % ssl_vhost.names[0]

        redirect_filepath = os.path.join(
            self.parser.root, "sites-available", redirect_filename)

        # Register the new file that will be created
        # Note: always register the creation before writing to ensure file will
        # be removed in case of unexpected program exit
        self.reverter.register_file_creation(False, redirect_filepath)

        # Write out file
        with open(redirect_filepath, "w") as redirect_fd:
            redirect_fd.write(redirect_file)
        logger.info("Created redirect file: %s", redirect_filename)

        self.aug.load()
        # Make a new vhost data structure and add it to the lists
        new_vhost = self._create_vhost(parser.get_aug_path(redirect_filepath))
        self.vhosts.append(new_vhost)

        # Finally create documentation for the change
        self.save_notes += ("Created a port 80 vhost, %s, for redirection to "
                            "ssl vhost %s\n" %
                            (new_vhost.filep, ssl_vhost.filep))
コード例 #21
0
 def test_get_aug_path(self):
     from letsencrypt_apache.parser import get_aug_path
     self.assertEqual("/files/etc/apache", get_aug_path("/etc/apache"))