def get_certificate(self, domain: str) -> NitroCert: """Get a certifivate incl private key and chain""" client = self.get_client(domain) try: # get cert cert = sslcertkey.get(client, get_sslcertkey_name(domain)) # we have found a matching cert # get cert file certfile = self.get_systemfile(client, cert.cert) # get key file keyfile = self.get_systemfile(client, cert.key) # get ca file cafile = None if cert.linkcertkeyname: cacert = sslcertkey.get(client, cert.linkcertkeyname) cafile = self.get_systemfile(client, cacert.cert) return NitroCert( name=domain, sslcertkey=sslcertkey, cert=b64decode(certfile.filecontent).decode(encoding='utf-8'), key=b64decode(keyfile.filecontent).decode(encoding='utf-8'), chain=b64decode(cafile.filecontent).decode( encoding='utf-8') if cafile else '', ) except nitro_exception as e: # cert not found pass return None
def key_exists(): log('Entering key_exists') log('certkey is %s' % module.params['certkey']) all_certificates = sslcertkey.get(client) certkeys = [item.certkey for item in all_certificates] if module.params['certkey'] in certkeys: return True else: return False
def key_exists(client, module): log('Checking if key exists') log('certkey is %s' % module.params['certkey']) all_certificates = sslcertkey.get(client) certkeys = [item.certkey for item in all_certificates] if module.params['certkey'] in certkeys: return True else: return False
def deploy_cert(self, domain: str, key_file: str, cert_file: str, full_chain_file: str, chain_file: str): """Deploy a certificate""" logging.info('Deploying cert for %s' % domain) client = self.get_client(domain) # cert cert = self.get_certificate(domain) cert_filename = get_cert_filename(domain) key_filename = get_key_filename(domain) # ca cacert_name = get_sslcertkey_name('chain') # note: fixed value here cacert_filename = get_cert_filename('chain') # note: fixed value here # create CA if needed try: cacert = sslcertkey.get(client, cacert_name) except nitro_exception: # CA not found # add CA file self.save_systemfile(client, cacert_filename, chain_file) # add cert cacert = sslcertkey() cacert.certkey = cacert_name cacert.cert = cacert_filename sslcertkey.add(client, cacert) logging.info('Added Let\'s Encrypt CA') if cert is None: # cert not found logging.info('Creating new cert for %s' % domain) # add cert file self.save_systemfile(client, cert_filename, cert_file) # add key file self.save_systemfile(client, key_filename, key_file) # add cert cert = sslcertkey() cert.certkey = get_sslcertkey_name(domain) cert.cert = cert_filename cert.key = key_filename cert.nodomaincheck = True sslcertkey.add(client, cert) logging.info('Certificate added for %s' % domain) # link the cert to the CA link = sslcertkey() link.certkey = cert.certkey link.linkcertkeyname = cacert.certkey sslcertkey.link(client, link) logging.info('Certificate link to CA created for %s' % domain) else: # cert found logging.info('Updating cert for %s' % domain) add_key_file = False # replace cert file try: self.delete_systemfile(client, cert_filename) except NitroError: logging.warn( 'Could not remove existing cert file %s, now adding key as well' % cert_filename) add_key_file = True self.save_systemfile(client, cert_filename, cert_file) # add key file if add_key_file: # as it is most likely not present self.save_systemfile(client, key_filename, key_file) # update cert cert = sslcertkey() cert.certkey = get_sslcertkey_name(domain) cert.cert = cert_filename if add_key_file: cert.key = key_filename cert.nodomaincheck = True sslcertkey.change(client, cert) logging.info('Certificate updated for %s' % domain)