def test_copy_file_change_mode(self):
private_key_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'ssl', 'test.key')
destination = tempfile.mkdtemp()
copy(source=private_key_path, destination=destination)
expected_private_key_path = os.path.join(destination, 'test.key')
self.assertTrue((os.stat(expected_private_key_path).st_mode & 0o777) == 0o755)
copy(source=private_key_path, destination=destination, basename='lesspass.com.key', mode='0600')
expected_private_key_path = os.path.join(destination, 'lesspass.com.key')
self.assertTrue((os.stat(expected_private_key_path).st_mode & 0o777) == 0o600)
shutil.rmtree(destination)
def get_ssl_context(environ):
domain = environ['DOMAIN']
nginx_info = {
'domain': domain,
'dhparam': False,
'ssl_trusted_certificate': False,
}
dhparam = os.path.join('/certificates', domain + '.dhparam.pem')
if os.path.exists(dhparam):
nginx_info['dhparam'] = True
copy(source=dhparam, destination='/etc/ssl/certs', basename='dhparam.pem', mode='0644')
trusted_certificates = os.path.join('/certificates', domain + '.ca.crt')
if os.path.exists(trusted_certificates):
nginx_info['ssl_trusted_certificate'] = True
copy(source=trusted_certificates, destination='/etc/ssl/certs', basename='ca.crt', mode='0644')
return nginx_info
def test_copy_file_change_basename(self):
private_key_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'ssl', 'test.key')
destination = tempfile.mkdtemp()
copy(source=private_key_path, destination=destination, basename='lesspass.com.key', mode='0600')
self.assertTrue(os.path.exists(os.path.join(destination, 'lesspass.com.key')))
shutil.rmtree(destination)
def test_copy_file(self):
private_key_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'ssl', 'test.key')
destination = tempfile.mkdtemp()
copy(source=private_key_path, destination=destination)
self.assertTrue(os.path.exists(os.path.join(destination, 'test.key')))
shutil.rmtree(destination)
if os.path.exists(trusted_certificates):
nginx_info['ssl_trusted_certificate'] = True
copy(source=trusted_certificates, destination='/etc/ssl/certs', basename='ca.crt', mode='0644')
return nginx_info
def get_certificates(domain):
private_key = os.path.join('/certificates', domain + '.key')
certificate = os.path.join('/certificates', domain + '.crt')
if not os.path.exists(private_key) or not os.path.exists(certificate):
cmd = """openssl req \
-new \
-newkey rsa:4096 \
-days 365 \
-nodes \
-x509 \
-subj "/C=US/ST=State/L=City/O=Company/CN={}" \
-keyout {} \
-out {}""".format(domain, private_key, certificate)
subprocess.call(cmd, shell=True)
return private_key, certificate
if __name__ == "__main__":
pk, crt = get_certificates(os.environ['DOMAIN'])
copy(source=pk, destination='/etc/ssl/private', basename='private.key', mode='0600')
copy(source=crt, destination='/etc/ssl/certs', basename='certificate.crt', mode='0644')
template('/backend.conf.j2', get_ssl_context(os.environ), '/etc/nginx/conf.d/default.conf')