def _config_load(self):
"""" load config from file """
self.logger.debug('Certificate._config_load()')
config_dic = load_config()
if 'Order' in config_dic:
self.tnauthlist_support = config_dic.getboolean(
'Order', 'tnauthlist_support', fallback=False)
if 'CAhandler' in config_dic and 'handler_file' in config_dic[
'CAhandler']:
try:
ca_handler_module = importlib.import_module(
ca_handler_get(self.logger,
config_dic['CAhandler']['handler_file']))
except BaseException:
ca_handler_module = importlib.import_module('acme.ca_handler')
else:
if 'CAhandler' in config_dic:
ca_handler_module = importlib.import_module('acme.ca_handler')
else:
self.logger.error(
'Trigger._config_load(): CAhandler configuration missing in config file'
)
ca_handler_module = None
if ca_handler_module:
# store handler in variable
self.cahandler = ca_handler_module.CAhandler
self.logger.debug('ca_handler: {0}'.format(ca_handler_module))
self.logger.debug('Certificate._config_load() ended.')
def _config_load(self):
"""" load config from file """
self.logger.debug('Order._config_load()')
config_dic = load_config()
if 'Order' in config_dic:
self.tnauthlist_support = config_dic.getboolean(
'Order', 'tnauthlist_support', fallback=False)
self.expiry_check_disable = config_dic.getboolean(
'Order', 'expiry_check_disable', fallback=False)
if 'retry_after_timeout' in config_dic['Order']:
self.retry_after = config_dic['Order']['retry_after_timeout']
if 'validity' in config_dic['Order']:
try:
self.validity = int(config_dic['Order']['validity'])
except BaseException:
self.logger.warning(
'Order._config_load(): failed to parse validity: {0}'.
format(config_dic['Order']['validity']))
if 'Authorization' in config_dic:
if 'validity' in config_dic['Authorization']:
try:
self.authz_validity = int(
config_dic['Authorization']['validity'])
except BaseException:
self.logger.warning(
'Order._config_load(): failed to parse authz validity: {0}'
.format(config_dic['Authorization']['validity']))
self.logger.debug('Order._config_load() ended.')
def _config_load(self):
"""" load config from file """
self.logger.debug('CAhandler._config_load()')
config_dic = load_config(self.logger, 'CAhandler')
if 'CAhandler' in config_dic:
if 'api_host' in config_dic['CAhandler']:
self.api_host = config_dic['CAhandler']['api_host']
if 'api_user' in config_dic['CAhandler']:
self.credential_dic['api_user'] = config_dic['CAhandler']['api_user']
if 'api_password' in config_dic['CAhandler']:
self.credential_dic['api_password'] = config_dic['CAhandler']['api_password']
if 'ca_name' in config_dic['CAhandler']:
self.ca_name = config_dic['CAhandler']['ca_name']
if 'tsg_name' in config_dic['CAhandler']:
self.tsg_info_dic['name'] = config_dic['CAhandler']['tsg_name']
if 'template_name' in config_dic['CAhandler']:
self.template_info_dic['name'] = config_dic['CAhandler']['template_name']
# check if we get a ca bundle for verification
if 'ca_bundle' in config_dic['CAhandler']:
try:
self.ca_bundle = config_dic.getboolean('CAhandler', 'ca_bundle')
except BaseException:
self.ca_bundle = config_dic['CAhandler']['ca_bundle']
self.logger.debug('CAhandler._config_load() ended')
def load_config(self):
"""" load config from file """
self.logger.debug('Certificate.load_config()')
config_dic = load_config()
if 'Order' in config_dic:
self.tnauthlist_support = config_dic.getboolean(
'Order', 'tnauthlist_support', fallback=False)
self.logger.debug('Certificate.load_config() ended.')
def _config_load(self):
"""" load config from file """
self.logger.debug('CAhandler._config_load()')
config_dic = load_config(self.logger, 'CAhandler')
if 'CAhandler' in config_dic:
for ele in config_dic['CAhandler']:
if ele.startswith('cmp_'):
if ele == 'cmp_openssl_bin':
self.openssl_bin = config_dic['CAhandler'][
'cmp_openssl_bin']
elif ele == 'cmp_tmp_dir':
self.tmp_dir = config_dic['CAhandler']['cmp_tmp_dir']
elif ele == 'cmp_recipient':
if config_dic['CAhandler']['cmp_recipient'].startswith(
'/'):
value = config_dic['CAhandler'][ele]
else:
value = '/' + config_dic['CAhandler'][ele]
value = value.replace(', ', '/')
value = value.replace(',', '/')
self.config_dic['recipient'] = value
else:
if config_dic['CAhandler'][ele] == 'True' or config_dic[
'CAhandler'][ele] == 'False':
self.config_dic[ele[4:]] = config_dic.getboolean(
'CAhandler', ele, fallback=False)
else:
self.config_dic[
ele[4:]] = config_dic['CAhandler'][ele]
if 'cmd' not in self.config_dic:
self.config_dic['cmd'] = 'ir'
if 'popo' not in self.config_dic:
self.config_dic['popo'] = 0
# create temp dir if needed
if self.tmp_dir:
if not os.path.exists(self.tmp_dir):
os.makedirs(self.tmp_dir)
else:
self.logger.error(
'CAhandler config error: "cmp_tmp_dir" parameter must be specified in config_file'
)
if not self.openssl_bin:
self.logger.warning(
'CAhandler config error: "cmp_openssl_bin" parameter not in config_file. Using default (/usr/bin/openssl)'
)
self.openssl_bin = '/usr/bin/openssl'
if not self.recipient:
self.logger.error(
'CAhandler config error: "cmp_recipient" is missing in config_file.'
)
self.logger.debug('CAhandler._config_load() ended')
def _config_load(self):
"""" load config from file """
self.logger.debug('EABhandler._config_load()')
config_dic = load_config(self.logger, 'EABhandler')
if 'key_file' in config_dic['EABhandler']:
self.key_file = config_dic['EABhandler']['key_file']
self.logger.debug('EABhandler._config_load() ended')
def _config_load(self):
"""" load config from file """
banner(self.logger, "_config_load")
config_dic = load_config(self.logger, 'CAhandler')
if 'shared_data_path' in config_dic['CAhandler']:
self.shared_data_path = config_dic['CAhandler']['shared_data_path']
self.logger.info(
f"Using '{self.shared_data_path}' as shared data path")
trailer(self.logger, "_config_load")
def _config_load(self):
"""" load config from file """
self.logger.debug('Authorization._config_load()')
config_dic = load_config()
if 'Authorization' in config_dic:
self.expiry_check_disable = config_dic.getboolean('Authorization', 'expiry_check_disable', fallback=False)
if 'validity' in config_dic['Authorization']:
try:
self.validity = int(config_dic['Authorization']['validity'])
except BaseException:
self.logger.warning('Authorization._config_load(): failed to parse validity: {0}'.format(config_dic['Authorization']['validity']))
self.logger.debug('Authorization._config_load() ended.')
def _config_load(self):
"""" load config from file """
self.logger.debug('Account._config_load()')
config_dic = load_config()
if 'Account' in config_dic:
self.inner_header_nonce_allow = config_dic.getboolean(
'Account', 'inner_header_nonce_allow', fallback=False)
self.ecc_only = config_dic.getboolean('Account',
'ecc_only',
fallback=False)
self.tos_check_disable = config_dic.getboolean('Account',
'tos_check_disable',
fallback=False)
self.contact_check_disable = config_dic.getboolean(
'Account', 'contact_check_disable', fallback=False)
if 'EABhandler' in config_dic:
self.logger.debug('Account._config.load(): loading eab_handler')
if 'eab_handler_file' in config_dic['EABhandler']:
# mandate eab check regardless if handler could get loaded or not
self.eab_check = True
try:
eab_handler_module = importlib.import_module(
ca_handler_get(
self.logger,
config_dic['EABhandler']['eab_handler_file']))
except BaseException as err_:
self.logger.critical(
'Account._config_load(): loading EABHandler configured in cfg failed with err: {0}'
.format(err_))
try:
eab_handler_module = importlib.import_module(
'acme.eab_handler')
except BaseException as err_:
eab_handler_module = None
self.logger.critical(
'Account._config_load(): loading default EABHandler failed with err: {0}'
.format(err_))
if eab_handler_module:
# store handler in variable
self.eab_handler = eab_handler_module.EABhandler
else:
self.logger.critical(
'Account._config_load(): EABHandler configuration is missing in config file'
)
if 'Directory' in config_dic:
if 'tos_url' in config_dic['Directory']:
self.tos_url = config_dic['Directory']['tos_url']
self.logger.debug('Account._config_load() ended')
def _config_load(self):
"""" load config from file """
self.logger.debug('Challenge._config_load()')
config_dic = load_config()
if 'Challenge' in config_dic:
self.challenge_validation_disable = config_dic.getboolean('Challenge', 'challenge_validation_disable', fallback=False)
if 'dns_server_list' in config_dic['Challenge']:
try:
self.dns_server_list = json.loads(config_dic['Challenge']['dns_server_list'])
except BaseException as err_:
self.logger.warning('Challenge._config_load() failed with error: {0}'.format(err_))
if 'Order' in config_dic:
self.tnauthlist_support = config_dic.getboolean('Order', 'tnauthlist_support', fallback=False)
self.logger.debug('Challenge._config_load() ended.')
def _config_load(self):
"""" load config from file """
self.logger.debug('_config_load()')
config_dic = load_config(self.logger, 'CAhandler')
if 'CAhandler' in config_dic:
if 'api_host' in config_dic['CAhandler']:
self.api_host = config_dic['CAhandler']['api_host']
else:
self.logger.error(
'CAhandler._config_load() configuration incomplete: "api_host" parameter is missing in config file'
)
if 'api_user' in config_dic['CAhandler']:
self.api_user = config_dic['CAhandler']['api_user']
else:
self.logger.error(
'CAhandler._config_load() configuration incomplete: "api_user" parameter is missing in config file'
)
if 'api_password' in config_dic['CAhandler']:
self.api_password = config_dic['CAhandler']['api_password']
else:
self.logger.error(
'CAhandler._config_load() configuration incomplete: "api_password" parameter is missing in config file'
)
if 'ca_name' in config_dic['CAhandler']:
self.ca_name = config_dic['CAhandler']['ca_name']
else:
self.logger.error(
'CAhandler._config_load() configuration incomplete: "ca_name" parameter is missing in config file'
)
if 'polling_timeout' in config_dic['CAhandler']:
self.polling_timeout = int(
config_dic['CAhandler']['polling_timeout'])
# check if we get a ca bundle for verification
if 'ca_bundle' in config_dic['CAhandler']:
try:
self.ca_bundle = config_dic.getboolean(
'CAhandler', 'ca_bundle')
except BaseException:
self.ca_bundle = config_dic['CAhandler']['ca_bundle']
self.logger.debug('CAhandler._config_load() ended')
def _config_load(self):
"""" load config from file """
self.logger.debug('CAhandler._config_load()')
config_dic = load_config(self.logger, 'CAhandler')
if 'est_host' in config_dic['CAhandler']:
self.est_host = config_dic['CAhandler']['est_host'] + '/.well-known/est'
else:
self.logger.error('CAhandler._config_load(): missing "est_host" parameter in config file')
# check if we need to use clientauth
if 'est_client_cert' in config_dic['CAhandler'] and 'est_client_key' in config_dic['CAhandler']:
self.est_client_cert = []
self.est_client_cert.append(config_dic['CAhandler']['est_client_cert'])
self.est_client_cert.append(config_dic['CAhandler']['est_client_key'])
elif 'est_client_cert' in config_dic['CAhandler'] or 'est_client_key' in config_dic['CAhandler']:
self.logger.error('CAhandler._config_load() configuration incomplete: either "est_client_cert or "est_client_key" parameter is missing in config file')
# check if we need to use user-auth
if 'est_user' in config_dic['CAhandler'] and 'est_password' in config_dic['CAhandler']:
self.est_user = config_dic['CAhandler']['est_user']
self.est_password = config_dic['CAhandler']['est_password']
elif 'est_user' in config_dic['CAhandler'] or 'est_password' in config_dic['CAhandler']:
self.logger.error('CAhandler._config_load() configuration incomplete: either "est_user" or "est_password" parameter is missing in config file')
# check if we have one authentication scheme
if not self.est_client_cert and not self.est_user:
self.logger.error('CAhandler._config_load() configuration incomplete: either user or client authentication must be configured')
elif self.est_client_cert and self.est_user:
self.logger.error('CAhandler._config_load() configuration wrong: user and client authentication cannot be configured together')
# check if we get a ca bundle for verification
if 'ca_bundle' in config_dic['CAhandler']:
try:
self.ca_bundle = config_dic.getboolean('CAhandler', 'ca_bundle')
except BaseException:
self.ca_bundle = config_dic['CAhandler']['ca_bundle']
self.logger.debug('CAhandler._config_load() ended')
