def _check_ocsp_openssl_bin(self, cert_path: str, chain_path: str,
host: str, url: str, timeout: int) -> bool:
# Minimal implementation of proxy selection logic as seen in, e.g., cURL
# Some things that won't work, but may well be in use somewhere:
# - username and password for proxy authentication
# - proxies accepting TLS connections
# - proxy exclusion through NO_PROXY
env_http_proxy = getenv('http_proxy')
env_HTTP_PROXY = getenv('HTTP_PROXY')
proxy_host = None
if env_http_proxy is not None or env_HTTP_PROXY is not None:
proxy_host = env_http_proxy if env_http_proxy is not None else env_HTTP_PROXY
if proxy_host is None:
url_opts = ["-url", url]
else:
if proxy_host.startswith('http://'):
proxy_host = proxy_host[len('http://'):]
url_opts = ["-host", proxy_host, "-path", url]
# jdkasten thanks "Bulletproof SSL and TLS - Ivan Ristic" for documenting this!
cmd = [
"openssl", "ocsp", "-no_nonce", "-issuer", chain_path, "-cert",
cert_path, "-CAfile", chain_path, "-verify_other", chain_path,
"-trust_other", "-timeout",
str(timeout), "-header"
] + self.host_args(host) + url_opts
logger.debug("Querying OCSP for %s", cert_path)
logger.debug(" ".join(cmd))
try:
output, err = util.run_script(cmd, log=logger.debug)
except errors.SubprocessError:
logger.info("OCSP check failed for %s (are we offline?)",
cert_path)
return False
return _translate_ocsp_query(cert_path, output, err)
def find_all(cls):
"""Find plugins using setuptools entry points."""
plugins = {} # type: Dict[str, PluginEntryPoint]
plugin_paths_string = os.getenv('CERTBOT_PLUGIN_PATH')
plugin_paths = plugin_paths_string.split(
':') if plugin_paths_string else []
# XXX should ensure this only happens once
sys.path.extend(plugin_paths)
for plugin_path in plugin_paths:
pkg_resources.working_set.add_entry(plugin_path)
entry_points = itertools.chain(
pkg_resources.iter_entry_points(
constants.SETUPTOOLS_PLUGINS_ENTRY_POINT),
pkg_resources.iter_entry_points(
constants.OLD_SETUPTOOLS_PLUGINS_ENTRY_POINT),
)
for entry_point in entry_points:
plugin_ep = cls._load_entry_point(entry_point,
plugins,
with_prefix=False)
if entry_point.dist.key not in PREFIX_FREE_DISTRIBUTIONS:
prefixed_plugin_ep = cls._load_entry_point(entry_point,
plugins,
with_prefix=True)
prefixed_plugin_ep.hidden = True
message = (
"Plugin legacy name {0} may be removed in a future version. "
"Please use {1} instead.").format(prefixed_plugin_ep.name,
plugin_ep.name)
prefixed_plugin_ep.warning_message = message
prefixed_plugin_ep.long_description = "(WARNING: {0}) {1}".format(
message, prefixed_plugin_ep.long_description)
return cls(plugins)
def find_all(cls):
"""Find plugins using setuptools entry points."""
plugins = {} # type: Dict[str, PluginEntryPoint]
plugin_paths_string = os.getenv('CERTBOT_PLUGIN_PATH')
plugin_paths = plugin_paths_string.split(
':') if plugin_paths_string else []
# XXX should ensure this only happens once
sys.path.extend(plugin_paths)
for plugin_path in plugin_paths:
pkg_resources.working_set.add_entry(plugin_path)
entry_points = itertools.chain(
pkg_resources.iter_entry_points(
constants.SETUPTOOLS_PLUGINS_ENTRY_POINT),
pkg_resources.iter_entry_points(
constants.OLD_SETUPTOOLS_PLUGINS_ENTRY_POINT),
)
for entry_point in entry_points:
plugin_ep = PluginEntryPoint(entry_point)
assert plugin_ep.name not in plugins, (
"PREFIX_FREE_DISTRIBUTIONS messed up")
if interfaces.IPluginFactory.providedBy(plugin_ep.plugin_cls):
plugins[plugin_ep.name] = plugin_ep
else: # pragma: no cover
logger.warning("%r does not provide IPluginFactory, skipping",
plugin_ep)
return cls(plugins)
def _setup_credentials(self):
token = os.getenv("INFOMANIAK_API_TOKEN")
if token is None:
self.credentials = self._configure_credentials(
"credentials",
"Infomaniak credentials INI file",
{
"token": "Infomaniak API token.",
},
)
if not self.credentials:
raise errors.PluginError("INFOMANIAK API Token not defined")
self.token = self.credentials.conf("token")
else:
self.token = token
