def _check_ocsp_openssl_bin(self, cert_path: str, chain_path: str, host: str, url: str, timeout: int) -> bool: # Minimal implementation of proxy selection logic as seen in, e.g., cURL # Some things that won't work, but may well be in use somewhere: # - username and password for proxy authentication # - proxies accepting TLS connections # - proxy exclusion through NO_PROXY env_http_proxy = getenv('http_proxy') env_HTTP_PROXY = getenv('HTTP_PROXY') proxy_host = None if env_http_proxy is not None or env_HTTP_PROXY is not None: proxy_host = env_http_proxy if env_http_proxy is not None else env_HTTP_PROXY if proxy_host is None: url_opts = ["-url", url] else: if proxy_host.startswith('http://'): proxy_host = proxy_host[len('http://'):] url_opts = ["-host", proxy_host, "-path", url] # jdkasten thanks "Bulletproof SSL and TLS - Ivan Ristic" for documenting this! cmd = [ "openssl", "ocsp", "-no_nonce", "-issuer", chain_path, "-cert", cert_path, "-CAfile", chain_path, "-verify_other", chain_path, "-trust_other", "-timeout", str(timeout), "-header" ] + self.host_args(host) + url_opts logger.debug("Querying OCSP for %s", cert_path) logger.debug(" ".join(cmd)) try: output, err = util.run_script(cmd, log=logger.debug) except errors.SubprocessError: logger.info("OCSP check failed for %s (are we offline?)", cert_path) return False return _translate_ocsp_query(cert_path, output, err)
def find_all(cls): """Find plugins using setuptools entry points.""" plugins = {} # type: Dict[str, PluginEntryPoint] plugin_paths_string = os.getenv('CERTBOT_PLUGIN_PATH') plugin_paths = plugin_paths_string.split( ':') if plugin_paths_string else [] # XXX should ensure this only happens once sys.path.extend(plugin_paths) for plugin_path in plugin_paths: pkg_resources.working_set.add_entry(plugin_path) entry_points = itertools.chain( pkg_resources.iter_entry_points( constants.SETUPTOOLS_PLUGINS_ENTRY_POINT), pkg_resources.iter_entry_points( constants.OLD_SETUPTOOLS_PLUGINS_ENTRY_POINT), ) for entry_point in entry_points: plugin_ep = cls._load_entry_point(entry_point, plugins, with_prefix=False) if entry_point.dist.key not in PREFIX_FREE_DISTRIBUTIONS: prefixed_plugin_ep = cls._load_entry_point(entry_point, plugins, with_prefix=True) prefixed_plugin_ep.hidden = True message = ( "Plugin legacy name {0} may be removed in a future version. " "Please use {1} instead.").format(prefixed_plugin_ep.name, plugin_ep.name) prefixed_plugin_ep.warning_message = message prefixed_plugin_ep.long_description = "(WARNING: {0}) {1}".format( message, prefixed_plugin_ep.long_description) return cls(plugins)
def find_all(cls): """Find plugins using setuptools entry points.""" plugins = {} # type: Dict[str, PluginEntryPoint] plugin_paths_string = os.getenv('CERTBOT_PLUGIN_PATH') plugin_paths = plugin_paths_string.split( ':') if plugin_paths_string else [] # XXX should ensure this only happens once sys.path.extend(plugin_paths) for plugin_path in plugin_paths: pkg_resources.working_set.add_entry(plugin_path) entry_points = itertools.chain( pkg_resources.iter_entry_points( constants.SETUPTOOLS_PLUGINS_ENTRY_POINT), pkg_resources.iter_entry_points( constants.OLD_SETUPTOOLS_PLUGINS_ENTRY_POINT), ) for entry_point in entry_points: plugin_ep = PluginEntryPoint(entry_point) assert plugin_ep.name not in plugins, ( "PREFIX_FREE_DISTRIBUTIONS messed up") if interfaces.IPluginFactory.providedBy(plugin_ep.plugin_cls): plugins[plugin_ep.name] = plugin_ep else: # pragma: no cover logger.warning("%r does not provide IPluginFactory, skipping", plugin_ep) return cls(plugins)
def _setup_credentials(self): token = os.getenv("INFOMANIAK_API_TOKEN") if token is None: self.credentials = self._configure_credentials( "credentials", "Infomaniak credentials INI file", { "token": "Infomaniak API token.", }, ) if not self.credentials: raise errors.PluginError("INFOMANIAK API Token not defined") self.token = self.credentials.conf("token") else: self.token = token