def get_certificate(self, domain: str) -> NitroCert:
"""Get a certifivate incl private key and chain"""
client = self.get_client(domain)
try:
# get cert
cert = sslcertkey.get(client, get_sslcertkey_name(domain))
# we have found a matching cert
# get cert file
certfile = self.get_systemfile(client, cert.cert)
# get key file
keyfile = self.get_systemfile(client, cert.key)
# get ca file
cafile = None
if cert.linkcertkeyname:
cacert = sslcertkey.get(client, cert.linkcertkeyname)
cafile = self.get_systemfile(client, cacert.cert)
return NitroCert(
name=domain,
sslcertkey=sslcertkey,
cert=b64decode(certfile.filecontent).decode(encoding='utf-8'),
key=b64decode(keyfile.filecontent).decode(encoding='utf-8'),
chain=b64decode(cafile.filecontent).decode(
encoding='utf-8') if cafile else '',
)
except nitro_exception as e:
# cert not found
pass
return None
def key_exists():
log('Entering key_exists')
log('certkey is %s' % module.params['certkey'])
all_certificates = sslcertkey.get(client)
certkeys = [item.certkey for item in all_certificates]
if module.params['certkey'] in certkeys:
return True
else:
return False
def key_exists(client, module):
log('Checking if key exists')
log('certkey is %s' % module.params['certkey'])
all_certificates = sslcertkey.get(client)
certkeys = [item.certkey for item in all_certificates]
if module.params['certkey'] in certkeys:
return True
else:
return False
def deploy_cert(self, domain: str, key_file: str, cert_file: str,
full_chain_file: str, chain_file: str):
"""Deploy a certificate"""
logging.info('Deploying cert for %s' % domain)
client = self.get_client(domain)
# cert
cert = self.get_certificate(domain)
cert_filename = get_cert_filename(domain)
key_filename = get_key_filename(domain)
# ca
cacert_name = get_sslcertkey_name('chain') # note: fixed value here
cacert_filename = get_cert_filename('chain') # note: fixed value here
# create CA if needed
try:
cacert = sslcertkey.get(client, cacert_name)
except nitro_exception:
# CA not found
# add CA file
self.save_systemfile(client, cacert_filename, chain_file)
# add cert
cacert = sslcertkey()
cacert.certkey = cacert_name
cacert.cert = cacert_filename
sslcertkey.add(client, cacert)
logging.info('Added Let\'s Encrypt CA')
if cert is None:
# cert not found
logging.info('Creating new cert for %s' % domain)
# add cert file
self.save_systemfile(client, cert_filename, cert_file)
# add key file
self.save_systemfile(client, key_filename, key_file)
# add cert
cert = sslcertkey()
cert.certkey = get_sslcertkey_name(domain)
cert.cert = cert_filename
cert.key = key_filename
cert.nodomaincheck = True
sslcertkey.add(client, cert)
logging.info('Certificate added for %s' % domain)
# link the cert to the CA
link = sslcertkey()
link.certkey = cert.certkey
link.linkcertkeyname = cacert.certkey
sslcertkey.link(client, link)
logging.info('Certificate link to CA created for %s' % domain)
else:
# cert found
logging.info('Updating cert for %s' % domain)
add_key_file = False
# replace cert file
try:
self.delete_systemfile(client, cert_filename)
except NitroError:
logging.warn(
'Could not remove existing cert file %s, now adding key as well'
% cert_filename)
add_key_file = True
self.save_systemfile(client, cert_filename, cert_file)
# add key file
if add_key_file:
# as it is most likely not present
self.save_systemfile(client, key_filename, key_file)
# update cert
cert = sslcertkey()
cert.certkey = get_sslcertkey_name(domain)
cert.cert = cert_filename
if add_key_file:
cert.key = key_filename
cert.nodomaincheck = True
sslcertkey.change(client, cert)
logging.info('Certificate updated for %s' % domain)