def admin():
# convert to dict
user = dict([(name, toDict(y)) for name, y in PYLOAD.getAllUserData().iteritems()])
perms = permlist()
for data in user.itervalues():
data["perms"] = {}
get_permission(data["perms"], data["permission"])
data["perms"]["admin"] = True if data["role"] is 0 else False
s = request.environ.get('beaker.session')
if request.environ.get('REQUEST_METHOD', "GET") == "POST":
for name in user:
if request.POST.get("%s|admin" % name, False):
user[name]["role"] = 0
user[name]["perms"]["admin"] = True
elif name != s["name"]:
user[name]["role"] = 1
user[name]["perms"]["admin"] = False
# set all perms to false
for perm in perms:
user[name]["perms"][perm] = False
for perm in request.POST.getall("%s|perms" % name):
user[name]["perms"][perm] = True
user[name]["permission"] = set_permission(user[name]["perms"])
PYLOAD.setUserPermission(name, user[name]["permission"], user[name]["role"])
return render_to_response("admin.html", {"users": user, "permlist": perms}, [pre_processor])
def admin():
# convert to dict
user = dict([(name, toDict(y)) for name, y in PYLOAD.getAllUserData().iteritems()])
perms = permlist()
for data in user.itervalues():
data["perms"] = {}
get_permission(data["perms"], data["permission"])
data["perms"]["admin"] = True if data["role"] is 0 else False
s = request.environ.get('beaker.session')
if request.environ.get('REQUEST_METHOD', "GET") == "POST":
for name in user:
if request.POST.get("%s|admin" % name, False):
user[name]["role"] = 0
user[name]["perms"]["admin"] = True
elif name != s["name"]:
user[name]["role"] = 1
user[name]["perms"]["admin"] = False
# set all perms to false
for perm in perms:
user[name]["perms"][perm] = False
for perm in request.POST.getall("%s|perms" % name):
user[name]["perms"][perm] = True
user[name]["permission"] = set_permission(user[name]["perms"])
PYLOAD.setUserPermission(name, user[name]["permission"], user[name]["role"])
return render_to_response("admin.html", {"users": user, "permlist": perms}, [pre_processor])
def main():
# accept arguments
parser = argparse.ArgumentParser(description='Download your certificate and secure your domain in one step')
parser.add_argument("-v", "--version", action="version", version='%(prog)s 1.0')
parser.add_argument("--order_id", action="store", help="DigiCert order ID for certificate")
parser.add_argument("--cert_path", action="store", help="the path to the certificate file")
parser.add_argument("--key", action="store", help="Path to private key file used to order certificate")
parser.add_argument("--api_key", action="store", help="Skip authentication step with a DigiCert API key (for Cert Central accounts only)")
parser.add_argument("--allow_dups", action="store", help="a flag to indicate whether the order type allows duplicates mostly for convenience")
args = parser.parse_args()
# this needs to happen after the arg parser is set up
if os.getuid() != 0:
raise BaseException("The Digicert Express Installer must be run as root.")
utils.find_user_config()
order_id = args.order_id
if args.api_key:
config.API_KEY = args.api_key
cert_path = args.cert_path
private_key_file = None
if args.key and os.path.isfile(args.key):
private_key_file = args.key
# get platform class and check platform level dependencies
platform = utils.determine_platform()
ignored_packages = platform.check_dependencies()
if ignored_packages:
raise Exception("You will need to install these packages before continuing: {0}".format(",".join(ignored_packages)))
# get the dns names from the cert if one was passed in
dns_names = utils.get_dns_names_from_cert(cert_path)
order = None
# user manually passed the order id and no dns names were found
if order_id and not dns_names:
cert_path = None # the cert_path was invalid
print "Attempting to get certificate by specified order ID"
order = get_order(order_id)
if len(order['certificate']['dns_names']) > 1:
dns_names = order['certificate']['dns_names']
else:
dns_names = [order['certificate']['common_name']]
aug = base_parser.BaseParser(platform=platform)
hosts = aug.get_vhosts_on_server(dns_names)
if not hosts:
raise Exception("No virtual hosts were found on this server that will work with your certificate")
if len(hosts) > 1:
vhost = select_vhost(hosts)
else:
if raw_input("The host {0} was found matching this certificate. Is this correct? (y/N) ".format(hosts[0])).lower().strip() != "y":
raise Exception("No virtual hosts were found on this server that will work with your certificate")
vhost = hosts[0]
# We should only go through this if block when the script is run without an order_id and cert_path
if not dns_names:
print "Attempting to get orders matching selected vhost."
orders = get_issued_orders(vhost)
if not orders:
# We could push them to order here :p
raise Exception("No orders found matching the vhost you selected")
order = select_order(orders)
# TODO this right here?
order = get_order(order['id'])
order_id = order['id']
private_key_matches_cert = False
# see if the order needs to have a csr uploaded
if order and order['status'] == 'needs_csr':
# TODO do we want to try to find an existing csr?
private_key_file, csr_file = utils.create_csr(dns_name=vhost, order=order)
upload_csr(order_id, csr_file)
order = get_order(order_id)
if order['status'] == 'issued':
certs = download_certificate(order)
cert_path = utils.save_certs(certs, vhost)
private_key_matches_cert = True
if not private_key_file:
# Check the path where we would have stored the private key, and the current directory
key_file_name1 = "{0}/{1}/{1}.key".format(config.FILE_STORE, utils.normalize_common_name_file(vhost))
key_file_name2 = "{0}/{1}.key".format(os.getcwd(), utils.normalize_common_name_file(vhost))
if os.path.isfile(key_file_name1):
private_key_file = key_file_name1
elif os.path.isfile(key_file_name2):
private_key_file = key_file_name2
while not private_key_matches_cert:
if not private_key_file:
if args.allow_dups or (order and order['allow_duplicates'] == 1):
print "\033[1mDuplicates require permission to approve requests on this order.\033[0m"
if raw_input("Are you trying to install a duplicate certificate? (y/N) ").lower().strip() == 'y':
order = get_order(order_id) if not order else order
private_key_file, csr_file = utils.create_csr(dns_name=vhost, order=order)
dup_data = create_duplicate(order=order, csr_file=csr_file)
if 'sub_id' not in dup_data:
approve_request(dup_data['requests'][0]['id'])
duplicates = get_duplicates(order['id'])
if not duplicates:
raise Exception("Could not collect any duplicates for this order")
# we need either the sub id or the certificate details from this specific duplicate on the order.
order['sub_id'] = duplicates['certificates'][0]['sub_id']
order['certificate'] = duplicates['certificates'][0]
else:
order['sub_id'] = dup_data['sub_id']
if not order['sub_id']:
raise Exception("Something went wrong")
certs = download_certificate(order)
cert_path = utils.save_certs(certs, vhost)
continue
# Cert does not allow duplicates, or the user chose no (still missing private_key_file)
pk_path = ""
while not private_key_file and pk_path.strip().lower() != "q":
pk_path = raw_input("Please provide the path to the private key for this certificate: (q to quit) ")
if pk_path.lower().strip() == "q":
raise Exception("Cannot install this certificate without the private key used to generate the CSR")
if not os.path.isfile(pk_path):
print "The path {0} is not a valid file. Please try again.".format(pk_path)
continue
private_key_file = pk_path
if not cert_path:
certs = download_certificate(order)
cert_path = utils.save_certs(certs, vhost)
private_key_matches_cert = utils.validate_private_key(private_key_file, cert_path)
if not private_key_matches_cert:
private_key_file = None
elif config.FILE_STORE not in private_key_file:
new_private_key_file = cert_path.replace(".crt", ".key")
shutil.copyfile(private_key_file, new_private_key_file)
private_key_file = new_private_key_file
# Sanity check
if not cert_path or not private_key_file:
raise Exception("Something bad happened. We shouldn't have been able to get here")
intermediate_path = "{0}/DigiCertCA.crt".format(cert_path.rpartition('/')[0])
# set the right file permissions so the certs can be read by apache
apache_user = platform.get_apache_user()
utils.set_permission(cert_path, apache_user, 644)
utils.set_permission(private_key_file, apache_user, 644)
utils.set_permission(intermediate_path, apache_user, 644)
aug.preinstall_setup(cert_path, intermediate_path, private_key_file)
aug.install_certificate(vhost)
if raw_input("Your configuration has been updated. Would you like to restart the webserver? (y/N) ").lower().strip() == "y":
platform.restart_apache()
# verify that the existing site responds to https afterwards
utils.validate_ssl_success(vhost)
else:
platform.print_restart_apache_command()
def main():
# accept arguments
parser = argparse.ArgumentParser(
description=
'Download your certificate and secure your domain in one step')
parser.add_argument("-v",
"--version",
action="version",
version='%(prog)s 1.0')
parser.add_argument("--order_id",
action="store",
help="DigiCert order ID for certificate")
parser.add_argument("--cert_path",
action="store",
help="the path to the certificate file")
parser.add_argument(
"--key",
action="store",
help="Path to private key file used to order certificate")
parser.add_argument(
"--api_key",
action="store",
help=
"Skip authentication step with a DigiCert API key (for Cert Central accounts only)"
)
parser.add_argument(
"--allow_dups",
action="store",
help=
"a flag to indicate whether the order type allows duplicates mostly for convenience"
)
args = parser.parse_args()
# this needs to happen after the arg parser is set up
if os.getuid() != 0:
raise BaseException(
"The Digicert Express Installer must be run as root.")
utils.find_user_config()
order_id = args.order_id
if args.api_key:
config.API_KEY = args.api_key
cert_path = args.cert_path
private_key_file = None
if args.key and os.path.isfile(args.key):
private_key_file = args.key
# get platform class and check platform level dependencies
platform = utils.determine_platform()
ignored_packages = platform.check_dependencies()
if ignored_packages:
raise Exception(
"You will need to install these packages before continuing: {0}".
format(",".join(ignored_packages)))
# get the dns names from the cert if one was passed in
dns_names = utils.get_dns_names_from_cert(cert_path)
order = None
# user manually passed the order id and no dns names were found
if order_id and not dns_names:
cert_path = None # the cert_path was invalid
print "Attempting to get certificate by specified order ID"
order = get_order(order_id)
if len(order['certificate']['dns_names']) > 1:
dns_names = order['certificate']['dns_names']
else:
dns_names = [order['certificate']['common_name']]
aug = base_parser.BaseParser(platform=platform)
hosts = aug.get_vhosts_on_server(dns_names)
if not hosts:
raise Exception(
"No virtual hosts were found on this server that will work with your certificate"
)
if len(hosts) > 1:
vhost = select_vhost(hosts)
else:
if raw_input(
"The host {0} was found matching this certificate. Is this correct? (y/N) "
.format(hosts[0])).lower().strip() != "y":
raise Exception(
"No virtual hosts were found on this server that will work with your certificate"
)
vhost = hosts[0]
# We should only go through this if block when the script is run without an order_id and cert_path
if not dns_names:
print "Attempting to get orders matching selected vhost."
orders = get_issued_orders(vhost)
if not orders:
# We could push them to order here :p
raise Exception("No orders found matching the vhost you selected")
order = select_order(orders)
# TODO this right here?
order = get_order(order['id'])
order_id = order['id']
private_key_matches_cert = False
# see if the order needs to have a csr uploaded
if order and order['status'] == 'needs_csr':
# TODO do we want to try to find an existing csr?
private_key_file, csr_file = utils.create_csr(dns_name=vhost,
order=order)
upload_csr(order_id, csr_file)
order = get_order(order_id)
if order['status'] == 'issued':
certs = download_certificate(order)
cert_path = utils.save_certs(certs, vhost)
private_key_matches_cert = True
if not private_key_file:
# Check the path where we would have stored the private key, and the current directory
key_file_name1 = "{0}/{1}/{1}.key".format(
config.FILE_STORE, utils.normalize_common_name_file(vhost))
key_file_name2 = "{0}/{1}.key".format(
os.getcwd(), utils.normalize_common_name_file(vhost))
if os.path.isfile(key_file_name1):
private_key_file = key_file_name1
elif os.path.isfile(key_file_name2):
private_key_file = key_file_name2
while not private_key_matches_cert:
if not private_key_file:
if args.allow_dups or (order and order['allow_duplicates'] == 1):
print "\033[1mDuplicates require permission to approve requests on this order.\033[0m"
if raw_input(
"Are you trying to install a duplicate certificate? (y/N) "
).lower().strip() == 'y':
order = get_order(order_id) if not order else order
private_key_file, csr_file = utils.create_csr(
dns_name=vhost, order=order)
dup_data = create_duplicate(order=order, csr_file=csr_file)
if 'sub_id' not in dup_data:
approve_request(dup_data['requests'][0]['id'])
duplicates = get_duplicates(order['id'])
if not duplicates:
raise Exception(
"Could not collect any duplicates for this order"
)
# we need either the sub id or the certificate details from this specific duplicate on the order.
order['sub_id'] = duplicates['certificates'][0][
'sub_id']
order['certificate'] = duplicates['certificates'][0]
else:
order['sub_id'] = dup_data['sub_id']
if not order['sub_id']:
raise Exception("Something went wrong")
certs = download_certificate(order)
cert_path = utils.save_certs(certs, vhost)
continue
# Cert does not allow duplicates, or the user chose no (still missing private_key_file)
pk_path = ""
while not private_key_file and pk_path.strip().lower() != "q":
pk_path = raw_input(
"Please provide the path to the private key for this certificate: (q to quit) "
)
if pk_path.lower().strip() == "q":
raise Exception(
"Cannot install this certificate without the private key used to generate the CSR"
)
if not os.path.isfile(pk_path):
print "The path {0} is not a valid file. Please try again.".format(
pk_path)
continue
private_key_file = pk_path
if not cert_path:
certs = download_certificate(order)
cert_path = utils.save_certs(certs, vhost)
private_key_matches_cert = utils.validate_private_key(
private_key_file, cert_path)
if not private_key_matches_cert:
private_key_file = None
elif config.FILE_STORE not in private_key_file:
new_private_key_file = cert_path.replace(".crt", ".key")
shutil.copyfile(private_key_file, new_private_key_file)
private_key_file = new_private_key_file
# Sanity check
if not cert_path or not private_key_file:
raise Exception(
"Something bad happened. We shouldn't have been able to get here")
intermediate_path = "{0}/DigiCertCA.crt".format(
cert_path.rpartition('/')[0])
# set the right file permissions so the certs can be read by apache
apache_user = platform.get_apache_user()
utils.set_permission(cert_path, apache_user, 644)
utils.set_permission(private_key_file, apache_user, 644)
utils.set_permission(intermediate_path, apache_user, 644)
aug.preinstall_setup(cert_path, intermediate_path, private_key_file)
aug.install_certificate(vhost)
if raw_input(
"Your configuration has been updated. Would you like to restart the webserver? (y/N) "
).lower().strip() == "y":
platform.restart_apache()
# verify that the existing site responds to https afterwards
utils.validate_ssl_success(vhost)
else:
platform.print_restart_apache_command()
