def admin(): # convert to dict user = dict([(name, toDict(y)) for name, y in PYLOAD.getAllUserData().iteritems()]) perms = permlist() for data in user.itervalues(): data["perms"] = {} get_permission(data["perms"], data["permission"]) data["perms"]["admin"] = True if data["role"] is 0 else False s = request.environ.get('beaker.session') if request.environ.get('REQUEST_METHOD', "GET") == "POST": for name in user: if request.POST.get("%s|admin" % name, False): user[name]["role"] = 0 user[name]["perms"]["admin"] = True elif name != s["name"]: user[name]["role"] = 1 user[name]["perms"]["admin"] = False # set all perms to false for perm in perms: user[name]["perms"][perm] = False for perm in request.POST.getall("%s|perms" % name): user[name]["perms"][perm] = True user[name]["permission"] = set_permission(user[name]["perms"]) PYLOAD.setUserPermission(name, user[name]["permission"], user[name]["role"]) return render_to_response("admin.html", {"users": user, "permlist": perms}, [pre_processor])
def main(): # accept arguments parser = argparse.ArgumentParser(description='Download your certificate and secure your domain in one step') parser.add_argument("-v", "--version", action="version", version='%(prog)s 1.0') parser.add_argument("--order_id", action="store", help="DigiCert order ID for certificate") parser.add_argument("--cert_path", action="store", help="the path to the certificate file") parser.add_argument("--key", action="store", help="Path to private key file used to order certificate") parser.add_argument("--api_key", action="store", help="Skip authentication step with a DigiCert API key (for Cert Central accounts only)") parser.add_argument("--allow_dups", action="store", help="a flag to indicate whether the order type allows duplicates mostly for convenience") args = parser.parse_args() # this needs to happen after the arg parser is set up if os.getuid() != 0: raise BaseException("The Digicert Express Installer must be run as root.") utils.find_user_config() order_id = args.order_id if args.api_key: config.API_KEY = args.api_key cert_path = args.cert_path private_key_file = None if args.key and os.path.isfile(args.key): private_key_file = args.key # get platform class and check platform level dependencies platform = utils.determine_platform() ignored_packages = platform.check_dependencies() if ignored_packages: raise Exception("You will need to install these packages before continuing: {0}".format(",".join(ignored_packages))) # get the dns names from the cert if one was passed in dns_names = utils.get_dns_names_from_cert(cert_path) order = None # user manually passed the order id and no dns names were found if order_id and not dns_names: cert_path = None # the cert_path was invalid print "Attempting to get certificate by specified order ID" order = get_order(order_id) if len(order['certificate']['dns_names']) > 1: dns_names = order['certificate']['dns_names'] else: dns_names = [order['certificate']['common_name']] aug = base_parser.BaseParser(platform=platform) hosts = aug.get_vhosts_on_server(dns_names) if not hosts: raise Exception("No virtual hosts were found on this server that will work with your certificate") if len(hosts) > 1: vhost = select_vhost(hosts) else: if raw_input("The host {0} was found matching this certificate. Is this correct? (y/N) ".format(hosts[0])).lower().strip() != "y": raise Exception("No virtual hosts were found on this server that will work with your certificate") vhost = hosts[0] # We should only go through this if block when the script is run without an order_id and cert_path if not dns_names: print "Attempting to get orders matching selected vhost." orders = get_issued_orders(vhost) if not orders: # We could push them to order here :p raise Exception("No orders found matching the vhost you selected") order = select_order(orders) # TODO this right here? order = get_order(order['id']) order_id = order['id'] private_key_matches_cert = False # see if the order needs to have a csr uploaded if order and order['status'] == 'needs_csr': # TODO do we want to try to find an existing csr? private_key_file, csr_file = utils.create_csr(dns_name=vhost, order=order) upload_csr(order_id, csr_file) order = get_order(order_id) if order['status'] == 'issued': certs = download_certificate(order) cert_path = utils.save_certs(certs, vhost) private_key_matches_cert = True if not private_key_file: # Check the path where we would have stored the private key, and the current directory key_file_name1 = "{0}/{1}/{1}.key".format(config.FILE_STORE, utils.normalize_common_name_file(vhost)) key_file_name2 = "{0}/{1}.key".format(os.getcwd(), utils.normalize_common_name_file(vhost)) if os.path.isfile(key_file_name1): private_key_file = key_file_name1 elif os.path.isfile(key_file_name2): private_key_file = key_file_name2 while not private_key_matches_cert: if not private_key_file: if args.allow_dups or (order and order['allow_duplicates'] == 1): print "\033[1mDuplicates require permission to approve requests on this order.\033[0m" if raw_input("Are you trying to install a duplicate certificate? (y/N) ").lower().strip() == 'y': order = get_order(order_id) if not order else order private_key_file, csr_file = utils.create_csr(dns_name=vhost, order=order) dup_data = create_duplicate(order=order, csr_file=csr_file) if 'sub_id' not in dup_data: approve_request(dup_data['requests'][0]['id']) duplicates = get_duplicates(order['id']) if not duplicates: raise Exception("Could not collect any duplicates for this order") # we need either the sub id or the certificate details from this specific duplicate on the order. order['sub_id'] = duplicates['certificates'][0]['sub_id'] order['certificate'] = duplicates['certificates'][0] else: order['sub_id'] = dup_data['sub_id'] if not order['sub_id']: raise Exception("Something went wrong") certs = download_certificate(order) cert_path = utils.save_certs(certs, vhost) continue # Cert does not allow duplicates, or the user chose no (still missing private_key_file) pk_path = "" while not private_key_file and pk_path.strip().lower() != "q": pk_path = raw_input("Please provide the path to the private key for this certificate: (q to quit) ") if pk_path.lower().strip() == "q": raise Exception("Cannot install this certificate without the private key used to generate the CSR") if not os.path.isfile(pk_path): print "The path {0} is not a valid file. Please try again.".format(pk_path) continue private_key_file = pk_path if not cert_path: certs = download_certificate(order) cert_path = utils.save_certs(certs, vhost) private_key_matches_cert = utils.validate_private_key(private_key_file, cert_path) if not private_key_matches_cert: private_key_file = None elif config.FILE_STORE not in private_key_file: new_private_key_file = cert_path.replace(".crt", ".key") shutil.copyfile(private_key_file, new_private_key_file) private_key_file = new_private_key_file # Sanity check if not cert_path or not private_key_file: raise Exception("Something bad happened. We shouldn't have been able to get here") intermediate_path = "{0}/DigiCertCA.crt".format(cert_path.rpartition('/')[0]) # set the right file permissions so the certs can be read by apache apache_user = platform.get_apache_user() utils.set_permission(cert_path, apache_user, 644) utils.set_permission(private_key_file, apache_user, 644) utils.set_permission(intermediate_path, apache_user, 644) aug.preinstall_setup(cert_path, intermediate_path, private_key_file) aug.install_certificate(vhost) if raw_input("Your configuration has been updated. Would you like to restart the webserver? (y/N) ").lower().strip() == "y": platform.restart_apache() # verify that the existing site responds to https afterwards utils.validate_ssl_success(vhost) else: platform.print_restart_apache_command()
def main(): # accept arguments parser = argparse.ArgumentParser( description= 'Download your certificate and secure your domain in one step') parser.add_argument("-v", "--version", action="version", version='%(prog)s 1.0') parser.add_argument("--order_id", action="store", help="DigiCert order ID for certificate") parser.add_argument("--cert_path", action="store", help="the path to the certificate file") parser.add_argument( "--key", action="store", help="Path to private key file used to order certificate") parser.add_argument( "--api_key", action="store", help= "Skip authentication step with a DigiCert API key (for Cert Central accounts only)" ) parser.add_argument( "--allow_dups", action="store", help= "a flag to indicate whether the order type allows duplicates mostly for convenience" ) args = parser.parse_args() # this needs to happen after the arg parser is set up if os.getuid() != 0: raise BaseException( "The Digicert Express Installer must be run as root.") utils.find_user_config() order_id = args.order_id if args.api_key: config.API_KEY = args.api_key cert_path = args.cert_path private_key_file = None if args.key and os.path.isfile(args.key): private_key_file = args.key # get platform class and check platform level dependencies platform = utils.determine_platform() ignored_packages = platform.check_dependencies() if ignored_packages: raise Exception( "You will need to install these packages before continuing: {0}". format(",".join(ignored_packages))) # get the dns names from the cert if one was passed in dns_names = utils.get_dns_names_from_cert(cert_path) order = None # user manually passed the order id and no dns names were found if order_id and not dns_names: cert_path = None # the cert_path was invalid print "Attempting to get certificate by specified order ID" order = get_order(order_id) if len(order['certificate']['dns_names']) > 1: dns_names = order['certificate']['dns_names'] else: dns_names = [order['certificate']['common_name']] aug = base_parser.BaseParser(platform=platform) hosts = aug.get_vhosts_on_server(dns_names) if not hosts: raise Exception( "No virtual hosts were found on this server that will work with your certificate" ) if len(hosts) > 1: vhost = select_vhost(hosts) else: if raw_input( "The host {0} was found matching this certificate. Is this correct? (y/N) " .format(hosts[0])).lower().strip() != "y": raise Exception( "No virtual hosts were found on this server that will work with your certificate" ) vhost = hosts[0] # We should only go through this if block when the script is run without an order_id and cert_path if not dns_names: print "Attempting to get orders matching selected vhost." orders = get_issued_orders(vhost) if not orders: # We could push them to order here :p raise Exception("No orders found matching the vhost you selected") order = select_order(orders) # TODO this right here? order = get_order(order['id']) order_id = order['id'] private_key_matches_cert = False # see if the order needs to have a csr uploaded if order and order['status'] == 'needs_csr': # TODO do we want to try to find an existing csr? private_key_file, csr_file = utils.create_csr(dns_name=vhost, order=order) upload_csr(order_id, csr_file) order = get_order(order_id) if order['status'] == 'issued': certs = download_certificate(order) cert_path = utils.save_certs(certs, vhost) private_key_matches_cert = True if not private_key_file: # Check the path where we would have stored the private key, and the current directory key_file_name1 = "{0}/{1}/{1}.key".format( config.FILE_STORE, utils.normalize_common_name_file(vhost)) key_file_name2 = "{0}/{1}.key".format( os.getcwd(), utils.normalize_common_name_file(vhost)) if os.path.isfile(key_file_name1): private_key_file = key_file_name1 elif os.path.isfile(key_file_name2): private_key_file = key_file_name2 while not private_key_matches_cert: if not private_key_file: if args.allow_dups or (order and order['allow_duplicates'] == 1): print "\033[1mDuplicates require permission to approve requests on this order.\033[0m" if raw_input( "Are you trying to install a duplicate certificate? (y/N) " ).lower().strip() == 'y': order = get_order(order_id) if not order else order private_key_file, csr_file = utils.create_csr( dns_name=vhost, order=order) dup_data = create_duplicate(order=order, csr_file=csr_file) if 'sub_id' not in dup_data: approve_request(dup_data['requests'][0]['id']) duplicates = get_duplicates(order['id']) if not duplicates: raise Exception( "Could not collect any duplicates for this order" ) # we need either the sub id or the certificate details from this specific duplicate on the order. order['sub_id'] = duplicates['certificates'][0][ 'sub_id'] order['certificate'] = duplicates['certificates'][0] else: order['sub_id'] = dup_data['sub_id'] if not order['sub_id']: raise Exception("Something went wrong") certs = download_certificate(order) cert_path = utils.save_certs(certs, vhost) continue # Cert does not allow duplicates, or the user chose no (still missing private_key_file) pk_path = "" while not private_key_file and pk_path.strip().lower() != "q": pk_path = raw_input( "Please provide the path to the private key for this certificate: (q to quit) " ) if pk_path.lower().strip() == "q": raise Exception( "Cannot install this certificate without the private key used to generate the CSR" ) if not os.path.isfile(pk_path): print "The path {0} is not a valid file. Please try again.".format( pk_path) continue private_key_file = pk_path if not cert_path: certs = download_certificate(order) cert_path = utils.save_certs(certs, vhost) private_key_matches_cert = utils.validate_private_key( private_key_file, cert_path) if not private_key_matches_cert: private_key_file = None elif config.FILE_STORE not in private_key_file: new_private_key_file = cert_path.replace(".crt", ".key") shutil.copyfile(private_key_file, new_private_key_file) private_key_file = new_private_key_file # Sanity check if not cert_path or not private_key_file: raise Exception( "Something bad happened. We shouldn't have been able to get here") intermediate_path = "{0}/DigiCertCA.crt".format( cert_path.rpartition('/')[0]) # set the right file permissions so the certs can be read by apache apache_user = platform.get_apache_user() utils.set_permission(cert_path, apache_user, 644) utils.set_permission(private_key_file, apache_user, 644) utils.set_permission(intermediate_path, apache_user, 644) aug.preinstall_setup(cert_path, intermediate_path, private_key_file) aug.install_certificate(vhost) if raw_input( "Your configuration has been updated. Would you like to restart the webserver? (y/N) " ).lower().strip() == "y": platform.restart_apache() # verify that the existing site responds to https afterwards utils.validate_ssl_success(vhost) else: platform.print_restart_apache_command()