def write_stored_session(self, session_id, data):
import binascii
import time
timed_data = "%s--%s" % (binascii.hexlify(data).decode("ascii"),
int(time.time()))
session_file = os.path.join(self.path, self.__get_filename(session_id))
fs.write(session_file, timed_data)
def upgrade(server, account, account_path):
acme_v2 = AcmeV2(server, account, upgrade=True)
print("Candango Automatoes {}. Manuale replacement."
"\n\n".format(get_version()))
if acme_v2.is_uri_letsencrypt_acme_v1():
print("Account's uri format is Let's Encrypt ACME V1.")
print("Current uri: %s" % acme_v2.account.uri)
if not confirm("Let's Encrypt ACME V2: %s.\nDo you want to "
"upgrade?" % acme_v2.letsencrypt_acme_uri_v1_to_v2()):
raise AutomatoesError("Aborting.")
account.uri = acme_v2.letsencrypt_acme_uri_v1_to_v2()
fs.write(account_path, account.serialize(), binary=True)
print("Account's uri upgraded to Let's Encrypt ACME V2.\n")
else:
print("Account's uri format isn't Let's Encrypt ACME V1.")
print("Skipping upgrade action.")
def run(self, namespace):
from tornado import template
if len(sys.argv) > 2:
module = namespace.module
component = module.replace(".", " ").title().replace(" ", "")
project_name = module.replace(".", "_").lower()
project_directory = fs.create_module(module, os.getcwd())
#TODO: Check if project exists
#TODO: If doesn't exists create project
#TODO: If exists throw an error
loader = template.Loader(
os.path.join(firenado.conf.ROOT, "management", "templates",
"project"))
project_init_content = loader.load("app.py.txt").generate(
project_name=project_name, module=module, component=component)
# Generating application firenado component and handlers
fs.write(os.path.join(project_directory, "__init__.py"), "")
fs.write(os.path.join(project_directory, "app.py"),
project_init_content.decode(sys.stdout.encoding))
handlers_file_name = os.path.join(project_directory, "handlers.py")
fs.touch(handlers_file_name)
project_handlers_content = loader.load("handlers.py.txt").generate(
handlers=["Index"])
fs.write(handlers_file_name,
project_handlers_content.decode(sys.stdout.encoding))
# Generating configuration
project_conf_directory = os.path.join(project_directory, "conf")
os.mkdir(project_conf_directory)
project_conf_file = os.path.join(project_conf_directory,
"firenado.yml")
fs.touch(project_conf_file)
project_init_content = loader.load("firenado.yml.txt").generate(
app_name=project_name, module=module, component=component)
fs.write(project_conf_file,
project_init_content.decode(sys.stdout.encoding))
else:
#TODO: This thing has to go. The parameter validation should be
#TODO: executed by the argument parser.
loader = template.Loader(
os.path.join(firenado.conf.ROOT, "management", "templates",
"help"))
help_message = loader.load("init_command_help.txt").generate()
def test_binary_fs_write(self):
""" Write in a file using data as bytes. """
data = b"My text to write.\n"
fs.write(self.file_to_write_path, data, True)
self.assertTrue(os.path.exists(self.file_to_write_path))
self.assertEqual(data, fs.read(self.file_to_write_path, True))
def test_string_fs_write(self):
""" Write in a file using data as string. """
data = "My text to write.\n"
fs.write(self.file_to_write_path, data)
self.assertTrue(os.path.exists(self.file_to_write_path))
self.assertEqual(data, fs.read(self.file_to_write_path))
def authorize(server, paths, account, domains, method, verbose=False):
print("Candango Automatoes {}. Manuale replacement.\n\n".format(
get_version()))
current_path = paths['current']
orders_path = paths['orders']
domains_hash = hashlib.sha256(
"_".join(domains).encode('ascii')).hexdigest()
order_path = os.path.join(orders_path, domains_hash)
order_file = os.path.join(order_path, "order.json".format(domains_hash))
if not os.path.exists(orders_path):
if verbose:
print("Orders path not found creating it at {}."
"".format(orders_path))
os.mkdir(orders_path)
os.chmod(orders_path, 0o770)
else:
if verbose:
print("Orders path found at {}.".format(orders_path))
if not os.path.exists(order_path):
if verbose:
print("Current order {} path not found creating it at orders "
"path.\n".format(domains_hash))
os.mkdir(order_path)
os.chmod(order_path, 0o770)
else:
if verbose:
print("Current order {} path found at orders path.\n".format(
domains_hash))
method = method
acme = AcmeV2(server, account)
try:
print("Authorizing {}.\n".format(", ".join(domains)))
# Creating orders for domains if not existent
if not os.path.exists(order_file):
if verbose:
print(" Order file not found creating it.")
order = create_order(acme, domains, method, order_file)
else:
if verbose:
print(" Found order file. Querying ACME server for current "
"status.")
order = Order.deserialize(fs.read(order_file))
server_order = acme.query_order(order)
order.contents = server_order.contents
update_order(order, order_file)
if not order.expired and not order.invalid:
if order.contents['status'] == 'valid':
print(" Order is valid and expires at {}. Please run "
"the issue "
"command.\n".format(order.contents['expires']))
print(" {} domain(s) authorized. Let's Encrypt!".format(
len(domains)))
sys.exit(sysexits.EX_OK)
else:
if verbose:
print(" Order still pending and expires "
"at {}.\n".format(order.contents['expires']))
else:
if order.invalid:
print(" WARNING: Invalid order, renewing it.\n Just "
"continue with the authorization when all "
"verifications are in place.\n")
else:
print(" WARNING: Expired order. Renewing order.\n")
os.remove(order_file)
order = create_order(acme, domains, method, order_file)
update_order(order, order_file)
pending_challenges = []
for challenge in acme.get_order_challenges(order):
print(" Requesting challenge for {}.".format(challenge.domain))
if challenge.status == 'valid':
print(" {} is already authorized until {}.".format(
challenge.domain, challenge.expires))
continue
else:
challenge_file = os.path.join(order_path, challenge.file_name)
if verbose:
print(" Creating challenge file {}.\n".format(
challenge.file_name))
fs.write(challenge_file, challenge.serialize().decode())
pending_challenges.append(challenge)
# Quit if nothing to authorize
if not pending_challenges:
print("\nAll domains are already authorized, exiting.")
sys.exit(sysexits.EX_OK)
files = set()
if method == 'dns':
print("\n DNS verification required. Make sure these TXT records"
" are in place:\n")
for challenge in pending_challenges:
print(" _acme-challenge.{}. IN TXT "
"\"{}\"".format(challenge.domain, challenge.key))
elif method == 'http':
print("\n HTTP verification required. Make sure these files are "
"in place:\n")
for challenge in pending_challenges:
token = challenge.contents['token']
# path sanity check
assert (token and os.path.sep not in token
and '.' not in token)
files.add(token)
fs.write(os.path.join(current_path, token), challenge.key)
print(" http://{}/.well-known/acme-challenge/{}".format(
challenge.domain, token))
print("\n The necessary files have been written to the current "
"directory.\n")
# Wait for the user to complete the challenges
input("\nPress Enter to continue.\n")
# Validate challenges
done, failed, pending = set(), set(), set()
for challenge in pending_challenges:
print(" {}: waiting for verification. Checking in 5 "
"seconds.".format(challenge.domain))
response = acme.verify_order_challenge(challenge, 5, 1)
if response['status'] == "valid":
print(" {}: OK! Authorization lasts until {}.".format(
challenge.domain, challenge.expires))
done.add(challenge.domain)
elif response['status'] == 'invalid':
print(" {}: {} ({})".format(challenge.domain,
response['error']['detail'],
response['error']['type']))
failed.add(challenge.domain)
break
else:
print("{}: Pending!".format(challenge.domain))
pending.add(challenge.domain)
break
challenge_file = os.path.join(order_path, challenge.file_name)
# Print results
if failed:
print(" {} domain(s) authorized, {} failed.".format(
len(done),
len(failed),
))
print(" Authorized: {}".format(' '.join(done) or "N/A"))
print(" Failed: {}".format(' '.join(failed)))
print(" WARNING: The current order will be invalidated. "
"Try again.")
if verbose:
print(" Deleting invalid challenge file {}.\n".format(
challenge.file_name))
clean_challenge_file(challenge_file)
os.remove(order_file)
os.rmdir(order_path)
if method == 'http':
print(files)
clean_http_challenges(files)
sys.exit(sysexits.EX_FATAL_ERROR)
else:
if pending:
print(" {} domain(s) authorized, {} pending.".format(
len(done), len(pending)))
print(" Authorized: {}".format(' '.join(done) or "N/A"))
print(" Pending: {}".format(' '.join(pending)))
print(" Try again.")
sys.exit(sysexits.EX_CANNOT_EXECUTE)
else:
if verbose:
print(" Deleting valid challenge file {}.".format(
challenge.file_name))
clean_challenge_file(challenge_file)
if verbose:
print(" Querying ACME server for current status.\n")
server_order = acme.query_order(order)
order.contents = server_order.contents
update_order(order, order_file)
print(" {} domain(s) authorized. Let's Encrypt!".format(
len(done)))
if method == 'http':
clean_http_challenges(files)
sys.exit(sysexits.EX_OK)
except IOError as e:
print("A connection or service error occurred. Aborting.")
raise AutomatoesError(e)
def update_order(order, order_file):
fs.write(order_file, order.serialize().decode())
def create_file(path, content, binary=False):
real_path = get_absolute_path(path)
fs.write(real_path, content, binary)
os.chmod(real_path, 0o600)
return real_path
