def crate_let_by_dns(self, data): dns_class = self.get_dns_class(data) if not dns_class: return public.returnMsg(False, 'DNS连接失败,请检查密钥是否正确.') result = {} result['status'] = False try: log_level = "INFO" if data['account_key']: log_level = 'ERROR' if not data['email']: data['email'] = public.M('users').getField('email') client = sewer.Client(domain_name=data['first_domain'], domain_alt_names=data['domains'], account_key=data['account_key'], contact_email=str(data['email']), LOG_LEVEL=log_level, ACME_AUTH_STATUS_WAIT_PERIOD=15, ACME_AUTH_STATUS_MAX_CHECKS=5, ACME_REQUEST_TIMEOUT=20, dns_class=dns_class, ACME_DIRECTORY_URL=self.let_url) domain_dns_value = "placeholder" dns_names_to_delete = [] try: client.acme_register() authorizations, finalize_url = client.apply_for_cert_issuance() responders = [] for url in authorizations: identifier_auth = client.get_identifier_authorization(url) authorization_url = identifier_auth["url"] dns_name = identifier_auth["domain"] dns_token = identifier_auth["dns_token"] dns_challenge_url = identifier_auth["dns_challenge_url"] acme_keyauthorization, domain_dns_value = client.get_keyauthorization( dns_token) dns_class.create_dns_record(public.de_punycode(dns_name), domain_dns_value) self.check_dns(self.get_acme_name(dns_name), domain_dns_value) dns_names_to_delete.append({ "dns_name": public.de_punycode(dns_name), "domain_dns_value": domain_dns_value }) responders.append({ "authorization_url": authorization_url, "acme_keyauthorization": acme_keyauthorization, "dns_challenge_url": dns_challenge_url }) try: for i in responders: auth_status_response = client.check_authorization_status( i["authorization_url"]) r_data = auth_status_response.json() if r_data["status"] == "pending": client.respond_to_challenge( i["acme_keyauthorization"], i["dns_challenge_url"]) for i in responders: client.check_authorization_status( i["authorization_url"], ["valid", "invalid"]) except: for i in responders: auth_status_response = client.check_authorization_status( i["authorization_url"]) r_data = auth_status_response.json() if r_data["status"] == "pending": client.respond_to_challenge( i["acme_keyauthorization"], i["dns_challenge_url"]) for i in responders: client.check_authorization_status( i["authorization_url"], ["valid", "invalid"]) certificate_url = client.send_csr(finalize_url) certificate = client.download_certificate(certificate_url) if certificate: certificate = self.split_ca_data(certificate) result['cert'] = certificate['cert'] result['ca_data'] = certificate['ca_data'] result['key'] = client.certificate_key result['account_key'] = client.account_key result['status'] = True except Exception as e: raise e finally: try: for i in dns_names_to_delete: dns_class.delete_dns_record(i["dns_name"], i["domain_dns_value"]) except: pass except Exception as e: try: for i in dns_names_to_delete: dns_class.delete_dns_record(i["dns_name"], i["domain_dns_value"]) except: pass res = str(e).split('>>>>') err = False try: err = json.loads(res[1]) except: err = False result['msg'] = [self.get_error(res[0]), err] return result
def crate_let_by_oper(self, data): result = {} result['status'] = False try: if not data['email']: data['email'] = public.M('users').getField('email') #手动解析记录值 if not 'renew' in data: BTPanel.dns_client = sewer.Client( domain_name=data['first_domain'], dns_class=None, account_key=data['account_key'], domain_alt_names=data['domains'], contact_email=str(data['email']), ACME_AUTH_STATUS_WAIT_PERIOD=15, ACME_AUTH_STATUS_MAX_CHECKS=5, ACME_REQUEST_TIMEOUT=20, ACME_DIRECTORY_URL=self.let_url) domain_dns_value = "placeholder" dns_names_to_delete = [] BTPanel.dns_client.acme_register() authorizations, finalize_url = BTPanel.dns_client.apply_for_cert_issuance( ) responders = [] for url in authorizations: identifier_auth = BTPanel.dns_client.get_identifier_authorization( url) authorization_url = identifier_auth["url"] dns_name = identifier_auth["domain"] dns_token = identifier_auth["dns_token"] dns_challenge_url = identifier_auth["dns_challenge_url"] acme_keyauthorization, domain_dns_value = BTPanel.dns_client.get_keyauthorization( dns_token) acme_name = self.get_acme_name(dns_name) dns_names_to_delete.append({ "dns_name": public.de_punycode(dns_name), "acme_name": acme_name, "domain_dns_value": domain_dns_value }) responders.append({ "authorization_url": authorization_url, "acme_keyauthorization": acme_keyauthorization, "dns_challenge_url": dns_challenge_url, }) dns = {} dns['dns_names'] = dns_names_to_delete dns['responders'] = responders dns['finalize_url'] = finalize_url return dns else: responders = data['dns']['responders'] dns_names_to_delete = data['dns']['dns_names'] finalize_url = data['dns']['finalize_url'] for i in responders: auth_status_response = BTPanel.dns_client.check_authorization_status( i["authorization_url"]) if auth_status_response.json()["status"] == "pending": BTPanel.dns_client.respond_to_challenge( i["acme_keyauthorization"], i["dns_challenge_url"]) for i in responders: BTPanel.dns_client.check_authorization_status( i["authorization_url"], ["valid", "invalid"]) certificate_url = BTPanel.dns_client.send_csr(finalize_url) certificate = BTPanel.dns_client.download_certificate( certificate_url) if certificate: certificate = self.split_ca_data(certificate) result['cert'] = certificate['cert'] result['ca_data'] = certificate['ca_data'] result['key'] = BTPanel.dns_client.certificate_key result['account_key'] = BTPanel.dns_client.account_key result['status'] = True BTPanel.dns_client = None else: result['msg'] = '证书获取失败,请稍后重试.' except Exception as e: res = str(e).split('>>>>') err = False try: err = json.loads(res[1]) except: err = False result['msg'] = [self.get_error(res[0]), err] return result
def crate_let_by_dns(self, data): dns_class = self.get_dns_class(data) if not dns_class: self.write_log("|-错误,DNS连接失败,请检查密钥是否正确。") self.write_log("|-已退出申请程序!") self.write_log("=" * 50) return public.returnMsg(False, 'DNS连接失败,请检查密钥是否正确.') result = {} result['status'] = False try: log_level = "INFO" if data['account_key']: log_level = 'ERROR' if not data['email']: data['email'] = public.M('users').getField('email') self.write_log("|-正在初始化ACME协议...") client = sewer.Client(domain_name=data['first_domain'], domain_alt_names=data['domains'], account_key=data['account_key'], contact_email=str(data['email']), LOG_LEVEL=log_level, ACME_AUTH_STATUS_WAIT_PERIOD=15, ACME_AUTH_STATUS_MAX_CHECKS=5, ACME_REQUEST_TIMEOUT=20, dns_class=dns_class, ACME_DIRECTORY_URL=self.let_url) domain_dns_value = "placeholder" dns_names_to_delete = [] try: self.write_log("|-正在注册帐户...") client.acme_register() authorizations, finalize_url = client.apply_for_cert_issuance() responders = [] self.write_log("|-正在获取验证信息...") for url in authorizations: identifier_auth = client.get_identifier_authorization(url) authorization_url = identifier_auth["url"] dns_name = identifier_auth["domain"] dns_token = identifier_auth["dns_token"] dns_challenge_url = identifier_auth["dns_challenge_url"] acme_keyauthorization, domain_dns_value = client.get_keyauthorization( dns_token) self.write_log("|-正在添加解析记录,域名[{}],记录值[{}]...".format( dns_name, domain_dns_value)) dns_class.create_dns_record(public.de_punycode(dns_name), domain_dns_value) dns_names_to_delete.append({ "dns_name": public.de_punycode(dns_name), "domain_dns_value": domain_dns_value }) responders.append({ "dns_name": dns_name, "domain_dns_value": domain_dns_value, "authorization_url": authorization_url, "acme_keyauthorization": acme_keyauthorization, "dns_challenge_url": dns_challenge_url }) try: for i in responders: self.write_log("|-尝试验证解析结果,域名[{}],记录值[{}]...".format( i['dns_name'], i['domain_dns_value'])) self.check_dns(self.get_acme_name(i['dns_name']), i['domain_dns_value']) self.write_log("|-请求CA验证域名[{}]...".format( i['dns_name'])) auth_status_response = client.check_authorization_status( i["authorization_url"]) r_data = auth_status_response.json() if r_data["status"] == "pending": client.respond_to_challenge( i["acme_keyauthorization"], i["dns_challenge_url"]) for i in responders: self.write_log("|-检查CA验证结果[{}]...".format( i['dns_name'])) client.check_authorization_status( i["authorization_url"], ["valid", "invalid"]) except Exception as ex: self.write_log("|-发生错误,尝试重试一次 [{}]".format(ex)) for i in responders: self.write_log("|-尝试验证解析结果,域名[{}],记录值[{}]...".format( i['dns_name'], i['domain_dns_value'])) self.check_dns(self.get_acme_name(i['dns_name']), i['domain_dns_value']) self.write_log("|-请求CA验证域名[{}]...".format( i['dns_name'])) auth_status_response = client.check_authorization_status( i["authorization_url"]) r_data = auth_status_response.json() if r_data["status"] == "pending": client.respond_to_challenge( i["acme_keyauthorization"], i["dns_challenge_url"]) for i in responders: self.write_log("|-检查CA验证结果[{}]...".format( i['dns_name'])) client.check_authorization_status( i["authorization_url"], ["valid", "invalid"]) self.write_log("|-所有域名验证通过,正在发送CSR...") certificate_url = client.send_csr(finalize_url) self.write_log("|-正在获取证书内容...") certificate = client.download_certificate(certificate_url) if certificate: certificate = self.split_ca_data(certificate) result['cert'] = certificate['cert'] result['ca_data'] = certificate['ca_data'] result['key'] = client.certificate_key result['account_key'] = client.account_key result['status'] = True except Exception as e: raise e finally: try: for i in dns_names_to_delete: self.write_log("|-正在清除解析记录[{}]".format(i["dns_name"])) dns_class.delete_dns_record(i["dns_name"], i["domain_dns_value"]) except: pass except Exception as e: try: for i in dns_names_to_delete: self.write_log("|-正在清除解析记录[{}]".format(i["dns_name"])) dns_class.delete_dns_record(i["dns_name"], i["domain_dns_value"]) except: pass self.write_log("|-错误:{},退出申请程序。".format(public.get_error_info())) self.write_log("=" * 50) res = str(e).split('>>>>') err = False try: err = json.loads(res[1]) except: err = False result['msg'] = [self.get_error(res[0]), err] return result
def crate_let_by_dns(self, data): dns_class = self.get_dns_class(data) if not dns_class: self.write_log( "|-The DNS connection failed. Please check if the key is correct." ) self.write_log("|-Exited the application process!") self.write_log("=" * 50) return public.returnMsg( False, 'The DNS connection failed. Please check if the key is correct.' ) result = {} result['status'] = False try: log_level = "INFO" if data['account_key']: log_level = 'ERROR' if not data['email']: data['email'] = public.M('users').getField('email') self.write_log("|-Initializing ACME protocol...") client = sewer.Client(domain_name=data['first_domain'], domain_alt_names=data['domains'], account_key=data['account_key'], contact_email=str(data['email']), LOG_LEVEL=log_level, ACME_AUTH_STATUS_WAIT_PERIOD=15, ACME_AUTH_STATUS_MAX_CHECKS=5, ACME_REQUEST_TIMEOUT=20, dns_class=dns_class, ACME_DIRECTORY_URL=self.let_url) domain_dns_value = "placeholder" dns_names_to_delete = [] try: self.write_log("|-Registering account...") client.acme_register() authorizations, finalize_url = client.apply_for_cert_issuance() responders = [] self.write_log("|-Getting verification information...") for url in authorizations: identifier_auth = client.get_identifier_authorization(url) authorization_url = identifier_auth["url"] dns_name = identifier_auth["domain"] dns_token = identifier_auth["dns_token"] dns_challenge_url = identifier_auth["dns_challenge_url"] acme_keyauthorization, domain_dns_value = client.get_keyauthorization( dns_token) self.write_log( "|-Adding resolution record, domain name [{}], record value [{}]..." .format(dns_name, domain_dns_value)) dns_class.create_dns_record(public.de_punycode(dns_name), domain_dns_value) dns_names_to_delete.append({ "dns_name": public.de_punycode(dns_name), "domain_dns_value": domain_dns_value }) responders.append({ "dns_name": dns_name, "domain_dns_value": domain_dns_value, "authorization_url": authorization_url, "acme_keyauthorization": acme_keyauthorization, "dns_challenge_url": dns_challenge_url }) try: for i in responders: self.write_log( "|-Attempt to verify the resolution result, domain name [{}], record value [{}]..." .format(i['dns_name'], i['domain_dns_value'])) self.check_dns(self.get_acme_name(i['dns_name']), i['domain_dns_value']) self.write_log( "|-Request CA to verify domain name [{}]...". format(i['dns_name'])) auth_status_response = client.check_authorization_status( i["authorization_url"]) r_data = auth_status_response.json() if r_data["status"] == "pending": client.respond_to_challenge( i["acme_keyauthorization"], i["dns_challenge_url"]) for i in responders: self.write_log( "|-Check CA verification results [{}]...".format( i['dns_name'])) client.check_authorization_status( i["authorization_url"], ["valid", "invalid"]) except Exception as ex: self.write_log( "|-An error occurred, try again [{}]".format(ex)) for i in responders: self.write_log( "|-Attempt to verify the resolution result, domain name [{}], record value [{}]..." .format(i['dns_name'], i['domain_dns_value'])) self.check_dns(self.get_acme_name(i['dns_name']), i['domain_dns_value']) self.write_log( "|-Request CA to verify domain name [{}]...". format(i['dns_name'])) auth_status_response = client.check_authorization_status( i["authorization_url"]) r_data = auth_status_response.json() if r_data["status"] == "pending": client.respond_to_challenge( i["acme_keyauthorization"], i["dns_challenge_url"]) for i in responders: self.write_log( "|-Check CA verification results [{}]...".format( i['dns_name'])) client.check_authorization_status( i["authorization_url"], ["valid", "invalid"]) self.write_log( "|-All domain names are verified and CSR is being sent...") certificate_url = client.send_csr(finalize_url) self.write_log("|-Fetching certificate content...") certificate = client.download_certificate(certificate_url) if certificate: certificate = self.split_ca_data(certificate) result['cert'] = certificate['cert'] result['ca_data'] = certificate['ca_data'] result['key'] = client.certificate_key result['account_key'] = client.account_key result['status'] = True except Exception as e: raise e finally: try: for i in dns_names_to_delete: self.write_log( "|-Clearing parsing history [{}]".format( i["dns_name"])) dns_class.delete_dns_record(i["dns_name"], i["domain_dns_value"]) except: pass except Exception as e: try: for i in dns_names_to_delete: self.write_log("|-Clearing parsing history [{}]".format( i["dns_name"])) dns_class.delete_dns_record(i["dns_name"], i["domain_dns_value"]) except: pass self.write_log("|-Error: {}, exit the application process.".format( public.get_error_info())) self.write_log("=" * 50) res = str(e).split('>>>>') err = False try: err = json.loads(res[1]) except: err = False result['msg'] = [self.get_error(res[0]), err] return result
def crate_let_by_oper(self, data): result = {} result['status'] = False try: if not data['email']: data['email'] = public.M('users').getField('email') #手动解析记录值 if not 'renew' in data: self.write_log("|-Initializing ACME protocol...") BTPanel.dns_client = sewer.Client( domain_name=data['first_domain'], dns_class=None, account_key=data['account_key'], domain_alt_names=data['domains'], contact_email=str(data['email']), ACME_AUTH_STATUS_WAIT_PERIOD=15, ACME_AUTH_STATUS_MAX_CHECKS=5, ACME_REQUEST_TIMEOUT=20, ACME_DIRECTORY_URL=self.let_url) domain_dns_value = "placeholder" dns_names_to_delete = [] self.write_log("|-Registering account...") BTPanel.dns_client.acme_register() authorizations, finalize_url = BTPanel.dns_client.apply_for_cert_issuance( ) responders = [] self.write_log("|-Getting verification information...") for url in authorizations: identifier_auth = BTPanel.dns_client.get_identifier_authorization( url) authorization_url = identifier_auth["url"] dns_name = identifier_auth["domain"] dns_token = identifier_auth["dns_token"] dns_challenge_url = identifier_auth["dns_challenge_url"] acme_keyauthorization, domain_dns_value = BTPanel.dns_client.get_keyauthorization( dns_token) acme_name = self.get_acme_name(dns_name) dns_names_to_delete.append({ "dns_name": public.de_punycode(dns_name), "acme_name": acme_name, "domain_dns_value": domain_dns_value }) responders.append({ "dns_name": dns_name, "authorization_url": authorization_url, "acme_keyauthorization": acme_keyauthorization, "dns_challenge_url": dns_challenge_url, }) dns = {} dns['dns_names'] = dns_names_to_delete dns['responders'] = responders dns['finalize_url'] = finalize_url self.write_log( "|-Return the verification information to the front end, wait for the user to manually resolve the domain name and complete the verification..." ) return dns else: self.write_log("|-User submits verification request...") responders = data['dns']['responders'] dns_names_to_delete = data['dns']['dns_names'] finalize_url = data['dns']['finalize_url'] for i in responders: self.write_log( "|-Requesting CA to verify domain name [{}]...".format( i['dns_name'])) auth_status_response = BTPanel.dns_client.check_authorization_status( i["authorization_url"]) if auth_status_response.json()["status"] == "pending": BTPanel.dns_client.respond_to_challenge( i["acme_keyauthorization"], i["dns_challenge_url"]) for i in responders: self.write_log( "|-Get CA verification results [{}]...".format( i['dns_name'])) BTPanel.dns_client.check_authorization_status( i["authorization_url"], ["valid", "invalid"]) self.write_log( "|-All domain names are verified and CSR is being sent...") certificate_url = BTPanel.dns_client.send_csr(finalize_url) self.write_log("|-Getting certificate content...") certificate = BTPanel.dns_client.download_certificate( certificate_url) if certificate: certificate = self.split_ca_data(certificate) result['cert'] = certificate['cert'] result['ca_data'] = certificate['ca_data'] result['key'] = BTPanel.dns_client.certificate_key result['account_key'] = BTPanel.dns_client.account_key result['status'] = True BTPanel.dns_client = None else: result[ 'msg'] = 'Certificate acquisition failed, please try again later.' except Exception as e: self.write_log( "|-Error: {}, exited the application process.".format(e)) self.write_log("=" * 50) res = str(e).split('>>>>') err = False try: err = json.loads(res[1]) except: err = False result['msg'] = [self.get_error(res[0]), err] return result
def crate_let_by_dns(self, data): dns_class = self.get_dns_class(data) if not dns_class: self.write_log(public.getMsg("DNS_APPLY_ERR")) self.write_log(public.getMsg("EXIT_APPLY_PROCESS")) self.write_log("=" * 50) return public.returnMsg(False, 'DNS_APPLY_ERR1') result = {} result['status'] = False try: log_level = "INFO" if data['account_key']: log_level = 'ERROR' if not data['email']: data['email'] = public.M('users').getField('email') self.write_log(public.getMsg("INIT_ACME")) client = sewer.Client(domain_name=data['first_domain'], domain_alt_names=data['domains'], account_key=data['account_key'], contact_email=str(data['email']), LOG_LEVEL=log_level, ACME_AUTH_STATUS_WAIT_PERIOD=15, ACME_AUTH_STATUS_MAX_CHECKS=5, ACME_REQUEST_TIMEOUT=20, dns_class=dns_class, ACME_DIRECTORY_URL=self.let_url) domain_dns_value = "placeholder" dns_names_to_delete = [] try: self.write_log(public.getMsg("REGISTER_ACCOUNT")) client.acme_register() authorizations, finalize_url = client.apply_for_cert_issuance() responders = [] self.write_log(public.getMsg("GET_VERIFICATION_INFO")) for url in authorizations: identifier_auth = client.get_identifier_authorization(url) authorization_url = identifier_auth["url"] dns_name = identifier_auth["domain"] dns_token = identifier_auth["dns_token"] dns_challenge_url = identifier_auth["dns_challenge_url"] acme_keyauthorization, domain_dns_value = client.get_keyauthorization( dns_token) self.write_log( public.getMsg("ADD_TXT_RECORD", (dns_name, domain_dns_value))) dns_class.create_dns_record(public.de_punycode(dns_name), domain_dns_value) dns_names_to_delete.append({ "dns_name": public.de_punycode(dns_name), "domain_dns_value": domain_dns_value }) responders.append({ "dns_name": dns_name, "domain_dns_value": domain_dns_value, "authorization_url": authorization_url, "acme_keyauthorization": acme_keyauthorization, "dns_challenge_url": dns_challenge_url }) try: for i in responders: self.write_log( public.getMsg( "CHECK_TXT_RECORD", (i['dns_name'], i['domain_dns_value']))) self.check_dns(self.get_acme_name(i['dns_name']), i['domain_dns_value']) self.write_log( public.getMsg("CA_CHECK_RECORD", (i['dns_name']))) auth_status_response = client.check_authorization_status( i["authorization_url"]) r_data = auth_status_response.json() if r_data["status"] == "pending": client.respond_to_challenge( i["acme_keyauthorization"], i["dns_challenge_url"]) for i in responders: self.write_log( public.getMsg("CHECK_CA_RES", (i['dns_name'], ))) client.check_authorization_status( i["authorization_url"], ["valid", "invalid"]) except Exception as ex: self.write_log( public.getMsg("APPLY_WITH_DNS_ERR", (str(ex), ))) for i in responders: self.write_log( public.getMsg( "CHECK_TXT_RECORD", (i['dns_name'], i['domain_dns_value']))) self.check_dns(self.get_acme_name(i['dns_name']), i['domain_dns_value']) self.write_log( public.getMsg("CA_CHECK_RECORD", (i['dns_name']))) auth_status_response = client.check_authorization_status( i["authorization_url"]) r_data = auth_status_response.json() if r_data["status"] == "pending": client.respond_to_challenge( i["acme_keyauthorization"], i["dns_challenge_url"]) for i in responders: self.write_log( public.getMsg("CHECK_CA_RES", (i['dns_name'], ))) client.check_authorization_status( i["authorization_url"], ["valid", "invalid"]) self.write_log(public.getMsg("ALL_DOMAIN_V_PASS")) certificate_url = client.send_csr(finalize_url) self.write_log(public.getMsg("FETCH_CERT_CONTENT")) certificate = client.download_certificate(certificate_url) if certificate: certificate = self.split_ca_data(certificate) result['cert'] = certificate['cert'] result['ca_data'] = certificate['ca_data'] result['key'] = client.certificate_key result['account_key'] = client.account_key result['status'] = True except Exception as e: raise e finally: try: for i in dns_names_to_delete: self.write_log( public.getMsg("CLEAR_RESOLVE_HISTORY", (i["dns_name"]))) dns_class.delete_dns_record(i["dns_name"], i["domain_dns_value"]) except: pass except Exception as e: try: for i in dns_names_to_delete: self.write_log( public.getMsg("CLEAR_RESOLVE_HISTORY", (i["dns_name"]))) dns_class.delete_dns_record(i["dns_name"], i["domain_dns_value"]) except: pass self.write_log( public.getMsg("DNS_APPLY_ERR", (str(public.get_error_info()), ))) self.write_log("=" * 50) res = str(e).split('>>>>') err = False try: err = json.loads(res[1]) except: err = False result['msg'] = [self.get_error(res[0]), err] return result