Cert handling LIKA BAWSS

2024-09-03 20:06:31 +02:00 · 2013-06-08 17:46:15 +00:00 · 2013-06-08 17:46:15 +00:00 · 92d3c58ea9
commit 92d3c58ea9
parent 6d4e130ad4
3 changed files with 49 additions and 29 deletions
--- a/yunohost_domain.py
+++ b/yunohost_domain.py
@ -130,22 +130,27 @@ def domain_add(domains, web=False):

            os.system('service bind9 reload')

-            #command_list = [
-            #    'echo "01" > '+ ssl_dir +'/serial',
-            #    'rm '+ ssl_dir +'/index.txt',
-            #    'touch '+ ssl_dir +'/index.txt',
-            #    'sed -i "s/' + old_domain + '/' + new_domain + '/g" '+ ssl_dir +'/openssl.cnf',
-            #    'openssl req -x509 -new -config '+ ssl_dir +'/openssl.cnf -days 3650 -out '+ ssl_dir +'/ca/cacert.pem -keyout '+ ssl_dir +'/ca/cakey.pem -nodes -batch',
-            #    'openssl req -new -config '+ ssl_dir +'/openssl.cnf -days 730 -out '+ ssl_dir +'/certs/yunohost_csr.pem -keyout '+ ssl_dir +'/certs/yunohost_key.pem -nodes -batch',
-            #    'openssl ca -config '+ ssl_dir +'/openssl.cnf -days 730 -in '+ ssl_dir +'/certs/yunohost_csr.pem -out '+ ssl_dir +'/certs/yunohost_crt.pem -batch',
-            #    'cp '+ ssl_dir +'/ca/cacert.pem /etc/ssl/certs/ca-yunohost_crt.pem',
-            #    'cp '+ ssl_dir +'/certs/yunohost_key.pem /etc/ssl/private/',
-            #    'cp '+ ssl_dir +'/newcerts/01.pem /etc/ssl/certs/yunohost_crt.pem',
-            #]
+            ssl_dir = '/usr/share/yunohost/yunohost-config/ssl/yunoCA'
+            ssl_domain_path  = '/etc/yunohost/certs/'+ domain
+            with open(ssl_dir +'/serial', 'r') as f:
+                serial = f.readline().rstrip()
+            try: os.listdir(ssl_domain_path)
+            except OSError: os.makedirs(ssl_domain_path)

-            #for command in command_list:
-            #    if os.system(command) != 0:
-            #        raise YunoHostError(17, _("An error occurred during certificate generation"))
+            command_list = [
+                'cp '+ ssl_dir +'/openssl.cnf '+ ssl_domain_path,
+                'sed -i "s/yunohost.org/' + domain + '/g" '+ ssl_domain_path +'/openssl.cnf',
+                'openssl req -new -config '+ ssl_domain_path +'/openssl.cnf -days 3650 -out '+ ssl_dir +'/certs/yunohost_csr.pem -keyout '+ ssl_dir +'/certs/yunohost_key.pem -nodes -batch',
+                'openssl ca -config '+ ssl_domain_path +'/openssl.cnf -days 3650 -in '+ ssl_dir +'/certs/yunohost_csr.pem -out '+ ssl_dir +'/certs/yunohost_crt.pem -batch',
+                'ln -s /etc/ssl/certs/ca-yunohost_crt.pem   '+ ssl_domain_path +'/ca.pem',
+                'cp '+ ssl_dir +'/certs/yunohost_key.pem    '+ ssl_domain_path +'/key.pem',
+                'cp '+ ssl_dir +'/newcerts/'+ serial +'.pem '+ ssl_domain_path +'/crt.pem',
+                'chmod 600 '+ ssl_domain_path +'/key.pem'
+            ]
+
+            for command in command_list:
+                if os.system(command) != 0:
+                    raise YunoHostError(17, _("An error occurred during certificate generation"))

            if yldap.add('virtualdomain=' + domain + ',ou=domains', attr_dict):
                result.append(domain)
--- a/yunohost_tools.py
+++ b/yunohost_tools.py
@ -80,6 +80,7 @@ def tools_maindomain(old_domain, new_domain):
        dict

    """
+
    if not old_domain:
        with open('/etc/yunohost/current_host', 'r') as f:
            old_domain = f.readline().rstrip()
@ -128,29 +129,19 @@ def tools_maindomain(old_domain, new_domain):
        for line in lemon_conf_lines:
            lemon_conf.write(line + '\n')

-
    os.system('rm /etc/yunohost/apache/domains/' + old_domain + '.d/*.fixed.conf') # remove SSO apache conf dir from old domain conf (fail if postinstall)

-    ssl_dir = '/usr/share/yunohost/yunohost-config/ssl/yunoCA'
-
    command_list = [
        'cp /etc/yunohost/apache/templates/sso.fixed.conf   /etc/yunohost/apache/domains/' + new_domain + '.d/sso.fixed.conf', # add SSO apache conf dir to new domain conf
        'cp /etc/yunohost/apache/templates/admin.fixed.conf /etc/yunohost/apache/domains/' + new_domain + '.d/admin.fixed.conf',
        'cp /etc/yunohost/apache/templates/user.fixed.conf  /etc/yunohost/apache/domains/' + new_domain + '.d/user.fixed.conf',
        '/usr/share/lemonldap-ng/bin/lmYnhMoulinette',
        '/etc/init.d/hostname.sh',
-        'echo "01" > '+ ssl_dir +'/serial',
-        'rm '+ ssl_dir +'/index.txt',
-        'touch '+ ssl_dir +'/index.txt',
-        'sed -i "s/' + old_domain + '/' + new_domain + '/g" '+ ssl_dir +'/openssl.cnf',
-        'openssl req -x509 -new -config '+ ssl_dir +'/openssl.cnf -days 3650 -out '+ ssl_dir +'/ca/cacert.pem -keyout '+ ssl_dir +'/ca/cakey.pem -nodes -batch',
-        'openssl req -new -config '+ ssl_dir +'/openssl.cnf -days 730 -out '+ ssl_dir +'/certs/yunohost_csr.pem -keyout '+ ssl_dir +'/certs/yunohost_key.pem -nodes -batch',
-        'openssl ca -config '+ ssl_dir +'/openssl.cnf -days 730 -in '+ ssl_dir +'/certs/yunohost_csr.pem -out '+ ssl_dir +'/certs/yunohost_crt.pem -batch',
-        'cp '+ ssl_dir +'/ca/cacert.pem /etc/ssl/certs/ca-yunohost_crt.pem',
-        'cp '+ ssl_dir +'/certs/yunohost_key.pem /etc/ssl/private/',
-        'cp '+ ssl_dir +'/newcerts/01.pem /etc/ssl/certs/yunohost_crt.pem',
+        'ln -s /etc/yunohost/certs/'+ new_domain +'/key.pem /etc/ssl/private/yunohost_key.pem',
+        'ln -s /etc/yunohost/certs/'+ new_domain +'/crt.pem /etc/ssl/certs/yunohost_crt.pem',
        'echo '+ new_domain +' > /etc/yunohost/current_host',
        'service apache2 restart',
+        'service prosody restart',
        'service postfix restart'
    ]

@ -181,6 +172,30 @@ def tools_postinstall(domain, password):
        else:
            raise YunoHostError(17, _("YunoHost is already installed"))

+        # Create required folders
+        folders_to_create = [
+            '/etc/yunohost/apps',
+            '/etc/yunohost/certs'
+        ]
+
+        for folder in folders_to_create:
+            try: os.listdir(folder)
+            except OSError: os.makedirs(folder)
+
+        # Create SSL CA
+        ssl_dir = '/usr/share/yunohost/yunohost-config/ssl/yunoCA'
+        command_list = [
+            'echo "01" > '+ ssl_dir +'/serial',
+            'rm '+ ssl_dir +'/index.txt',
+            'touch '+ ssl_dir +'/index.txt',
+            'openssl req -x509 -new -config '+ ssl_dir +'/openssl.cnf -days 3650 -out '+ ssl_dir +'/ca/cacert.pem -keyout '+ ssl_dir +'/ca/cakey.pem -nodes -batch',
+            'cp '+ ssl_dir +'/ca/cacert.pem /etc/ssl/certs/ca-yunohost_crt.pem'
+        ]
+
+        for command in command_list:
+            if os.system(command) != 0:
+                raise YunoHostError(17, _("There were a problem during CA creation"))
+
        # Initialize YunoHost LDAP base
        tools_ldapinit()

--- a/yunohost_user.py
+++ b/yunohost_user.py
@ -189,7 +189,7 @@ def user_update(username, firstname=None, lastname=None, mail=None, change_passw
    with YunoHostLDAP() as yldap:
        attrs_to_fetch = ['givenName', 'sn', 'mail', 'maildrop']
        new_attr_dict = {}
-	    domains = domain_list()['Domains']
+        domains = domain_list()['Domains']

        # Populate user informations
        result = yldap.search(base='ou=users,dc=yunohost,dc=org', filter='uid=' + username, attrs=attrs_to_fetch)