mirror of
https://github.com/YunoHost/yunohost.git
synced 2024-09-03 20:06:10 +02:00
[mod] pylint
This commit is contained in:
Laurent Peuch
parent
3b5cadb907
commit
487e1d2588
1 changed files with 48 additions and 50 deletions
|
|
@ -17,9 +17,7 @@
|
||||||
You should have received a copy of the GNU Affero General Public License
|
You should have received a copy of the GNU Affero General Public License
|
||||||
along with this program; if not, see http://www.gnu.org/licenses
|
along with this program; if not, see http://www.gnu.org/licenses
|
||||||
|
|
||||||
"""
|
yunohost_certificate.py
|
||||||
|
|
||||||
""" yunohost_certificate.py
|
|
||||||
|
|
||||||
Manage certificates, in particular Let's encrypt
|
Manage certificates, in particular Let's encrypt
|
||||||
"""
|
"""
|
||||||
|
|
@ -27,22 +25,22 @@
|
||||||
import os
|
import os
|
||||||
import sys
|
import sys
|
||||||
import errno
|
import errno
|
||||||
import requests
|
|
||||||
import shutil
|
import shutil
|
||||||
import pwd
|
import pwd
|
||||||
import grp
|
import grp
|
||||||
import smtplib
|
import smtplib
|
||||||
|
import requests
|
||||||
|
|
||||||
from OpenSSL import crypto
|
from OpenSSL import crypto
|
||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
from tabulate import tabulate
|
from tabulate import tabulate
|
||||||
from acme_tiny import get_crt as sign_certificate
|
from acme_tiny import get_crt as sign_certificate
|
||||||
|
|
||||||
import yunohost.domain
|
|
||||||
|
|
||||||
from moulinette.core import MoulinetteError
|
from moulinette.core import MoulinetteError
|
||||||
from moulinette.utils.log import getActionLogger
|
from moulinette.utils.log import getActionLogger
|
||||||
|
|
||||||
|
import yunohost.domain
|
||||||
|
|
||||||
from yunohost.app import app_ssowatconf
|
from yunohost.app import app_ssowatconf
|
||||||
from yunohost.service import _run_service_command
|
from yunohost.service import _run_service_command
|
||||||
|
|
||||||
|
|
@ -135,7 +133,7 @@ def certificate_install(auth, domain_list, force=False, no_checks=False, self_si
|
||||||
before attempting the install
|
before attempting the install
|
||||||
self-signed -- Instal self-signed certificates instead of Let's Encrypt
|
self-signed -- Instal self-signed certificates instead of Let's Encrypt
|
||||||
"""
|
"""
|
||||||
if (self_signed):
|
if self_signed:
|
||||||
certificate_install_selfsigned(domain_list, force)
|
certificate_install_selfsigned(domain_list, force)
|
||||||
else:
|
else:
|
||||||
certificate_install_letsencrypt(auth, domain_list, force, no_checks)
|
certificate_install_letsencrypt(auth, domain_list, force, no_checks)
|
||||||
|
|
@ -318,7 +316,7 @@ def _install_cron():
|
||||||
_set_permissions(cron_job_file, "root", "root", 0755)
|
_set_permissions(cron_job_file, "root", "root", 0755)
|
||||||
|
|
||||||
|
|
||||||
def _email_renewing_failed(domain, exceptionMessage):
|
def _email_renewing_failed(domain, exception_message):
|
||||||
from_ = "certmanager@%s (Certificate Manager)" % domain
|
from_ = "certmanager@%s (Certificate Manager)" % domain
|
||||||
to_ = "root"
|
to_ = "root"
|
||||||
subject_ = "Certificate renewing attempt for %s failed!" % domain
|
subject_ = "Certificate renewing attempt for %s failed!" % domain
|
||||||
|
|
@ -337,7 +335,7 @@ investigate :
|
||||||
|
|
||||||
-- Certificate Manager
|
-- Certificate Manager
|
||||||
|
|
||||||
""" % (domain, exceptionMessage, logs)
|
""" % (domain, exception_message, logs)
|
||||||
|
|
||||||
message = """
|
message = """
|
||||||
From: %s
|
From: %s
|
||||||
|
|
@ -453,9 +451,9 @@ def _fetch_and_enable_new_certificate(domain):
|
||||||
os.symlink(new_cert_folder, live_link)
|
os.symlink(new_cert_folder, live_link)
|
||||||
|
|
||||||
# Check the status of the certificate is now good
|
# Check the status of the certificate is now good
|
||||||
statusSummaryCode = _get_status(domain)["summaryCode"]
|
status_summary_code = _get_status(domain)["summaryCode"]
|
||||||
|
|
||||||
if statusSummaryCode < 20:
|
if status_summary_code < 20:
|
||||||
raise MoulinetteError(errno.EINVAL, m18n.n('certmanager_certificate_fetching_or_enabling_failed', domain=domain))
|
raise MoulinetteError(errno.EINVAL, m18n.n('certmanager_certificate_fetching_or_enabling_failed', domain=domain))
|
||||||
|
|
||||||
logger.info("Restarting services...")
|
logger.info("Restarting services...")
|
||||||
|
|
@ -501,54 +499,54 @@ def _get_status(domain):
|
||||||
traceback.print_exc(file=sys.stdout)
|
traceback.print_exc(file=sys.stdout)
|
||||||
raise MoulinetteError(errno.EINVAL, m18n.n('certmanager_cannot_read_cert', domain=domain, file=cert_file, reason=exception))
|
raise MoulinetteError(errno.EINVAL, m18n.n('certmanager_cannot_read_cert', domain=domain, file=cert_file, reason=exception))
|
||||||
|
|
||||||
certSubject = cert.get_subject().CN
|
cert_subject = cert.get_subject().CN
|
||||||
certIssuer = cert.get_issuer().CN
|
cert_issuer = cert.get_issuer().CN
|
||||||
validUpTo = datetime.strptime(cert.get_notAfter(), "%Y%m%d%H%M%SZ")
|
valid_up_to = datetime.strptime(cert.get_notAfter(), "%Y%m%d%H%M%SZ")
|
||||||
daysRemaining = (validUpTo - datetime.now()).days
|
days_remaining = (valid_up_to - datetime.now()).days
|
||||||
|
|
||||||
CAtype = None
|
CA_type = None
|
||||||
if certIssuer == _name_selfCA():
|
if cert_issuer == _name_self_CA():
|
||||||
CAtype = "Self-signed"
|
CA_type = "Self-signed"
|
||||||
|
|
||||||
elif certIssuer.startswith("Let's Encrypt"):
|
elif cert_issuer.startswith("Let's Encrypt"):
|
||||||
CAtype = "Let's Encrypt"
|
CA_type = "Let's Encrypt"
|
||||||
|
|
||||||
elif certIssuer.startswith("Fake LE"):
|
elif cert_issuer.startswith("Fake LE"):
|
||||||
CAtype = "Fake Let's Encrypt"
|
CA_type = "Fake Let's Encrypt"
|
||||||
|
|
||||||
else:
|
else:
|
||||||
CAtype = "Other / Unknown"
|
CA_type = "Other / Unknown"
|
||||||
|
|
||||||
# Unknown by default
|
# Unknown by default
|
||||||
statusSummaryCode = 0
|
status_summary_code = 0
|
||||||
|
|
||||||
# Critical
|
# Critical
|
||||||
if daysRemaining <= 0:
|
if days_remaining <= 0:
|
||||||
statusSummaryCode = -30
|
status_summary_code = -30
|
||||||
|
|
||||||
# Warning, self-signed, browser will display a warning discouraging visitors to enter website
|
# Warning, self-signed, browser will display a warning discouraging visitors to enter website
|
||||||
elif CAtype == "Self-signed" or CAtype == "Fake Let's Encrypt":
|
elif CA_type == "Self-signed" or CA_type == "Fake Let's Encrypt":
|
||||||
statusSummaryCode = -20
|
status_summary_code = -20
|
||||||
|
|
||||||
# Attention, certificate will expire soon (should be renewed automatically if Let's Encrypt)
|
# Attention, certificate will expire soon (should be renewed automatically if Let's Encrypt)
|
||||||
elif daysRemaining < validity_limit:
|
elif days_remaining < validity_limit:
|
||||||
statusSummaryCode = -10
|
status_summary_code = -10
|
||||||
|
|
||||||
# CA not known, but still a valid certificate, so okay !
|
# CA not known, but still a valid certificate, so okay !
|
||||||
elif CAtype == "Other / Unknown":
|
elif CA_type == "Other / Unknown":
|
||||||
statusSummaryCode = 10
|
status_summary_code = 10
|
||||||
|
|
||||||
# Let's Encrypt, great !
|
# Let's Encrypt, great !
|
||||||
elif CAtype == "Let's Encrypt":
|
elif CA_type == "Let's Encrypt":
|
||||||
statusSummaryCode = 20
|
status_summary_code = 20
|
||||||
|
|
||||||
return {
|
return {
|
||||||
"domain": domain,
|
"domain": domain,
|
||||||
"subject": certSubject,
|
"subject": cert_subject,
|
||||||
"CAname": certIssuer,
|
"CAname": cert_issuer,
|
||||||
"CAtype": CAtype,
|
"CAtype": CA_type,
|
||||||
"validity": daysRemaining,
|
"validity": days_remaining,
|
||||||
"summaryCode": statusSummaryCode
|
"summaryCode": status_summary_code
|
||||||
}
|
}
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
|
@ -562,11 +560,11 @@ def _generate_account_key():
|
||||||
_set_permissions(account_key_file, "root", "root", 0400)
|
_set_permissions(account_key_file, "root", "root", 0400)
|
||||||
|
|
||||||
|
|
||||||
def _generate_key(destinationPath):
|
def _generate_key(destination_path):
|
||||||
k = crypto.PKey()
|
k = crypto.PKey()
|
||||||
k.generate_key(crypto.TYPE_RSA, key_size)
|
k.generate_key(crypto.TYPE_RSA, key_size)
|
||||||
|
|
||||||
with open(destinationPath, "w") as f:
|
with open(destination_path, "w") as f:
|
||||||
f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, k))
|
f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, k))
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -583,8 +581,8 @@ def _backup_current_cert(domain):
|
||||||
|
|
||||||
cert_folder_domain = os.path.join(cert_folder, domain)
|
cert_folder_domain = os.path.join(cert_folder, domain)
|
||||||
|
|
||||||
dateTag = datetime.now().strftime("%Y%m%d.%H%M%S")
|
date_tag = datetime.now().strftime("%Y%m%d.%H%M%S")
|
||||||
backup_folder = "%s-backup-%s" % (cert_folder_domain, dateTag)
|
backup_folder = "%s-backup-%s" % (cert_folder_domain, date_tag)
|
||||||
|
|
||||||
shutil.copytree(cert_folder_domain, backup_folder)
|
shutil.copytree(cert_folder_domain, backup_folder)
|
||||||
|
|
||||||
|
|
@ -661,7 +659,7 @@ def _summary_code_to_string(code):
|
||||||
return "Unknown?"
|
return "Unknown?"
|
||||||
|
|
||||||
|
|
||||||
def _name_selfCA():
|
def _name_self_CA():
|
||||||
cert = crypto.load_certificate(crypto.FILETYPE_PEM, open(selfCA_file).read())
|
cert = crypto.load_certificate(crypto.FILETYPE_PEM, open(selfCA_file).read())
|
||||||
return cert.get_subject().CN
|
return cert.get_subject().CN
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue