YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

[mod] remove the summary code concept and switch to code/verbose duet instead

Browse source
This commit is contained in:
Laurent Peuch 2016-10-30 17:34:16 +01:00
parent 2d89964bc7
commit 5495281e83
1 changed files with 56 additions and 54 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

110
src/yunohost/certificate.py
View file

@ -94,11 +94,10 @@ def certificate_status(auth, domain_list, full=False):
for domain in domain_list: for domain in domain_list:
status = _get_status(domain) status = _get_status(domain)
status["summaryCode"] = _summary_code_to_string(status["summaryCode"])
if not full: if not full:
del status["subject"] del status["subject"]
del status["CAname"] del status["CA_name"]
lines.append(status) lines.append(status)
@ -128,7 +127,7 @@ def certificate_install_selfsigned(domain_list, force=False):
# Check we ain't trying to overwrite a good cert ! # Check we ain't trying to overwrite a good cert !
status = _get_status(domain) status = _get_status(domain)
if status and status["summaryCode"] > 0 and not force: if status and status["summary"]["code"] in ('good', 'great') and not force:
raise MoulinetteError(errno.EINVAL, m18n.n('certmanager_attempt_to_replace_valid_cert', domain=domain)) raise MoulinetteError(errno.EINVAL, m18n.n('certmanager_attempt_to_replace_valid_cert', domain=domain))
cert_folder_domain = os.path.join(cert_folder, domain) cert_folder_domain = os.path.join(cert_folder, domain)
@ -183,7 +182,7 @@ def certificate_install_letsencrypt(auth, domain_list, force=False, no_checks=Fa
for domain in yunohost.domain.domain_list(auth)['domains']: for domain in yunohost.domain.domain_list(auth)['domains']:
status = _get_status(domain) status = _get_status(domain)
if status["CAtype"] != "Self-signed": if status["CA_type"]["code"] != "self-signed":
continue continue
domain_list.append(domain) domain_list.append(domain)
@ -197,7 +196,7 @@ def certificate_install_letsencrypt(auth, domain_list, force=False, no_checks=Fa
# Is it self-signed ? # Is it self-signed ?
status = _get_status(domain) status = _get_status(domain)
if not force and status["CAtype"] != "Self-signed": if not force and status["CA_type"]["code"] != "self-signed":
raise MoulinetteError(errno.EINVAL, m18n.n('certmanager_domain_cert_not_selfsigned', domain=domain)) raise MoulinetteError(errno.EINVAL, m18n.n('certmanager_domain_cert_not_selfsigned', domain=domain))
# Actual install steps # Actual install steps
@ -240,7 +239,7 @@ def certificate_renew(auth, domain_list, force=False, no_checks=False, email=Fal
# Does it has a Let's Encrypt cert ? # Does it has a Let's Encrypt cert ?
status = _get_status(domain) status = _get_status(domain)
if status["CAtype"] != "Let's Encrypt": if status["CA_type"]["code"] != "lets-encrypt":
continue continue
# Does it expires soon ? # Does it expires soon ?
@ -265,7 +264,7 @@ def certificate_renew(auth, domain_list, force=False, no_checks=False, email=Fal
raise MoulinetteError(errno.EINVAL, m18n.n('certmanager_attempt_to_renew_valid_cert', domain=domain)) raise MoulinetteError(errno.EINVAL, m18n.n('certmanager_attempt_to_renew_valid_cert', domain=domain))
# Does it has a Let's Encrypt cert ? # Does it has a Let's Encrypt cert ?
if status["CAtype"] != "Let's Encrypt": if status["CA_type"]["code"] != "lets-encrypt":
raise MoulinetteError(errno.EINVAL, m18n.n('certmanager_attempt_to_renew_nonLE_cert', domain=domain)) raise MoulinetteError(errno.EINVAL, m18n.n('certmanager_attempt_to_renew_nonLE_cert', domain=domain))
# Actual renew steps # Actual renew steps
@ -444,9 +443,9 @@ def _fetch_and_enable_new_certificate(domain):
os.symlink(new_cert_folder, live_link) os.symlink(new_cert_folder, live_link)
# Check the status of the certificate is now good # Check the status of the certificate is now good
status_summary_code = _get_status(domain)["summaryCode"] status_summary = _get_status(domain)["summary"]
if status_summary_code < 20: if status_summary["code"] != "great":
raise MoulinetteError(errno.EINVAL, m18n.n('certmanager_certificate_fetching_or_enabling_failed', domain=domain)) raise MoulinetteError(errno.EINVAL, m18n.n('certmanager_certificate_fetching_or_enabling_failed', domain=domain))
logger.info("Restarting services...") logger.info("Restarting services...")
@ -498,47 +497,72 @@ def _get_status(domain):
days_remaining = (valid_up_to - datetime.now()).days days_remaining = (valid_up_to - datetime.now()).days
if cert_issuer == _name_self_CA(): if cert_issuer == _name_self_CA():
CA_type = "Self-signed" CA_type = {
"code": "self-signed",
"verbose": "Self-signed",
}
elif cert_issuer.startswith("Let's Encrypt"): elif cert_issuer.startswith("Let's Encrypt"):
CA_type = "Let's Encrypt" CA_type = {
"code": "lets-encrypt",
"verbose": "Let's Encrypt",
}
elif cert_issuer.startswith("Fake LE"): elif cert_issuer.startswith("Fake LE"):
CA_type = "Fake Let's Encrypt" CA_type = {
"code": "fake-lets-encrypt",
"verbose": "Fake Let's Encrypt",
}
else: else:
CA_type = "Other / Unknown" CA_type = {
"code": "other-unknown",
"verbose": "Other / Unknown",
}
# Unknown by default
status_summary_code = 0
# Critical
if days_remaining <= 0: if days_remaining <= 0:
status_summary_code = -30 status_summary = {
"code": "critical",
"verbose": "CRITICAL",
}
# Warning, self-signed, browser will display a warning discouraging visitors to enter website elif CA_type["code"] in ("self-signed","fake-lets-encrypt"):
elif CA_type == "Self-signed" or CA_type == "Fake Let's Encrypt": status_summary = {
status_summary_code = -20 "code": "warning",
"verbose": "WARNING",
}
# Attention, certificate will expire soon (should be renewed automatically if Let's Encrypt)
elif days_remaining < validity_limit: elif days_remaining < validity_limit:
status_summary_code = -10 status_summary = {
"code": "attention",
"verbose": "About to expire",
}
# CA not known, but still a valid certificate, so okay ! elif CA_type["code"] == "other-unknown":
elif CA_type == "Other / Unknown": status_summary = {
status_summary_code = 10 "code": "good",
"verbose": "Good",
}
# Let's Encrypt, great ! elif CA_type["code"] == "lets-encrypt":
elif CA_type == "Let's Encrypt": status_summary = {
status_summary_code = 20 "code": "great",
"verbose": "Great!",
}
else:
status_summary = {
"code": "unknown",
"verbose": "Unknown?",
}
return { return {
"domain": domain, "domain": domain,
"subject": cert_subject, "subject": cert_subject,
"CAname": cert_issuer, "CA_name": cert_issuer,
"CAtype": CA_type, "CA_type": CA_type,
"validity": days_remaining, "validity": days_remaining,
"summaryCode": status_summary_code "summary": status_summary,
} }
############################################################################### ###############################################################################
@ -629,28 +653,6 @@ def _domain_is_accessible_through_HTTP(ip, domain):
return True return True
def _summary_code_to_string(code):
if code <= -30:
return "CRITICAL"
if code <= -20:
return "WARNING"
if code <= -10:
return "Attention"
if code <= 0:
return "Unknown?"
if code <= 10:
return "Good"
if code <= 20:
return "Great!"
return "Unknown?"
def _name_self_CA(): def _name_self_CA():
cert = crypto.load_certificate(crypto.FILETYPE_PEM, open(selfCA_file).read()) cert = crypto.load_certificate(crypto.FILETYPE_PEM, open(selfCA_file).read())
return cert.get_subject().CN return cert.get_subject().CN