Commit cba5f41e authored by Mart van Santen's avatar Mart van Santen

Latest uncommitted changes to the source code.

parent 9c184f00
"""Haproxy Let's Encrypt authenticator plugin."""
import os
import logging
import re
......@@ -8,9 +7,12 @@ import subprocess
import zope.component
import zope.interface
import boto3
import threading
import time
from acme import challenges
from letsencrypt import errors
......@@ -19,14 +21,14 @@ from letsencrypt.plugins import common
from BaseHTTPServer import BaseHTTPRequestHandler,HTTPServer
# This is the port where HAproxy should forward requests to
PORT_NUMBER = 8080
logger = logging.getLogger(__name__)
class HaProxyHandler(BaseHTTPRequestHandler):
# def __init__(self, key):
# self.key = key
validation = ''
def do_GET(self):
......@@ -49,8 +51,10 @@ class Authenticator(common.Plugin):
# @classmethod
# def add_parser_arguments(cls, add):
# add("port", default=os.getenv('PORT'),
# help="Haproxy redirect port")
# add("s3-bucket", default=os.getenv('S3_BUCKET'),
# help="Bucket referenced by CloudFront distribution")
# add("s3-region", default="us-east-1",
# help="Bucket region name")
def __init__(self, *args, **kwargs):
super(Authenticator, self).__init__(*args, **kwargs)
......@@ -73,39 +77,67 @@ class Authenticator(common.Plugin):
return responses
def _perform_single(self, achall):
response, validation = achall.response_and_validation()
file = open("/tmp/hatest", "w")
file.write(achall.chall.path[1:] + "\n")
file.write(validation)
file.close()
# address = ("", PORT_NUMBER)
# server = acme_standalone.HTTP01Server(
# address, self.http_01_resources)
# thread = threading.Thread(target=server.serve_forever)
# thread.start()
# Get a request handler
# Launch simple webserver and handle one request only
handler = HaProxyHandler;
# Put validation key in handler
handler.validation = validation
# Create webserver with this handler
server = HTTPServer(('', PORT_NUMBER), HaProxyHandler)
# Start webserver in seperate thread
# thread.stop
thread = threading.Thread(target=server.serve_forever)
#handle_request)
thread.start()
# Save the server in this object
self.instance = server
# Allow server to boot
time.sleep( 2 )
if response.simple_verify(
achall.chall, achall.domain,
achall.account_key.public_key(), self.config.http01_port):
print "shutting down in 5"
time.sleep( 5 )
return response
else:
logger.error(
"Self-verify of challenge failed, authorization abandoned!")
return None
print "ok\n\n"
#server.handle_request()
#server.server_close()
print "ok\n"
return None
# upload the challenge file to the desired s3 bucket
# then run simple http verification
# response, validation = achall.response_and_validation()
# s3 = boto3.resource('s3', region_name=self.conf('s3-region'))
def cleanup(self, achalls):
# s3.Bucket(self.conf('s3-bucket')).put_object(Key=achall.chall.path[1:],
# Body=validation,
# ACL='public-read')
# Shutdown the webserver
def cleanup(self, achalls):
self.instance.shutdown()
# # pylint: disable=missing-docstring,no-self-use,unused-argument
# s3 = boto3.resource('s3', region_name=self.conf('s3-region'))
# client = s3.meta.client
# for achall in achalls:
# client.delete_object(Bucket=self.conf('s3-bucket'), Key=achall.chall.path[1:])
return None
......@@ -26,8 +26,8 @@ class Installer(common.Plugin):
@classmethod
def add_parser_arguments(cls, add):
add("cf-distribution-id", default=os.getenv('CF_DISTRIBUTION_ID'),
help="CloudFront distribution id")
add("config", default='/etc/haproxy/haproxy.cfg',
help="path to configfile of haproxy")
def __init__(self, *args, **kwargs):
super(Installer, self).__init__(*args, **kwargs)
......@@ -40,7 +40,16 @@ class Installer(common.Plugin):
return ("")
def get_all_names(self): # pylint: disable=missing-docstring,no-self-use
pass # pragma: no cover
domains = []
config = self.conf('config')
with open(config) as haread:
for line in haread:
m = re.match(".*## LE-BIND ([a-zA-Z0-9-\.]+)", line)
if (m):
domains.append(m.group(1))
return(domains)
def deploy_cert(self, domain, cert_path, key_path, chain_path, fullchain_path):
......@@ -67,7 +76,8 @@ class Installer(common.Plugin):
# Read haproxy
hawrite = open("/tmp/haproxy.cfg", "w")
compare = "## LE-BIND " + domain
with open('/etc/haproxy/haproxy.cfg') as haread:
config = self.conf('config')
with open(config) as haread:
for line in haread:
if (re.match(".*## LE-BIND " + domain, line)):
hawrite.write("bind *:443 ssl crt " + path + "/combined.pem" + " ## LE-BIND " + domain + "\n")
......@@ -76,8 +86,8 @@ class Installer(common.Plugin):
hawrite.close()
os.rename("/etc/haproxy/haproxy.cfg", "/etc/haproxy/haproxy.cfg.bak")
os.rename("/tmp/haproxy.cfg", "/etc/haproxy/haproxy.cfg")
os.rename(config, config + ".bak")
os.rename("/tmp/haproxy.cfg", config)
pass
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment