Latest uncommitted changes to the source code.

letsencrypt_haproxy/authenticator.py

 """Haproxy Let's Encrypt authenticator plugin."""
-
 import os
 import logging
 import re
@@ -8,9 +7,12 @@ import subprocess
 import zope.component
 import zope.interface
 
+import boto3
+
 import threading
 import time
 
+
 from acme import challenges
 
 from letsencrypt import errors
@@ -19,14 +21,14 @@ from letsencrypt.plugins import common
 
 from BaseHTTPServer import BaseHTTPRequestHandler,HTTPServer
 
-
-# This is the port where HAproxy should forward requests to
 PORT_NUMBER = 8080
 
 
 logger = logging.getLogger(__name__)
 
 class HaProxyHandler(BaseHTTPRequestHandler):
+#    def __init__(self, key):
+#       self.key = key
     validation = ''
 
     def do_GET(self):
@@ -49,8 +51,10 @@ class Authenticator(common.Plugin):
 
 #    @classmethod
 #    def add_parser_arguments(cls, add):
-#        add("port", default=os.getenv('PORT'),
-#            help="Haproxy redirect port")
+#        add("s3-bucket", default=os.getenv('S3_BUCKET'),
+#            help="Bucket referenced by CloudFront distribution")
+#        add("s3-region", default="us-east-1",
+#            help="Bucket region name")
 
     def __init__(self, *args, **kwargs):
         super(Authenticator, self).__init__(*args, **kwargs)
@@ -73,39 +77,67 @@ class Authenticator(common.Plugin):
         return responses
 
     def _perform_single(self, achall):
+        response, validation = achall.response_and_validation()
+        file = open("/tmp/hatest", "w")
+        file.write(achall.chall.path[1:] + "\n")
+        file.write(validation)
+        file.close()
+
+      #  address = ("", PORT_NUMBER)
+      #  server = acme_standalone.HTTP01Server(
+      #              address, self.http_01_resources)
+
+      #  thread = threading.Thread(target=server.serve_forever)
+      #  thread.start()
 
         
-	# Get a request handler
+	# Launch simple webserver and handle one request only
         handler = HaProxyHandler;
-
-        # Put validation key in handler
         handler.validation = validation
-
-        # Create webserver with this handler
         server = HTTPServer(('', PORT_NUMBER), HaProxyHandler)
 
-        # Start webserver in seperate thread
+#        thread.stop
         thread = threading.Thread(target=server.serve_forever)
+#handle_request)
         thread.start()
 
-        # Save the server in this object
         self.instance = server
-
-        # Allow server to boot
         time.sleep( 2 )
 
         if response.simple_verify(
                 achall.chall, achall.domain,
                 achall.account_key.public_key(), self.config.http01_port):
+            print "shutting down in 5"
+
+            time.sleep( 5 )
             return response
         else:
             logger.error(
                 "Self-verify of challenge failed, authorization abandoned!")
             return None
 
+	print "ok\n\n"
+        #server.handle_request()
+	#server.server_close()
+        
+        print "ok\n"
+        return None
+        # upload the challenge file to the desired s3 bucket
+        # then run simple http verification
+
+#        response, validation = achall.response_and_validation()
+#        s3 = boto3.resource('s3', region_name=self.conf('s3-region'))
 
-    def cleanup(self, achalls):
+#        s3.Bucket(self.conf('s3-bucket')).put_object(Key=achall.chall.path[1:],
+#                                                     Body=validation,
+#                                                     ACL='public-read')
 
-        # Shutdown the webserver
+
+    def cleanup(self, achalls):
         self.instance.shutdown()
+#        # pylint: disable=missing-docstring,no-self-use,unused-argument
+#        s3 = boto3.resource('s3', region_name=self.conf('s3-region'))
+#        client = s3.meta.client
+#        for achall in achalls:
+#            client.delete_object(Bucket=self.conf('s3-bucket'), Key=achall.chall.path[1:])
         return None

letsencrypt_haproxy/installer.py

@@ -26,8 +26,8 @@ class Installer(common.Plugin):
 
     @classmethod
     def add_parser_arguments(cls, add):
-        add("cf-distribution-id", default=os.getenv('CF_DISTRIBUTION_ID'),
-            help="CloudFront distribution id")
+        add("config", default='/etc/haproxy/haproxy.cfg',
+            help="path to configfile of haproxy")
 
     def __init__(self, *args, **kwargs):
         super(Installer, self).__init__(*args, **kwargs)
@@ -40,7 +40,16 @@ class Installer(common.Plugin):
         return ("")
 
     def get_all_names(self):  # pylint: disable=missing-docstring,no-self-use
-        pass  # pragma: no cover
+        domains = []
+	config = self.conf('config')
+        with open(config) as haread:
+            for line in haread:
+                m = re.match(".*## LE-BIND ([a-zA-Z0-9-\.]+)", line)
+                if (m):
+                    domains.append(m.group(1))
+
+        return(domains)
+
 
     def deploy_cert(self, domain, cert_path, key_path, chain_path, fullchain_path):
 
@@ -67,7 +76,8 @@ class Installer(common.Plugin):
         # Read haproxy
         hawrite = open("/tmp/haproxy.cfg", "w")
         compare = "## LE-BIND " + domain
-        with open('/etc/haproxy/haproxy.cfg') as haread:
+	config = self.conf('config')
+        with open(config) as haread:
             for line in haread:
                 if (re.match(".*## LE-BIND " + domain, line)):
                     hawrite.write("bind *:443 ssl crt " + path + "/combined.pem" + " ## LE-BIND " + domain + "\n")
@@ -76,8 +86,8 @@ class Installer(common.Plugin):
 
         hawrite.close()
 
-	os.rename("/etc/haproxy/haproxy.cfg", "/etc/haproxy/haproxy.cfg.bak")
-	os.rename("/tmp/haproxy.cfg", "/etc/haproxy/haproxy.cfg")
+	os.rename(config, config + ".bak")
+	os.rename("/tmp/haproxy.cfg", config)
 
         pass