How to use the letsencrypt.le_util function in letsencrypt

To help you get started, we’ve selected a few letsencrypt examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github certbot / certbot / letsencrypt / client.py View on Github external
:returns: cert_path, chain_path, and fullchain_path as absolute
            paths to the actual files
        :rtype: `tuple` of `str`

        :raises IOError: If unable to find room to write the cert files

        """
        for path in cert_path, chain_path, fullchain_path:
            le_util.make_or_verify_dir(
                os.path.dirname(path), 0o755, os.geteuid(),
                self.config.strict_permissions)

        cert_pem = OpenSSL.crypto.dump_certificate(
            OpenSSL.crypto.FILETYPE_PEM, certr.body.wrapped)
        cert_file, act_cert_path = le_util.unique_file(cert_path, 0o644)
        try:
            cert_file.write(cert_pem)
        finally:
            cert_file.close()
        logger.info("Server issued certificate; certificate written to %s",
                    act_cert_path)

        cert_chain_abspath = None
        fullchain_abspath = None
        if chain_cert:
            chain_pem = crypto_util.dump_pyopenssl_chain(chain_cert)
            cert_chain_abspath = _save_chain(chain_pem, chain_path)
            fullchain_abspath = _save_chain(cert_pem + chain_pem,
                                            fullchain_path)

        return os.path.abspath(act_cert_path), cert_chain_abspath, fullchain_abspath
github certbot / certbot / letsencrypt-apache / letsencrypt_apache / configurator.py View on Github external
add("le-vhost-ext", default=constants.os_constant("le_vhost_ext"),
            help="SSL vhost configuration extension.")
        add("server-root", default=constants.os_constant("server_root"),
            help="Apache server root directory.")
        add("vhost-root", default=constants.os_constant("vhost_root"),
            help="Apache server VirtualHost configuration root")
        add("challenge-location",
            default=constants.os_constant("challenge_location"),
            help="Directory path for challenge configuration.")
        add("handle-modules", default=constants.os_constant("handle_mods"),
            help="Let installer handle enabling required modules for you." +
                 "(Only Ubuntu/Debian currently)")
        add("handle-sites", default=constants.os_constant("handle_sites"),
            help="Let installer handle enabling sites for you." +
                 "(Only Ubuntu/Debian currently)")
        le_util.add_deprecated_argument(add, "init-script", 1)
github certbot / certbot / letsencrypt-apache / letsencrypt_apache / configurator.py View on Github external
def _enable_mod_debian(self, mod_name, temp):
        """Assumes mods-available, mods-enabled layout."""
        # Generate reversal command.
        # Try to be safe here... check that we can probably reverse before
        # applying enmod command
        if not le_util.exe_exists(self.conf("dismod")):
            raise errors.MisconfigurationError(
                "Unable to find a2dismod, please make sure a2enmod and "
                "a2dismod are configured correctly for letsencrypt.")

        self.reverter.register_undo_command(
            temp, [self.conf("dismod"), mod_name])
        le_util.run_script([self.conf("enmod"), mod_name])
github certbot / certbot / letsencrypt / client.py View on Github external
:raises .errors.Error: when validation fails

    """
    # TODO: Handle all of these problems appropriately
    # The client can eventually do things like prompt the user
    # and allow the user to take more appropriate actions

    # Key must be readable and valid.
    if privkey.pem and not crypto_util.valid_privkey(privkey.pem):
        raise errors.Error("The provided key is not a valid key")

    if csr:
        if csr.form == "der":
            csr_obj = OpenSSL.crypto.load_certificate_request(
                OpenSSL.crypto.FILETYPE_ASN1, csr.data)
            csr = le_util.CSR(csr.file, OpenSSL.crypto.dump_certificate(
                OpenSSL.crypto.FILETYPE_PEM, csr_obj), "pem")

        # If CSR is provided, it must be readable and valid.
        if csr.data and not crypto_util.valid_csr(csr.data):
            raise errors.Error("The provided CSR is not a valid CSR")

        # If both CSR and key are provided, the key must be the same key used
        # in the CSR.
        if csr.data and privkey.pem:
            if not crypto_util.csr_matches_pubkey(
                    csr.data, privkey.pem):
                raise errors.Error("The key and CSR do not match")
github certbot / certbot / letsencrypt / cert_manager.py View on Github external
:param str chain_path: Path to chain certificate

    """
    url, _ = le_util.run_script(
        ["openssl", "x509", "-in", cert_path, "-noout", "-ocsp_uri"])

    url = url.rstrip()
    host = url.partition("://")[2].rstrip("/")
    if not host:
        raise errors.Error(
            "Unable to get OCSP host from cert, url - %s", url)

    # This was a PITA...
    # Thanks to "Bulletproof SSL and TLS - Ivan Ristic" for helping me out
    try:
        output, _ = le_util.run_script(
            ["openssl", "ocsp",
            "-no_nonce", "-header", "Host", host,
            "-issuer", chain_path,
            "-cert", cert_path,
            "-url", url,
            "-CAfile", chain_path])
    except errors.SubprocessError:
        return "(OCSP Failure)"

    return _translate_ocsp_query(cert_path, output)
github certbot / certbot / letsencrypt / client.py View on Github external
def _determine_user_agent(config):
    """
    Set a user_agent string in the config based on the choice of plugins.
    (this wasn't knowable at construction time)

    :returns: the client's User-Agent string
    :rtype: `str`
    """

    if config.user_agent is None:
        ua = "LetsEncryptPythonClient/{0} ({1}) Authenticator/{2} Installer/{3}"
        ua = ua.format(letsencrypt.__version__, " ".join(le_util.get_os_info()),
                       config.authenticator, config.installer)
    else:
        ua = config.user_agent
    return ua
github certbot / certbot / letsencrypt / revoker.py View on Github external
def store_cert_key(cls, cert_path, key_path, config):
        """Store certificate key. (Used to allow quick revocation)

        :param str cert_path: Path to a certificate file.
        :param str key_path: Path to authorized key for certificate

        :ivar config: Configuration.
        :type config: :class:`~letsencrypt.interfaces.IConfig`

        """
        list_path = os.path.join(config.cert_key_backup, "LIST")
        le_util.make_or_verify_dir(config.cert_key_backup, 0o700, os.geteuid())

        cls._catalog_files(
            config.cert_key_backup, cert_path, key_path, list_path)