File manager

File manager - Edit - /usr/local/CyberCP/plogical/__pycache__/sslUtilities.cpython-310.pyc

Back
o ��h��@��s��d�dl�Z�d�dlmZ�d�dlZd�dlZd�dlZd�dlZd�dlm Z �z d�dl mZmZ�W�n��Y�d�dl mZ�G�dd��d�Zd dd �ZdS�)��N)�CyberCPLogFileWriter)�ProcessUtilities)�ChildDomains�Websites�� ACLManagerc��@��s��e�Zd�ZdZdZdZdZdZedd��Z edd ��Z ed d��Zedd ��Zedd��Z edd��Zedd��Zeddd��Zeddd��ZdS�)�sslUtilitiesz/usr/local/lswsz&/usr/local/lsws/conf/dvhost_redis.confr��c�� C��s��z`ddl�m}�ddlm}�t\|�d��D}\|��}\|�\|\|��}\|j�\|j �}\|rL\|j �\|j�}z t j�dt\|��W�n��Y�d\|fW��d��W�S� �W�d��W�dS�1�sYw��Y��W�d�S��tyx�}�zdt\|�fW��Y�d�}~S�d�}~ww�)Nr��)�x509)�default_backend�rbzCovered domains: r ��)r��N)�cryptographyr��cryptography.hazmat.backendsr��open�read�load_pem_x509_certificate� extensions�get_extension_for_class�SubjectAlternativeName�value�get_values_for_type�DNSName�loggingr��writeToFile�str� BaseException) � cert_pathr��r�� cert_file� cert_data�cert� san_extension�san_domains�msg��r$��+/usr/local/CyberCP/plogical/sslUtilities.py�getDomainsCovered��s��(��zsslUtilities.getDomainsCoveredc��C��s��d\|��}t�j�\|�r�dd�l}\|j�\|jjt\|d��}\|� �� d�d��d�}t�j�tj �r=tj�d\|��d\|��d��\|d krDtjS�\|d krdt�\|�\}}\|rdt\|�dkratj�d\|��d��ntjS�\|��d�}dd lm}�\|�\|d�} \|��} \| \| �}t\|j�dkr�\|dkr�tj�d\|��d��tjS�\|dkr�tj�d\|��d��tjS�\|d kr�tj�d\|��d��tjS�tj�d\|��d��tjS�tj�d\|��d��tjS�)N�&/etc/letsencrypt/live/%s/fullchain.pemr��rr ��utf-8zSSL provider for z is �.z(STAGING) Let's Encryptz Let's Encryptz�[CheckIfSSLNeedsToBeIssued] SSL exists for %s and both versions are covered, just need to ensure if SSL is valid for less then 15 days.�ascii)�datetimez %Y%m%d%H%M%SZ��Denialz\[CheckIfSSLNeedsToBeIssued] SSL exists for %s and is not ready to fetch new SSL., skipping..zJ[CheckIfSSLNeedsToBeIssued] Self-signed SSL found, lets issue new SSL for z1[CheckIfSSLNeedsToBeIssued] Custom SSL found for z2[CheckIfSSLNeedsToBeIssued] We will issue SSL for )�os�path�exists�OpenSSL�crypto�load_certificate�FILETYPE_PEMr��r�� get_issuer�get_components�decoder�� debugPathr��r��r��r�� ISSUE_SSLr&��len�get_notAfterr,��strptime�now�int�days� DONT_ISSUE)�virtualHostName�filePathr2��r��SSLProvider�status�domains� expireDatar,�� finalDater>��diffr$��r$��r%��CheckIfSSLNeedsToBeIssued4��sb�� z&sslUtilities.CheckIfSSLNeedsToBeIssuedc�� C��s��zOt�d��}d}\|D�]A}\|�d�dkr\|�d�dkrd}q\|dkr-\|�d�dkr-�W�dS�\|�\|��dkrL\|dkrLdd ��\|�d �D��}\|d�\|�krL�W�dS�qW�d�S��tyl�}�ztj�t\|�d��W�Y�d�}~dS�d�}~ww�)N�&/usr/local/lsws/conf/httpd_config.confr��listener��SSLr ��}c��S��s��g�\|�]}\|r\|�qS�r$��r$��)�.0�_fr$��r$��r%�� <listcomp>��s��z.sslUtilities.checkIfSSLMap.<locals>.<listcomp>� z1 [IO Error with main config file [checkIfSSLMap]]) r�� readlines�find�splitr��r��r��r��r��)rB��data�sslCheck�itemsr#��r$��r$��r%�� checkIfSSLMapp��s��zsslUtilities.checkIfSSLMapc�� C��t��zt�d��}�\|�D�] }\|�d�dkr�W�dS�q W�dS��ty9�}�ztj�t\|�d��t\|�W��Y�d�}~S�d�}~ww�)NrK��zlistener SSLrM��r ��z4 [IO Error with main config file [checkSSLListener]]r��r��rT��rU��r��r��r��r��r��rW��rY��r#��r$��r$��r%��checkSSLListener��zsslUtilities.checkSSLListenerc�� C��r[��)NrK��zlistener SSL IPv6rM��r ��z8 [IO Error with main config file [checkSSLIPv6Listener]]r��r\��r]��r$��r$��r%��checkSSLIPv6Listener��r_��z!sslUtilities.checkSSLIPv6Listenerc�� C��s^��zt��\|��}t��d\|��}d\|\|gW�S��ty.�}�zddt\|��d�gW��Y�d�}~S�d�}~ww�)Nzwww.r ��r��347 � [issueSSLForDomain])�socket� gethostbynamer��r��)rB�� withoutWWW�withWWWr#��r$��r$��r%�� getDNSRecords��s�� zsslUtilities.getDNSRecordsc�� C��s��z\|t�jd�\|��}\|d�}t\|d��}\|�d�dkrzt��tjkr2t\|d�}d}\|�\|��\|� ��n:t\|d�� }t\|d�}d }\|D�]%}\|�d �dkrb\|d kr\\|�\|��\|�d��d}qB\|�\|��qB\|�\|��qB\|� ��d d lm} �\| j� ��W�d�S�W�d�S��ty��} �zd t\| �fW��Y�d�} ~ S�d�} ~ ww�)N� /conf/vhosts/�/vhost.confr(��z/.well-known/acme-challengerM��aa�� context /.well-known/acme-challenge { location /usr/local/lsws/Example/html/.well-known/acme-challenge allowBrowse 1 rewrite { enable 0 } addDefaultCharset off phpIniOverride { } } �wr��zDocumentRoot /home/z^ Alias /.well-known/acme-challenge /usr/local/lsws/Example/html/.well-known/acme-challenge r ��)�installUtilities)r��Server_rootr��r��rU��r��decideServer�OLS�write�closerT��plogicalrl��reStartLiteSpeedr��r��)rB��confPath�completePathToConfigFile� DataVhost�WriteToFile�contentrW��CheckrY��rl��r#��r$��r$��r%��PatchVhostConf��s:�� +��zsslUtilities.PatchVhostConf�example@example.orgc��1�� C��s��zt�jj\|�d�}\|j}W�n�ty(�}�ztj�dt\|��W�Y�d�}~nd�}~ww�t � ��t jk�rjtj d�\|��}\|d�}�zd\|��d�\|��d�}t��dkr�td d �}d}d} d } d\|��d�}d\|��d�}d} d}d}d}d}d}d}d}d\|��d�\|��d�}d}\|�d��\|�\|��\|�\| ��\|�\| ��\|�\|��\|�\|��\|�\| ��\|�\|��\|�\|��\|�\|��\|�\|��\|�\|��\|�\|��\|�\|��\|�\|��\|�\|��\|�d��\|��W�dS�t��dk�rstd d �}d}d} d } d\|��d�}d\|��d�}d} d}d}d}d}d}d}d}d\|��d�\|��d�}d}\|�d��\|�\|��\|�\| ��\|�\| ��\|�\|��\|�\|��\|�\| ��\|�\|��\|�\|��\|�\|��\|�\|��\|�\|��\|�\|��\|�\|��\|�\|��\|�\|��\|�d��\|��W�dS�t�\|��dk�r�td ��}td d�}d}\|D�]-}\|�d�d k�r�\|�d!�d k�r�d}\|dk�r�\|�\|��\|�\|��d}�q�\|�\|��q�\|��t\|d"��}d}\|D�] }\|�d#�d k�r�d}�q�\|dk�rIt\|d �}d$}d%\|��d�}d&\|��d�}d} d}d}d}d}d}d}d}d'}\|�d��\|�\|��\|�\|��\|�\|��\|�\| ��\|�\|��\|�\|��\|�\|��\|�\|��\|�\|��\|�\|��\|�\|��\|�\|��\|�d��\|��W�dS��t�yi�}�ztj�t\|�d(��W�Y�d�}~dS�d�}~ww�tj�tj��s�tj d�\|��}\|d�}t\|d"��}\|D�]}\|�d)�d k�r��dS��q�z�ztjj\|�d�}\|jj}d\|j�d�}W�n)�t�y��}�zt�jj\|�d�}\|j}t�d�\|��}d\|��d�}W�Y�d�}~nd�}~ww�t\|d"��}d+} \|D�]}\|�d,�d k�r�\|�d-�d k�r�\|} �n�q�t\|d �}!d.}"d/}#d0\|��d�}$d1\|��d�}%d2\|�d�}&d3\|�d�\|�d�}'d4\|��d5�\|��d6�}(\|!�\|#��\|!�\|$��\|!�\|%��\|!�\|&��\|!�\|'��\|!�\|��\|!�\|(��\|!�\|"��d7})d8}d9\|��d�}+d:\|��d�},\|!�\|)��\|!�\|��\|!�\|+��\|!�\|,��\|!�\| ��d;}-\|!�\|-��\|!��W�dS��t�y��}�ztj�t\|�d<��W�Y�d�}~dS�d�}~ww�td=\|��d>�� d�}.td=\|��d?�d"�� d�}/d@\|�\|.\|/f�}0tj�dA��tj�\|0��t �!\|0��dS�)BN)�domainz%s [installSSLForDomain:72]rh��ri��z map rS�� r ��rK��rj��zlistener SSL { z address :443 z secure 1 z1 keyFile /etc/letsencrypt/live/z /privkey.pem z1 certFile /etc/letsencrypt/live/z/fullchain.pem z certChain 1 z sslProtocol 24 z enableECDHE 1 z renegProtection 1 z sslSessionCache 1 z enableSpdy 15 z enableStapling 1 z! ocspRespMaxAge 86400 z} zlistener SSL IPv6 { z$ address [ANY]:443 r��rk��rL��rM��rN��r(��vhsslz vhssl { z0 keyFile /etc/letsencrypt/live/z0 certFile /etc/letsencrypt/live/rO��z [installSSLForDomain]]z:443z DocumentRoot �� AddHandler�phpzj <IfModule LiteSpeed> CacheRoot lscache CacheLookup on </IfModule> z <VirtualHost :443> z ServerName z ServerAlias www.z ServerAdmin z SuexecUserGroup z CustomLog /home/z/logs/z.access_log combined z SSLEngine on z SSLVerifyClient none z- SSLCertificateFile /etc/letsencrypt/live/z0 SSLCertificateKeyFile /etc/letsencrypt/live/z</VirtualHost> z [installSSLForDomain]�/etc/letsencrypt/live/�/fullchain.pem�/privkey.pemzredis-cli hmset "ssl:%s" crt "%s" key "%s"zhello world aaa)"r��objects�get� adminEmailr��r��r��r��r��r��rn��ro��r��rm��r^��r�� writelinesrq��r`��rZ��rT��rU��r/��r0��r1�� redisConfr��master�externalAppr��FindDocRootOfSiter��rstrip�executioner)1rB��r��websiter#��rt��ru��map�writeDataToFilerL��address�secure�keyFile�certFile� certChain�sslProtocol�enableECDHE�renegProtection�sslSessionCache� enableSpdy�enableStapling�ocspRespMaxAge�finalrW��rX��rY�� vhsslPresense�writeSSLConfigr~�� chilDomainr��DocumentRoot�docRoot� phpHandler�confFile� cacheRoot�VirtualHost� ServerName�ServerAlias�ServerAdmin�SeexecUserGroup�CustomLogCombined� SSLEngine�SSLVerifyClient�SSLCertificateFile�SSLCertificateKeyFile�VirtualHostEndr ��key�commandr$��r$��r%��installSSLForDomain��s�� l� E� � �� z sslUtilities.installSSLForDomainNc�� C��s��ddl�m}�ddlm}�dd�l}d}t�\|��tjkrndS�dt��}t� \|��t j�d�s5d} t �\| ��d} t �\| ��d \|��} d \| ��} t �\| ��d\|��d\|��}d \|��d\|��}z-tj\|dd�} \| jdkrttj�d\|��d}ntj�dt\| j��d\|��d\| j��W�n �ty��}�ztj�d\|��dt\|��W�Y�d�}~nd�}~ww�z-tj\|dd�} \| jdkr�tj�d\|��d}ntj�dt\| j��d\|��d\| j��W�n �ty��}�ztj�d\|��dt\|��W�Y�d�}~nd�}~ww�d}d}�z0d}d\|\|f�} t�t�\| ��d\|�} t�t�\| ��\|d�u��r�d\|��}t j�\|��s5d\|�} t�t�\| ��z\|d�\|��d�\|��d�\|�d�d �\|�d!�d"�\|�d#�d$�} \|�r1\|�r1tj�\| d��ztj\| d%d%d%d&�}W�n��tj\| tjtjd%d%d'�}Y�\|j}\|j }\|j!dk�r"t j�t j"��r�tj�\|\|��\|d�\|��d�\|��d�\|�d�d �\|�d!�d"�\|�d#�d(�} tj�\| d��ztj\| d%d%d%d&�}W�n��tj\| tjtjd%d%d'�}Y�\|j}\|j }\|j!dk�rt j�t j"��r�tj�\|\|��tj�d)\|��d�\|��d��tj�#\|\|\|d+\|��W�W�dS�tj�\|\|��t�$dd,d,��tj�\|\|��t�$dd,d,��tj�\| d��t�$dd,d,��tj$�y��tj�d-\|��d�\|��d��d-\|��d�\|��}�z\|d�\|��d�\|�d�d �\|�d!�d"�\|�d#�d$�} d.\|\|�f�}\|�r`d.\|\|�f�}tj�d/\|��d��tj�\| ��ztj\| d%d%d%d&�}W�n��tj\| tjtjd%d%d'�}Y�\|j}\|j }\|j!dk�rSt j�t j"��r�tj�\|\|��\|d�\|��d�\|�d�d �\|�d!�d"�\|�d#�d(�} ztj\| d%d%d%d&�}W�n��tj\| tjtjd%d%d'�}Y�\|j}\|j }\|j!dk�r?t j�t j"��r tj�\|\|��tj�d)\|��d��d0\|\|�f�}tj�#\|\|\|d+\|��W�Y�W�dS�tj�\| d��tj�\|\|��W�Y�W�dS�tj�\|\|��W�Y�W�dS�tj�\| d��W�Y�W�dS��tj$�y��tj�d1\|��d��tj�#\|\|d1\|��d+\|��Y�Y�W�dS�w�w�d\|��}t j�\|��s�d\|�} t�t�\| ��zatj�d/\|��d2�\|��d3�\|�d4�\|�d5��\|d�\|��d�\|��d6�\|�d�\|�d�\|�d�d �\|�d!�d"�\|�d#�d(�} t�%t�\| ��&d7�}tj�d)\|��d2�\|��d3�\|�d8�\|�d5��W�W�dS��tj$�y,��tj�d-\|��d2�\|��d3�\|�d8�\|�d5��Y�W�dS�w��t�yJ�}�ztj�t\|�d9��W�Y�d�}~dS�d�}~ww�):Nr��r��)r��r ��zroot@%sz7/usr/local/lsws/Example/html/.well-known/acme-challengez@mkdir -p /usr/local/lsws/Example/html/.well-known/acme-challengez)chmod -R 755 /usr/local/lsws/Example/htmlz8/usr/local/lsws/Example/html/.well-known/acme-challenge/ztouch zhttp://www.z/.well-known/acme-challenge/zhttp://��)�timeout��zStatus Code: 200 for: z Status Code: z for: z . Error: zStatus Code: Unknown for: zStatus Code: Unkown for: z/root/.acme.sh/acme.shz%s --register-account -m %sz(%s --set-default-ca --server letsencryptr��z mkdir -p z --issue -d z -d www.z --cert-file z /cert.pemz --key-file r��z --fullchain-file r��z< -w /usr/local/lsws/Example/html -k ec-256 --force --stagingT)�capture_output�universal_newlines�shell)�stdout�stderrr��r��zG -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencryptzSuccessfully obtained SSL for: z and: www.zSSL Notification for %s.r��zFailed to obtain SSL for: z%s Trying to obtain SSL for: %szTrying to obtain SSL for: z%%s Successfully obtained SSL for: %s.z3Failed to obtain SSL, issuing self-signed SSL for: z, www.z, z and www.�,z -d r)��zand www.z. [Failed to obtain SSL. [obtainSSLForADomain]])'�plogical.aclr��plogical.sslv2r��jsonrJ��r:��rc��gethostnamerz��r/��r0��r1��r��normalExecutionerr��requestsr��status_coder��r��r��r��textr�� subprocess�call�shlexrV��run�PIPEr��r�� returncoder9�� SendEmail�CalledProcessError�check_outputr8��)rB��r��sslpath�aliasDomainr��sslv2r��Status�sender_emailr��CustomVerificationFile�URLFetchPathWWW�URLFetchPathNONWWW�resp� WWWStatusr#��NONWWWStatus�acmePath�existingCertPath�resultr��r�� finalText�CurrentMessage�outputr$��r$��r%��obtainSSLForADomain��s@�� &�� P"��"� �"�� z sslUtilities.obtainSSLForADomain)r{��N)�__name__� __module__�__qualname__rm��r��rA��ISSUE_SELFSIGNEDr:��staticmethodr&��rJ��rZ��r^��r`��rg��rz��r��r��r$��r$��r$��r%��r��s2�� ; 5�yr��c�� C��sn��z�t��\|�\|\|\|�dkrt��\|�\|�dkrddgW�S�ddgW�S�d\|��}d\|��}tj�\|�rjdd�l}\|j�\|jj t \|d��}\|�� d�d��d�}\|d krjt��\|��dkrjtj�d \|��d��dd \|��d�d�gW�S�d \|��d�\|�d�\|�} t�\| �} t�\| ��t��\|��dkr�tj�d\|��d��ddgW�S�ddgW�S��ty��}�zddt\|��d�gW��Y�d�}~S�d�}~ww�)Nr ��Noner��z9210 Failed to install SSL for domain. [issueSSLForDomain]z$/etc/letsencrypt/live/%s/privkey.pemr'��r(��r)��r.��z#We are not able to get new SSL for zU. But there is an existing SSL, it might only be for the main domain (excluding www).rb��zhopenssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=z " -keyout z -out zSelf signed SSL issued for r*��z7Self signed certificate was issued. [issueSSLForDomain]ra��)r��r��r��r/��r0��r1��r2��r3��r4��r5��r��r��r6��r7��r8��r��r��r��r��rV��r��r��r��r��)r\|��r��r��r��pathToStoreSSLPrivKey�pathToStoreSSLFullChainr2��r��rD��r��cmdr#��r$��r$��r%��issueSSLForDomain��s4�� r��r��)r��rr��r��r��r/��r��r��rc��plogical.processUtilitiesr��websiteFunctions.modelsr��r��r��r��r��r��r$��r$��r$��r%��<module>��s&��f

| ver. 1.4 | Github | . | PHP 8.2.28 | Generation time: 0.02 | proxy | phpinfo | Settings