diff options
| author | crupest <crupest@outlook.com> | 2022-11-27 11:43:19 +0800 |
|---|---|---|
| committer | crupest <crupest@outlook.com> | 2022-11-27 11:43:19 +0800 |
| commit | 39b8d121b4867c667194369f17946be8ebb06e8b (patch) | |
| tree | bca3f19b557d9b9120d8f482fe20b511aa21f0e0 | |
| parent | 3be4d089dca831ec5e79eb457100a967b8a20398 (diff) | |
| download | crupest-39b8d121b4867c667194369f17946be8ebb06e8b.tar.gz crupest-39b8d121b4867c667194369f17946be8ebb06e8b.tar.bz2 crupest-39b8d121b4867c667194369f17946be8ebb06e8b.zip | |
Add basic function for checking ssl certs.
| -rw-r--r-- | requirements.txt | 1 | ||||
| -rwxr-xr-x | tool/aio.py | 7 | ||||
| -rwxr-xr-x | tool/modules/nginx.py | 27 |
3 files changed, 34 insertions, 1 deletions
diff --git a/requirements.txt b/requirements.txt index 11c8a40..2fb5657 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,2 +1,3 @@ rich jsonschema +cryptography diff --git a/tool/aio.py b/tool/aio.py index 4327e95..9d14e5f 100755 --- a/tool/aio.py +++ b/tool/aio.py @@ -3,6 +3,7 @@ try: import rich import jsonschema + import cryptography except ImportError: print("Some necessary modules can't be imported. Please run `pip install -r requirements.txt` to install them.") exit(1) @@ -512,6 +513,12 @@ if os.path.isdir(data_dir): "Looks like you haven't run certbot to get the init ssl certificates. You may want to run following code to get one:", style="cyan") console.print(certbot_command_gen(domain, "create"), soft_wrap=True, highlight=False) + else: + to_check = Confirm.ask( + "I want to check your ssl certs, but I need to sudo. Do you want me check", console=console, default=False) + if to_check: + get_cert_path(check_domain_is_defined()) + # TODO: Do the check! if not os.path.exists(os.path.join(data_dir, "code-server")): os.mkdir(os.path.join(data_dir, "code-server")) diff --git a/tool/modules/nginx.py b/tool/modules/nginx.py index 08c8e1d..9c51d66 100755 --- a/tool/modules/nginx.py +++ b/tool/modules/nginx.py @@ -1,12 +1,15 @@ #!/usr/bin/env python3 from .template import Template -from .path import project_abs_path, nginx_template_dir +from .path import * import json import jsonschema import os import os.path import shutil +from cryptography.x509 import * +from cryptography.x509.oid import ExtensionOID + with open(os.path.join(nginx_template_dir, 'server.json')) as f: server = json.load(f) @@ -141,3 +144,25 @@ def nginx_config_dir_check(dir_path: str, domain: str) -> list: if basename not in good_files: bad_files.append(basename) return bad_files + + +def get_cert_path(root_domain): + return os.path.join(data_dir, "certbot", "certs", "live", root_domain, "fullchain.pem") + + +def get_cert_domains(cert_path, root_domain): + + if not os.path.exists(cert_path): + return None + + if not os.path.isfile(cert_path): + return None + + with open(cert_path, 'rb') as f: + cert = load_pem_x509_certificate(f.read()) + ext = cert.extensions.get_extension_for_oid( + ExtensionOID.SUBJECT_ALTERNATIVE_NAME) + domains: list = ext.value.get_values_for_type(DNSName) + domains.remove(root_domain) + domains = [root_domain, *domains] + return domains |