Home Explore Help
Sign In
Hoshpak
/
acme-updater
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

implement and document the ejabberd module

Helmut Pozimski 7 years ago
parent
0110e1b23f
commit
cfd0ce7357
6 changed files with 67 additions and 5 deletions
Split View Show Diff Stats
  1. 9 0
      README.md
  2. 0 2
      amulib/dovecot.py
  3. 43 0
      amulib/ejabberd.py
  4. 7 0
      amulib/main.py
  5. 2 3
      amulib/service.py
  6. 6 0
      example/config.json

+ 9 - 0
README.md
View File 

@@ -69,6 +69,15 @@ This module accepts the following configuration parameters:
 
 * tlsa: whether to write tlsa records for the domain
 
 * tlsa_ports: ports that should receive a TLSA record
 
 
+### ejabberd
 
+
 
+This module accepts the following configuration parameters:
 
+
 
+* certificate_path: path of the certificate file (public key and chain)
 
+* key_path: path of the private key file
 
+* tlsa: whether to write tlsa records for the domain
 
+* tlsa_ports: ports that should receive a TLSA record
 
+
 
 ## INSTALLATION
 
 
 Use the setup.py to perform the installation, this requires the setuptools module.

+ 0 - 2
amulib/dovecot.py
View File 

@@ -19,8 +19,6 @@
 
 mail server.
 
 """
 
 
-import socket
 
-
 
 from amulib import service

+ 43 - 0
amulib/ejabberd.py
View File 

@@ -0,0 +1,43 @@
 
+#   This file is part of acme-updater, written by Helmut Pozimski 2016-2017.
 
+#
 
+#   stov is free software: you can redistribute it and/or modify
 
+#   it under the terms of the GNU General Public License as published by
 
+#   the Free Software Foundation, version 2 of the License.
 
+#
 
+#   stov is distributed in the hope that it will be useful,
 
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
 
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 
+#   GNU General Public License for more details.
 
+#
 
+#   You should have received a copy of the GNU General Public License
 
+#   along with stov.  If not, see <http://www.gnu.org/licenses/>.
 
+
 
+
 
+# -*- coding: utf8 -*-
 
+
 
+""" Contains the postfix module which manages certificates for the ejabberd
 
+ server.
 
+"""
 
+
 
+from amulib import service
 
+
 
+
 
+def run(config=None, acme_dir="/var/lib/acme",
 
+        named_key_path="/run/named/session.key"):
 
+    """ manages the certificates for dovecot
 
+
 
+       :param config: configuration for the service
 
+       :type config: dict
 
+       :param acme_dir: path to the acme state dir
 
+       :type acme_dir: str
 
+       :param named_key_path: path to the named session.key
 
+       :type named_key_path: str
 
+       """
 
+    if not config:
 
+        config = {
 
+            "certificate_path": "/etc/ejabberd/ejabberd.pem",
 
+            "key_path": "/etc/ejabberd/ejabberd.pem",
 
+            "tlsa": True,
 
+            "tlsa_ports": [5222, 5269]
 
+        }
 
+    service.run("ejabberd", config, acme_dir, named_key_path)

+ 7 - 0
amulib/main.py
View File 

@@ -28,6 +28,7 @@ from amulib.helpers import get_log_level
 
 from amulib import apache
 
 from amulib import postfix
 
 from amulib import dovecot
 
+from amulib import ejabberd
 
 
 
 def main():
 
@@ -84,3 +85,9 @@ def main():
 
                         config["named_key_path"])
 
         else:
 
             dovecot.run()
 
+    if args.ejabberd:
 
+        if config:
 
+            ejabberd.run(config["postifx"], config["acme_dir"],
 
+                         config["named_key_path"])
 
+        else:
 
+            ejabberd.run()

+ 2 - 3
amulib/service.py
View File 

@@ -22,7 +22,6 @@ needs to at least contain the keys "certificate_path", "key_path",
 
 """
 
 
 import logging
 
-import socket
 
 import os
 
 import subprocess
 
 import shutil
 
@@ -46,11 +45,11 @@ def run(service_name, config, acme_dir="/var/lib/acme",
 
     :param named_key_path: path to the named session.key
 
     :type named_key_path: str
 
     """
 
-    fqdn = socket.getfqdn()
 
     certificate_path = config["certificate_path"]
 
     key_path = config["key_path"]
 
     tlsa = config["tlsa"]
 
     tlsa_ports = config["tlsa_ports"]
 
+    renewal_successful = False
 
     try:
 
         with open(certificate_path, "r") as cert_file:
 
             cert_text = cert_file.read()
 
@@ -60,6 +59,7 @@ def run(service_name, config, acme_dir="/var/lib/acme",
 
         current_cert = OpenSSL.crypto.load_certificate(
 
             OpenSSL.crypto.FILETYPE_PEM, cert_text
 
         )
 
+        fqdn = current_cert.get_subject().CN
 
         acme_cert_path = os.path.join(acme_dir, "live", fqdn,
 
                                       "cert")
 
         acme_fullchain_path = os.path.join(acme_dir, "live", fqdn,
 
@@ -81,7 +81,6 @@ def run(service_name, config, acme_dir="/var/lib/acme",
 
                                                     named_key_path)
 
                 newkey_path = os.path.join(acme_dir, "live",
 
                                            fqdn, "privkey")
 
-                renewal_successful = False
 
                 if certificate_path == key_path:
 
                     if helpers.create_backup_copy(certificate_path):
 
                         try:

+ 6 - 0
example/config.json
View File 

@@ -19,5 +19,11 @@
 
     "key_path": "/usr/share/ssl/private/dovecot.pem",
 
     "tlsa": true,
 
     "tlsa_ports": [993, 995]
 
+  },
 
+    "ejabberd": {
 
+    "certificate_path": "/etc/ejabberd/ejabberd.pem",
 
+    "key_path": "/etc/ejabberd/ejabberd.pem",
 
+    "tlsa": true,
 
+    "tlsa_ports": [5269, 5222]
 
   }
 
 }