Home Explore Help
Register Sign In
iNDivia.net
/
otcerts
7
0
Fork 0
Files Issues 1 Pull Requests 0 Wiki
Browse Source

Added options for mbox and smtp

jigen 5 years ago
parent
7b19268abc
commit
9973120b31
1 changed files with 64 additions and 1 deletions
Split View Show Diff Stats
  1. 64 1
      OTcerts.py

+ 64 - 1
OTcerts.py
View File 

@@ -7,6 +7,14 @@ import configparser
 
 import logging
 
 import mysql.connector
 
 
+
 
+# Query for IMAP/POP3 certificate
 
+mbox_list_stmt = "SELECT DISTINCT(name) FROM records WHERE content in ({}) and (name LIKE 'imap.%' or name LIKE 'pop3.%' or name LIKE 'mail.%')"
 
+
 
+# Query for SMTP certificate  
+smtp_list_stmt = "SELECT DISTINCT(name) FROM records WHERE content in ({}) and (name LIKE 'smtp.%' or name LIKE 'mail.%')"
 
+ 
+
 
 # Get list of defined domains in vhosts configuration database
 
 domains_list_stmt = """SELECT DISTINCT(SUBSTRING_INDEX(urls.dns_name, '.', -2)) AS domain_names 
 FROM urls INNER JOIN (hosts_urls, hosts, vhosts_features, vhosts) 
@@ -47,6 +55,10 @@ def init_prog(argv):
 
                         help="Richiedi i certificati per i siti in hosting")
 
     parser.add_argument("--webmail", default=False, action='store_true', required=False,
 
                         help="Richiedi i certificati per le webmail")
 
+    parser.add_argument("--smtp", default=False, action='store_true', required=False,
 
+                        help="Richiedi i certificati per il server SMTP")
 
+    parser.add_argument("--mbox", default=False, action='store_true', required=False,
 
+                        help="Richiedi i certificati per il server POP/IMAP")
 
     parser.add_argument("--renew", default=False, action='store_true', required=False,
 
                         help="Invoca solamente il renew per i certificati gia' presenti")
 
     args = parser.parse_args()
 
@@ -130,6 +142,24 @@ def get_domain_list(config,  ot_conn, dns_conn):
 
     ot_cursor.close()
 
     return result_dict
 
 
+def  get_alias_list(config, dns_conn, query, aliases):
 
+    """
 
+    Return a list of domains to get the certificate for
 
+
 
+    """
 
+    result_list = list()
 
+    
+    dns_cursor=dns_conn.cursor()
 
+    try:
 
+        dns_cursor.execute(query, aliases)
 
+    except Exception as e:
 
+        logger.error(e)
 
+        exit(-1)
 
+    dns_res = dns_cursor.fetchall()
 
+    result_list = [name[0].decode('utf-8') for name in dns_res]
 
+    dns_cursor.close()
 
+    return result_list
 
+
 
 
 def acme_request(config, domain_name, acme_test='DNS-01', dryrun=False, domains_list=None):
 
 
@@ -193,7 +223,7 @@ if __name__ == '__main__':
 
     dns_conn=connect_db(dict(config['dns_db']))
 
 
     if  dryrun:
 
-        print("DRYRUN, nessuna operazione verra' eseguita realmente")
 
+        print("DRYRUN, nessun certificato verra' richiesto, nessun link/file creato o modificato")
 
 
     
     # Caso speciale per le webmail
 
@@ -206,6 +236,39 @@ if __name__ == '__main__':
 
         else:
 
             logger.error('Error asking certificate for {}'.format(vhost_name))
 
 
+    # Caso speciale per il server POP/IMAP
 
+    if args.mbox:
 
+        logging.info('Asking certificates for POP/IMAP server')
 
+        vhost_name = config['mail']['mbox_vhost'].strip()
 
+        server_addresses = [s.strip() for s in config['mail']['mbox_server_addresses'].split(',') if len(s.strip())>0]
 
+        mbox_fmt = ','.join(['%s'] * len(server_addresses))
 
+        mbox_query = mbox_list_stmt.format(mbox_fmt)
 
+        alias_list = get_alias_list(config, dns_conn, mbox_query, server_addresses)
 
+        # Per usi futuri, aggiungo l'alias 'mail.indivia.net'
 
+        alias_list.append('mail.indivia.net')
 
+        if acme_request(config, vhost_name, acme_test='HTTP-01', dryrun=dryrun, domains_list=alias_list):           
+            # non e' richiesto il link, punto direttamente le configurazioni alle dir di letsencrypt
 
+            # link_cert(config, vhost_name, vhost_name, dryrun=dryrun)
 
+            pass
 
+        else:
 
+            logger.error('Error asking certificate for {}'.format(vhost_name))
 
+
 
+    # Caso speciale per il server SMTP
 
+    if args.smtp:
 
+        logging.info('Asking certificates for SMTP server')
 
+        vhost_name = config['mail']['smtp_vhost'].strip()
 
+        server_addresses = [s.strip() for s in config['mail']['smtp_server_addresses'].split(',') if len(s.strip())>0]
 
+        smtp_fmt = ','.join(['%s'] * len(server_addresses))
 
+        smtp_query = smtp_list_stmt.format(smtp_fmt)
 
+        alias_list = get_alias_list(config, dns_conn, smtp_query, server_addresses)
 
+        if acme_request(config, vhost_name, acme_test='HTTP-01', dryrun=dryrun, domains_list=alias_list):
 
+            # non e' richiesto il link, punto direttamente le configurazioni alle dir di letsencrypt
 
+            # link_cert(config, vhost_name, vhost_name, dryrun=dryrun)
 
+            pass
 
+        else:
 
+            logger.error('Error asking certificate for {}'.format(vhost_name))
 
+             
+    # Caso speciale per l'hosting 
     if args.hosting:
 
         logging.info('Asking certificates for hosted web domains')
 
         # Subdomains da escludere