From 9973120b3175e3f59410c4cdb588ed876c181891 Mon Sep 17 00:00:00 2001
From: jigen <jigen@metalabs.org>
Date: Tue, 12 Jun 2018 19:52:54 +0200
Subject: [PATCH] Added options for mbox and smtp

---
 OTcerts.py | 65 +++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 64 insertions(+), 1 deletion(-)

diff --git a/OTcerts.py b/OTcerts.py
index 745d355..271efd9 100644
--- a/OTcerts.py
+++ b/OTcerts.py
@@ -7,6 +7,14 @@ import configparser
 import logging
 import mysql.connector
 
+
+# Query for IMAP/POP3 certificate
+mbox_list_stmt = "SELECT DISTINCT(name) FROM records WHERE content in ({}) and (name LIKE 'imap.%' or name LIKE 'pop3.%' or name LIKE 'mail.%')"
+
+# Query for SMTP certificate  
+smtp_list_stmt = "SELECT DISTINCT(name) FROM records WHERE content in ({}) and (name LIKE 'smtp.%' or name LIKE 'mail.%')"
+ 
+
 # Get list of defined domains in vhosts configuration database
 domains_list_stmt = """SELECT DISTINCT(SUBSTRING_INDEX(urls.dns_name, '.', -2)) AS domain_names 
 FROM urls INNER JOIN (hosts_urls, hosts, vhosts_features, vhosts) 
@@ -47,6 +55,10 @@ def init_prog(argv):
                         help="Richiedi i certificati per i siti in hosting")
     parser.add_argument("--webmail", default=False, action='store_true', required=False,
                         help="Richiedi i certificati per le webmail")
+    parser.add_argument("--smtp", default=False, action='store_true', required=False,
+                        help="Richiedi i certificati per il server SMTP")
+    parser.add_argument("--mbox", default=False, action='store_true', required=False,
+                        help="Richiedi i certificati per il server POP/IMAP")
     parser.add_argument("--renew", default=False, action='store_true', required=False,
                         help="Invoca solamente il renew per i certificati gia' presenti")
     args = parser.parse_args()
@@ -130,6 +142,24 @@ def get_domain_list(config,  ot_conn, dns_conn):
     ot_cursor.close()
     return result_dict
 
+def  get_alias_list(config, dns_conn, query, aliases):
+    """
+    Return a list of domains to get the certificate for
+
+    """
+    result_list = list()
+    
+    dns_cursor=dns_conn.cursor()
+    try:
+        dns_cursor.execute(query, aliases)
+    except Exception as e:
+        logger.error(e)
+        exit(-1)
+    dns_res = dns_cursor.fetchall()
+    result_list = [name[0].decode('utf-8') for name in dns_res]
+    dns_cursor.close()
+    return result_list
+
 
 def acme_request(config, domain_name, acme_test='DNS-01', dryrun=False, domains_list=None):
 
@@ -193,7 +223,7 @@ if __name__ == '__main__':
     dns_conn=connect_db(dict(config['dns_db']))
 
     if  dryrun:
-        print("DRYRUN, nessuna operazione verra' eseguita realmente")
+        print("DRYRUN, nessun certificato verra' richiesto, nessun link/file creato o modificato")
 
     
     # Caso speciale per le webmail
@@ -206,6 +236,39 @@ if __name__ == '__main__':
         else:
             logger.error('Error asking certificate for {}'.format(vhost_name))
 
+    # Caso speciale per il server POP/IMAP
+    if args.mbox:
+        logging.info('Asking certificates for POP/IMAP server')
+        vhost_name = config['mail']['mbox_vhost'].strip()
+        server_addresses = [s.strip() for s in config['mail']['mbox_server_addresses'].split(',') if len(s.strip())>0]
+        mbox_fmt = ','.join(['%s'] * len(server_addresses))
+        mbox_query = mbox_list_stmt.format(mbox_fmt)
+        alias_list = get_alias_list(config, dns_conn, mbox_query, server_addresses)
+        # Per usi futuri, aggiungo l'alias 'mail.indivia.net'
+        alias_list.append('mail.indivia.net')
+        if acme_request(config, vhost_name, acme_test='HTTP-01', dryrun=dryrun, domains_list=alias_list):           
+            # non e' richiesto il link, punto direttamente le configurazioni alle dir di letsencrypt
+            # link_cert(config, vhost_name, vhost_name, dryrun=dryrun)
+            pass
+        else:
+            logger.error('Error asking certificate for {}'.format(vhost_name))
+
+    # Caso speciale per il server SMTP
+    if args.smtp:
+        logging.info('Asking certificates for SMTP server')
+        vhost_name = config['mail']['smtp_vhost'].strip()
+        server_addresses = [s.strip() for s in config['mail']['smtp_server_addresses'].split(',') if len(s.strip())>0]
+        smtp_fmt = ','.join(['%s'] * len(server_addresses))
+        smtp_query = smtp_list_stmt.format(smtp_fmt)
+        alias_list = get_alias_list(config, dns_conn, smtp_query, server_addresses)
+        if acme_request(config, vhost_name, acme_test='HTTP-01', dryrun=dryrun, domains_list=alias_list):
+            # non e' richiesto il link, punto direttamente le configurazioni alle dir di letsencrypt
+            # link_cert(config, vhost_name, vhost_name, dryrun=dryrun)
+            pass
+        else:
+            logger.error('Error asking certificate for {}'.format(vhost_name))
+             
+    # Caso speciale per l'hosting 
     if args.hosting:
         logging.info('Asking certificates for hosted web domains')
         # Subdomains da escludere