From 42b127cc77d37a2c014ba019322a46d693648245 Mon Sep 17 00:00:00 2001 From: Fenris Wolf Date: Fri, 3 Apr 2026 01:19:04 +0200 Subject: [PATCH] [add] tls-get --- readme.md | 1 + source/get.py | 144 +++++++++++++++++++++++++++++++++++++++++ source/helpers/file.py | 7 ++ tools/build | 57 ++++++++++------ 4 files changed, 191 insertions(+), 18 deletions(-) create mode 100644 source/get.py create mode 100644 source/helpers/file.py diff --git a/readme.md b/readme.md index eb87b37..ad5210c 100644 --- a/readme.md +++ b/readme.md @@ -26,5 +26,6 @@ Sammlung von Werkzeugen für die Erstellung und Untersuchung von TLS-Zertifikate ### Anweisungen - siehe: + - `tls-get -h` - `tls-verify -h` diff --git a/source/get.py b/source/get.py new file mode 100644 index 0000000..0ceb0a3 --- /dev/null +++ b/source/get.py @@ -0,0 +1,144 @@ +import sys as _sys +import os as _os +import json as _json +import pathlib as _pathlib +import argparse as _argparse + +import helpers.file as __file + + +def main(): + ## args + argument_parser = _argparse.ArgumentParser( + prog = "tls-get" + ) + argument_parser.add_argument( + "-c", + "--conf-path", + type = str, + dest = "conf_path", + metavar = "", + default = _os.path.join(str(_pathlib.Path.home()), ".tls-get-conf.json"), + ) + argument_parser.add_argument( + dest = "domain", + metavar = "", + help = "the domain for which the TLS certificate shall be generated" + ) + argument_parser.add_argument( + "-t", + "--target-directory", + dest = "target_directory", + type = str, + metavar = "", + default = "/etc/ssl", + ) + argument_parser.add_argument( + "-x", + "--challenge-prefix", + dest = "challenge_prefix", + type = str, + metavar = "", + default = "_acme-challenge", + help = "which subdomain to use for ACME challanges", + ) + argument_parser.add_argument( + "-f", + "--force", + dest = "force", + action = "store_true", + default = False, + help = "whether to force the certificate renewal", + ) + argument_parser.add_argument( + "-w", + "--delay", + dest = "delay", + type = float, + default = 60.0, + metavar = "", + help = "seconds to wait at end of certbot auth hook", + ) + argument_parser.add_argument( + "-q", + "--dry-run", + dest = "dry_run", + action = "store_true", + default = False, + help = "whether to only print the command on stdout instead of executing it", + ) + args = argument_parser.parse_args() + + ## vars + conf = _json.loads(__file.read(args.conf_path)) + le_dir = "/etc/letsencrypt/live" + + ## exec + command_certbot = " ".join( + [ + "certbot", + "certonly", + ("--email='%s'" % conf["acme_account"]["email"]), + # ("--work-dir='%s'" % conf["misc"]["working_directory"]), + "--preferred-challenges='dns'", + "--non-interactive", + "--agree-tos", + ("--domain='%s'" % args.domain), + ] + + + ( + ["--force-renewal"] + if args.force else + [] + ) + + + [ + "--manual", + ( + "--manual-auth-hook='%s'" + % " ".join( + [ + "/usr/local/bin/inwx", + ("--username=\"%s\"" % conf["inwx_account"]["username"]), + ("--password=\"%s\"" % conf["inwx_account"]["password"]), + "certbot-hook", + ("--delay=%.4f" % args.delay), + ] + ) + ), + ( + "--post-hook='%s'" + % " ".join( + [ + "/usr/local/bin/inwx", + ("--username=\"%s\"" % conf["inwx_account"]["username"]), + ("--password=\"%s\"" % conf["inwx_account"]["password"]), + "delete", + ("--domain=\"%s\"" % (args.challenge_prefix + "." + args.domain)), + ("--type=\"TXT\""), + ] + ) + ), + ] + ) + if (args.dry_run): + _sys.stdout.write(command_certbot + "\n") + else: + _os.system(command_certbot) + subjects = [ + {"source_name": "privkey", "target_directory": "private"}, + {"source_name": "cert", "target_directory": "certs"}, + {"source_name": "chain", "target_directory": "chains"}, + {"source_name": "fullchain", "target_directory": "fullchains"}, + ] + for subject in subjects: + _os.system( + "mkdir --parents %s && cp --dereference %s %s" + % ( + _os.path.join(args.target_directory, subject["target_directory"]), + _os.path.join(le_dir, args.domain, "%s.pem" % subject["source_name"]), + _os.path.join(args.target_directory, subject["target_directory"], "%s.pem" % args.domain), + ) + ) + + diff --git a/source/helpers/file.py b/source/helpers/file.py new file mode 100644 index 0000000..0023145 --- /dev/null +++ b/source/helpers/file.py @@ -0,0 +1,7 @@ +def file_read(path): + handle = open(path, "r") + content = handle.read() + handle.close() + return content + + diff --git a/tools/build b/tools/build index bea6dca..144dbfa 100755 --- a/tools/build +++ b/tools/build @@ -2,35 +2,56 @@ ## consts -dir_source="source" -dir_temp="/tmp/tls-utils-temp" -dir_build="/tmp/tls-utils" - - -## vars - -path_verify=${dir_build}/tls-verify +dir_source=source +dir_temp=/tmp/tls-utils-temp +dir_build=/tmp/tls-utils ## exec -### exec:verify +### exec:get + +echo "-- get …" + +path_app=${dir_build}/tls-get rm ${dir_temp} --force --recursive mkdir ${dir_temp} --parents -cp ${dir_source}/. ${dir_temp}/ --recursive --update --verbose +cp ${dir_source}/. ${dir_temp}/ --recursive --update +for dir in $(find ${dir_temp} -mindepth 1 -type d) ; do touch ${dir}/__init__.py ; done +echo '' > ${dir_temp}/__main__.py +echo 'from get import *' >> ${dir_temp}/__main__.py +echo 'if __name__ == "__main__": main()' >> ${dir_temp}/__main__.py + +mkdir ${dir_build} --parents +# rm ${path_app}.zip --force +cd ${dir_temp} && python3 -m zipfile -c ${path_app}.zip . ; cd - > /dev/null +echo '#!/usr/bin/env python3' > ${path_app} +cat ${path_app}.zip >> ${path_app} +rm ${path_app}.zip +chmod +x ${path_app} + + +### exec:verify + +echo "-- verify …" + +path_app=${dir_build}/tls-verify + +rm ${dir_temp} --force --recursive +mkdir ${dir_temp} --parents +cp ${dir_source}/. ${dir_temp}/ --recursive --update for dir in $(find ${dir_temp} -mindepth 1 -type d) ; do touch ${dir}/__init__.py ; done echo '' > ${dir_temp}/__main__.py echo 'from verify import *' >> ${dir_temp}/__main__.py echo 'if __name__ == "__main__": main()' >> ${dir_temp}/__main__.py mkdir ${dir_build} --parents -# rm ${path_verify}.zip --force -cd ${dir_temp} -python3 -m zipfile -c ${path_verify}.zip . -cd - -echo '#!/usr/bin/env python3' > ${path_verify} -cat ${path_verify}.zip >> ${path_verify} -rm ${path_verify}.zip -chmod +x ${path_verify} +# rm ${path_app}.zip --force +cd ${dir_temp} && python3 -m zipfile -c ${path_app}.zip . ; cd - > /dev/null +echo '#!/usr/bin/env python3' > ${path_app} +cat ${path_app}.zip >> ${path_app} +rm ${path_app}.zip +chmod +x ${path_app} +