[add] tls-get

readme.md

@@ -26,5 +26,6 @@ Sammlung von Werkzeugen für die Erstellung und Untersuchung von TLS-Zertifikate
 ### Anweisungen
 
 - siehe:
+	- `tls-get -h`
 	- `tls-verify -h`
 

source/get.py

@@ -0,0 +1,144 @@
+import sys as _sys
+import os as _os
+import json as _json
+import pathlib as _pathlib
+import argparse as _argparse
+
+import helpers.file as __file
+	
+
+def main():
+	## args
+	argument_parser = _argparse.ArgumentParser(
+		prog = "tls-get"
+	)
+	argument_parser.add_argument(
+		"-c",
+		"--conf-path",
+		type = str,
+		dest = "conf_path",
+		metavar = "<conf-path>",
+		default = _os.path.join(str(_pathlib.Path.home()), ".tls-get-conf.json"),
+	)
+	argument_parser.add_argument(
+		dest = "domain",
+		metavar = "<domain>",
+		help = "the domain for which the TLS certificate shall be generated"
+	)
+	argument_parser.add_argument(
+		"-t",
+		"--target-directory",
+		dest = "target_directory",
+		type = str,
+		metavar = "<target-directory>",
+		default = "/etc/ssl",
+	)
+	argument_parser.add_argument(
+		"-x",
+		"--challenge-prefix",
+		dest = "challenge_prefix",
+		type = str,
+		metavar = "<challenge-prefix>",
+		default = "_acme-challenge",
+		help = "which subdomain to use for ACME challanges",
+	)
+	argument_parser.add_argument(
+		"-f",
+		"--force",
+		dest = "force",
+		action = "store_true",
+		default = False,
+		help = "whether to force the certificate renewal",
+	)
+	argument_parser.add_argument(
+		"-w",
+		"--delay",
+		dest = "delay",
+		type = float,
+		default = 60.0,
+		metavar = "<delay>",
+		help = "seconds to wait at end of certbot auth hook",
+	)
+	argument_parser.add_argument(
+		"-q",
+		"--dry-run",
+		dest = "dry_run",
+		action = "store_true",
+		default = False,
+		help = "whether to only print the command on stdout instead of executing it",
+	)
+	args = argument_parser.parse_args()
+	
+	## vars
+	conf = _json.loads(__file.read(args.conf_path))
+	le_dir = "/etc/letsencrypt/live"
+	
+	## exec
+	command_certbot = " ".join(
+		[
+			"certbot",
+			"certonly",
+			("--email='%s'" % conf["acme_account"]["email"]),
+			# ("--work-dir='%s'" % conf["misc"]["working_directory"]),
+			"--preferred-challenges='dns'",
+			"--non-interactive",
+			"--agree-tos",
+			("--domain='%s'" % args.domain),
+		]
+		+
+		(
+			["--force-renewal"]
+			if args.force else
+			[]
+		)
+		+
+		[
+			"--manual",
+			(
+				"--manual-auth-hook='%s'"
+				% " ".join(
+					[
+						"/usr/local/bin/inwx",
+						("--username=\"%s\"" % conf["inwx_account"]["username"]),
+						("--password=\"%s\"" % conf["inwx_account"]["password"]),
+						"certbot-hook",
+						("--delay=%.4f" % args.delay),
+					]
+				)
+			),
+			(
+				"--post-hook='%s'"
+				% " ".join(
+					[
+						"/usr/local/bin/inwx",
+						("--username=\"%s\"" % conf["inwx_account"]["username"]),
+						("--password=\"%s\"" % conf["inwx_account"]["password"]),
+						"delete",
+						("--domain=\"%s\"" % (args.challenge_prefix + "." + args.domain)),
+						("--type=\"TXT\""),
+					]
+				)
+			),
+		]
+	)
+	if (args.dry_run):
+		_sys.stdout.write(command_certbot + "\n")
+	else:
+		_os.system(command_certbot)
+		subjects = [
+			{"source_name": "privkey", "target_directory": "private"},
+			{"source_name": "cert", "target_directory": "certs"},
+			{"source_name": "chain", "target_directory": "chains"},
+			{"source_name": "fullchain", "target_directory": "fullchains"},
+		]
+		for subject in subjects:
+			_os.system(
+				"mkdir --parents %s && cp --dereference %s %s"
+				% (
+					_os.path.join(args.target_directory, subject["target_directory"]),
+					_os.path.join(le_dir, args.domain, "%s.pem" % subject["source_name"]),
+					_os.path.join(args.target_directory, subject["target_directory"], "%s.pem" % args.domain),
+				)
+			)
+	
+

source/helpers/file.py

@@ -0,0 +1,7 @@
+def file_read(path):
+	handle = open(path, "r")
+	content = handle.read()
+	handle.close()
+	return content
+	
+

tools/build

@@ -2,35 +2,56 @@
 
 ## consts
 
-dir_source="source"
+dir_source=source
-dir_temp="/tmp/tls-utils-temp"
+dir_temp=/tmp/tls-utils-temp
-dir_build="/tmp/tls-utils"
+dir_build=/tmp/tls-utils
-
-
-## vars
-
-path_verify=${dir_build}/tls-verify
 
 
 ## exec
 
-### exec:verify
+### exec:get
+
+echo "-- get …"
+
+path_app=${dir_build}/tls-get
 
 rm ${dir_temp} --force --recursive
 mkdir ${dir_temp} --parents
-cp ${dir_source}/. ${dir_temp}/ --recursive --update --verbose
+cp ${dir_source}/. ${dir_temp}/ --recursive --update
+for dir in $(find ${dir_temp} -mindepth 1 -type d) ; do touch ${dir}/__init__.py ; done
+echo '' > ${dir_temp}/__main__.py
+echo 'from get import *' >> ${dir_temp}/__main__.py
+echo 'if __name__ == "__main__": main()' >> ${dir_temp}/__main__.py
+
+mkdir ${dir_build} --parents
+# rm ${path_app}.zip --force
+cd ${dir_temp} && python3 -m zipfile -c ${path_app}.zip . ; cd - > /dev/null
+echo '#!/usr/bin/env python3' > ${path_app}
+cat ${path_app}.zip >> ${path_app}
+rm ${path_app}.zip
+chmod +x ${path_app}
+
+
+### exec:verify
+
+echo "-- verify …"
+
+path_app=${dir_build}/tls-verify
+
+rm ${dir_temp} --force --recursive
+mkdir ${dir_temp} --parents
+cp ${dir_source}/. ${dir_temp}/ --recursive --update
 for dir in $(find ${dir_temp} -mindepth 1 -type d) ; do touch ${dir}/__init__.py ; done
 echo '' > ${dir_temp}/__main__.py
 echo 'from verify import *' >> ${dir_temp}/__main__.py
 echo 'if __name__ == "__main__": main()' >> ${dir_temp}/__main__.py
 
 mkdir ${dir_build} --parents
-# rm ${path_verify}.zip --force
+# rm ${path_app}.zip --force
-cd ${dir_temp}
+cd ${dir_temp} && python3 -m zipfile -c ${path_app}.zip . ; cd - > /dev/null
-python3 -m zipfile -c ${path_verify}.zip .
+echo '#!/usr/bin/env python3' > ${path_app}
-cd -
+cat ${path_app}.zip >> ${path_app}
-echo '#!/usr/bin/env python3' > ${path_verify}
+rm ${path_app}.zip
-cat ${path_verify}.zip >> ${path_verify}
+chmod +x ${path_app}
-rm ${path_verify}.zip
+
-chmod +x ${path_verify}