2017-10-24 19:16:36 +05:00
|
|
|
import CyberCPLogFileWriter as logging
|
|
|
|
|
import os
|
|
|
|
|
import shlex
|
|
|
|
|
import subprocess
|
2017-12-09 22:30:10 +05:00
|
|
|
import socket
|
2018-11-09 22:01:28 +05:00
|
|
|
from plogical.processUtilities import ProcessUtilities
|
|
|
|
|
from websiteFunctions.models import ChildDomains, Websites
|
2017-10-24 19:16:36 +05:00
|
|
|
|
|
|
|
|
class sslUtilities:
|
|
|
|
|
|
2017-12-09 22:30:10 +05:00
|
|
|
Server_root = "/usr/local/lsws"
|
|
|
|
|
|
2018-05-08 21:25:37 +05:00
|
|
|
@staticmethod
|
|
|
|
|
def checkIfSSLMap(virtualHostName):
|
|
|
|
|
try:
|
|
|
|
|
data = open("/usr/local/lsws/conf/httpd_config.conf").readlines()
|
|
|
|
|
|
|
|
|
|
sslCheck = 0
|
|
|
|
|
|
|
|
|
|
for items in data:
|
2018-05-12 02:21:42 +05:00
|
|
|
if items.find("listener") >-1 and items.find("SSL") > -1:
|
2018-05-08 21:25:37 +05:00
|
|
|
sslCheck = 1
|
|
|
|
|
continue
|
|
|
|
|
if sslCheck == 1:
|
|
|
|
|
if items.find("}") > -1:
|
|
|
|
|
return 0
|
|
|
|
|
if items.find(virtualHostName) > -1 and sslCheck == 1:
|
|
|
|
|
data = filter(None, items.split(" "))
|
|
|
|
|
if data[1] == virtualHostName:
|
|
|
|
|
return 1
|
|
|
|
|
|
|
|
|
|
except BaseException,msg:
|
|
|
|
|
logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [IO Error with main config file [checkIfSSLMap]]")
|
|
|
|
|
return 0
|
|
|
|
|
|
2018-08-23 15:39:28 +05:00
|
|
|
@staticmethod
|
|
|
|
|
def checkSSLListener():
|
|
|
|
|
try:
|
|
|
|
|
data = open("/usr/local/lsws/conf/httpd_config.conf").readlines()
|
|
|
|
|
for items in data:
|
|
|
|
|
if items.find("listener SSL") > -1:
|
|
|
|
|
return 1
|
|
|
|
|
|
|
|
|
|
except BaseException,msg:
|
|
|
|
|
logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [IO Error with main config file [checkSSLListener]]")
|
|
|
|
|
return str(msg)
|
|
|
|
|
return 0
|
|
|
|
|
|
|
|
|
|
@staticmethod
|
|
|
|
|
def getDNSRecords(virtualHostName):
|
|
|
|
|
try:
|
|
|
|
|
|
|
|
|
|
withoutWWW = socket.gethostbyname(virtualHostName)
|
|
|
|
|
withWWW = socket.gethostbyname('www.' + virtualHostName)
|
|
|
|
|
|
|
|
|
|
return [1, withWWW, withoutWWW]
|
|
|
|
|
|
|
|
|
|
except BaseException, msg:
|
|
|
|
|
return [0, "347 " + str(msg) + " [issueSSLForDomain]"]
|
|
|
|
|
|
2017-10-24 19:16:36 +05:00
|
|
|
@staticmethod
|
2018-11-09 22:01:28 +05:00
|
|
|
def installSSLForDomain(virtualHostName, adminEmail='usman@cyberpersons.com'):
|
|
|
|
|
if ProcessUtilities.decideServer() == ProcessUtilities.OLS:
|
|
|
|
|
confPath = sslUtilities.Server_root + "/conf/vhosts/" + virtualHostName
|
|
|
|
|
completePathToConfigFile = confPath + "/vhost.conf"
|
2017-10-24 19:16:36 +05:00
|
|
|
|
2018-11-09 22:01:28 +05:00
|
|
|
try:
|
|
|
|
|
map = " map " + virtualHostName + " " + virtualHostName + "\n"
|
2017-10-24 19:16:36 +05:00
|
|
|
|
2018-11-09 22:01:28 +05:00
|
|
|
if sslUtilities.checkSSLListener() != 1:
|
|
|
|
|
|
|
|
|
|
writeDataToFile = open("/usr/local/lsws/conf/httpd_config.conf", 'a')
|
|
|
|
|
|
|
|
|
|
listener = "listener SSL {" + "\n"
|
|
|
|
|
address = " address *:443" + "\n"
|
|
|
|
|
secure = " secure 1" + "\n"
|
|
|
|
|
keyFile = " keyFile /etc/letsencrypt/live/" + virtualHostName + "/privkey.pem\n"
|
|
|
|
|
certFile = " certFile /etc/letsencrypt/live/" + virtualHostName + "/fullchain.pem\n"
|
|
|
|
|
certChain = " certChain 1" + "\n"
|
|
|
|
|
sslProtocol = " sslProtocol 30" + "\n"
|
|
|
|
|
map = " map " + virtualHostName + " " + virtualHostName + "\n"
|
|
|
|
|
final = "}" + "\n" + "\n"
|
|
|
|
|
|
|
|
|
|
writeDataToFile.writelines("\n")
|
|
|
|
|
writeDataToFile.writelines(listener)
|
|
|
|
|
writeDataToFile.writelines(address)
|
|
|
|
|
writeDataToFile.writelines(secure)
|
|
|
|
|
writeDataToFile.writelines(keyFile)
|
|
|
|
|
writeDataToFile.writelines(certFile)
|
|
|
|
|
writeDataToFile.writelines(certChain)
|
|
|
|
|
writeDataToFile.writelines(sslProtocol)
|
|
|
|
|
writeDataToFile.writelines(map)
|
|
|
|
|
writeDataToFile.writelines(final)
|
|
|
|
|
writeDataToFile.writelines("\n")
|
|
|
|
|
writeDataToFile.close()
|
2017-10-24 19:16:36 +05:00
|
|
|
|
2018-05-12 02:21:42 +05:00
|
|
|
|
2018-11-09 22:01:28 +05:00
|
|
|
else:
|
2017-10-24 19:16:36 +05:00
|
|
|
|
2018-11-09 22:01:28 +05:00
|
|
|
if sslUtilities.checkIfSSLMap(virtualHostName) == 0:
|
2017-10-24 19:16:36 +05:00
|
|
|
|
2018-11-09 22:01:28 +05:00
|
|
|
data = open("/usr/local/lsws/conf/httpd_config.conf").readlines()
|
|
|
|
|
writeDataToFile = open("/usr/local/lsws/conf/httpd_config.conf", 'w')
|
|
|
|
|
sslCheck = 0
|
2017-10-24 19:16:36 +05:00
|
|
|
|
2018-11-09 22:01:28 +05:00
|
|
|
for items in data:
|
|
|
|
|
if items.find("listener") > -1 and items.find("SSL") > -1:
|
|
|
|
|
sslCheck = 1
|
|
|
|
|
|
|
|
|
|
if (sslCheck == 1):
|
|
|
|
|
writeDataToFile.writelines(items)
|
|
|
|
|
writeDataToFile.writelines(map)
|
|
|
|
|
sslCheck = 0
|
|
|
|
|
else:
|
|
|
|
|
writeDataToFile.writelines(items)
|
|
|
|
|
writeDataToFile.close()
|
2017-10-26 23:50:59 +05:00
|
|
|
|
2018-11-09 22:01:28 +05:00
|
|
|
###################### Write per host Configs for SSL ###################
|
2017-10-24 19:16:36 +05:00
|
|
|
|
2018-11-09 22:01:28 +05:00
|
|
|
data = open(completePathToConfigFile, "r").readlines()
|
|
|
|
|
|
|
|
|
|
## check if vhssl is already in vhconf file
|
|
|
|
|
|
|
|
|
|
vhsslPresense = 0
|
2017-10-24 19:16:36 +05:00
|
|
|
|
2018-05-08 21:25:37 +05:00
|
|
|
for items in data:
|
2018-11-09 22:01:28 +05:00
|
|
|
if items.find("vhssl") > -1:
|
|
|
|
|
vhsslPresense = 1
|
2017-10-24 19:16:36 +05:00
|
|
|
|
2018-11-09 22:01:28 +05:00
|
|
|
if vhsslPresense == 0:
|
|
|
|
|
writeSSLConfig = open(completePathToConfigFile, "a")
|
2017-10-24 19:16:36 +05:00
|
|
|
|
2018-11-09 22:01:28 +05:00
|
|
|
vhssl = "vhssl {" + "\n"
|
|
|
|
|
keyFile = " keyFile /etc/letsencrypt/live/" + virtualHostName + "/privkey.pem\n"
|
|
|
|
|
certFile = " certFile /etc/letsencrypt/live/" + virtualHostName + "/fullchain.pem\n"
|
|
|
|
|
certChain = " certChain 1" + "\n"
|
|
|
|
|
sslProtocol = " sslProtocol 30" + "\n"
|
|
|
|
|
final = "}"
|
2017-10-24 19:16:36 +05:00
|
|
|
|
2018-11-09 22:01:28 +05:00
|
|
|
writeSSLConfig.writelines("\n")
|
2017-10-24 19:16:36 +05:00
|
|
|
|
2018-11-09 22:01:28 +05:00
|
|
|
writeSSLConfig.writelines(vhssl)
|
|
|
|
|
writeSSLConfig.writelines(keyFile)
|
|
|
|
|
writeSSLConfig.writelines(certFile)
|
|
|
|
|
writeSSLConfig.writelines(certChain)
|
|
|
|
|
writeSSLConfig.writelines(sslProtocol)
|
|
|
|
|
writeSSLConfig.writelines(final)
|
2017-10-24 19:16:36 +05:00
|
|
|
|
2018-11-09 22:01:28 +05:00
|
|
|
writeSSLConfig.writelines("\n")
|
2017-10-24 19:16:36 +05:00
|
|
|
|
2018-11-09 22:01:28 +05:00
|
|
|
writeSSLConfig.close()
|
2017-10-24 19:16:36 +05:00
|
|
|
|
2018-11-09 22:01:28 +05:00
|
|
|
return 1
|
|
|
|
|
except BaseException, msg:
|
|
|
|
|
logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [installSSLForDomain]]")
|
|
|
|
|
return 0
|
|
|
|
|
else:
|
|
|
|
|
confPath = sslUtilities.Server_root + "/conf/vhosts/" + virtualHostName
|
|
|
|
|
completePathToConfigFile = confPath + "/vhost.conf"
|
2017-10-24 19:16:36 +05:00
|
|
|
|
2018-11-09 22:01:28 +05:00
|
|
|
## Check if SSL VirtualHost already exists
|
2017-10-24 19:16:36 +05:00
|
|
|
|
2018-11-09 22:01:28 +05:00
|
|
|
data = open(completePathToConfigFile, 'r').readlines()
|
2017-10-24 19:16:36 +05:00
|
|
|
|
2018-11-09 22:01:28 +05:00
|
|
|
for items in data:
|
|
|
|
|
if items.find('*:443') > -1:
|
|
|
|
|
return 1
|
2017-10-24 19:16:36 +05:00
|
|
|
|
2018-11-09 22:01:28 +05:00
|
|
|
try:
|
2017-10-24 19:16:36 +05:00
|
|
|
|
2018-11-09 22:01:28 +05:00
|
|
|
try:
|
|
|
|
|
chilDomain = ChildDomains.objects.get(domain=virtualHostName)
|
|
|
|
|
externalApp = chilDomain.master.externalApp
|
|
|
|
|
DocumentRoot = ' DocumentRoot ' + chilDomain.path + '\n'
|
|
|
|
|
except BaseException, msg:
|
|
|
|
|
website = Websites.objects.get(domain=virtualHostName)
|
|
|
|
|
externalApp = website.externalApp
|
|
|
|
|
DocumentRoot = ' DocumentRoot /home/' + virtualHostName + '/public_html\n'
|
|
|
|
|
|
|
|
|
|
data = open(completePathToConfigFile, 'r').readlines()
|
|
|
|
|
phpHandler = ''
|
|
|
|
|
|
|
|
|
|
for items in data:
|
|
|
|
|
if items.find('AddHandler') > -1 and items.find('php') > -1:
|
|
|
|
|
phpHandler = items
|
|
|
|
|
break
|
|
|
|
|
|
|
|
|
|
confFile = open(completePathToConfigFile, 'a')
|
|
|
|
|
|
|
|
|
|
doNotModify = '\n\n# Do not modify this file, this is auto-generated file.\n\n'
|
|
|
|
|
|
|
|
|
|
VirtualHost = '<VirtualHost *:443>\n\n'
|
|
|
|
|
ServerName = ' ServerName ' + virtualHostName + '\n'
|
|
|
|
|
ServerAlias = ' ServerAlias www.' + virtualHostName + '\n'
|
|
|
|
|
ServerAdmin = ' ServerAdmin ' + adminEmail + '\n'
|
|
|
|
|
SeexecUserGroup = ' SuexecUserGroup ' + externalApp + ' ' + externalApp + '\n'
|
|
|
|
|
CustomLogCombined = ' CustomLog /home/' + virtualHostName + '/logs/' + virtualHostName + '.access_log combined\n'
|
|
|
|
|
|
|
|
|
|
confFile.writelines(doNotModify)
|
|
|
|
|
confFile.writelines(VirtualHost)
|
|
|
|
|
confFile.writelines(ServerName)
|
|
|
|
|
confFile.writelines(ServerAlias)
|
|
|
|
|
confFile.writelines(ServerAdmin)
|
|
|
|
|
confFile.writelines(SeexecUserGroup)
|
|
|
|
|
confFile.writelines(DocumentRoot)
|
|
|
|
|
confFile.writelines(CustomLogCombined)
|
|
|
|
|
|
|
|
|
|
SSLEngine = ' SSLEngine on\n'
|
|
|
|
|
SSLVerifyClient = ' SSLVerifyClient none\n'
|
|
|
|
|
SSLCertificateFile = ' SSLCertificateFile /etc/letsencrypt/live/' + virtualHostName + '/fullchain.pem\n'
|
|
|
|
|
SSLCertificateKeyFile = ' SSLCertificateKeyFile /etc/letsencrypt/live/' + virtualHostName + '/privkey.pem\n'
|
|
|
|
|
|
|
|
|
|
confFile.writelines(SSLEngine)
|
|
|
|
|
confFile.writelines(SSLVerifyClient)
|
|
|
|
|
confFile.writelines(SSLCertificateFile)
|
|
|
|
|
confFile.writelines(SSLCertificateKeyFile)
|
|
|
|
|
confFile.writelines(phpHandler)
|
|
|
|
|
|
|
|
|
|
VirtualHostEnd = '</VirtualHost>\n'
|
|
|
|
|
confFile.writelines(VirtualHostEnd)
|
|
|
|
|
confFile.close()
|
|
|
|
|
return 1
|
|
|
|
|
|
|
|
|
|
except BaseException, msg:
|
|
|
|
|
logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [installSSLForDomain]")
|
|
|
|
|
return 0
|
2017-10-24 19:16:36 +05:00
|
|
|
|
|
|
|
|
|
2018-05-06 14:18:41 +05:00
|
|
|
@staticmethod
|
2018-05-08 21:25:37 +05:00
|
|
|
def obtainSSLForADomain(virtualHostName,adminEmail,sslpath, aliasDomain = None):
|
2018-05-06 14:18:41 +05:00
|
|
|
try:
|
2018-11-06 13:03:12 +05:00
|
|
|
acmePath = '/root/.acme.sh/acme.sh'
|
2017-10-24 19:16:36 +05:00
|
|
|
|
2018-11-09 22:01:28 +05:00
|
|
|
if ProcessUtilities.decideDistro() == ProcessUtilities.ubuntu:
|
2018-11-06 13:03:12 +05:00
|
|
|
acmePath = '/home/cyberpanel/.acme.sh/acme.sh'
|
|
|
|
|
|
|
|
|
|
if not os.path.exists(acmePath):
|
2018-10-29 21:36:03 +05:00
|
|
|
command = 'wget -O - https://get.acme.sh | sh'
|
2019-03-26 16:19:03 +05:00
|
|
|
subprocess.call(command, shell=True)
|
2017-10-24 19:16:36 +05:00
|
|
|
|
2018-05-08 21:25:37 +05:00
|
|
|
if aliasDomain == None:
|
2017-10-24 19:16:36 +05:00
|
|
|
|
2018-10-29 21:36:03 +05:00
|
|
|
existingCertPath = '/etc/letsencrypt/live/' + virtualHostName
|
|
|
|
|
if not os.path.exists(existingCertPath):
|
|
|
|
|
command = 'mkdir -p ' + existingCertPath
|
2019-03-26 16:19:03 +05:00
|
|
|
subprocess.call(shlex.split(command))
|
2018-08-22 00:37:43 +05:00
|
|
|
|
2018-05-21 16:51:28 +05:00
|
|
|
try:
|
|
|
|
|
logging.CyberCPLogFileWriter.writeToFile("Trying to obtain SSL for: " + virtualHostName + " and: www." + virtualHostName)
|
2018-08-23 15:39:28 +05:00
|
|
|
|
2018-11-06 13:03:12 +05:00
|
|
|
command = acmePath + " --issue -d " + virtualHostName + " -d www." + virtualHostName \
|
2018-10-29 21:36:03 +05:00
|
|
|
+ ' --cert-file ' + existingCertPath + '/cert.pem' + ' --key-file ' + existingCertPath + '/privkey.pem' \
|
|
|
|
|
+ ' --fullchain-file ' + existingCertPath + '/fullchain.pem' + ' -w ' + sslpath + ' --force'
|
|
|
|
|
|
2019-03-26 16:19:03 +05:00
|
|
|
output = subprocess.check_output(shlex.split(command))
|
2018-08-23 15:39:28 +05:00
|
|
|
logging.CyberCPLogFileWriter.writeToFile("Successfully obtained SSL for: " + virtualHostName + " and: www." + virtualHostName)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
except subprocess.CalledProcessError:
|
2018-05-21 16:51:28 +05:00
|
|
|
logging.CyberCPLogFileWriter.writeToFile(
|
|
|
|
|
"Failed to obtain SSL for: " + virtualHostName + " and: www." + virtualHostName)
|
2018-08-23 15:39:28 +05:00
|
|
|
|
2018-05-21 16:51:28 +05:00
|
|
|
try:
|
2018-08-23 15:39:28 +05:00
|
|
|
logging.CyberCPLogFileWriter.writeToFile("Trying to obtain SSL for: " + virtualHostName)
|
2018-11-06 13:03:12 +05:00
|
|
|
command = acmePath + " --issue -d " + virtualHostName + ' --cert-file ' + existingCertPath \
|
2018-10-29 21:36:03 +05:00
|
|
|
+ '/cert.pem' + ' --key-file ' + existingCertPath + '/privkey.pem' \
|
|
|
|
|
+ ' --fullchain-file ' + existingCertPath + '/fullchain.pem' + ' -w ' + sslpath + ' --force'
|
2019-03-26 16:19:03 +05:00
|
|
|
output = subprocess.check_output(shlex.split(command))
|
2018-08-23 15:39:28 +05:00
|
|
|
logging.CyberCPLogFileWriter.writeToFile("Successfully obtained SSL for: " + virtualHostName)
|
|
|
|
|
except subprocess.CalledProcessError:
|
2018-05-21 16:51:28 +05:00
|
|
|
logging.CyberCPLogFileWriter.writeToFile('Failed to obtain SSL, issuing self-signed SSL for: ' + virtualHostName)
|
|
|
|
|
return 0
|
2018-05-06 14:18:41 +05:00
|
|
|
else:
|
2017-10-24 19:16:36 +05:00
|
|
|
|
2018-10-29 21:36:03 +05:00
|
|
|
existingCertPath = '/etc/letsencrypt/live/' + virtualHostName
|
|
|
|
|
if not os.path.exists(existingCertPath):
|
|
|
|
|
command = 'mkdir -p ' + existingCertPath
|
2019-03-26 16:19:03 +05:00
|
|
|
subprocess.call(shlex.split(command))
|
2018-05-08 21:25:37 +05:00
|
|
|
|
2018-10-29 21:36:03 +05:00
|
|
|
try:
|
|
|
|
|
logging.CyberCPLogFileWriter.writeToFile(
|
|
|
|
|
"Trying to obtain SSL for: " + virtualHostName + ", www." + virtualHostName + ", " + aliasDomain + " and www." + aliasDomain + ",")
|
2018-05-08 21:25:37 +05:00
|
|
|
|
2018-11-06 13:03:12 +05:00
|
|
|
command = acmePath + " --issue -d " + virtualHostName + " -d www." + virtualHostName \
|
2018-10-29 21:36:03 +05:00
|
|
|
+ ' -d ' + aliasDomain + ' -d www.' + aliasDomain\
|
|
|
|
|
+ ' --cert-file ' + existingCertPath + '/cert.pem' + ' --key-file ' + existingCertPath + '/privkey.pem' \
|
|
|
|
|
+ ' --fullchain-file ' + existingCertPath + '/fullchain.pem' + ' -w ' + sslpath + ' --force'
|
2018-05-08 21:25:37 +05:00
|
|
|
|
2019-03-26 16:19:03 +05:00
|
|
|
output = subprocess.check_output(shlex.split(command))
|
2018-10-29 21:36:03 +05:00
|
|
|
logging.CyberCPLogFileWriter.writeToFile(
|
|
|
|
|
"Successfully obtained SSL for: " + virtualHostName + ", www." + virtualHostName + ", " + aliasDomain + "and www." + aliasDomain + ",")
|
2018-05-08 21:25:37 +05:00
|
|
|
|
|
|
|
|
|
2018-10-29 21:36:03 +05:00
|
|
|
except subprocess.CalledProcessError:
|
2018-05-08 21:25:37 +05:00
|
|
|
logging.CyberCPLogFileWriter.writeToFile(
|
2018-10-29 21:36:03 +05:00
|
|
|
"Failed to obtain SSL for: " + virtualHostName + ", www." + virtualHostName + ", " + aliasDomain + "and www." + aliasDomain + ",")
|
2018-05-08 21:25:37 +05:00
|
|
|
return 0
|
2017-10-24 19:16:36 +05:00
|
|
|
|
2018-10-29 21:36:03 +05:00
|
|
|
##
|
2017-10-24 19:16:36 +05:00
|
|
|
|
2018-10-29 21:36:03 +05:00
|
|
|
if output.find('Cert success') > -1:
|
|
|
|
|
return 1
|
|
|
|
|
else:
|
|
|
|
|
return 0
|
2017-10-24 19:16:36 +05:00
|
|
|
|
2018-05-06 14:18:41 +05:00
|
|
|
except BaseException,msg:
|
|
|
|
|
logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [Failed to obtain SSL. [obtainSSLForADomain]]")
|
|
|
|
|
return 0
|
2017-10-24 19:16:36 +05:00
|
|
|
|
|
|
|
|
|
2018-05-21 16:51:28 +05:00
|
|
|
def issueSSLForDomain(domain, adminEmail, sslpath, aliasDomain = None):
|
2018-05-06 14:18:41 +05:00
|
|
|
try:
|
2018-05-08 21:25:37 +05:00
|
|
|
if sslUtilities.obtainSSLForADomain(domain, adminEmail, sslpath, aliasDomain) == 1:
|
2018-11-09 22:01:28 +05:00
|
|
|
if sslUtilities.installSSLForDomain(domain, adminEmail) == 1:
|
2018-05-06 14:18:41 +05:00
|
|
|
return [1, "None"]
|
|
|
|
|
else:
|
|
|
|
|
return [0, "210 Failed to install SSL for domain. [issueSSLForDomain]"]
|
|
|
|
|
else:
|
2018-11-09 22:01:28 +05:00
|
|
|
return [0, "283 Failed to obtain SSL for domain. [issueSSLForDomain]"]
|
2018-05-06 14:18:41 +05:00
|
|
|
|
2017-12-09 22:30:10 +05:00
|
|
|
except BaseException,msg:
|
2018-07-19 22:38:37 +05:00
|
|
|
return [0, "347 "+ str(msg)+ " [issueSSLForDomain]"]
|
