plogical/sslUtilities.py

import CyberCPLogFileWriter as logging
import shutil
import os
import shlex
import subprocess
import socket

class sslUtilities:

    Server_root = "/usr/local/lsws"

    @staticmethod
    def checkIfSSLMap(virtualHostName):
        try:
            data = open("/usr/local/lsws/conf/httpd_config.conf").readlines()

            sslCheck = 0

            for items in data:
                if items.find("listener") >-1 and items.find("SSL") > -1:
                    sslCheck = 1
                    continue
                if sslCheck == 1:
                    if items.find("}") > -1:
                        return 0
                if items.find(virtualHostName) > -1 and sslCheck == 1:
                    data = filter(None, items.split(" "))
                    if data[1] == virtualHostName:
                        return 1

        except BaseException,msg:
            logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [IO Error with main config file [checkIfSSLMap]]")
            return 0

    @staticmethod
    def checkSSLListener():
        try:
            data = open("/usr/local/lsws/conf/httpd_config.conf").readlines()
            for items in data:
                if items.find("listener SSL") > -1:
                    return 1

        except BaseException,msg:
            logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [IO Error with main config file [checkSSLListener]]")
            return str(msg)
        return 0

    @staticmethod
    def getDNSRecords(virtualHostName):
        try:

            withoutWWW = socket.gethostbyname(virtualHostName)
            withWWW = socket.gethostbyname('www.' + virtualHostName)

            return [1, withWWW, withoutWWW]

        except BaseException, msg:
            return [0, "347 " + str(msg) + " [issueSSLForDomain]"]

    @staticmethod
    def installSSLForDomain(virtualHostName):

        confPath = sslUtilities.Server_root + "/conf/vhosts/" + virtualHostName
        completePathToConfigFile = confPath + "/vhost.conf"

        try:
            map = "  map                     " + virtualHostName + " " + virtualHostName + "\n"

            if sslUtilities.checkSSLListener() != 1:

                writeDataToFile = open("/usr/local/lsws/conf/httpd_config.conf", 'a')

                listener = "listener SSL {" + "\n"
                address = "  address                 *:443" + "\n"
                secure = "  secure                  1" + "\n"
                keyFile = "  keyFile                  /etc/letsencrypt/live/" + virtualHostName + "/privkey.pem\n"
                certFile = "  certFile                 /etc/letsencrypt/live/" + virtualHostName + "/fullchain.pem\n"
                certChain = "  certChain               1" + "\n"
                sslProtocol = "  sslProtocol             30" + "\n"
                map = "  map                     " + virtualHostName + " " + virtualHostName + "\n"
                final = "}" + "\n" + "\n"

                writeDataToFile.writelines("\n")
                writeDataToFile.writelines(listener)
                writeDataToFile.writelines(address)
                writeDataToFile.writelines(secure)
                writeDataToFile.writelines(keyFile)
                writeDataToFile.writelines(certFile)
                writeDataToFile.writelines(certChain)
                writeDataToFile.writelines(sslProtocol)
                writeDataToFile.writelines(map)
                writeDataToFile.writelines(final)
                writeDataToFile.writelines("\n")
                writeDataToFile.close()


            else:

                if sslUtilities.checkIfSSLMap(virtualHostName) == 0:

                    data = open("/usr/local/lsws/conf/httpd_config.conf").readlines()
                    writeDataToFile = open("/usr/local/lsws/conf/httpd_config.conf", 'w')
                    sslCheck = 0

                    for items in data:
                        if items.find("listener") > -1 and items.find("SSL") > -1:
                            sslCheck = 1

                        if (sslCheck == 1):
                            writeDataToFile.writelines(items)
                            writeDataToFile.writelines(map)
                            sslCheck = 0
                        else:
                            writeDataToFile.writelines(items)
                    writeDataToFile.close()

                ###################### Write per host Configs for SSL ###################

                data = open(completePathToConfigFile, "r").readlines()

                ## check if vhssl is already in vhconf file

                vhsslPresense = 0

                for items in data:
                    if items.find("vhssl") > -1:
                        vhsslPresense = 1

                if vhsslPresense == 0:
                    writeSSLConfig = open(completePathToConfigFile, "a")

                    vhssl = "vhssl  {" + "\n"
                    keyFile = "  keyFile                 /etc/letsencrypt/live/" + virtualHostName + "/privkey.pem\n"
                    certFile = "  certFile                /etc/letsencrypt/live/" + virtualHostName + "/fullchain.pem\n"
                    certChain = "  certChain               1" + "\n"
                    sslProtocol = "  sslProtocol             30" + "\n"
                    final = "}"

                    writeSSLConfig.writelines("\n")

                    writeSSLConfig.writelines(vhssl)
                    writeSSLConfig.writelines(keyFile)
                    writeSSLConfig.writelines(certFile)
                    writeSSLConfig.writelines(certChain)
                    writeSSLConfig.writelines(sslProtocol)
                    writeSSLConfig.writelines(final)

                    writeSSLConfig.writelines("\n")

                    writeSSLConfig.close()

            return 1

        except BaseException, msg:
            logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [installSSLForDomain]]")
            return 0

    @staticmethod
    def obtainSSLForADomain(virtualHostName,adminEmail,sslpath, aliasDomain = None):
        try:

            ## Obtaining Server IP

            if aliasDomain == None:

                existingCertPath = '/etc/letsencrypt/live/' + virtualHostName + '/README'
                if os.path.exists(existingCertPath):
                    return 1

                try:
                    logging.CyberCPLogFileWriter.writeToFile("Trying to obtain SSL for: " + virtualHostName + " and: www." + virtualHostName)

                    command = "/usr/local/CyberCP/bin/certbot certonly -n --expand --agree-tos --email " + adminEmail + " --webroot -w " + sslpath + " -d " + virtualHostName + " -d www." + virtualHostName
                    output = subprocess.check_output(shlex.split(command))
                    logging.CyberCPLogFileWriter.writeToFile("Successfully obtained SSL for: " + virtualHostName + " and: www." + virtualHostName)


                except subprocess.CalledProcessError:
                    logging.CyberCPLogFileWriter.writeToFile(
                        "Failed to obtain SSL for: " + virtualHostName + " and: www." + virtualHostName)

                    try:
                        logging.CyberCPLogFileWriter.writeToFile("Trying to obtain SSL for: " + virtualHostName)
                        command = "/usr/local/CyberCP/bin/certbot certonly -n --agree-tos --email " + adminEmail + " --webroot -w " + sslpath + " -d " + virtualHostName
                        output = subprocess.check_output(shlex.split(command))
                        logging.CyberCPLogFileWriter.writeToFile("Successfully obtained SSL for: " + virtualHostName)
                    except subprocess.CalledProcessError:
                        logging.CyberCPLogFileWriter.writeToFile('Failed to obtain SSL, issuing self-signed SSL for: ' + virtualHostName)
                        return 0

                ##

                if output.find('Congratulations!') > -1:

                    return 1

                elif output.find('no action taken.') > -1:

                    return 1
                elif output.find('Failed authorization procedure') > -1:
                    logging.CyberCPLogFileWriter.writeToFile(
                        'Failed authorization procedure for ' + virtualHostName + " while issuing Let's Encrypt SSL.")
                    return 0
                elif output.find('Too many SSL requests for this domain, please try to get SSL at later time.') > -1:
                    logging.CyberCPLogFileWriter.writeToFile(
                        'Too many SSL requests for ' + virtualHostName + " please try to get SSL at later time.")
                    return 0

            else:

                ipFile = "/etc/cyberpanel/machineIP"
                f = open(ipFile)
                ipData = f.read()
                serverIPAddress = ipData.split('\n', 1)[0]

                ipRecords = sslUtilities.getDNSRecords(virtualHostName)

                if ipRecords[0] == 1:

                    if serverIPAddress == ipRecords[1] and serverIPAddress == ipRecords[2]:

                        ipRecordsAlias = sslUtilities.getDNSRecords(aliasDomain)

                        if serverIPAddress == ipRecordsAlias[1] and serverIPAddress == ipRecordsAlias[2]:

                            command = "/usr/local/CyberCP/bin/certbot certonly -n --expand --agree-tos --email " + adminEmail + " --webroot -w " + sslpath + " -d " + virtualHostName + " -d www." + virtualHostName + " -d " + aliasDomain + " -d www." + aliasDomain

                        else:
                            if serverIPAddress == ipRecordsAlias[2]:
                                command = "/usr/local/CyberCP/bin/certbot certonly -n --expand --agree-tos --email " + adminEmail + " --webroot -w " + sslpath + " -d " + virtualHostName + " -d www." + virtualHostName + " -d " + aliasDomain
                            else:
                                command = "/usr/local/CyberCP/bin/certbot certonly -n --expand --agree-tos --email " + adminEmail + " --webroot -w " + sslpath + " -d " + virtualHostName + " -d www." + virtualHostName

                    else:
                        if serverIPAddress == ipRecords[2]:

                            ipRecordsAlias = sslUtilities.getDNSRecords(aliasDomain)

                            if serverIPAddress == ipRecordsAlias[1] and serverIPAddress == ipRecordsAlias[2]:

                                command = "/usr/local/CyberCP/bin/certbot certonly -n --expand --agree-tos --email " + adminEmail + " --webroot -w " + sslpath + " -d " + virtualHostName  + " -d " + aliasDomain + " -d www." + aliasDomain

                            else:
                                if serverIPAddress == ipRecordsAlias[2]:
                                    command = "/usr/local/CyberCP/bin/certbot certonly -n --expand --agree-tos --email " + adminEmail + " --webroot -w " + sslpath + " -d " + virtualHostName + " -d " + aliasDomain
                                else:
                                    command = "/usr/local/CyberCP/bin/certbot certonly -n --expand --agree-tos --email " + adminEmail + " --webroot -w " + sslpath + " -d " + virtualHostName

                            logging.CyberCPLogFileWriter.writeToFile(
                                "SSL is issued without 'www' due to DNS error for domain : " + virtualHostName)
                        else:

                            ipRecordsAlias = sslUtilities.getDNSRecords(aliasDomain)

                            if serverIPAddress == ipRecordsAlias[1] and serverIPAddress == ipRecordsAlias[2]:
                                command = "/usr/local/CyberCP/bin/certbot certonly -n --expand --agree-tos --email " + adminEmail + " --webroot -w " + sslpath  + " -d " + aliasDomain + " -d www." + aliasDomain
                            else:
                                if serverIPAddress == ipRecordsAlias[2]:
                                    command = "/usr/local/CyberCP/bin/certbot certonly -n --expand --agree-tos --email " + adminEmail + " --webroot -w " + sslpath  + " -d " + aliasDomain
                                else:
                                    return 0
                else:
                    logging.CyberCPLogFileWriter.writeToFile(
                        "Failed to obtain DNS records for " + virtualHostName + ", issuing self signed certificate.")
                    return 0

                output = subprocess.check_output(shlex.split(command))

                if output.find('Congratulations!') > -1:
                    return 1
                elif output.find('no action taken.') > -1:
                    return 1
                elif output.find('Failed authorization procedure') > -1:
                    logging.CyberCPLogFileWriter.writeToFile(
                        'Failed authorization procedure for ' + virtualHostName + " while issuing Let's Encrypt SSL.")
                    return 0
                elif output.find('Too many SSL requests for this domain, please try to get SSL at later time.') > -1:
                    logging.CyberCPLogFileWriter.writeToFile(
                        'Too many SSL requests for ' + virtualHostName + " please try to get SSL at later time.")
                    return 0

        except BaseException,msg:
            logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [Failed to obtain SSL. [obtainSSLForADomain]]")
            return 0


def issueSSLForDomain(domain, adminEmail, sslpath, aliasDomain = None):
    try:

        if sslUtilities.obtainSSLForADomain(domain, adminEmail, sslpath, aliasDomain) == 1:

            if sslUtilities.installSSLForDomain(domain) == 1:
                return [1, "None"]
            else:
                return [0, "210 Failed to install SSL for domain. [issueSSLForDomain]"]
        else:
            pathToStoreSSL = "/etc/letsencrypt/live/" + domain
            command = 'mkdir -p ' + pathToStoreSSL
            subprocess.call(shlex.split(command))

            pathToStoreSSLPrivKey = "/etc/letsencrypt/live/" + domain + "/privkey.pem"
            pathToStoreSSLFullChain = "/etc/letsencrypt/live/" + domain + "/fullchain.pem"

            command = 'openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com" -keyout ' + pathToStoreSSLPrivKey + ' -out ' + pathToStoreSSLFullChain
            cmd = shlex.split(command)
            subprocess.call(cmd)

            if sslUtilities.installSSLForDomain(domain) == 1:
                logging.CyberCPLogFileWriter.writeToFile("Self signed SSL issued for " + domain + ".")
                return [1, "None"]
            else:
                return [0, "220 Failed to install SSL for domain. [issueSSLForDomain]"]

    except BaseException,msg:
        return [0, "347 "+ str(msg)+ " [issueSSLForDomain]"]
Initial Commit 2017-10-24 19:16:36 +05:00			`import CyberCPLogFileWriter as logging`
			`import shutil`
			`import os`
			`import shlex`
			`import subprocess`
suExec, Filemanager and bug Fixes. 2017-12-09 22:30:10 +05:00			`import socket`
Initial Commit 2017-10-24 19:16:36 +05:00
			`class sslUtilities:`

suExec, Filemanager and bug Fixes. 2017-12-09 22:30:10 +05:00			`Server_root = "/usr/local/lsws"`

Alias Manager. 2018-05-08 21:25:37 +05:00			`@staticmethod`
			`def checkIfSSLMap(virtualHostName):`
			`try:`
			`data = open("/usr/local/lsws/conf/httpd_config.conf").readlines()`

			`sslCheck = 0`

			`for items in data:`
Code Improvements. 2018-05-12 02:21:42 +05:00			`if items.find("listener") >-1 and items.find("SSL") > -1:`
Alias Manager. 2018-05-08 21:25:37 +05:00			`sslCheck = 1`
			`continue`
			`if sslCheck == 1:`
			`if items.find("}") > -1:`
			`return 0`
			`if items.find(virtualHostName) > -1 and sslCheck == 1:`
			`data = filter(None, items.split(" "))`
			`if data[1] == virtualHostName:`
			`return 1`

			`except BaseException,msg:`
			`logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [IO Error with main config file [checkIfSSLMap]]")`
			`return 0`

bug fix to tuning 2018-08-23 15:39:28 +05:00			`@staticmethod`
			`def checkSSLListener():`
			`try:`
			`data = open("/usr/local/lsws/conf/httpd_config.conf").readlines()`
			`for items in data:`
			`if items.find("listener SSL") > -1:`
			`return 1`

			`except BaseException,msg:`
			`logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [IO Error with main config file [checkSSLListener]]")`
			`return str(msg)`
			`return 0`

			`@staticmethod`
			`def getDNSRecords(virtualHostName):`
			`try:`

			`withoutWWW = socket.gethostbyname(virtualHostName)`
			`withWWW = socket.gethostbyname('www.' + virtualHostName)`

			`return [1, withWWW, withoutWWW]`

			`except BaseException, msg:`
			`return [0, "347 " + str(msg) + " [issueSSLForDomain]"]`

Initial Commit 2017-10-24 19:16:36 +05:00			`@staticmethod`
			`def installSSLForDomain(virtualHostName):`

suExec, Filemanager and bug Fixes. 2017-12-09 22:30:10 +05:00			`confPath = sslUtilities.Server_root + "/conf/vhosts/" + virtualHostName`
Initial Commit 2017-10-24 19:16:36 +05:00			`completePathToConfigFile = confPath + "/vhost.conf"`

			`try:`
			`map = " map " + virtualHostName + " " + virtualHostName + "\n"`

bug fix to tuning 2018-08-23 15:39:28 +05:00			`if sslUtilities.checkSSLListener() != 1:`
Code Improvements. 2018-05-12 02:21:42 +05:00
Initial Commit 2017-10-24 19:16:36 +05:00			`writeDataToFile = open("/usr/local/lsws/conf/httpd_config.conf", 'a')`

			`listener = "listener SSL {" + "\n"`
			`address = " address *:443" + "\n"`
			`secure = " secure 1" + "\n"`
bug fix to tuning 2018-08-23 15:39:28 +05:00			`keyFile = " keyFile /etc/letsencrypt/live/" + virtualHostName + "/privkey.pem\n"`
			`certFile = " certFile /etc/letsencrypt/live/" + virtualHostName + "/fullchain.pem\n"`
Initial Commit 2017-10-24 19:16:36 +05:00			`certChain = " certChain 1" + "\n"`
Initial ModSec integration and bug fix to UI. 2018-03-19 22:15:02 +05:00			`sslProtocol = " sslProtocol 30" + "\n"`
Initial Commit 2017-10-24 19:16:36 +05:00			`map = " map " + virtualHostName + " " + virtualHostName + "\n"`
			`final = "}" + "\n" + "\n"`

			`writeDataToFile.writelines("\n")`
			`writeDataToFile.writelines(listener)`
			`writeDataToFile.writelines(address)`
			`writeDataToFile.writelines(secure)`
			`writeDataToFile.writelines(keyFile)`
			`writeDataToFile.writelines(certFile)`
			`writeDataToFile.writelines(certChain)`
			`writeDataToFile.writelines(sslProtocol)`
			`writeDataToFile.writelines(map)`
			`writeDataToFile.writelines(final)`
			`writeDataToFile.writelines("\n")`
			`writeDataToFile.close()`


			`else:`
Updates to Remote Backup Transfer 2017-10-26 23:50:59 +05:00
Alias Manager. 2018-05-08 21:25:37 +05:00			`if sslUtilities.checkIfSSLMap(virtualHostName) == 0:`
Initial Commit 2017-10-24 19:16:36 +05:00
Alias Manager. 2018-05-08 21:25:37 +05:00			`data = open("/usr/local/lsws/conf/httpd_config.conf").readlines()`
			`writeDataToFile = open("/usr/local/lsws/conf/httpd_config.conf", 'w')`
			`sslCheck = 0`
Initial Commit 2017-10-24 19:16:36 +05:00
Alias Manager. 2018-05-08 21:25:37 +05:00			`for items in data:`
bug fix to tuning 2018-08-23 15:39:28 +05:00			`if items.find("listener") > -1 and items.find("SSL") > -1:`
Alias Manager. 2018-05-08 21:25:37 +05:00			`sslCheck = 1`

			`if (sslCheck == 1):`
Code Improvements. 2018-05-12 02:21:42 +05:00			`writeDataToFile.writelines(items)`
Alias Manager. 2018-05-08 21:25:37 +05:00			`writeDataToFile.writelines(map)`
			`sslCheck = 0`
v1.6.4 2018-05-14 22:26:25 +05:00			`else:`
			`writeDataToFile.writelines(items)`
Alias Manager. 2018-05-08 21:25:37 +05:00			`writeDataToFile.close()`
Initial Commit 2017-10-24 19:16:36 +05:00
			`###################### Write per host Configs for SSL ###################`

bug fix to tuning 2018-08-23 15:39:28 +05:00			`data = open(completePathToConfigFile, "r").readlines()`
Initial Commit 2017-10-24 19:16:36 +05:00
			`## check if vhssl is already in vhconf file`

			`vhsslPresense = 0`

			`for items in data:`
bug fix to tuning 2018-08-23 15:39:28 +05:00			`if items.find("vhssl") > -1:`
Initial Commit 2017-10-24 19:16:36 +05:00			`vhsslPresense = 1`

			`if vhsslPresense == 0:`
bug fix to tuning 2018-08-23 15:39:28 +05:00			`writeSSLConfig = open(completePathToConfigFile, "a")`
Initial Commit 2017-10-24 19:16:36 +05:00
			`vhssl = "vhssl {" + "\n"`
code refactoring 2018-08-22 00:37:43 +05:00			`keyFile = " keyFile /etc/letsencrypt/live/" + virtualHostName + "/privkey.pem\n"`
			`certFile = " certFile /etc/letsencrypt/live/" + virtualHostName + "/fullchain.pem\n"`
Initial Commit 2017-10-24 19:16:36 +05:00			`certChain = " certChain 1" + "\n"`
Initial ModSec integration and bug fix to UI. 2018-03-19 22:15:02 +05:00			`sslProtocol = " sslProtocol 30" + "\n"`
Initial Commit 2017-10-24 19:16:36 +05:00			`final = "}"`

			`writeSSLConfig.writelines("\n")`

			`writeSSLConfig.writelines(vhssl)`
			`writeSSLConfig.writelines(keyFile)`
			`writeSSLConfig.writelines(certFile)`
			`writeSSLConfig.writelines(certChain)`
			`writeSSLConfig.writelines(sslProtocol)`
			`writeSSLConfig.writelines(final)`

			`writeSSLConfig.writelines("\n")`

			`writeSSLConfig.close()`

suExec, Filemanager and bug Fixes. 2017-12-09 22:30:10 +05:00			`return 1`
Initial Commit 2017-10-24 19:16:36 +05:00
bug fix to tuning 2018-08-23 15:39:28 +05:00			`except BaseException, msg:`
suExec, Filemanager and bug Fixes. 2017-12-09 22:30:10 +05:00			`logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [installSSLForDomain]]")`
Initial Commit 2017-10-24 19:16:36 +05:00			`return 0`

Imrpovement to SSL Module. 2018-05-06 14:18:41 +05:00			`@staticmethod`
Alias Manager. 2018-05-08 21:25:37 +05:00			`def obtainSSLForADomain(virtualHostName,adminEmail,sslpath, aliasDomain = None):`
Imrpovement to SSL Module. 2018-05-06 14:18:41 +05:00			`try:`
Initial Commit 2017-10-24 19:16:36 +05:00
Imrpovement to SSL Module. 2018-05-06 14:18:41 +05:00			`## Obtaining Server IP`
Initial Commit 2017-10-24 19:16:36 +05:00
Alias Manager. 2018-05-08 21:25:37 +05:00			`if aliasDomain == None:`
Initial Commit 2017-10-24 19:16:36 +05:00
code refactoring 2018-08-22 00:37:43 +05:00			`existingCertPath = '/etc/letsencrypt/live/' + virtualHostName + '/README'`
			`if os.path.exists(existingCertPath):`
			`return 1`

Improvments to Manage SSL, Hostname SSL and MailServer SSL. 2018-05-21 16:51:28 +05:00			`try:`
			`logging.CyberCPLogFileWriter.writeToFile("Trying to obtain SSL for: " + virtualHostName + " and: www." + virtualHostName)`
bug fix to tuning 2018-08-23 15:39:28 +05:00
Enable/Disable PowerDNS Service 2018-07-23 02:09:33 +05:00			`command = "/usr/local/CyberCP/bin/certbot certonly -n --expand --agree-tos --email " + adminEmail + " --webroot -w " + sslpath + " -d " + virtualHostName + " -d www." + virtualHostName`
Improvments to Manage SSL, Hostname SSL and MailServer SSL. 2018-05-21 16:51:28 +05:00			`output = subprocess.check_output(shlex.split(command))`
bug fix to tuning 2018-08-23 15:39:28 +05:00			`logging.CyberCPLogFileWriter.writeToFile("Successfully obtained SSL for: " + virtualHostName + " and: www." + virtualHostName)`


			`except subprocess.CalledProcessError:`
Improvments to Manage SSL, Hostname SSL and MailServer SSL. 2018-05-21 16:51:28 +05:00			`logging.CyberCPLogFileWriter.writeToFile(`
			`"Failed to obtain SSL for: " + virtualHostName + " and: www." + virtualHostName)`
bug fix to tuning 2018-08-23 15:39:28 +05:00
Improvments to Manage SSL, Hostname SSL and MailServer SSL. 2018-05-21 16:51:28 +05:00			`try:`
bug fix to tuning 2018-08-23 15:39:28 +05:00			`logging.CyberCPLogFileWriter.writeToFile("Trying to obtain SSL for: " + virtualHostName)`
Enable/Disable PowerDNS Service 2018-07-23 02:09:33 +05:00			`command = "/usr/local/CyberCP/bin/certbot certonly -n --agree-tos --email " + adminEmail + " --webroot -w " + sslpath + " -d " + virtualHostName`
Improvments to Manage SSL, Hostname SSL and MailServer SSL. 2018-05-21 16:51:28 +05:00			`output = subprocess.check_output(shlex.split(command))`
bug fix to tuning 2018-08-23 15:39:28 +05:00			`logging.CyberCPLogFileWriter.writeToFile("Successfully obtained SSL for: " + virtualHostName)`
			`except subprocess.CalledProcessError:`
Improvments to Manage SSL, Hostname SSL and MailServer SSL. 2018-05-21 16:51:28 +05:00			`logging.CyberCPLogFileWriter.writeToFile('Failed to obtain SSL, issuing self-signed SSL for: ' + virtualHostName)`
			`return 0`
Initial Commit 2017-10-24 19:16:36 +05:00
Improvments to Manage SSL, Hostname SSL and MailServer SSL. 2018-05-21 16:51:28 +05:00			`##`

			`if output.find('Congratulations!') > -1:`

			`return 1`

			`elif output.find('no action taken.') > -1:`
open_basedir 2018-05-21 21:52:35 +05:00
Improvments to Manage SSL, Hostname SSL and MailServer SSL. 2018-05-21 16:51:28 +05:00			`return 1`
			`elif output.find('Failed authorization procedure') > -1:`
Alias Manager. 2018-05-08 21:25:37 +05:00			`logging.CyberCPLogFileWriter.writeToFile(`
Improvments to Manage SSL, Hostname SSL and MailServer SSL. 2018-05-21 16:51:28 +05:00			`'Failed authorization procedure for ' + virtualHostName + " while issuing Let's Encrypt SSL.")`
			`return 0`
			`elif output.find('Too many SSL requests for this domain, please try to get SSL at later time.') > -1:`
			`logging.CyberCPLogFileWriter.writeToFile(`
			`'Too many SSL requests for ' + virtualHostName + " please try to get SSL at later time.")`
Alias Manager. 2018-05-08 21:25:37 +05:00			`return 0`

Imrpovement to SSL Module. 2018-05-06 14:18:41 +05:00			`else:`
Initial Commit 2017-10-24 19:16:36 +05:00
bug fix to tuning 2018-08-23 15:39:28 +05:00			`ipFile = "/etc/cyberpanel/machineIP"`
			`f = open(ipFile)`
			`ipData = f.read()`
			`serverIPAddress = ipData.split('\n', 1)[0]`

Alias Manager. 2018-05-08 21:25:37 +05:00			`ipRecords = sslUtilities.getDNSRecords(virtualHostName)`

			`if ipRecords[0] == 1:`

			`if serverIPAddress == ipRecords[1] and serverIPAddress == ipRecords[2]:`

			`ipRecordsAlias = sslUtilities.getDNSRecords(aliasDomain)`

			`if serverIPAddress == ipRecordsAlias[1] and serverIPAddress == ipRecordsAlias[2]:`

Enable/Disable PowerDNS Service 2018-07-23 02:09:33 +05:00			`command = "/usr/local/CyberCP/bin/certbot certonly -n --expand --agree-tos --email " + adminEmail + " --webroot -w " + sslpath + " -d " + virtualHostName + " -d www." + virtualHostName + " -d " + aliasDomain + " -d www." + aliasDomain`
Alias Manager. 2018-05-08 21:25:37 +05:00
			`else:`
			`if serverIPAddress == ipRecordsAlias[2]:`
Enable/Disable PowerDNS Service 2018-07-23 02:09:33 +05:00			`command = "/usr/local/CyberCP/bin/certbot certonly -n --expand --agree-tos --email " + adminEmail + " --webroot -w " + sslpath + " -d " + virtualHostName + " -d www." + virtualHostName + " -d " + aliasDomain`
Alias Manager. 2018-05-08 21:25:37 +05:00			`else:`
Enable/Disable PowerDNS Service 2018-07-23 02:09:33 +05:00			`command = "/usr/local/CyberCP/bin/certbot certonly -n --expand --agree-tos --email " + adminEmail + " --webroot -w " + sslpath + " -d " + virtualHostName + " -d www." + virtualHostName`
Alias Manager. 2018-05-08 21:25:37 +05:00
			`else:`
			`if serverIPAddress == ipRecords[2]:`

			`ipRecordsAlias = sslUtilities.getDNSRecords(aliasDomain)`

			`if serverIPAddress == ipRecordsAlias[1] and serverIPAddress == ipRecordsAlias[2]:`

Enable/Disable PowerDNS Service 2018-07-23 02:09:33 +05:00			`command = "/usr/local/CyberCP/bin/certbot certonly -n --expand --agree-tos --email " + adminEmail + " --webroot -w " + sslpath + " -d " + virtualHostName + " -d " + aliasDomain + " -d www." + aliasDomain`
Alias Manager. 2018-05-08 21:25:37 +05:00
			`else:`
			`if serverIPAddress == ipRecordsAlias[2]:`
Enable/Disable PowerDNS Service 2018-07-23 02:09:33 +05:00			`command = "/usr/local/CyberCP/bin/certbot certonly -n --expand --agree-tos --email " + adminEmail + " --webroot -w " + sslpath + " -d " + virtualHostName + " -d " + aliasDomain`
Alias Manager. 2018-05-08 21:25:37 +05:00			`else:`
Enable/Disable PowerDNS Service 2018-07-23 02:09:33 +05:00			`command = "/usr/local/CyberCP/bin/certbot certonly -n --expand --agree-tos --email " + adminEmail + " --webroot -w " + sslpath + " -d " + virtualHostName`
Alias Manager. 2018-05-08 21:25:37 +05:00
			`logging.CyberCPLogFileWriter.writeToFile(`
			`"SSL is issued without 'www' due to DNS error for domain : " + virtualHostName)`
			`else:`

			`ipRecordsAlias = sslUtilities.getDNSRecords(aliasDomain)`

			`if serverIPAddress == ipRecordsAlias[1] and serverIPAddress == ipRecordsAlias[2]:`
Enable/Disable PowerDNS Service 2018-07-23 02:09:33 +05:00			`command = "/usr/local/CyberCP/bin/certbot certonly -n --expand --agree-tos --email " + adminEmail + " --webroot -w " + sslpath + " -d " + aliasDomain + " -d www." + aliasDomain`
Alias Manager. 2018-05-08 21:25:37 +05:00			`else:`
			`if serverIPAddress == ipRecordsAlias[2]:`
Enable/Disable PowerDNS Service 2018-07-23 02:09:33 +05:00			`command = "/usr/local/CyberCP/bin/certbot certonly -n --expand --agree-tos --email " + adminEmail + " --webroot -w " + sslpath + " -d " + aliasDomain`
Alias Manager. 2018-05-08 21:25:37 +05:00			`else:`
			`return 0`
			`else:`
			`logging.CyberCPLogFileWriter.writeToFile(`
			`"Failed to obtain DNS records for " + virtualHostName + ", issuing self signed certificate.")`
			`return 0`
Initial Commit 2017-10-24 19:16:36 +05:00
bug fix to tuning 2018-08-23 15:39:28 +05:00			`output = subprocess.check_output(shlex.split(command))`
Initial Commit 2017-10-24 19:16:36 +05:00
bug fix to tuning 2018-08-23 15:39:28 +05:00			`if output.find('Congratulations!') > -1:`
			`return 1`
			`elif output.find('no action taken.') > -1:`
			`return 1`
			`elif output.find('Failed authorization procedure') > -1:`
			`logging.CyberCPLogFileWriter.writeToFile(`
			`'Failed authorization procedure for ' + virtualHostName + " while issuing Let's Encrypt SSL.")`
			`return 0`
			`elif output.find('Too many SSL requests for this domain, please try to get SSL at later time.') > -1:`
			`logging.CyberCPLogFileWriter.writeToFile(`
			`'Too many SSL requests for ' + virtualHostName + " please try to get SSL at later time.")`
			`return 0`
Initial Commit 2017-10-24 19:16:36 +05:00
Imrpovement to SSL Module. 2018-05-06 14:18:41 +05:00			`except BaseException,msg:`
			`logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [Failed to obtain SSL. [obtainSSLForADomain]]")`
			`return 0`
Initial Commit 2017-10-24 19:16:36 +05:00

Improvments to Manage SSL, Hostname SSL and MailServer SSL. 2018-05-21 16:51:28 +05:00			`def issueSSLForDomain(domain, adminEmail, sslpath, aliasDomain = None):`
Imrpovement to SSL Module. 2018-05-06 14:18:41 +05:00			`try:`
Initial Commit 2017-10-24 19:16:36 +05:00
Alias Manager. 2018-05-08 21:25:37 +05:00			`if sslUtilities.obtainSSLForADomain(domain, adminEmail, sslpath, aliasDomain) == 1:`
Initial Commit 2017-10-24 19:16:36 +05:00
Imrpovement to SSL Module. 2018-05-06 14:18:41 +05:00			`if sslUtilities.installSSLForDomain(domain) == 1:`
			`return [1, "None"]`
			`else:`
			`return [0, "210 Failed to install SSL for domain. [issueSSLForDomain]"]`
			`else:`
Plugin Manager 2018-10-03 18:46:44 +05:00			`pathToStoreSSL = "/etc/letsencrypt/live/" + domain`
			`command = 'mkdir -p ' + pathToStoreSSL`
			`subprocess.call(shlex.split(command))`
Initial Commit 2017-10-24 19:16:36 +05:00
code refactoring 2018-08-22 00:37:43 +05:00			`pathToStoreSSLPrivKey = "/etc/letsencrypt/live/" + domain + "/privkey.pem"`
			`pathToStoreSSLFullChain = "/etc/letsencrypt/live/" + domain + "/fullchain.pem"`
Initial Commit 2017-10-24 19:16:36 +05:00
Imrpovement to SSL Module. 2018-05-06 14:18:41 +05:00			`command = 'openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com" -keyout ' + pathToStoreSSLPrivKey + ' -out ' + pathToStoreSSLFullChain`
			`cmd = shlex.split(command)`
			`subprocess.call(cmd)`
suExec, Filemanager and bug Fixes. 2017-12-09 22:30:10 +05:00
			`if sslUtilities.installSSLForDomain(domain) == 1:`
Imrpovement to SSL Module. 2018-05-06 14:18:41 +05:00			`logging.CyberCPLogFileWriter.writeToFile("Self signed SSL issued for " + domain + ".")`
suExec, Filemanager and bug Fixes. 2017-12-09 22:30:10 +05:00			`return [1, "None"]`
			`else:`
Imrpovement to SSL Module. 2018-05-06 14:18:41 +05:00			`return [0, "220 Failed to install SSL for domain. [issueSSLForDomain]"]`

suExec, Filemanager and bug Fixes. 2017-12-09 22:30:10 +05:00			`except BaseException,msg:`
Minor bug fix to API 2018-07-19 22:38:37 +05:00			`return [0, "347 "+ str(msg)+ " [issueSSLForDomain]"]`