HEX

File: //usr/local/CyberCP/plogical/__pycache__/sslv2.cpython-310.pyc
o

��h�h�@s�ddlZddlZddlmZddlZddlZddlZddlZddl	m
Z
ddlmZz
ddl
mZmZWnYGdd�d�Zd
dd	�ZdS)�N)�CyberCPLogFileWriter)�
ACLManager)�ProcessUtilities)�ChildDomains�Websitesc@sxeZdZdZdZedd��Zedd��Zedd��Zed	d
��Z	eddd
��Z
edd��Zedd��Zeddd��Z
dS)�sslUtilitiesz/usr/local/lswsz&/usr/local/lsws/conf/dvhost_redis.confc
Cs�zOtd���}d}|D]A}|�d�dkr|�d�dkrd}q|dkr-|�d�dkr-WdS|�|�dkrL|dkrLdd	�|�d
�D�}|d|krLWdSqWdStyl}ztj�t|�d�WYd}~dSd}~ww)N�&/usr/local/lsws/conf/httpd_config.confr�listener����SSL��}cSsg|]}|r|�qS�r)�.0�_frr�$/usr/local/CyberCP/plogical/sslv2.py�
<listcomp>'sz.sslUtilities.checkIfSSLMap.<locals>.<listcomp>� z1 [IO Error with main config file [checkIfSSLMap]])	�open�	readlines�find�split�
BaseException�loggingr�writeToFile�str)�virtualHostName�data�sslCheck�items�msgrrr�
checkIfSSLMaps*����zsslUtilities.checkIfSSLMapc
C�tztd���}|D]
}|�d�dkrWdSq	WdSty9}ztj�t|�d�t|�WYd}~Sd}~ww)Nrzlistener SSLr
rz4 [IO Error with main config file [checkSSLListener]]r�rrrrrrrr�rrr rrr�checkSSLListener/s�����zsslUtilities.checkSSLListenerc
Cr")Nrzlistener SSL IPv6r
rz8 [IO Error with main config file [checkSSLIPv6Listener]]rr#r$rrr�checkSSLIPv6Listener<s���
���z!sslUtilities.checkSSLIPv6Listenerc
Cs^zt�|�}t�d|�}d||gWSty.}zddt|�dgWYd}~Sd}~ww)Nzwww.rr�347 � [issueSSLForDomain])�socket�
gethostbynamerr)r�
withoutWWW�withWWWr rrr�
getDNSRecordsJs
 ��zsslUtilities.getDNSRecords�domain@cyberpanel.netc1
Cs�ztjj|d�}|j}Wnty(}ztj�dt|��WYd}~nd}~wwt	�
�t	jk�rjtj
d|}|d}�zd|d|d}t��dkr�td	d
�}d}d}	d
}
d|d}d|d}d}
d}d}d}d}d}d}d}d|d|d}d}|�d�|�|�|�|	�|�|
�|�|�|�|�|�|
�|�|�|�|�|�|�|�|�|�|�|�|�|�|�|�|�|�|�|�d�|��WdSt��dk�rstd	d
�}d}d}	d
}
d|d}d|d}d}
d}d}d}d}d}d}d}d|d|d}d}|�d�|�|�|�|	�|�|
�|�|�|�|�|�|
�|�|�|�|�|�|�|�|�|�|�|�|�|�|�|�|�|�|�|�d�|��WdSt�|�dk�r�td	���}td	d�}d}|D]-}|�d�d k�r�|�d!�d k�r�d}|dk�r�|�|�|�|�d}�q�|�|��q�|��t|d"���}d}|D]
}|�d#�d k�r�d}�q�|dk�rIt|d
�}d$}d%|d}d&|d}d}
d}d}d}d}d}d}d}d'}|�d�|�|�|�|�|�|�|�|
�|�|�|�|�|�|�|�|�|�|�|�|�|�|�|�|�|�d�|��WdSt�yi}ztj�t|�d(�WYd}~dSd}~wwtj�tj��s�tj
d|}|d}t|d"���}|D]}|�d)�d k�r�dS�q�z�ztjj|d�}|jj}d*|jd}Wn)t�y�}ztjj|d�}|j}t�d|�}d*|�d�}WYd}~nd}~wwt|d"���}d+} |D]}|�d,�d k�r�|�d-�d k�r�|} n�q�t|d
�}!d.}"d/}#d0|d}$d1|d}%d2|d}&d3|d|d}'d4|d5|d6}(|!�|#�|!�|$�|!�|%�|!�|&�|!�|'�|!�|�|!�|(�|!�|"�d7})d8}*d9|d}+d:|d},|!�|)�|!�|*�|!�|+�|!�|,�|!�| �d;}-|!�|-�|!��WdSt�y�}ztj�t|�d<�WYd}~dSd}~wwtd=|d>���� d�}.td=|d?d"���� d�}/d@||.|/f}0tj�dA�tj�|0�t	�!|0�dS)BN)�domainz%s [installSSLForDomain:72]z
/conf/vhosts/z/vhost.confz  map                     r�
rr�azlistener SSL {
z   address                 *:443
z  secure                  1
z1  keyFile                  /etc/letsencrypt/live/z
/privkey.pem
z1  certFile                 /etc/letsencrypt/live/z/fullchain.pem
z  certChain               1
z  sslProtocol             24
z  enableECDHE             1
z  renegProtection         1
z  sslSessionCache         1
z  enableSpdy              15
z  enableStapling           1
z!  ocspRespMaxAge           86400
z}

zlistener SSL IPv6 {
z$  address                 [ANY]:443
r�wr	r
r�r�vhsslz	vhssl  {
z0  keyFile                 /etc/letsencrypt/live/z0  certFile                /etc/letsencrypt/live/r
z [installSSLForDomain]]z*:443z    DocumentRoot ��
AddHandler�phpzj    <IfModule LiteSpeed>
            CacheRoot lscache
            CacheLookup on
        </IfModule>
    z
<VirtualHost *:443>

z    ServerName z    ServerAlias www.z    ServerAdmin z    SuexecUserGroup z    CustomLog /home/z/logs/z.access_log combined
z    SSLEngine on
z    SSLVerifyClient none
z-    SSLCertificateFile /etc/letsencrypt/live/z0    SSLCertificateKeyFile /etc/letsencrypt/live/z</VirtualHost>
z [installSSLForDomain]�/etc/letsencrypt/live/�/fullchain.pem�/privkey.pemz*redis-cli hmset "ssl:%s" crt "%s" key "%s"zhello world aaa)"r�objects�get�
adminEmailrrrrrr�decideServer�OLSr�Server_rootr%r�
writelines�closer&r!rr�os�path�exists�	redisConfr�master�externalAppr�FindDocRootOfSite�read�rstrip�executioner)1rr=�websiter �confPath�completePathToConfigFile�map�writeDataToFiler	�address�secure�keyFile�certFile�	certChain�sslProtocol�enableECDHE�renegProtection�sslSessionCache�
enableSpdy�enableStapling�ocspRespMaxAge�finalrrr�
vhsslPresense�writeSSLConfigr4�
chilDomainrH�DocumentRoot�docRoot�
phpHandler�confFile�	cacheRoot�VirtualHost�
ServerName�ServerAlias�ServerAdmin�SeexecUserGroup�CustomLogCombined�	SSLEngine�SSLVerifyClient�SSLCertificateFile�SSLCertificateKeyFile�VirtualHostEnd�cert�key�commandrrr�installSSLForDomainVs�
 ��

















l�

















E�
 


�















����� �














��
z sslUtilities.installSSLForDomainc
CsVz�ddl}t��\}}}|jdd�}|r�||�}|jd|j}tj�d|���ddl	}|dd�}	|j	||d�}
z	|
j
j|	d�}Wnty[}z
dt
|�fWYd}~WSd}~wwt|d	d
�d�D](}
tj�d|
d
���|
d
|kr�|
ddkr�WdStj�d|
d
���qdWdSWdSty�}zdt
|�fWYd}~Sd}~ww)Nr��	cache_dir�.ztop level domain in cf: �2)�name�per_page)�email�token)�paramscSs|dS)Nrzr)�vrrr�<lambda>fsz7sslUtilities.FindIfDomainInCloudflare.<locals>.<lambda>)rszzone: rz�status�active�rNzzone is not active in cf: )rzZone not found in Cloudflare)rzError in finding keys.)�
tldextractr�FetchCloudFlareAPIKeyFromAcme�
TLDExtractr/�suffixrrr�
CloudFlare�zonesr<rr�sorted)rr��	RetStatus�SAVED_CF_Key�SAVED_CF_Email�no_cache_extract�
extractDomain�topLevelDomainr�r~�cfr�r �zonerrr�FindIfDomainInCloudflareOs<
�����z%sslUtilities.FindIfDomainInCloudflarec

Cs�zfddl}ddlm}ddlm}|jdd�}||�}|jd|j}|jj	|d�}|�
|d|��dt��dd	�t
�d
�t�d|��dtj�d}tj�dt|��d��|ddt��krdWd
SWdSty~}	zdt|	�fWYd}	~	Sd}	~	ww)Nr)�DNS)�Domainsrvrx)rzzcptest.�Ai�z
PDNS Result: �r�)rzIP Does not match)r��plogical.dnsUtilitiesr��
dns.modelsr�r�r/r�r;r<�createDNSRecordr�GetServerIP�time�sleepr)�getaddrinfo�AF_INETrrrrr)
rr�r�r�r�r�r�r��resultr rrr�FindIfDomainInPowerDNSus&
��z#sslUtilities.FindIfDomainInPowerDNSNc
Cs�|r#d|vs
d|vr#ddl}|�dd|�}|�d�}tj�d|���dt��}d}d}d}	d	|}
tj�	|
�r^ddl
}|j�|jj
t|
d
����}|����dd�d�}
|
d
kr^dSt�|�\}}d}|rld}nt�|�\}	}|	rxd}ndS�z�d}d||f}t�t�|��|du�r�d|}tj�	|�s�d|}t�t�|��zO|d|�d|��d|dd|dd|dd|�d�}tj�|d�t�t�|���d�}tj�d |d!|d�tj�|||d"|�W�nJtj�y�tj�d#|d!|d�d#|d!|}z`|d|d|dd|dd|dd|�d�}d$||f}d$||f}tj�d%|d�tj�|�t�t�|���d�}tj�d |d�d&||f}tj�|||d"|�Wn(tj�y�tj�d'|d�tj�||d'|d"|�d|fYYWSwYn�wd|}tj�	|��s�d|}t�t�|��zctj�d%|d(|d)|d*|d+�|d|d,|d-|d,|d|dd|dd|dd|�d�}t�t�|���d�}tj�d |d(|d)|d.|d+�Wn&tj�y@tj�d#|d(|d)|d.|d+�d|fYWSw|�d/�d0k�rNd|fWSd|fWSt�yu}ztj�t|�d1�dt|�fWYd}~Sd}~ww)2Nzexample.orgzexample.comrz[^a-zA-Z0-9]r5z@cyberpanel.netzReplacing invalid email with zroot@%sz&/etc/letsencrypt/live/%s/fullchain.pemr3rzutf-8�Denial)rz%This domain already have a valid SSL.�dns_cf�dns_cyberpanel)rz;Domain is not active in any of the configured DNS provider.z/root/.acme.sh/acme.shz%s --register-account -m %sr8z	mkdir -p z --issue -d z -d *.z
 --cert-file z	/cert.pemz --key-file r:z --fullchain-file r9z --dns z5 -k ec-256 --force --server letsencrypt --dnssleep 20zSuccessfully obtained SSL for: z
 and: www.zSSL Notification for %s.zFailed to obtain SSL for: z%s
Trying to obtain SSL for: %szTrying to obtain SSL for: z%%s
Successfully obtained SSL for: %s.z3Failed to obtain SSL, issuing self-signed SSL for: z, www.z, z	 and www.�,z -d www.z -d zand www.zCert successr
z. [Failed to obtain SSL. [obtainSSLForADomain]]) �re�subrrrr)�gethostnamerCrDrE�OpenSSL�crypto�load_certificate�FILETYPE_PEMrrJ�
get_issuer�get_components�decoderr�r��
subprocess�check_output�shlexr�	SendEmail�CalledProcessError�callrrr)rr=�sslpath�aliasDomainr��clean_domain�sender_email�CF_Check�Namecheck_Check�CyberPanel_Check�filePathr��x509�SSLProvider�message�
DNS_TO_USE�acmePathrt�existingCertPath�output�	finalText�CurrentMessager rrr�obtainSSLForADomain�sJ

���������
��
���������
����
����!"��������������
�"�"��

��z sslUtilities.obtainSSLForADomain)r.�N)�__name__�
__module__�__qualname__r@rF�staticmethodr!r%r&r-rur�r�r�rrrrrs(



y
%
rc
Cs�z%t�||||�\}}|dkr!t�||�dkrd|gWSd|gWSd|gWStyA}zddt|�dgWYd}~Sd}~ww)Nrrr'r()rr�rurr)r/r=r�r��	retStatusr�r rrr�issueSSLForDomain!s


 ��r�r�)r��requests�plogicalrrrCr�r�r)�plogical.aclr�plogical.processUtilitiesr�websiteFunctions.modelsrrrr�rrrr�<module>s&