From 58276b8fbe46b4f9ecc0119324ef26671c44ea32 Mon Sep 17 00:00:00 2001 From: Thulinma Date: Thu, 5 Mar 2020 15:06:46 +0100 Subject: [PATCH] Switched hook order in certbot integration so it does not detect RENEWED_LINEAGE as CERTBOT_VALIDATION hook. --- src/utils/util_certbot.cpp | 96 +++++++++++++++++++------------------- 1 file changed, 48 insertions(+), 48 deletions(-) diff --git a/src/utils/util_certbot.cpp b/src/utils/util_certbot.cpp index cce6bf44..1f40afaf 100644 --- a/src/utils/util_certbot.cpp +++ b/src/utils/util_certbot.cpp @@ -55,6 +55,54 @@ int main(int argc, char **argv){ Util::Config conf(argv[0]); conf.parseArgs(argc, argv); + //Handle --deploy-hook + if (getenv("RENEWED_LINEAGE")){ + INFO_MSG("Detected '--deploy-hook' calling. Installing certificate."); + std::string cbPath = getenv("RENEWED_LINEAGE"); + std::string cbCert = cbPath + "/fullchain.pem"; + std::string cbKey = cbPath + "/privkey.pem"; + Socket::UDPConnection uSock; + uSock.SetDestination(UDP_API_HOST, UDP_API_PORT); + Util::DTSCShmReader rProto(SHM_PROTO); + DTSC::Scan prtcls = rProto.getScan(); + unsigned int pro_cnt = prtcls.getSize(); + bool found = false; + for (unsigned int i = 0; i < pro_cnt; ++i){ + std::string ctor = prtcls.getIndice(i).getMember("connector").asString(); + if (ctor == "HTTPS"){ + found = true; + JSON::Value currConf = prtcls.getIndice(i).asJSON(); + JSON::Value cmd; + cmd["updateprotocol"].append(currConf); + cmd["updateprotocol"].append(currConf); + cmd["updateprotocol"][1u]["cert"] = cbCert; + cmd["updateprotocol"][1u]["key"] = cbKey; + INFO_MSG("Executing: %s", cmd.toString().c_str()); + uSock.SendNow(cmd.toString()); + Util::wait(500); + uSock.SendNow(cmd.toString()); + Util::wait(500); + uSock.SendNow(cmd.toString()); + } + } + if (!found){ + INFO_MSG("No HTTPS active; enabling on port 443"); + JSON::Value cmd; + cmd["addprotocol"]["connector"] = "HTTPS"; + cmd["addprotocol"]["port"] = 443; + cmd["addprotocol"]["cert"] = cbCert; + cmd["addprotocol"]["key"] = cbKey; + INFO_MSG("Executing: %s", cmd.toString().c_str()); + uSock.SendNow(cmd.toString()); + Util::wait(500); + uSock.SendNow(cmd.toString()); + Util::wait(500); + uSock.SendNow(cmd.toString()); + } + Util::wait(5000); + return 0; + } + //Handle --manual-auth-hook if (getenv("CERTBOT_VALIDATION") && getenv("CERTBOT_TOKEN")){ INFO_MSG("Detected '--manual-auth-hook' calling. Performing authentication."); @@ -118,54 +166,6 @@ int main(int argc, char **argv){ return 0; } - //Handle --deploy-hook - if (getenv("RENEWED_LINEAGE")){ - INFO_MSG("Detected '--deploy-hook' calling. Installing certificate."); - std::string cbPath = getenv("RENEWED_LINEAGE"); - std::string cbCert = cbPath + "/fullchain.pem"; - std::string cbKey = cbPath + "/privkey.pem"; - Socket::UDPConnection uSock; - uSock.SetDestination(UDP_API_HOST, UDP_API_PORT); - Util::DTSCShmReader rProto(SHM_PROTO); - DTSC::Scan prtcls = rProto.getScan(); - unsigned int pro_cnt = prtcls.getSize(); - bool found = false; - for (unsigned int i = 0; i < pro_cnt; ++i){ - std::string ctor = prtcls.getIndice(i).getMember("connector").asString(); - if (ctor == "HTTPS"){ - found = true; - JSON::Value currConf = prtcls.getIndice(i).asJSON(); - JSON::Value cmd; - cmd["updateprotocol"].append(currConf); - cmd["updateprotocol"].append(currConf); - cmd["updateprotocol"][1u]["cert"] = cbCert; - cmd["updateprotocol"][1u]["key"] = cbKey; - INFO_MSG("Executing: %s", cmd.toString().c_str()); - uSock.SendNow(cmd.toString()); - Util::wait(500); - uSock.SendNow(cmd.toString()); - Util::wait(500); - uSock.SendNow(cmd.toString()); - } - } - if (!found){ - INFO_MSG("No HTTPS active; enabling on port 443"); - JSON::Value cmd; - cmd["addprotocol"]["connector"] = "HTTPS"; - cmd["addprotocol"]["port"] = 443; - cmd["addprotocol"]["cert"] = cbCert; - cmd["addprotocol"]["key"] = cbKey; - INFO_MSG("Executing: %s", cmd.toString().c_str()); - uSock.SendNow(cmd.toString()); - Util::wait(500); - uSock.SendNow(cmd.toString()); - Util::wait(500); - uSock.SendNow(cmd.toString()); - } - Util::wait(5000); - return 0; - } - //Print usage message to help point users in the right direction FAIL_MSG("This utility is meant to be ran by certbot, not by hand."); FAIL_MSG("Sample usage: certbot certonly --manual --preferred-challenges=http --manual-auth-hook MistUtilCertbot --deploy-hook MistUtilCertbot -d yourdomain.example.com");