-
Notifications
You must be signed in to change notification settings - Fork 1
/
cpanel_ca_check.py
executable file
·103 lines (78 loc) · 3.62 KB
/
cpanel_ca_check.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
#!/usr/bin/env python
import sys
import os
import optparse
import glob
import errno
import subprocess
import traceback
import logging
parser = optparse.OptionParser()
parser.add_option('-u', '--user', dest='user', help='Specify the user using autossl you want to check for a contained certificate authority bundle')
(options, args) = parser.parse_args()
# Define function to be used for finding the last modified file in a directory based on a glob string
def lastModified(directory, search):
try:
if os.path.isdir(directory):
newest = max(glob.iglob(os.path.join(directory, search)), key=os.path.getmtime)
return newest
else:
raise ValueError('Passed Directory Does not Exist!', directory)
except ValueError as err:
print(err.args)
# Define function to be used for checking the number of occurances in a file of a particular string
def countString(file, string):
count = 0
file_lines = open(file, 'r')
for line in file_lines:
if string in line:
count += 1
return count
# Define function to be used for adding the ca bundle to the bottom of the certificate to prevent certificate incomplete errors.
def addBundle(user, cert_file):
try:
# Ensure the certificate file is formatted for the id
cert_file = cert_file.replace('.crt', '')
cert_file = cert_file.split('/')[-1]
# Fetch the cabundle using the UAPI
uapi_cmd = "uapi --user=" + user + " SSL fetch_cert_info id=" + cert_file
process = subprocess.Popen(uapi_cmd.split(), stdout=subprocess.PIPE)
output, err = process.communicate()
# Check if this is a self signed certificate, if it is just exit as we dont want to check them for an ca bundle
if 'is_self_signed: 1' in output:
return
# We only want a printed output if something is actually going to happen so we start printing here when we know we are going to attempt to add the bundle
# By doing this we prevent unnessesary emails when running things by cron
print('User: ' + options.user)
print('CA Bundle Not Included')
print('Found cabundle from cPanel using UAPI')
# Seperate out the response and get the bundles from the response
output = output.split()
bundle_begin = output.index('cabundle:')
bundle_end = output.index('certificate:')
bundle = ""
first = 0
for index in range(int(bundle_begin + 1), bundle_end):
if first == 0:
bundle = '\n' + bundle + output[index]
first = 1
else:
bundle = bundle + " " + output[index]
# Ensure the file is correctly formatted to be appended to the other documents
bundle = bundle.replace("\\n", "\n")
bundle = bundle.replace('"', '')
# Append the bundle to the original certificate file
export = open('/home/' + user + '/ssl/certs/' + cert_file + '.crt', "a")
export.write(bundle)
export.close()
print('Appended to file successfully')
# Reloads nginx configuration, can be removed on servers not utilising nginx ssl termination
subprocess.call('/root/scripts/cron/nginx/nginx_reload')
except Exception as e:
print(e)
logging.error(traceback.format_exc())
usrdir_cert = '/home/' + options.user + '/ssl/certs/'
certificate = lastModified(usrdir_cert, '*.crt')
if countString(certificate, 'BEGIN CERTIFICATE') < 2:
# Try to add the ca bundle because this file only has one certificate in it and is therefore missing the bundle
addBundle(options.user, certificate)