diff options
author | John Estabrook <jestabro@sentrium.io> | 2019-12-13 13:33:04 -0600 |
---|---|---|
committer | John Estabrook <jestabro@sentrium.io> | 2020-02-05 09:29:02 -0600 |
commit | e45cc2e9e6d555329160624988fd4ff2146aabcb (patch) | |
tree | 00bf8dea8636a7b30d540f35382257007208f3aa /python/vyos | |
parent | 3a9cabbc9568d5d059789b349374c8af3cb25e2f (diff) | |
download | vyos-1x-e45cc2e9e6d555329160624988fd4ff2146aabcb.tar.gz vyos-1x-e45cc2e9e6d555329160624988fd4ff2146aabcb.zip |
service https: T1585: add support for letsencrypt certificates
Diffstat (limited to 'python/vyos')
-rw-r--r-- | python/vyos/certbot_util.py | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/python/vyos/certbot_util.py b/python/vyos/certbot_util.py new file mode 100644 index 000000000..df42d4780 --- /dev/null +++ b/python/vyos/certbot_util.py @@ -0,0 +1,58 @@ +# certbot_util -- adaptation of certbot_nginx name matching functions for VyOS +# https://github.com/certbot/certbot/blob/master/LICENSE.txt + +from certbot_nginx import parser + +NAME_RANK = 0 +START_WILDCARD_RANK = 1 +END_WILDCARD_RANK = 2 +REGEX_RANK = 3 + +def _rank_matches_by_name(server_block_list, target_name): + """Returns a ranked list of server_blocks that match target_name. + Adapted from the function of the same name in + certbot_nginx.NginxConfigurator + """ + matches = [] + for server_block in server_block_list: + name_type, name = parser.get_best_match(target_name, + server_block['name']) + if name_type == 'exact': + matches.append({'vhost': server_block, + 'name': name, + 'rank': NAME_RANK}) + elif name_type == 'wildcard_start': + matches.append({'vhost': server_block, + 'name': name, + 'rank': START_WILDCARD_RANK}) + elif name_type == 'wildcard_end': + matches.append({'vhost': server_block, + 'name': name, + 'rank': END_WILDCARD_RANK}) + elif name_type == 'regex': + matches.append({'vhost': server_block, + 'name': name, + 'rank': REGEX_RANK}) + + return sorted(matches, key=lambda x: x['rank']) + +def _select_best_name_match(matches): + """Returns the best name match of a ranked list of server_blocks. + Adapted from the function of the same name in + certbot_nginx.NginxConfigurator + """ + if not matches: + return None + elif matches[0]['rank'] in [START_WILDCARD_RANK, END_WILDCARD_RANK]: + rank = matches[0]['rank'] + wildcards = [x for x in matches if x['rank'] == rank] + return max(wildcards, key=lambda x: len(x['name']))['vhost'] + else: + return matches[0]['vhost'] + +def choose_server_block(server_block_list, target_name): + matches = _rank_matches_by_name(server_block_list, target_name) + server_blocks = [x for x in [_select_best_name_match(matches)] + if x is not None] + return server_blocks + |