diff options
| author | Christian Breunig <christian@breunig.cc> | 2024-01-07 07:25:58 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-01-07 07:25:58 +0100 |
| commit | dff740f3cfb57757146d465d994499c552876359 (patch) | |
| tree | 6ad08283c75363f154fc8d1567b4a16bee8dd878 /python | |
| parent | 31d824d9b6bce13ea8fa2a838d47cdf24b345fb1 (diff) | |
| parent | 9ab6665c80c30bf446d94620fc9d85b052d48072 (diff) | |
| download | vyos-1x-dff740f3cfb57757146d465d994499c552876359.tar.gz vyos-1x-dff740f3cfb57757146d465d994499c552876359.zip | |
Merge pull request #2758 from c-po/certbot-T5886
pki: T5886: add support for ACME protocol (LetsEncrypt)
Diffstat (limited to 'python')
| -rw-r--r-- | python/vyos/config.py | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/python/vyos/config.py b/python/vyos/config.py index ca7b035e5..bee85315d 100644 --- a/python/vyos/config.py +++ b/python/vyos/config.py @@ -92,6 +92,38 @@ def config_dict_merge(src: dict, dest: Union[dict, ConfigDict]) -> ConfigDict: dest = ConfigDict(dest) return ext_dict_merge(src, dest) +def config_dict_mangle_acme(name, cli_dict): + """ + Load CLI PKI dictionary and if an ACME certificate is used, load it's content + and place it into the CLI dictionary as it would be a "regular" CLI PKI based + certificate with private key + """ + from vyos.base import ConfigError + from vyos.defaults import directories + from vyos.utils.file import read_file + from vyos.pki import encode_certificate + from vyos.pki import encode_private_key + from vyos.pki import load_certificate + from vyos.pki import load_private_key + + try: + vyos_certbot_dir = directories['certbot'] + + if 'acme' in cli_dict: + tmp = read_file(f'{vyos_certbot_dir}/live/{name}/cert.pem') + tmp = load_certificate(tmp, wrap_tags=False) + cert_base64 = "".join(encode_certificate(tmp).strip().split("\n")[1:-1]) + + tmp = read_file(f'{vyos_certbot_dir}/live/{name}/privkey.pem') + tmp = load_private_key(tmp, wrap_tags=False) + key_base64 = "".join(encode_private_key(tmp).strip().split("\n")[1:-1]) + # install ACME based PEM keys into "regular" CLI config keys + cli_dict.update({'certificate' : cert_base64, 'private' : {'key' : key_base64}}) + except: + raise ConfigError(f'Unable to load ACME certificates for "{name}"!') + + return cli_dict + class Config(object): """ The class of config access objects. @@ -306,6 +338,11 @@ class Config(object): no_tag_node_value_mangle=True, get_first_key=True) if pki_dict: + if 'certificate' in pki_dict: + for certificate in pki_dict['certificate']: + pki_dict['certificate'][certificate] = config_dict_mangle_acme( + certificate, pki_dict['certificate'][certificate]) + conf_dict['pki'] = pki_dict # save optional args for a call to get_config_defaults |