|
Server : LiteSpeed System : Linux host 5.15.0-161-generic #171-Ubuntu SMP Sat Oct 11 08:17:01 UTC 2025 x86_64 User : idnco5810 ( 1093) PHP Version : 8.2.29 Disable Function : NONE Directory : /usr/local/CyberCP/plogical/__pycache__/ |
Upload File : |
o
������g�����������������������@���s����d�dl�Z�d�dlmZ�d�dlZd�dlZd�dlZd�dlZd�dlm Z �z
d�dl
m
Z
m
Z
�W�n���Y�d�dl
mZ�G�dd��d�Zd
dd �ZdS�)
�����N)�CyberCPLogFileWriter)�ProcessUtilities)�
ChildDomains�Websites��
ACLManagerc�������������������@���s����e�Zd�ZdZdZdZdZdZedd���Z edd ���Z
ed
d
���Z
ed
d
���Z
edd���Z
edd���Zedd���Zeddd��Zeddd��ZdS�)
�
sslUtilitiesz/usr/local/lswsz&/usr/local/lsws/conf/dvhost_redis.confr�����������c����������� ���
���C���s����z`ddl�m}�ddlm}�t|�d��D}|���}|�||���}|j�|j �}|rL|j
�
|j
�}z
t
j�dt|������W�n���Y�d|fW��d�����W�S� �W�d�����W�dS�1�sYw���Y��W�d�S��tyx�}�z
dt|�fW��Y�d�}~S�d�}~ww�)Nr���)�x509)�default_backend�rbzCovered domains: r ���)r���N)�
cryptographyr
����
cryptography.hazmat.backendsr
����open�read�load_pem_x509_certificate�
extensions�get_extension_for_class�SubjectAlternativeName�value�get_values_for_type�DNSName�loggingr����
writeToFile�str�
BaseException) � cert_pathr
���r
���� cert_file� cert_data�cert�
san_extension�
san_domains�msg��r$����+/usr/local/CyberCP/plogical/sslUtilities.py�getDomainsCovered���s*���
�(���z
sslUtilities.getDomainsCoveredc�����������
������C���s���d|��}t�j�|�r�dd�l}|j�|jjt|d�����}|� ���
��d�d��
d�}t�j�t
j
�r=tj�d|���d|��d���|d krDtjS�|d
krdt�|�\}}|rdt|�dkratj�d
|��d��ntjS�|����
d
�}dd
lm}�|�|d�} |���}
| |
�}
t|
j�dkr�|dkr�tj�d|��d��tjS�|dkr�tj�d|����d��tjS�|d
kr�tj�d|����d��tjS�tj�d|����d��tjS�tj�d|����d��tjS�)N�&/etc/letsencrypt/live/%s/fullchain.pemr����rr ����utf-8zSSL provider for z is �.z(STAGING) Let's Encryptz
Let's Encryptz�[CheckIfSSLNeedsToBeIssued] SSL exists for %s and both versions are covered, just need to ensure if SSL is valid for less then 15 days.�ascii)�datetimez
%Y%m%d%H%M%SZ�����Denialz\[CheckIfSSLNeedsToBeIssued] SSL exists for %s and is not ready to fetch new SSL., skipping..zJ[CheckIfSSLNeedsToBeIssued] Self-signed SSL found, lets issue new SSL for z1[CheckIfSSLNeedsToBeIssued] Custom SSL found for z2[CheckIfSSLNeedsToBeIssued] We will issue SSL for )
�os�path�exists�OpenSSL�crypto�load_certificate�
FILETYPE_PEMr���r����
get_issuer�get_components�decoder���� debugPathr���r���r���r���� ISSUE_SSLr&����len�
get_notAfterr,����strptime�now�int�days�
DONT_ISSUE)
�virtualHostName�filePathr2���r
����
SSLProvider�status�domains�
expireDatar,���� finalDater>����diffr$���r$���r%����CheckIfSSLNeedsToBeIssued4���sb���
�
��
�
�
�
�z&sslUtilities.CheckIfSSLNeedsToBeIssuedc��������������
���C���s����zOt�d����}d}|D�]A}|�d�dkr
|�d�dkr
d}q
|dkr-|�d�dkr-�W�dS�|�|��dkrL|dkrLdd ��|�d
�D��}|d�|�krL�W�dS�q
W�d�S��tyl�}�ztj�t|�d
���W�Y�d�}~dS�d�}~ww�)
N�&/usr/local/lsws/conf/httpd_config.confr����listener����SSLr ����}c�����������������S���s���g�|�]}|r|�qS�r$���r$���)�.0�_fr$���r$���r%����
<listcomp>���s����z.sslUtilities.checkIfSSLMap.<locals>.<listcomp>� z1 [IO Error with main config file [checkIfSSLMap]]) r���� readlines�find�splitr
���r���r���r���r���)rB����data�sslCheck�itemsr#���r$���r$���r%����
checkIfSSLMapp���s*���
��
��zsslUtilities.checkIfSSLMapc���������������
���C����t���zt�d����}�|�D�]
}|�d�dkr�W�dS�q W�dS��ty9�}�ztj�t|�d���t|�W��Y�d�}~S�d�}~ww�)NrK���z
listener SSLrM���r ���z4 [IO Error with main config file [checkSSLListener]]r����r���rT���rU���r
���r���r���r���r����rW���rY���r#���r$���r$���r%����checkSSLListener��������
�����z
sslUtilities.checkSSLListenerc���������������
���C���r[���)NrK���zlistener SSL IPv6rM���r ���z8 [IO Error with main config file [checkSSLIPv6Listener]]r���r\���r]���r$���r$���r%����checkSSLIPv6Listener����r_���z!sslUtilities.checkSSLIPv6Listenerc��������������
���C���s^���zt��|��}t��d|���}d||gW�S��ty.�}�zddt|��d�gW��Y�d�}~S�d�}~ww�)Nzwww.r ���r����347 � [issueSSLForDomain])�socket�
gethostbynamer
���r���)rB����
withoutWWW�withWWWr#���r$���r$���r%����
getDNSRecords����s���
��zsslUtilities.getDNSRecordsc�����������
���
���C���s*��z|t�jd�|��}|d�}t|d����}|�d�dkrzt���tjkr2t|d�}d}|�|��|� ���n:t|d��
��}t|d�}d }|D�]%}|�d
�dkrb|d kr\|�|��|�d
��d
}qB|�|��qB|�|��qB|� ���d d
l
m
} �| j
�
���W�d�S�W�d�S��ty��}
�z
d t|
�fW��Y�d�}
~
S�d�}
~
ww�)N�
/conf/vhosts/�
/vhost.confr(���z/.well-known/acme-challengerM����aa��
context /.well-known/acme-challenge {
location /usr/local/lsws/Example/html/.well-known/acme-challenge
allowBrowse 1
rewrite {
enable 0
}
addDefaultCharset off
phpIniOverride {
}
}
�wr���zDocumentRoot /home/z^ Alias /.well-known/acme-challenge /usr/local/lsws/Example/html/.well-known/acme-challenge
r ���)�installUtilities)r����
Server_rootr���r���rU���r����
decideServer�OLS�write�closerT����plogicalrl����reStartLiteSpeedr
���r���)
rB����confPath�completePathToConfigFile� DataVhost�
WriteToFile�contentrW����CheckrY���rl���r#���r$���r$���r%����PatchVhostConf����s:���
�+��zsslUtilities.PatchVhostConf�example@example.orgc�����������1���
���C���s���z
t�jj|�d�}|j}W�n
�ty(�}�ztj�dt|����W�Y�d�}~nd�}~ww�t �
��t j
k�rjt
j
d�|��}|d�}�zd|��d�|��d�}t
���dkr�td d
�}d
}d
} d
}
d|��d�}
d|��d�}
d}
d}d}d}d}d}d}d}d|��d�|��d�}d}|�d��|�|��|�| ��|�|
��|�|
��|�|
��|�|
��|�|��|�|��|�|��|�|��|�|��|�|��|�|��|�|��|�|��|�d��|����W�dS�t
���dk�rstd d
�}d}d
} d
}
d|��d�}
d|��d�}
d}
d}d}d}d}d}d}d}d|��d�|��d�}d}|�d��|�|��|�| ��|�|
��|�|
��|�|
��|�|
��|�|��|�|��|�|��|�|��|�|��|�|��|�|��|�|��|�|��|�d��|����W�dS�t
�|��d
k�r�td ����}td d
�}d
}|D�]-}|�d �d k�r�|�d!�d k�r�d}|dk�r�|�|��|�|��d
}�q�|�|���q�|����t|d"����}d
}|D�]
}|�d#�d k�r�d}�q�|d
k�rIt|d
�}d$}d%|��d�}
d&|��d�}
d}
d}d}d}d}d}d}d}d'}|�d��|�|��|�|
��|�|
��|�|
��|�|��|�|��|�|��|�|��|�|��|�|��|�|��|�|��|�d��|����W�dS��t�yi�}�ztj�t|�d(���W�Y�d�}~d
S�d�}~ww�tj�t
j��s�t
j
d�|��}|d�}t|d"����}|D�]}|�d)�d k�r��dS��q�z�ztjj|�d�}
|
jj
}
d*|
j�d�}
W�n)�t�y��}�z
t�jj|�d�}|j
}
t
�
d�|��} d*| ��d�}
W�Y�d�}~nd�}~ww�t|d"����}d+} |D�]}|�d,�d k�r�|�d-�d k�r�|} �n�q�t|d
�}!d.}"d/}#d0|��d�}$d1|��d�}%d2|�d�}&d3|
�d�|
�d�}'d4|��d5�|��d6�}(|!�|#��|!�|$��|!�|%��|!�|&��|!�|'��|!�|
��|!�|(��|!�|"��d7})d8}*d9|��d�}+d:|��d�},|!�|)��|!�|*��|!�|+��|!�|,��|!�| ��d;}-|!�|-��|!����W�dS��t�y��}�ztj�t|�d<���W�Y�d�}~d
S�d�}~ww�td=|��d>��� ��� d�}.td=|��d?�d"�� ��� d�}/d@|�|.|/f�}0tj�dA��tj�|0��t �!|0��dS�)BN)�domainz%s [installSSLForDomain:72]rh���ri���z map rS����
r ���rK���rj���zlistener SSL {
z address *:443
z
secure 1
z1 keyFile /etc/letsencrypt/live/z
/privkey.pem
z1 certFile /etc/letsencrypt/live/z/fullchain.pem
z
certChain 1
z
sslProtocol 24
z
enableECDHE 1
z
renegProtection 1
z
sslSessionCache 1
z
enableSpdy 15
z
enableStapling 1
z! ocspRespMaxAge 86400
z}
zlistener SSL IPv6 {
z$ address [ANY]:443
r���rk���rL���rM���rN���r(����vhsslz vhssl {
z0 keyFile /etc/letsencrypt/live/z0 certFile /etc/letsencrypt/live/rO���z [installSSLForDomain]]z*:443z DocumentRoot ���
AddHandler�phpzj <IfModule LiteSpeed>
CacheRoot lscache
CacheLookup on
</IfModule>
z
<VirtualHost *:443>
z ServerName z ServerAlias www.z ServerAdmin z SuexecUserGroup z CustomLog /home/z/logs/z.access_log combined
z SSLEngine on
z SSLVerifyClient none
z- SSLCertificateFile /etc/letsencrypt/live/z0 SSLCertificateKeyFile /etc/letsencrypt/live/z</VirtualHost>
z [installSSLForDomain]�/etc/letsencrypt/live/�/fullchain.pem�
/privkey.pemz*redis-cli hmset "ssl:%s" crt "%s" key "%s"zhello world aaa)"r����objects�get�
adminEmailr
���r���r���r���r���r���rn���ro���r���rm���r^���r����
writelinesrq���r`���rZ���rT���rU���r/���r0���r1���� redisConfr����master�
externalAppr����FindDocRootOfSiter����rstrip�
executioner)1rB���r�����websiter#���rt���ru����map�writeDataToFilerL����address�secure�keyFile�certFile� certChain�
sslProtocol�
enableECDHE�renegProtection�sslSessionCache�
enableSpdy�enableStapling�ocspRespMaxAge�finalrW���rX���rY����
vhsslPresense�writeSSLConfigr~����
chilDomainr�����
DocumentRoot�docRoot�
phpHandler�confFile� cacheRoot�
VirtualHost�
ServerName�
ServerAlias�
ServerAdmin�SeexecUserGroup�CustomLogCombined� SSLEngine�SSLVerifyClient�SSLCertificateFile�SSLCertificateKeyFile�VirtualHostEndr ����key�commandr$���r$���r%����installSSLForDomain����s���
��
l�
E�
�
���
�� �
��
z sslUtilities.installSSLForDomainNc��������������
���C���s���ddl�m}�ddlm}�dd�l}d}t�|��tjkrndS�dt����}t� |���t
j
�
d�s5d} t
�| ��d} t
�| ��d |����}
d
|
���} t
�| ��d
|���d
|����}
d
|���d
|����}
z-tj|
dd�}
|
jdkrttj�d|
�����d}ntj�dt|
j���d|
��d|
j�����W�n �ty��}�ztj�d|
��dt|������W�Y�d�}~nd�}~ww�z-tj|
dd�}
|
jdkr�tj�d|
�����d}ntj�dt|
j���d|
��d|
j�����W�n �ty��}�ztj�d|
��dt|������W�Y�d�}~nd�}~ww�d}d}�z0d}d||f�} t�t�
| ���d|�} t�t�
| ���|d�u��r�d|��}t
j
�
|��s5d|�} t�t�
| ����z|d
�|��d
�|��d
�|�d �d �|�d!�d"�|�d#�d$�} |�r1|�r1tj�| d��z
tj
| d%d%d%d&�}W�n���tj
| tj
tj
d%d%d'�}Y�|j }|j }|j!dk�r"t
j
�
t
j"��r�tj�||���|d
�|��d
�|��d
�|�d �d �|�d!�d"�|�d#�d(�} tj�| d��z
tj
| d%d%d%d&�}W�n���tj
| tj
tj
d%d%d'�}Y�|j }|j }|j!dk�rt
j
�
t
j"��r�tj�||���tj�d)|��d*�|��d��tj�#|||d+|����W�W�dS�tj�||���t�$dd,d,��tj�||���t�$dd,d,��tj�| d��t�$dd,d,���tj$�y����tj�d-|��d*�|��d��d-|��d*�|��}�z|d
�|��d
�|�d �d �|�d!�d"�|�d#�d$�} d.||�f�}|�r`d.||�f�}tj�d/|��d��tj�| ��z
tj
| d%d%d%d&�}W�n���tj
| tj
tj
d%d%d'�}Y�|j }|j }|j!dk�rSt
j
�
t
j"��r�tj�||���|d
�|��d
�|�d �d �|�d!�d"�|�d#�d(�} z
tj
| d%d%d%d&�}W�n���tj
| tj
tj
d%d%d'�}Y�|j }|j }|j!dk�r?t
j
�
t
j"��r tj�||���tj�d)|��d��d0||�f�}tj�#|||d+|����W�Y�W�dS�tj�| d��tj�||���W�Y�W�dS�tj�||���W�Y�W�dS�tj�| d��W�Y�W�dS��tj$�y����tj�d1|��d��tj�#||d1|��d+|����Y�Y�W�dS�w�w�d|��}t
j
�
|��s�d|�} t�t�
| ���zatj�d/|��d2�|��d3�|�d4�|�d5���|d
�|��d
�|��d6�|�d
�|�d
�|�d �d �|�d!�d"�|�d#�d(�} t�%t�
| ���&d7�}tj�d)|��d2�|��d3�|�d8�|�d5���W�W�dS��tj$�y,���tj�d-|��d2�|��d3�|�d8�|�d5���Y�W�dS�w��t�yJ�}�ztj�t|�d9���W�Y�d�}~dS�d�}~ww�):Nr���r���)r���r ���zroot@%sz7/usr/local/lsws/Example/html/.well-known/acme-challengez@mkdir -p /usr/local/lsws/Example/html/.well-known/acme-challengez)chmod -R 755 /usr/local/lsws/Example/htmlz8/usr/local/lsws/Example/html/.well-known/acme-challenge/ztouch z
http://www.z
/.well-known/acme-challenge/zhttp://����)�timeout�����zStatus Code: 200 for: z
Status Code: z for: z . Error: zStatus Code: Unknown for: zStatus Code: Unkown for: z/root/.acme.sh/acme.shz%s --register-account -m %sz(%s --set-default-ca --server letsencryptr����z mkdir -p z
--issue -d z -d www.z
--cert-file z /cert.pemz
--key-file r����z --fullchain-file r����z< -w /usr/local/lsws/Example/html -k ec-256 --force --stagingT)�capture_output�universal_newlines�shell)�stdout�stderrr����r����zG -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencryptz Successfully obtained SSL for: z
and: www.zSSL Notification for %s.r���zFailed to obtain SSL for: z %s
Trying to obtain SSL for: %szTrying to obtain SSL for: z%%s
Successfully obtained SSL for: %s.z3Failed to obtain SSL, issuing self-signed SSL for: z, www.z, z and www.�,z -d r)���zand www.z. [Failed to obtain SSL. [obtainSSLForADomain]])'�
plogical.aclr����plogical.sslv2r����jsonrJ���r:���rc����
gethostnamerz���r/���r0���r1���r����normalExecutionerr�����requestsr�����
status_coder���r���r���r����textr
����
subprocess�call�shlexrV����run�PIPEr����r�����
returncoder9���� SendEmail�CalledProcessError�
check_outputr8���)rB���r�����sslpath�
aliasDomainr����sslv2r�����Status�
sender_emailr�����CustomVerificationFile�URLFetchPathWWW�URLFetchPathNONWWW�resp� WWWStatusr#����
NONWWWStatus�acmePath�existingCertPath�resultr����r����� finalText�CurrentMessage�outputr$���r$���r%����obtainSSLForADomain���s@��
�����
&����
����������
����������
��
�
����������
��
��������
��
�
�
�
��P"���������������"�
�"�� ��z sslUtilities.obtainSSLForADomain)r{����N)�__name__�
__module__�
__qualname__rm���r����rA����ISSUE_SELFSIGNEDr:����
staticmethodr&���rJ���rZ���r^���r`���rg���rz���r����r����r$���r$���r$���r%���r������s2����
;
5
�yr���c�����������
���
���C���sn��z�t��|�|||�dkr
t��|�|�dkrddgW�S�ddgW�S�d|��}d|��}tj�|�rjdd�l}|j�|jj t
|d��
���}|�
���
��d�d��d�}|d krjt��|��dkrjtj�d
|��d
���dd
|��d
�d
�gW�S�d
|��d�|�d�|�} t�| �}
t�|
��t��|��dkr�tj�d|��d���ddgW�S�ddgW�S��ty��}
�zddt|
��d
�gW��Y�d�}
~
S�d�}
~
ww�)Nr ����Noner���z9210 Failed to install SSL for domain. [issueSSLForDomain]z$/etc/letsencrypt/live/%s/privkey.pemr'���r(���r)���r.���z#We are not able to get new SSL for zU. But there is an existing SSL, it might only be for the main domain (excluding www).rb���zhopenssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=z
" -keyout z -out zSelf signed SSL issued for r*���z7Self signed certificate was issued. [issueSSLForDomain]ra���)r���r����r����r/���r0���r1���r2���r3���r4���r5���r���r���r6���r7���r8���r���r���r���r����rV���r����r����r
���r���)
r|���r����r����r�����pathToStoreSSLPrivKey�pathToStoreSSLFullChainr2���r
���rD���r�����cmdr#���r$���r$���r%����issueSSLForDomain���s4���
��r����r����)r����rr���r���r���r/���r����r����rc����plogical.processUtilitiesr����websiteFunctions.modelsr���r���r����r���r���r����r$���r$���r$���r%����<module>���s&����
�����f