robin.thoni
/
certbot-pdns
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 5 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
23 Commits
3 Branches
Tree: f6b8ff6de4
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f6b8ff6de4'
${ noResults }
certbot-pdns/certbot_pdns/PdnsApiAuthenticator.py

PdnsApiAuthenticator.py 4.2KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109 
  1. import json

  2. 

  3. import logging

  4. 

  5. import time

  6. from certbot import errors

  7. 

  8. from certbot_pdns.pdnsapi import PdnsApi

  9. 

  10. logger = logging.getLogger(__name__)

  11. 

  12. 

  13. class PdnsApiAuthenticator:

  14.     api = None

  15.     zones = None

  16.     axfr_time = None

  17. 

  18.     def find_best_matching_zone(self, domain):

  19.         if domain is None or domain == "":

  20.             return None

  21.         for zone in self.zones:

  22.             if zone['name'] == domain + ".":

  23.                 return zone

  24.         return self.find_best_matching_zone(domain[domain.index(".") + 1:]) if "." in domain else None

  25. 

  26.     def find_soa(self, zone):

  27.         for rrset in zone["rrsets"]:

  28.             if rrset["type"] == "SOA":

  29.                 return rrset, rrset["records"][0]

  30.         return None

  31. 

  32.     def flush_zone(self, zone_name):

  33.         res = self.api.flush_zone_cache(zone_name)

  34.         if res is None or "result" not in res or res["result"] != "Flushed cache.":

  35.             raise errors.PluginError("Bad return from PDNS API when flushing cache: %s" % res)

  36. 

  37.     def notify_zone(self, zone_name):

  38.         res = self.api.notify_zone(zone_name)

  39.         if res is None or "result" not in res or res["result"] != "Notification queued":

  40.             raise errors.PluginError("Bad return from PDNS API when notifying: %s" % res)

  41. 

  42.     def update_soa(self, zone_name):

  43.         zone = self.api.get_zone(zone_name)

  44.         if zone is None or "error" in zone:

  45.             raise errors.PluginError("Bad return from PDNS API when getting zone %s: %s" % (zone_name, zone))

  46.         rrset, soa = self.find_soa(zone)

  47.         split = soa["content"].split(" ")

  48.         split[2] = str(int(split[2]) + 1)

  49.         soa["content"] = ' '.join(split)

  50.         res = self.api.replace_record(zone_name, zone_name, rrset["type"], rrset["ttl"], soa["content"],

  51.                                       soa["disabled"], False)

  52.         if res is not None:

  53.             raise errors.PluginError("Bad return from PDNS API when updating SOA: %s" % res)

  54. 

  55.     def prepare(self, conf_path):

  56.         self.api = PdnsApi()

  57.         with open(conf_path) as f:

  58.             config = json.load(f)

  59.         self.api.set_api_key(config["api-key"])

  60.         self.api.set_base_url(config["base-url"])

  61.         self.api.set_api_pass(config["api-pass"])

  62.         self.api.set_http_auth_user(config["http-auth-user"])

  63.         self.api.set_http_auth_pass(config["http-auth-pas"])

  64.         self.axfr_time = config["axfr-time"]

  65.         self.zones = self.api.list_zones()

  66.         # print(self.zones)

  67.         # raw_input('Press <ENTER> to continue')

  68.         if self.zones is None or "error" in self.zones:

  69.             raise errors.PluginError("Could not list zones %s" % self.zones)

  70. 

  71.     def perform_single(self, achall, response, validation):

  72.         domain = achall.domain

  73.         token = validation.encode()

  74.         zone = self.find_best_matching_zone(domain)

  75.         if zone is None:

  76.             raise errors.PluginError("Could not find zone for %s" % domain)

  77. 

  78.         logger.debug("Found zone %s for domain %s" % (zone["name"], domain))

  79. 

  80.         res = self.api.replace_record(zone["name"], "_acme-challenge." + domain + ".", "TXT", 1, "\"" + token.decode('utf-8') + "\"", False, False)

  81.         if res is not None:

  82.             raise errors.PluginError("Bad return from PDNS API when adding record: %s" % res)

  83. 

  84.         return response

  85. 

  86.     def perform_notify(self, zone):

  87.         logger.info("Notifying zone %s..." % zone["name"])

  88. 

  89.         self.update_soa(zone["name"])

  90.         self.flush_zone(zone["name"])

  91.         self.notify_zone(zone["name"])

  92. 

  93.     def wait_for_propagation(self, achalls):

  94.         # TODO search zones authoritative servers and check for TXT record on each of them

  95.         # raw_input('Press <ENTER> to continue')

  96.         logger.info("Waiting %i seconds..." % self.axfr_time)

  97.         time.sleep(self.axfr_time)

  98. 

  99.     def cleanup(self, achall):

  100.         domain = achall.domain

  101.         zone = self.find_best_matching_zone(domain)

  102.         if zone is None:

  103.             return

  104.         res = self.api.delete_record(zone["name"], "_acme-challenge." + domain + ".", "TXT", 1, None, False, False)

  105.         if res is not None:

  106.             raise errors.PluginError("Bad return from PDNS API when deleting record: %s" % res)

  107.         self.update_soa(zone["name"])

  108.         self.flush_zone(zone["name"])

  109.         self.notify_zone(zone["name"])