forked from igroykt/letsencrypt-nic
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathauth.py
More file actions
executable file
·113 lines (99 loc) · 3.45 KB
/
auth.py
File metadata and controls
executable file
·113 lines (99 loc) · 3.45 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
import os
import sys
from configparser import ConfigParser
import time
import json
from nic_api import DnsApi
from nic_api.models import TXTRecord
from tld import get_tld
from func import Func
try:
if getattr(sys, 'frozen', False):
script_dir = os.path.dirname(sys.executable)
else:
script_dir = os.path.dirname(os.path.realpath(__file__))
config = ConfigParser()
config.read(script_dir + os.sep + "config.ini")
except Exception as err:
raise SystemExit(f"Config parse: {err}")
USERNAME = os.getenv('NICUSER')
PASSWORD = os.getenv('NICPASS')
CLIENT_ID = os.getenv('NICID')
CLIENT_SECRET = os.getenv('NICSECRET')
SERVICE_ID = config.get('GENERAL', 'SERVICE_ID')
DNS_SERVER = config.get('GENERAL', 'DNS_SERVER').split(',')
TTL = config.get('GENERAL', 'TTL')
SLEEP = int(config.get('GENERAL', 'SLEEP'))
CERTBOT_DOMAIN = os.getenv('CERTBOT_DOMAIN')
CERTBOT_VALIDATION = os.getenv('CERTBOT_VALIDATION')
CERTBOT_REMAINING = int(os.getenv('CERTBOT_REMAINING_CHALLENGES'))
VERBOSE = os.getenv('VERBOSE')
TOKEN_FILE = script_dir + os.sep + "nic_token.json"
def main():
try:
if VERBOSE:
print('Configuring OAuth...')
oauth_config = {
'APP_LOGIN': CLIENT_ID,
'APP_PASSWORD': CLIENT_SECRET
}
except Exception as err:
raise SystemExit(f"oauth_config error: {err}")
try:
api = DnsApi(oauth_config)
except Exception as err:
raise SystemExit(f"DnsApi error: {err}")
if os.path.exists(TOKEN_FILE):
mtime = os.path.getmtime(TOKEN_FILE)
with open(TOKEN_FILE, 'r') as file:
content = json.load(file)
expires_in = int(content['expires_in'])
if mtime + expires_in <= time.time():
if VERBOSE:
print('Token expired. Refreshing...')
os.remove(TOKEN_FILE)
try:
if VERBOSE:
print('Authorize API...')
api.authorize(
username = USERNAME,
password = PASSWORD,
token_filename = TOKEN_FILE
)
except Exception as err:
if VERBOSE:
print(f"api.authorize: {err}")
raise SystemExit(f"api.authorize: {err}")
if "*" in CERTBOT_DOMAIN:
domain = CERTBOT_DOMAIN.split(".")[1:]
domain = ".".join(domain)
else:
domain = CERTBOT_DOMAIN
domain_object = get_tld(domain, fix_protocol=True, as_object=True)
main_domain = f"{domain_object.domain}.{domain_object}"
try:
if domain_object.subdomain:
reg_domain = f"{domain_object.subdomain}"
query_domain = f"{domain_object.subdomain}.{domain_object.domain}.{domain_object}"
record = TXTRecord(name = f"_acme-challenge.{reg_domain}", txt = CERTBOT_VALIDATION, ttl = TTL)
else:
query_domain = f"{domain_object.domain}.{domain_object}"
record = TXTRecord(name = "_acme-challenge", txt = CERTBOT_VALIDATION, ttl = TTL)
api.add_record(record, SERVICE_ID, main_domain)
api.commit(SERVICE_ID, main_domain)
except Exception as err:
raise SystemExit(f"api.add_record error: {err}")
verb = ''
if VERBOSE:
verb = True
while True:
rdata = Func.checkTXTRecord(DNS_SERVER, query_domain, verbose=verb)
if rdata:
break
time.sleep(10)
if CERTBOT_REMAINING == 0:
if VERBOSE:
print(f'Sleep for {SLEEP} seconds...')
time.sleep(SLEEP)
if __name__ == '__main__':
main()