Gecko [ www.thearyasamaj.org ]

Name	Size	Permission
help	[ DIR ]	drwxr-xr-x
images	[ DIR ]	drwxr-xr-x
lang	[ DIR ]	drwxr-xr-x
subdir	[ DIR ]	drwxr-xr-x
CHANGELOG	12.02 KB	-rw-r--r--
acme_tiny.py	11.24 KB	-rwxr-xr-x
adminupgrade	299 B	-rw-r--r--
backup_config.pl	1.97 KB	-rwxr-xr-x
bootup.cgi	1.04 KB	-rwxr-xr-x
cache.cgi	1.47 KB	-rwxr-xr-x
cgi_args.pl	159 B	-rwxr-xr-x
change_access.cgi	1.34 KB	-rwxr-xr-x
change_advanced.cgi	3 KB	-rwxr-xr-x
change_anon.cgi	712 B	-rwxr-xr-x
change_bind.cgi	4.8 KB	-rwxr-xr-x
change_ca.cgi	674 B	-rwxr-xr-x
change_debug.cgi	1.38 KB	-rwxr-xr-x
change_lang.cgi	478 B	-rwxr-xr-x
change_lock.cgi	554 B	-rwxr-xr-x
change_log.cgi	2.38 KB	-rwxr-xr-x
change_mobile.cgi	940 B	-rwxr-xr-x
change_os.cgi	1.85 KB	-rwxr-xr-x
change_osdn.cgi	1.54 KB	-rwxr-xr-x
change_overlay.cgi	1.16 KB	-rwxr-xr-x
change_proxy.cgi	1.09 KB	-rwxr-xr-x
change_referers.cgi	633 B	-rwxr-xr-x
change_session.cgi	4.77 KB	-rwxr-xr-x
change_ssl.cgi	3.03 KB	-rwxr-xr-x
change_startpage.cgi	773 B	-rwxr-xr-x
change_status.cgi	1.02 KB	-rwxr-xr-x
change_theme.cgi	1.16 KB	-rwxr-xr-x
change_twofactor.cgi	1.43 KB	-rwxr-xr-x
change_ui.cgi	1.65 KB	-rwxr-xr-x
change_web.cgi	2.47 KB	-rwxr-xr-x
clear_blocked.cgi	154 B	-rwxr-xr-x
clear_cache.cgi	205 B	-rwxr-xr-x
clone_mod.cgi	2.06 KB	-rwxr-xr-x
config	94 B	-rw-r--r--
config.info	609 B	-rw-r--r--
config.info.ar	414 B	-rw-r--r--
config.info.ca	408 B	-rw-r--r--
config.info.cs	233 B	-rw-r--r--
config.info.de	368 B	-rw-r--r--
config.info.es	229 B	-rw-r--r--
config.info.fa	301 B	-rw-r--r--
config.info.fr	577 B	-rw-r--r--
config.info.hr	0 B	-rw-r--r--
config.info.hu	0 B	-rw-r--r--
config.info.it	245 B	-rw-r--r--
config.info.ja	531 B	-rw-r--r--
config.info.ko	206 B	-rw-r--r--
config.info.ms	286 B	-rw-r--r--
config.info.nl	299 B	-rw-r--r--
config.info.no	283 B	-rw-r--r--
config.info.pl	284 B	-rw-r--r--
config.info.pt_BR	299 B	-rw-r--r--
config.info.ru	491 B	-rw-r--r--
config.info.sk	132 B	-rw-r--r--
config.info.sv	202 B	-rw-r--r--
config.info.tr	155 B	-rw-r--r--
cpan_modules.pl	229 B	-rwxr-xr-x
defaultacl	17 B	-rw-r--r--
delete_cache.cgi	471 B	-rwxr-xr-x
delete_mod.cgi	2.24 KB	-rwxr-xr-x
delete_webmincron.cgi	1.51 KB	-rwxr-xr-x
download_cert.cgi	532 B	-rwxr-xr-x
edit_access.cgi	1.38 KB	-rwxr-xr-x
edit_advanced.cgi	3.87 KB	-rwxr-xr-x
edit_anon.cgi	812 B	-rwxr-xr-x
edit_assignment.cgi	1.12 KB	-rwxr-xr-x
edit_bind.cgi	2.95 KB	-rwxr-xr-x
edit_blocked.cgi	944 B	-rwxr-xr-x
edit_ca.cgi	2.82 KB	-rwxr-xr-x
edit_categories.cgi	1.69 KB	-rwxr-xr-x
edit_debug.cgi	2.04 KB	-rwxr-xr-x
edit_descs.cgi	1.49 KB	-rwxr-xr-x
edit_ipkey.cgi	1.7 KB	-rwxr-xr-x
edit_lang.cgi	1004 B	-rwxr-xr-x
edit_lock.cgi	763 B	-rwxr-xr-x
edit_log.cgi	3.04 KB	-rwxr-xr-x
edit_mobile.cgi	1.26 KB	-rwxr-xr-x
edit_mods.cgi	4.67 KB	-rwxr-xr-x
edit_os.cgi	2.72 KB	-rwxr-xr-x
edit_proxy.cgi	3.7 KB	-rwxr-xr-x
edit_referers.cgi	899 B	-rwxr-xr-x
edit_sendmail.cgi	3.48 KB	-rwxr-xr-x
edit_session.cgi	5.18 KB	-rwxr-xr-x
edit_ssl.cgi	10.55 KB	-rwxr-xr-x
edit_startpage.cgi	1.68 KB	-rwxr-xr-x
edit_status.cgi	1.13 KB	-rwxr-xr-x
edit_themes.cgi	3.72 KB	-rwxr-xr-x
edit_twofactor.cgi	1.5 KB	-rwxr-xr-x
edit_ui.cgi	2.74 KB	-rwxr-xr-x
edit_upgrade.cgi	4.26 KB	-rwxr-xr-x
edit_web.cgi	2.88 KB	-rwxr-xr-x
edit_webmincron.cgi	1.35 KB	-rwxr-xr-x
export_mod.cgi	1.23 KB	-rwxr-xr-x
feedback_files.pl	126 B	-rwxr-xr-x
fix_os.cgi	228 B	-rwxr-xr-x
gnupg-lib.pl	13.38 KB	-rwxr-xr-x
hide.cgi	326 B	-rwxr-xr-x
index.cgi	4.16 KB	-rwxr-xr-x
install_mod.cgi	4.2 KB	-rwxr-xr-x
install_theme.cgi	2.29 KB	-rwxr-xr-x
jcameron-key.asc	1.29 KB	-rw-r--r--
letsencrypt-cleanup.pl	2 KB	-rwxr-xr-x
letsencrypt-dns.pl	2.46 KB	-rwxr-xr-x
letsencrypt-lib.pl	13.75 KB	-rwxr-xr-x
letsencrypt.cgi	4.64 KB	-rwxr-xr-x
log_parser.pl	1.23 KB	-rwxr-xr-x
module.info	195 B	-rw-r--r--
module.info.af	0 B	-rw-r--r--
module.info.af.auto	142 B	-rw-r--r--
module.info.ar	185 B	-rw-r--r--
module.info.ar.auto	22 B	-rw-r--r--
module.info.be	0 B	-rw-r--r--
module.info.be.auto	208 B	-rw-r--r--
module.info.bg	0 B	-rw-r--r--
module.info.bg.auto	218 B	-rw-r--r--
module.info.ca	134 B	-rw-r--r--
module.info.ca.auto	15 B	-rw-r--r--
module.info.cs	28 B	-rw-r--r--
module.info.cs.auto	128 B	-rw-r--r--
module.info.da	0 B	-rw-r--r--
module.info.da.auto	142 B	-rw-r--r--
module.info.de	126 B	-rw-r--r--
module.info.de.auto	15 B	-rw-r--r--
module.info.el	0 B	-rw-r--r--
module.info.el.auto	262 B	-rw-r--r--
module.info.es	33 B	-rw-r--r--
module.info.es.auto	109 B	-rw-r--r--
module.info.eu	0 B	-rw-r--r--
module.info.eu.auto	158 B	-rw-r--r--
module.info.fa	0 B	-rw-r--r--
module.info.fa.auto	202 B	-rw-r--r--
module.info.fi	0 B	-rw-r--r--
module.info.fi.auto	141 B	-rw-r--r--
module.info.fr	32 B	-rw-r--r--
module.info.fr.auto	129 B	-rw-r--r--
module.info.he	0 B	-rw-r--r--
module.info.he.auto	195 B	-rw-r--r--
module.info.hr	0 B	-rw-r--r--
module.info.hr.auto	149 B	-rw-r--r--
module.info.hu	30 B	-rw-r--r--
module.info.hu.auto	148 B	-rw-r--r--
module.info.it	33 B	-rw-r--r--
module.info.it.auto	107 B	-rw-r--r--
module.info.ja	180 B	-rw-r--r--
module.info.ko	22 B	-rw-r--r--
module.info.ko.auto	129 B	-rw-r--r--
module.info.lt	0 B	-rw-r--r--
module.info.lt.auto	180 B	-rw-r--r--
module.info.lv	0 B	-rw-r--r--
module.info.lv.auto	157 B	-rw-r--r--
module.info.ms	119 B	-rw-r--r--
module.info.ms.auto	15 B	-rw-r--r--
module.info.mt	0 B	-rw-r--r--
module.info.mt.auto	144 B	-rw-r--r--
module.info.nl	28 B	-rw-r--r--
module.info.nl.auto	117 B	-rw-r--r--
module.info.no	29 B	-rw-r--r--
module.info.no.auto	117 B	-rw-r--r--
module.info.pl	155 B	-rw-r--r--
module.info.pl.auto	15 B	-rw-r--r--
module.info.pt	33 B	-rw-r--r--
module.info.pt.auto	113 B	-rw-r--r--
module.info.pt_BR	36 B	-rw-r--r--
module.info.pt_BR.auto	119 B	-rw-r--r--
module.info.ro	0 B	-rw-r--r--
module.info.ro.auto	147 B	-rw-r--r--
module.info.ru	34 B	-rw-r--r--
module.info.ru.auto	172 B	-rw-r--r--
module.info.sk	30 B	-rw-r--r--
module.info.sk.auto	132 B	-rw-r--r--
module.info.sl	0 B	-rw-r--r--
module.info.sl.auto	147 B	-rw-r--r--
module.info.sv	30 B	-rw-r--r--
module.info.sv.auto	114 B	-rw-r--r--
module.info.th	0 B	-rw-r--r--
module.info.th.auto	258 B	-rw-r--r--
module.info.tr	33 B	-rw-r--r--
module.info.tr.auto	128 B	-rw-r--r--
module.info.uk	0 B	-rw-r--r--
module.info.uk.auto	215 B	-rw-r--r--
module.info.ur	0 B	-rw-r--r--
module.info.ur.auto	209 B	-rw-r--r--
module.info.vi	0 B	-rw-r--r--
module.info.vi.auto	177 B	-rw-r--r--
module.info.zh	22 B	-rw-r--r--
module.info.zh_TW	25 B	-rw-r--r--
module.info.zh_TW.auto	115 B	-rw-r--r--
newcsr.cgi	800 B	-rwxr-xr-x
newkey.cgi	879 B	-rwxr-xr-x
postinstall.pl	2.01 KB	-rwxr-xr-x
refresh_modules.cgi	664 B	-rwxr-xr-x
restart.cgi	87 B	-rwxr-xr-x
save_assignment.cgi	485 B	-rwxr-xr-x
save_categories.cgi	946 B	-rwxr-xr-x
save_descs.cgi	1006 B	-rwxr-xr-x
save_ipkey.cgi	1.31 KB	-rwxr-xr-x
save_newmod.cgi	278 B	-rwxr-xr-x
save_sendmail.cgi	2.08 KB	-rwxr-xr-x
save_webmincron.cgi	1016 B	-rwxr-xr-x
savekey.cgi	2.8 KB	-rwxr-xr-x
setup_ca.cgi	1.52 KB	-rwxr-xr-x
standard_chooser.cgi	1.68 KB	-rwxr-xr-x
stop_ca.cgi	1.03 KB	-rwxr-xr-x
syslog_logs.pl	633 B	-rwxr-xr-x
system_info.pl	5.02 KB	-rw-r--r--
test_sendmail.cgi	784 B	-rwxr-xr-x
third_chooser.cgi	1.55 KB	-rwxr-xr-x
twofactor-funcs-lib.pl	8.81 KB	-rw-r--r--
uninstall.pl	236 B	-rwxr-xr-x
update.cgi	2.86 KB	-rwxr-xr-x
upgrade.cgi	16.08 KB	-rwxr-xr-x
view_webmincron.cgi	1.66 KB	-rwxr-xr-x
webmin-lib.pl	68.83 KB	-rwxr-xr-x

Code Editor : acme_tiny.py

#!/usr/bin/env python
# Copyright Daniel Roesler, under MIT license, see LICENSE at github.com/diafygi/acme-tiny
import argparse, subprocess, json, os, sys, base64, binascii, time, hashlib, re, copy, textwrap, logging
try:
    from urllib.request import urlopen, Request # Python 3
except ImportError:
    from urllib2 import urlopen, Request # Python 2

DEFAULT_CA = "https://acme-v02.api.letsencrypt.org" # DEPRECATED! USE DEFAULT_DIRECTORY_URL INSTEAD
DEFAULT_DIRECTORY_URL = "https://acme-v02.api.letsencrypt.org/directory"

LOGGER = logging.getLogger(__name__)
LOGGER.addHandler(logging.StreamHandler())
LOGGER.setLevel(logging.INFO)

def get_crt(account_key, csr, acme_dir, log=LOGGER, CA=DEFAULT_CA, disable_check=False, directory_url=DEFAULT_DIRECTORY_URL, contact=None):
    directory, acct_headers, alg, jwk = None, None, None, None # global variables

# helper functions - base64 encode for jose spec
    def _b64(b):
        return base64.urlsafe_b64encode(b).decode('utf8').replace("=", "")

# helper function - run external commands
    def _cmd(cmd_list, stdin=None, cmd_input=None, err_msg="Command Line Error"):
        proc = subprocess.Popen(cmd_list, stdin=stdin, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
        out, err = proc.communicate(cmd_input)
        if proc.returncode != 0:
            raise IOError("{0}\n{1}".format(err_msg, err))
        return out

# helper function - make request and automatically parse json response
    def _do_request(url, data=None, err_msg="Error", depth=0):
        try:
            resp = urlopen(Request(url, data=data, headers={"Content-Type": "application/jose+json", "User-Agent": "acme-tiny"}))
            resp_data, code, headers = resp.read().decode("utf8"), resp.getcode(), resp.headers
        except IOError as e:
            resp_data = e.read().decode("utf8") if hasattr(e, "read") else str(e)
            code, headers = getattr(e, "code", None), {}
        try:
            resp_data = json.loads(resp_data) # try to parse json results
        except ValueError:
            pass # ignore json parsing errors
        if depth < 100 and code == 400 and resp_data['type'] == "urn:ietf:params:acme:error:badNonce":
            raise IndexError(resp_data) # allow 100 retrys for bad nonces
        if code not in [200, 201, 204]:
            raise ValueError("{0}:\nUrl: {1}\nData: {2}\nResponse Code: {3}\nResponse: {4}".format(err_msg, url, data, code, resp_data))
        return resp_data, code, headers

# helper function - make signed requests
    def _send_signed_request(url, payload, err_msg, depth=0):
        payload64 = "" if payload is None else _b64(json.dumps(payload).encode('utf8'))
        new_nonce = _do_request(directory['newNonce'])[2]['Replay-Nonce']
        protected = {"url": url, "alg": alg, "nonce": new_nonce}
        protected.update({"jwk": jwk} if acct_headers is None else {"kid": acct_headers['Location']})
        protected64 = _b64(json.dumps(protected).encode('utf8'))
        protected_input = "{0}.{1}".format(protected64, payload64).encode('utf8')
        out = _cmd(["openssl", "dgst", "-sha256", "-sign", account_key], stdin=subprocess.PIPE, cmd_input=protected_input, err_msg="OpenSSL Error")
        data = json.dumps({"protected": protected64, "payload": payload64, "signature": _b64(out)})
        try:
            return _do_request(url, data=data.encode('utf8'), err_msg=err_msg, depth=depth)
        except IndexError: # retry bad nonces (they raise IndexError)
            return _send_signed_request(url, payload, err_msg, depth=(depth + 1))

# helper function - poll until complete
    def _poll_until_not(url, pending_statuses, err_msg):
        result, t0 = None, time.time()
        while result is None or result['status'] in pending_statuses:
            assert (time.time() - t0 < 3600), "Polling timeout" # 1 hour timeout
            time.sleep(0 if result is None else 2)
            result, _, _ = _send_signed_request(url, None, err_msg)
        return result

# parse account key to get public key
    log.info("Parsing account key...")
    out = _cmd(["openssl", "rsa", "-in", account_key, "-noout", "-text"], err_msg="OpenSSL Error")
    pub_pattern = r"modulus:[\s]+?00:([a-f0-9\:\s]+?)\npublicExponent: ([0-9]+)"
    pub_hex, pub_exp = re.search(pub_pattern, out.decode('utf8'), re.MULTILINE|re.DOTALL).groups()
    pub_exp = "{0:x}".format(int(pub_exp))
    pub_exp = "0{0}".format(pub_exp) if len(pub_exp) % 2 else pub_exp
    alg = "RS256"
    jwk = {
        "e": _b64(binascii.unhexlify(pub_exp.encode("utf-8"))),
        "kty": "RSA",
        "n": _b64(binascii.unhexlify(re.sub(r"(\s|:)", "", pub_hex).encode("utf-8"))),
    }
    accountkey_json = json.dumps(jwk, sort_keys=True, separators=(',', ':'))
    thumbprint = _b64(hashlib.sha256(accountkey_json.encode('utf8')).digest())

# find domains
    log.info("Parsing CSR...")
    out = _cmd(["openssl", "req", "-in", csr, "-noout", "-text"], err_msg="Error loading {0}".format(csr))
    domains = set([])
    common_name = re.search(r"Subject:.*? CN\s?=\s?([^\s,;/]+)", out.decode('utf8'))
    if common_name is not None:
        domains.add(common_name.group(1))
    subject_alt_names = re.search(r"X509v3 Subject Alternative Name: (?:critical)?\n +([^\n]+)\n", out.decode('utf8'), re.MULTILINE|re.DOTALL)
    if subject_alt_names is not None:
        for san in subject_alt_names.group(1).split(", "):
            if san.startswith("DNS:"):
                domains.add(san[4:])
    log.info("Found domains: {0}".format(", ".join(domains)))

# get the ACME directory of urls
    log.info("Getting directory...")
    directory_url = CA + "/directory" if CA != DEFAULT_CA else directory_url # backwards compatibility with deprecated CA kwarg
    directory, _, _ = _do_request(directory_url, err_msg="Error getting directory")
    log.info("Directory found!")

# create account, update contact details (if any), and set the global key identifier
    log.info("Registering account...")
    reg_payload = {"termsOfServiceAgreed": True}
    account, code, acct_headers = _send_signed_request(directory['newAccount'], reg_payload, "Error registering")
    log.info("Registered!" if code == 201 else "Already registered!")
    if contact is not None:
        account, _, _ = _send_signed_request(acct_headers['Location'], {"contact": contact}, "Error updating contact details")
        log.info("Updated contact details:\n{0}".format("\n".join(account['contact'])))

# create a new order
    log.info("Creating new order...")
    order_payload = {"identifiers": [{"type": "dns", "value": d} for d in domains]}
    order, _, order_headers = _send_signed_request(directory['newOrder'], order_payload, "Error creating new order")
    log.info("Order created!")

# get the authorizations that need to be completed
    for auth_url in order['authorizations']:
        authorization, _, _ = _send_signed_request(auth_url, None, "Error getting challenges")
        domain = authorization['identifier']['value']
        log.info("Verifying {0}...".format(domain))

# find the http-01 challenge and write the challenge file
        challenge = [c for c in authorization['challenges'] if c['type'] == "http-01"][0]
        token = re.sub(r"[^A-Za-z0-9_\-]", "_", challenge['token'])
        keyauthorization = "{0}.{1}".format(token, thumbprint)
        wellknown_path = os.path.join(acme_dir, token)
        with open(wellknown_path, "w") as wellknown_file:
            wellknown_file.write(keyauthorization)

# check that the file is in place
        try:
            wellknown_url = "http://{0}/.well-known/acme-challenge/{1}".format(domain, token)
            assert (disable_check or _do_request(wellknown_url)[0] == keyauthorization)
        except (AssertionError, ValueError) as e:
            raise ValueError("Wrote file to {0}, but couldn't download {1}: {2}".format(wellknown_path, wellknown_url, e))

# say the challenge is done
        _send_signed_request(challenge['url'], {}, "Error submitting challenges: {0}".format(domain))
        authorization = _poll_until_not(auth_url, ["pending"], "Error checking challenge status for {0}".format(domain))
        if authorization['status'] != "valid":
            raise ValueError("Challenge did not pass for {0}: {1}".format(domain, authorization))
        os.remove(wellknown_path)
        log.info("{0} verified!".format(domain))

# finalize the order with the csr
    log.info("Signing certificate...")
    csr_der = _cmd(["openssl", "req", "-in", csr, "-outform", "DER"], err_msg="DER Export Error")
    _send_signed_request(order['finalize'], {"csr": _b64(csr_der)}, "Error finalizing order")

# poll the order to monitor when it's done
    order = _poll_until_not(order_headers['Location'], ["pending", "processing"], "Error checking order status")
    if order['status'] != "valid":
        raise ValueError("Order failed: {0}".format(order))

# download the certificate
    certificate_pem, _, _ = _send_signed_request(order['certificate'], None, "Certificate download failed")
    log.info("Certificate signed!")
    return certificate_pem

def main(argv=None):
    parser = argparse.ArgumentParser(
        formatter_class=argparse.RawDescriptionHelpFormatter,
        description=textwrap.dedent("""\
            This script automates the process of getting a signed TLS certificate from Let's Encrypt using
            the ACME protocol. It will need to be run on your server and have access to your private
            account key, so PLEASE READ THROUGH IT! It's only ~200 lines, so it won't take long.

Example Usage:
            python acme_tiny.py --account-key ./account.key --csr ./domain.csr --acme-dir /usr/share/nginx/html/.well-known/acme-challenge/ > signed_chain.crt

Example Crontab Renewal (once per month):
            0 0 1 * * python /path/to/acme_tiny.py --account-key /path/to/account.key --csr /path/to/domain.csr --acme-dir /usr/share/nginx/html/.well-known/acme-challenge/ > /path/to/signed_chain.crt 2>> /var/log/acme_tiny.log
            """)
    )
    parser.add_argument("--account-key", required=True, help="path to your Let's Encrypt account private key")
    parser.add_argument("--csr", required=True, help="path to your certificate signing request")
    parser.add_argument("--acme-dir", required=True, help="path to the .well-known/acme-challenge/ directory")
    parser.add_argument("--quiet", action="store_const", const=logging.ERROR, help="suppress output except for errors")
    parser.add_argument("--disable-check", default=False, action="store_true", help="disable checking if the challenge file is hosted correctly before telling the CA")
    parser.add_argument("--directory-url", default=DEFAULT_DIRECTORY_URL, help="certificate authority directory url, default is Let's Encrypt")
    parser.add_argument("--ca", default=DEFAULT_CA, help="DEPRECATED! USE --directory-url INSTEAD!")
    parser.add_argument("--contact", metavar="CONTACT", default=None, nargs="*", help="Contact details (e.g. mailto:aaa@bbb.com) for your account-key")

args = parser.parse_args(argv)
    LOGGER.setLevel(args.quiet or LOGGER.level)
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
    sys.stdout.write(signed_crt)

if __name__ == "__main__": # pragma: no cover
    main(sys.argv[1:])

${this.title}

Code Editor : acme_tiny.py