traefik-certificate-extractor/extractor.py

import sys
import os
import errno
import time
import json
from base64 import b64decode
from watchdog.observers import Observer
from watchdog.events import FileSystemEventHandler

class Handler(FileSystemEventHandler):
    def on_created(self, event):
        self.handle(event)

    def on_modified(self, event):
        self.handle(event)

    def handle(self, event):
        # Check if it's a JSON file
        if not event.is_directory and event.src_path.endswith('.json'):
            print('Certificates changed')

            # Read JSON file
            data = json.loads(open(event.src_path).read())

            # Determine ACME version
            acme_version = 2 if 'acme-v02' in data['Account']['Registration']['uri'] else 1

            # Find certificates
            if acme_version == 1:
                certs = data['DomainsCertificate']['Certs']
            elif acme_version == 2:
                certs = data['Certificates']

            # Loop over all certificates
            for c in certs:
                if acme_version == 1:
                    name = c['Certificate']['Domain']
                    privatekey = c['Certificate']['PrivateKey']
                    fullchain = c['Certificate']['Certificate']
                    sans = c['Domains']['SANs']
                elif acme_version == 2:
                    name = c['Domain']['Main']
                    privatekey = c['Key']
                    fullchain = c['Certificate']
                    sans = c['Domain']['SANs']

                # Decode private key, certificate and chain
                privatekey = b64decode(privatekey).decode('utf-8')
                fullchain = b64decode(fullchain).decode('utf-8')
                start = fullchain.find('-----BEGIN CERTIFICATE-----', 1)
                cert = fullchain[0:start]
                chain = fullchain[start:]

                # Create domain directory if it doesn't exist
                directory = 'certs/' + name + '/'
                try:
                    os.makedirs(directory)
                except OSError as error:
                    if error.errno != errno.EEXIST:
                        raise

                # Write private key, certificate and chain to file
                with open(directory + 'privkey.pem', 'w') as f:
                    f.write(privatekey)

                with open(directory + 'cert.pem', 'w') as f:
                    f.write(cert)

                with open(directory + 'chain.pem', 'w') as f:
                    f.write(chain)

                with open(directory + 'fullchain.pem', 'w') as f:
                    f.write(fullchain)

                # Write private key, certificate and chain to flat files
                directory = 'certs_flat/'

                with open(directory + name + '.key', 'w') as f:
                    f.write(privatekey)
                with open(directory + name + '.crt', 'w') as f:
                    f.write(fullchain)
                with open(directory + name + '.chain.pem', 'w') as f:
                    f.write(chain)

                if sans:
                    for name in sans:
                        with open(directory + name + '.key', 'w') as f:
                            f.write(privatekey)
                        with open(directory + name + '.crt', 'w') as f:
                            f.write(fullchain)
                        with open(directory + name + '.chain.pem', 'w') as f:
                            f.write(chain)

                print('Extracted certificate for: ' + name + (', ' + ', '.join(sans) if sans else ''))

if __name__ == "__main__":
    # Determine path to watch
    path = sys.argv[1] if len(sys.argv) > 1 else './data'

    # Create output directories if it doesn't exist
    try:
        os.makedirs('certs')
    except OSError as error:
        if error.errno != errno.EEXIST:
            raise
    try:
        os.makedirs('certs_flat')
    except OSError as error:
        if error.errno != errno.EEXIST:
            raise

    # Create event handler and observer
    event_handler = Handler()
    observer = Observer()

    # Register the directory to watch
    observer.schedule(event_handler, path)

    # Main loop to watch the directory
    observer.start()
    try:
        while True:
            time.sleep(1)
    except KeyboardInterrupt:
        observer.stop()
    observer.join()
Added basic extractor 2017-06-27 14:09:51 +02:00			`import sys`
			`import os`
			`import errno`
			`import time`
			`import json`
			`from base64 import b64decode`
			`from watchdog.observers import Observer`
			`from watchdog.events import FileSystemEventHandler`

			`class Handler(FileSystemEventHandler):`
			`def on_created(self, event):`
			`self.handle(event)`

			`def on_modified(self, event):`
			`self.handle(event)`

			`def handle(self, event):`
			`# Check if it's a JSON file`
			`if not event.is_directory and event.src_path.endswith('.json'):`
			`print('Certificates changed')`

			`# Read JSON file`
			`data = json.loads(open(event.src_path).read())`
Improve the code I wrote when hungover, thanks to #7, closes #6 2018-06-06 12:56:08 +02:00
			`# Determine ACME version`
			`acme_version = 2 if 'acme-v02' in data['Account']['Registration']['uri'] else 1`

			`# Find certificates`
			`if acme_version == 1:`
			`certs = data['DomainsCertificate']['Certs']`
			`elif acme_version == 2:`
			`certs = data['Certificates']`
Added basic extractor 2017-06-27 14:09:51 +02:00
			`# Loop over all certificates`
			`for c in certs:`
Improve the code I wrote when hungover, thanks to #7, closes #6 2018-06-06 12:56:08 +02:00			`if acme_version == 1:`
			`name = c['Certificate']['Domain']`
			`privatekey = c['Certificate']['PrivateKey']`
			`fullchain = c['Certificate']['Certificate']`
			`sans = c['Domains']['SANs']`
			`elif acme_version == 2:`
			`name = c['Domain']['Main']`
			`privatekey = c['Key']`
			`fullchain = c['Certificate']`
Error generating certs with acme v2 and SANs This error as raised while running : ```Exception in thread Thread-1: Traceback (most recent call last): File "/usr/local/lib/python3.6/threading.py", line 916, in _bootstrap_inner self.run() File "/usr/local/lib/python3.6/site-packages/watchdog/observers/api.py", line 199, in run self.dispatch_events(self.event_queue, self.timeout) File "/usr/local/lib/python3.6/site-packages/watchdog/observers/api.py", line 368, in dispatch_events handler.dispatch(event) File "/usr/local/lib/python3.6/site-packages/watchdog/events.py", line 330, in dispatch _method_map[event_type](event) File "extractor.py", line 13, in on_created self.handle(event) File "extractor.py", line 48, in handle sans = c['Domains']['SANs'] KeyError: 'Domains' ``` Acme.json's file syntax seems to have changed regarding my own traffic acme.json 2018-06-20 12:16:19 +02:00			`sans = c['Domain']['SANs']`
Start implementing ACME v2 support 2018-05-22 02:56:26 +02:00
Added basic extractor 2017-06-27 14:09:51 +02:00			`# Decode private key, certificate and chain`
Improve the code I wrote when hungover, thanks to #7, closes #6 2018-06-06 12:56:08 +02:00			`privatekey = b64decode(privatekey).decode('utf-8')`
			`fullchain = b64decode(fullchain).decode('utf-8')`
Added basic extractor 2017-06-27 14:09:51 +02:00			`start = fullchain.find('-----BEGIN CERTIFICATE-----', 1)`
			`cert = fullchain[0:start]`
			`chain = fullchain[start:]`

			`# Create domain directory if it doesn't exist`
Start implementing ACME v2 support 2018-05-22 02:56:26 +02:00			`directory = 'certs/' + name + '/'`
Added basic extractor 2017-06-27 14:09:51 +02:00			`try:`
			`os.makedirs(directory)`
			`except OSError as error:`
			`if error.errno != errno.EEXIST:`
			`raise`

			`# Write private key, certificate and chain to file`
			`with open(directory + 'privkey.pem', 'w') as f:`
			`f.write(privatekey)`

			`with open(directory + 'cert.pem', 'w') as f:`
			`f.write(cert)`

			`with open(directory + 'chain.pem', 'w') as f:`
			`f.write(chain)`

			`with open(directory + 'fullchain.pem', 'w') as f:`
			`f.write(fullchain)`

Added flat certificates output 2017-06-27 15:56:54 +02:00			`# Write private key, certificate and chain to flat files`
			`directory = 'certs_flat/'`

Start implementing ACME v2 support 2018-05-22 02:56:26 +02:00			`with open(directory + name + '.key', 'w') as f:`
Added flat certificates output 2017-06-27 15:56:54 +02:00			`f.write(privatekey)`
Start implementing ACME v2 support 2018-05-22 02:56:26 +02:00			`with open(directory + name + '.crt', 'w') as f:`
Added flat certificates output 2017-06-27 15:56:54 +02:00			`f.write(fullchain)`
Start implementing ACME v2 support 2018-05-22 02:56:26 +02:00			`with open(directory + name + '.chain.pem', 'w') as f:`
Added flat certificates output 2017-06-27 15:56:54 +02:00			`f.write(chain)`

Improve the code I wrote when hungover, thanks to #7, closes #6 2018-06-06 12:56:08 +02:00			`if sans:`
			`for name in sans:`
Added flat certificates output 2017-06-27 15:56:54 +02:00			`with open(directory + name + '.key', 'w') as f:`
			`f.write(privatekey)`
			`with open(directory + name + '.crt', 'w') as f:`
			`f.write(fullchain)`
			`with open(directory + name + '.chain.pem', 'w') as f:`
			`f.write(chain)`

Improve the code I wrote when hungover, thanks to #7, closes #6 2018-06-06 12:56:08 +02:00			`print('Extracted certificate for: ' + name + (', ' + ', '.join(sans) if sans else ''))`
Added basic extractor 2017-06-27 14:09:51 +02:00
			`if __name__ == "__main__":`
			`# Determine path to watch`
			`path = sys.argv[1] if len(sys.argv) > 1 else './data'`

Added flat certificates output 2017-06-27 15:56:54 +02:00			`# Create output directories if it doesn't exist`
Added basic extractor 2017-06-27 14:09:51 +02:00			`try:`
			`os.makedirs('certs')`
			`except OSError as error:`
			`if error.errno != errno.EEXIST:`
			`raise`
Added flat certificates output 2017-06-27 15:56:54 +02:00			`try:`
			`os.makedirs('certs_flat')`
			`except OSError as error:`
			`if error.errno != errno.EEXIST:`
			`raise`
Added basic extractor 2017-06-27 14:09:51 +02:00
			`# Create event handler and observer`
			`event_handler = Handler()`
			`observer = Observer()`

			`# Register the directory to watch`
			`observer.schedule(event_handler, path)`

			`# Main loop to watch the directory`
			`observer.start()`
			`try:`
			`while True:`
			`time.sleep(1)`
			`except KeyboardInterrupt:`
			`observer.stop()`
			`observer.join()`