mirror of
https://github.com/SnowMB/traefik-certificate-extractor.git
synced 2025-09-18 21:24:31 +08:00
Compare commits
1 Commits
v1.2.0
...
feature-cl
| Author | SHA1 | Date | |
|---|---|---|---|
|
fec384f6e7 |
@@ -15,4 +15,4 @@ RUN pip3 install -r requirements.txt
|
||||
COPY . /app
|
||||
|
||||
# Define entrypoint of the app
|
||||
ENTRYPOINT ["python3", "-u", "extractor.py"]
|
||||
ENTRYPOINT ["python3", "extractor.py"]
|
||||
|
||||
48
extractor.py
48
extractor.py
@@ -3,6 +3,7 @@ import os
|
||||
import errno
|
||||
import time
|
||||
import json
|
||||
import argparse
|
||||
from base64 import b64decode
|
||||
from watchdog.observers import Observer
|
||||
from watchdog.events import FileSystemEventHandler
|
||||
@@ -21,38 +22,19 @@ class Handler(FileSystemEventHandler):
|
||||
|
||||
# Read JSON file
|
||||
data = json.loads(open(event.src_path).read())
|
||||
|
||||
# Determine ACME version
|
||||
acme_version = 2 if 'acme-v02' in data['Account']['Registration']['uri'] else 1
|
||||
|
||||
# Find certificates
|
||||
if acme_version == 1:
|
||||
certs = data['DomainsCertificate']['Certs']
|
||||
elif acme_version == 2:
|
||||
certs = data['Certificates']
|
||||
|
||||
# Loop over all certificates
|
||||
for c in certs:
|
||||
if acme_version == 1:
|
||||
name = c['Certificate']['Domain']
|
||||
privatekey = c['Certificate']['PrivateKey']
|
||||
fullchain = c['Certificate']['Certificate']
|
||||
sans = c['Domains']['SANs']
|
||||
elif acme_version == 2:
|
||||
name = c['Domain']['Main']
|
||||
privatekey = c['Key']
|
||||
fullchain = c['Certificate']
|
||||
sans = c['Domains']['SANs']
|
||||
|
||||
# Decode private key, certificate and chain
|
||||
privatekey = b64decode(privatekey).decode('utf-8')
|
||||
fullchain = b64decode(fullchain).decode('utf-8')
|
||||
privatekey = b64decode(c['Certificate']['PrivateKey']).decode('utf-8')
|
||||
fullchain = b64decode(c['Certificate']['Certificate']).decode('utf-8')
|
||||
start = fullchain.find('-----BEGIN CERTIFICATE-----', 1)
|
||||
cert = fullchain[0:start]
|
||||
chain = fullchain[start:]
|
||||
|
||||
# Create domain directory if it doesn't exist
|
||||
directory = 'certs/' + name + '/'
|
||||
directory = 'certs/' + c['Certificate']['Domain'] + '/'
|
||||
try:
|
||||
os.makedirs(directory)
|
||||
except OSError as error:
|
||||
@@ -75,6 +57,15 @@ class Handler(FileSystemEventHandler):
|
||||
# Write private key, certificate and chain to flat files
|
||||
directory = 'certs_flat/'
|
||||
|
||||
with open(directory + c['Certificate']['Domain'] + '.key', 'w') as f:
|
||||
f.write(privatekey)
|
||||
with open(directory + c['Certificate']['Domain'] + '.crt', 'w') as f:
|
||||
f.write(fullchain)
|
||||
with open(directory + c['Certificate']['Domain'] + '.chain.pem', 'w') as f:
|
||||
f.write(chain)
|
||||
|
||||
if c['Domains']['SANs']:
|
||||
for name in c['Domains']['SANs']:
|
||||
with open(directory + name + '.key', 'w') as f:
|
||||
f.write(privatekey)
|
||||
with open(directory + name + '.crt', 'w') as f:
|
||||
@@ -82,18 +73,11 @@ class Handler(FileSystemEventHandler):
|
||||
with open(directory + name + '.chain.pem', 'w') as f:
|
||||
f.write(chain)
|
||||
|
||||
if sans:
|
||||
for name in sans:
|
||||
with open(directory + name + '.key', 'w') as f:
|
||||
f.write(privatekey)
|
||||
with open(directory + name + '.crt', 'w') as f:
|
||||
f.write(fullchain)
|
||||
with open(directory + name + '.chain.pem', 'w') as f:
|
||||
f.write(chain)
|
||||
|
||||
print('Extracted certificate for: ' + name + (', ' + ', '.join(sans) if sans else ''))
|
||||
print('Extracted certificate for: ' + c['Domains']['Main'] + (', ' + ', '.join(c['Domains']['SANs']) if c['Domains']['SANs'] else ''))
|
||||
|
||||
if __name__ == "__main__":
|
||||
parser = argparse.ArgumentParser(description='Tool to extract Let\'s Encrypt certificates from Traefik\'s ACME storage file.')
|
||||
|
||||
# Determine path to watch
|
||||
path = sys.argv[1] if len(sys.argv) > 1 else './data'
|
||||
|
||||
|
||||
Reference in New Issue
Block a user