forked from TrueCloudLab/certificates
80 lines
2.3 KiB
Python
80 lines
2.3 KiB
Python
|
#!/usr/bin/env python
|
||
|
import os
|
||
|
import sys
|
||
|
import ssl
|
||
|
import signal
|
||
|
import time
|
||
|
import logging
|
||
|
import threading
|
||
|
import http.client
|
||
|
from watchdog.events import FileSystemEventHandler
|
||
|
from watchdog.observers import Observer
|
||
|
from urllib.parse import urlparse
|
||
|
|
||
|
ca_certs = '/var/run/autocert.step.sm/root.crt'
|
||
|
cert_file = '/var/run/autocert.step.sm/site.crt'
|
||
|
key_file = '/var/run/autocert.step.sm/site.key'
|
||
|
|
||
|
# RenewHandler is an even file system event handler that reloads the certs in
|
||
|
# the context when a file is modified.
|
||
|
class RenewHandler(FileSystemEventHandler):
|
||
|
def __init__(self, ctx):
|
||
|
self.ctx = ctx
|
||
|
super()
|
||
|
|
||
|
def on_modified(self, event):
|
||
|
logging.info("reloading certs ...")
|
||
|
ctx.load_cert_chain(cert_file, key_file)
|
||
|
|
||
|
# Monitor is a thread that watches for changes in a path and calls to the
|
||
|
# RenewHandler when a file is modified.
|
||
|
class Monitor(threading.Thread):
|
||
|
def __init__(self, handler, path):
|
||
|
threading.Thread.__init__(self)
|
||
|
self.handler = handler
|
||
|
self.path = path
|
||
|
|
||
|
def run(self):
|
||
|
observer = Observer()
|
||
|
observer.schedule(self.handler, self.path)
|
||
|
observer.start()
|
||
|
|
||
|
# Signal handler
|
||
|
def handler(signum, frame):
|
||
|
print("exiting ...")
|
||
|
sys.exit(0)
|
||
|
|
||
|
if __name__ == "__main__":
|
||
|
logging.basicConfig(level=logging.INFO, format='%(asctime)s %(message)s')
|
||
|
|
||
|
# Start signal handler to exit
|
||
|
signal.signal(signal.SIGTERM, handler)
|
||
|
|
||
|
# url from the environment
|
||
|
url = urlparse(os.environ['HELLO_MTLS_URL'])
|
||
|
|
||
|
# ssl context
|
||
|
ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
|
||
|
ctx.set_ciphers('ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256')
|
||
|
ctx.load_verify_locations(ca_certs)
|
||
|
ctx.load_cert_chain(cert_file, key_file)
|
||
|
|
||
|
# initialize the renewer with the ssl context
|
||
|
renewer = RenewHandler(ctx)
|
||
|
|
||
|
# start file monitor
|
||
|
monitor = Monitor(renewer, os.path.dirname(cert_file))
|
||
|
monitor.start()
|
||
|
|
||
|
# Do requests
|
||
|
while True:
|
||
|
try:
|
||
|
conn = http.client.HTTPSConnection(url.netloc, context=ctx)
|
||
|
conn.request("GET", url.path)
|
||
|
r = conn.getresponse()
|
||
|
data = r.read()
|
||
|
logging.info("%d - %s - %s", r.status, r.reason, data)
|
||
|
except Exception as err:
|
||
|
print('Something went wrong:', err)
|
||
|
time.sleep(5)
|