[gen_confs/bind] Récupération des certificats pour le TLSA de façon plus paresseuse

2014-02-14 00:58:53 +01:00 · 2014-02-14 00:58:53 +01:00 · 7c7085efea
commit 7c7085efea
parent e6eb09b116
1 changed files with 32 additions and 13 deletions
--- a/gestion/gen_confs/bind.py
+++ b/gestion/gen_confs/bind.py
@ -445,19 +445,6 @@ class dns(gen_config) :
    }


-    EXTRAS = {
-        'crans.org' : [
-             TLSA('cas.crans.org.', 443, 'tcp', None, 3, 2),
-             TLSA('wiki.crans.org.', 443, 'tcp', None, 3, 2),
-             TLSA('perso.crans.org.', 443, 'tcp', None, 3, 2),
-             TLSA('intranet.crans.org.', 443, 'tcp', None, 3, 2),
-             TLSA('webmail.crans.org.', 443, 'tcp', None, 3, 2),
-             TLSA('horde.crans.org.', 443, 'tcp', None, 3, 2),
-             TLSA('roundcube.crans.org.', 443, 'tcp', None, 3, 2),
-             TLSA('sogo.crans.org.', 443, 'tcp', None, 3, 2),
-        ]
-    }
-
    hostname = short_name(gethostname())
    serial = int(time.time()) + 1000000000
    TTL = 3600
@ -467,6 +454,38 @@ class dns(gen_config) :
    else:
        restart_cmd = '/etc/init.d/bind9 reload'

+    def __init__(self, *args, **kwargs):
+        xmpp_cert = ssl.get_server_certificate(('xmpp.crans.org', 443), ca_certs='/etc/ssl/certs/ca-certificates.crt')
+        self.EXTRAS = {
+        'crans.org' : [
+             TLSA('crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('www.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('cas.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('wiki.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('perso.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('intranet.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('intranet2.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('webmail.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('horde.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('roundcube.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('sogo.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('git.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('nagios.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('pad.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('news.crans.org.', 443, 'tcp', None, 3, 2),
+             TLSA('asterisk.crans.org.', 5061, 'tcp', None, 3, 2),
+             TLSA('smtp.crans.org.', 465, 'tcp', None, 3, 2),
+             TLSA('imap.crans.org.', 993, 'tcp', None, 3, 2),
+             TLSA('xmpp', 5222, 'tcp', xmpp_cert, 3, 2),
+             TLSA('xmpp', 5269, 'tcp', xmpp_cert, 3, 2),
+             TLSA('xmpp', 443, 'tcp', xmpp_cert, 3, 2),
+             TLSA('jabber', 443, 'tcp', xmpp_cert, 3, 2),
+        ],
+        'wifi.crans.org' : [
+             TLSA('wifi.crans.org.', 443, 'tcp', None, 3, 2),
+        ],
+        }
+        super(dns, self).__init__(*args, **kwargs)

    def gen_soa(self, ns_list, serial, ttl):
        return SOA(ns_list[0], 'root.crans.org', serial, 21600, 3600, 1209600, ttl)