diff options
Diffstat (limited to 'certbot-dns-nsone/certbot_dns_nsone/_internal/dns_nsone.py')
-rw-r--r-- | certbot-dns-nsone/certbot_dns_nsone/_internal/dns_nsone.py | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/certbot-dns-nsone/certbot_dns_nsone/_internal/dns_nsone.py b/certbot-dns-nsone/certbot_dns_nsone/_internal/dns_nsone.py new file mode 100644 index 000000000..f5af37389 --- /dev/null +++ b/certbot-dns-nsone/certbot_dns_nsone/_internal/dns_nsone.py @@ -0,0 +1,85 @@ +"""DNS Authenticator for NS1 DNS.""" +import logging + +from lexicon.providers import nsone +import zope.interface + +from certbot import errors +from certbot import interfaces +from certbot.plugins import dns_common +from certbot.plugins import dns_common_lexicon + +logger = logging.getLogger(__name__) + +ACCOUNT_URL = 'https://my.nsone.net/#/account/settings' + + +@zope.interface.implementer(interfaces.IAuthenticator) +@zope.interface.provider(interfaces.IPluginFactory) +class Authenticator(dns_common.DNSAuthenticator): + """DNS Authenticator for NS1 + + This Authenticator uses the NS1 API to fulfill a dns-01 challenge. + """ + + description = 'Obtain certificates using a DNS TXT record (if you are using NS1 for DNS).' + ttl = 60 + + def __init__(self, *args, **kwargs): + super(Authenticator, self).__init__(*args, **kwargs) + self.credentials = None + + @classmethod + def add_parser_arguments(cls, add): # pylint: disable=arguments-differ + super(Authenticator, cls).add_parser_arguments(add, default_propagation_seconds=30) + add('credentials', help='NS1 credentials file.') + + def more_info(self): # pylint: disable=missing-docstring,no-self-use + return 'This plugin configures a DNS TXT record to respond to a dns-01 challenge using ' + \ + 'the NS1 API.' + + def _setup_credentials(self): + self.credentials = self._configure_credentials( + 'credentials', + 'NS1 credentials file', + { + 'api-key': 'API key for NS1 API, obtained from {0}'.format(ACCOUNT_URL) + } + ) + + def _perform(self, domain, validation_name, validation): + self._get_nsone_client().add_txt_record(domain, validation_name, validation) + + def _cleanup(self, domain, validation_name, validation): + self._get_nsone_client().del_txt_record(domain, validation_name, validation) + + def _get_nsone_client(self): + return _NS1LexiconClient(self.credentials.conf('api-key'), self.ttl) + + +class _NS1LexiconClient(dns_common_lexicon.LexiconClient): + """ + Encapsulates all communication with the NS1 via Lexicon. + """ + + def __init__(self, api_key, ttl): + super(_NS1LexiconClient, self).__init__() + + config = dns_common_lexicon.build_lexicon_config('nsone', { + 'ttl': ttl, + }, { + 'auth_token': api_key, + }) + + self.provider = nsone.Provider(config) + + def _handle_http_error(self, e, domain_name): + if domain_name in str(e) and (str(e).startswith('404 Client Error: Not Found for url:') or \ + str(e).startswith("400 Client Error: Bad Request for url:")): + return None # Expected errors when zone name guess is wrong + hint = None + if str(e).startswith('401 Client Error: Unauthorized for url:'): + hint = 'Is your API key correct?' + + return errors.PluginError('Error determining zone identifier: {0}.{1}' + .format(e, ' ({0})'.format(hint) if hint else '')) |