certbot-dns-kas 0.1.1__tar.gz

certbot_dns_kas-0.1.1/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Andreas Biesel
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

certbot_dns_kas-0.1.1/PKG-INFO

@@ -0,0 +1,40 @@
+Metadata-Version: 2.4
+Name: certbot-dns-kas
+Version: 0.1.1
+Summary: All-Inkl KAS DNS Authenticator plugin for Certbot
+Home-page: https://github.com/mobilandi/certbot-dns-kas
+Author: Antigravity
+Author-email: antigravity@example.com
+License: Apache License 2.0
+Classifier: Development Status :: 3 - Alpha
+Classifier: Environment :: Plugins
+Classifier: Intended Audience :: System Administrators
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Operating System :: POSIX :: Linux
+Classifier: Programming Language :: Python
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.6
+Classifier: Programming Language :: Python :: 3.7
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Topic :: Internet :: WWW/HTTP
+Classifier: Topic :: Security
+Classifier: Topic :: System :: Installation/Setup
+Classifier: Topic :: System :: Networking
+Classifier: Topic :: System :: Systems Administration
+Classifier: Topic :: Utilities
+Requires-Python: >=3.6
+License-File: LICENSE
+Requires-Dist: certbot>=1.18.0
+Requires-Dist: zope.interface
+Requires-Dist: kasserver
+Dynamic: author
+Dynamic: author-email
+Dynamic: classifier
+Dynamic: home-page
+Dynamic: license
+Dynamic: license-file
+Dynamic: requires-dist
+Dynamic: requires-python
+Dynamic: summary

certbot_dns_kas-0.1.1/README.md

@@ -0,0 +1,70 @@
+# Certbot DNS All-Inkl (KAS) Plugin
+
+This is a Certbot plugin for the **All-Inkl** DNS service (KAS).  
+It automates the process of completing `dns-01` challenges by creating and removing TXT records via the KAS API.
+
+> **Disclaimer:** This plugin was developed with the assistance of AI. While it has been verified to work in production environments, please review the code and test carefully before using it in critical systems. Use at your own risk.
+
+## Installation
+
+### Via Pip (PyPI)
+```bash
+pip install certbot-dns-kas
+```
+
+### From Source
+```bash
+pip install git+https://github.com/mobilandi/certbot-dns-kas.git
+```
+
+## Usage
+
+1. **Create a credentials file** (e.g., `credentials.ini`):
+   ```ini
+   dns_kas_user = your_kas_login
+   dns_kas_password = your_kas_password
+   ```
+   *(Ensure this file is only readable by root/owner: `chmod 600 credentials.ini`)*
+
+2. **Run Certbot:**
+   ```bash
+   certbot certonly \
+     --authenticator dns-kas \
+     --dns-kas-credentials credentials.ini \
+     -d example.com -d *.example.com
+   ```
+
+## Nginx Proxy Manager Integration
+
+To use this plugin with [Nginx Proxy Manager](https://nginxproxymanager.com/), you can install it into the running container.
+
+1. **Enter the container and install:**
+   ```bash
+   docker exec -it nginx-proxy-manager sh -c "export SETUPTOOLS_USE_DISTUTILS=stdlib && pip install git+https://github.com/mobilandi/certbot-dns-kas.git"
+   ```
+
+2. **Configure `dns-plugins.json`** (usually in `/app/certbot/dns-plugins.json`):
+   ```json
+   "kas": {
+     "name": "All-Inkl (KAS)",
+     "package_name": "certbot-dns-kas",
+     "version": "==0.1.1",
+     "dependencies": "kasserver",
+     "credentials": "dns_kas_user = your_kas_user\ndns_kas_password = your_kas_password",
+     "full_plugin_name": "dns-kas"
+   }
+   ```
+
+3. **Restart the container.**
+
+## Development
+
+### Running Tests
+```bash
+pip install -e .
+pip install pytest mock certbot
+python -m pytest tests
+```
+
+## Credits
+Based on the `kasserver` python library.

certbot_dns_kas-0.1.1/certbot_dns_kas/_internal/dns_kas.py

@@ -0,0 +1,114 @@
+import logging
+from typing import Any
+from typing import Optional
+
+import zope.interface
+
+from certbot import errors
+from certbot import interfaces
+from certbot.plugins import dns_common
+
+try:
+    from kasserver import KasServer
+except ImportError:
+    # Allow import for basic setuptools operations even if kasserver is missing
+    KasServer = None
+
+logger = logging.getLogger(__name__)
+
+@zope.interface.implementer(interfaces.IAuthenticator)
+@zope.interface.provider(interfaces.IPluginFactory)
+class Authenticator(dns_common.DNSAuthenticator):
+    """DNS Authenticator for All-Inkl."""
+
+    description = 'Obtain certificates using a DNS TXT record with All-Inkl (KAS).'
+    # ttl = 60  # Library 'kasserver' does not support setting TTL via add_dns_record
+
+    def __init__(self, *args: Any, **kwargs: Any) -> None:
+        super().__init__(*args, **kwargs)
+        self._kas_client = None
+
+    @classmethod
+    def add_parser_arguments(cls, add: Any, default_propagation_seconds: int = 120) -> None:
+        super().add_parser_arguments(add, default_propagation_seconds)
+        add('credentials', help='All-Inkl KAS credentials INI file.')
+
+    def _setup_credentials(self) -> None:
+        self.credentials = self._configure_credentials(
+            'credentials',
+            'All-Inkl credentials INI file',
+            {
+                'kas_user': 'KAS username/login',
+                'kas_password': 'KAS password',
+            }
+        )
+
+    def _perform(self, domain: str, validation_name: str, validation: str) -> None:
+        # Note: 'record_aux' is typically priority. KAS API usually expects 0 for TXT.
+        # TTL is not evidently exposed in add_dns_record signature (fqdn, record_type, record_data, record_aux).
+        self._get_kas_client().add_dns_record(
+            fqdn=validation_name,
+            record_type='TXT',
+            record_data=validation,
+            record_aux=0
+        )
+
+    def _cleanup(self, domain: str, validation_name: str, validation: str) -> None:
+        client = self._get_kas_client()
+        _, zone_name = client._split_fqdn(validation_name)
+        
+        try:
+            # Safe Cleanup: Find the specific record ID matching the validation token
+            records = client.get_dns_records(zone_name)
+            record_id = None
+            
+            # The API returns 'prefix' for record_name, e.g. '_acme-challenge' for '_acme-challenge.example.com'
+            # We must match both name and content to be sure.
+            target_name = validation_name.removesuffix(f".{zone_name}")
+            if target_name.endswith('.'):
+                target_name = target_name[:-1]
+
+            for item in records:
+                if (item.get('name') == target_name and 
+                    item.get('type') == 'TXT' and 
+                    item.get('data') == validation):
+                    record_id = item.get('id')
+                    break
+            
+            if record_id:
+                logger.info(f"Deleting TXT record for {validation_name} (ID: {record_id})")
+                # accessing protected method _request to delete by ID, because
+                # public delete_dns_record() is unsafe (deletes first match)
+                client._request("delete_dns_settings", {"record_id": record_id})
+            else:
+                logger.warning(f"Could not find TXT record for {validation_name} to delete.")
+
+        except Exception as e:
+            logger.warning('Failed to delete DNS record: %s', e)
+
+    def _get_kas_client(self) -> "KasServer":
+        import os
+        if not self._kas_client:
+            if KasServer is None:
+                raise errors.PluginError("kasserver library is not installed.")
+            
+            # kasserver uses environment variables for configuration.
+            # We set them temporarily for instantiation and clear them immediately
+            # to minimize side effects / leakage.
+            env_user = self.credentials.conf('kas_user')
+            env_pass = self.credentials.conf('kas_password')
+            
+            os.environ['KASSERVER_USER'] = env_user
+            os.environ['KASSERVER_PASSWORD'] = env_pass
+            
+            try:
+                self._kas_client = KasServer()
+            finally:
+                # Cleanup environment variables
+                # We use pop with default None to avoid errors if they were already missing
+                if os.environ.get('KASSERVER_USER') == env_user:
+                     os.environ.pop('KASSERVER_USER', None)
+                if os.environ.get('KASSERVER_PASSWORD') == env_pass:
+                     os.environ.pop('KASSERVER_PASSWORD', None)
+
+        return self._kas_client

certbot_dns_kas-0.1.1/certbot_dns_kas.egg-info/PKG-INFO

@@ -0,0 +1,40 @@
+Metadata-Version: 2.4
+Name: certbot-dns-kas
+Version: 0.1.1
+Summary: All-Inkl KAS DNS Authenticator plugin for Certbot
+Home-page: https://github.com/mobilandi/certbot-dns-kas
+Author: Antigravity
+Author-email: antigravity@example.com
+License: Apache License 2.0
+Classifier: Development Status :: 3 - Alpha
+Classifier: Environment :: Plugins
+Classifier: Intended Audience :: System Administrators
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Operating System :: POSIX :: Linux
+Classifier: Programming Language :: Python
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.6
+Classifier: Programming Language :: Python :: 3.7
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Topic :: Internet :: WWW/HTTP
+Classifier: Topic :: Security
+Classifier: Topic :: System :: Installation/Setup
+Classifier: Topic :: System :: Networking
+Classifier: Topic :: System :: Systems Administration
+Classifier: Topic :: Utilities
+Requires-Python: >=3.6
+License-File: LICENSE
+Requires-Dist: certbot>=1.18.0
+Requires-Dist: zope.interface
+Requires-Dist: kasserver
+Dynamic: author
+Dynamic: author-email
+Dynamic: classifier
+Dynamic: home-page
+Dynamic: license
+Dynamic: license-file
+Dynamic: requires-dist
+Dynamic: requires-python
+Dynamic: summary

certbot_dns_kas-0.1.1/certbot_dns_kas.egg-info/SOURCES.txt

@@ -0,0 +1,14 @@
+LICENSE
+README.md
+setup.py
+certbot_dns_kas/__init__.py
+certbot_dns_kas.egg-info/PKG-INFO
+certbot_dns_kas.egg-info/SOURCES.txt
+certbot_dns_kas.egg-info/dependency_links.txt
+certbot_dns_kas.egg-info/entry_points.txt
+certbot_dns_kas.egg-info/requires.txt
+certbot_dns_kas.egg-info/top_level.txt
+certbot_dns_kas/_internal/__init__.py
+certbot_dns_kas/_internal/dns_kas.py
+tests/__init__.py
+tests/test_dns_kas.py

certbot_dns_kas-0.1.1/certbot_dns_kas.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

certbot_dns_kas-0.1.1/certbot_dns_kas.egg-info/entry_points.txt

@@ -0,0 +1,2 @@
+[certbot.plugins]
+dns-kas = certbot_dns_kas._internal.dns_kas:Authenticator

certbot_dns_kas-0.1.1/certbot_dns_kas.egg-info/requires.txt

@@ -0,0 +1,3 @@
+certbot>=1.18.0
+zope.interface
+kasserver

certbot_dns_kas-0.1.1/certbot_dns_kas.egg-info/top_level.txt

@@ -0,0 +1,2 @@
+certbot_dns_kas
+tests

certbot_dns_kas-0.1.1/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

certbot_dns_kas-0.1.1/setup.py

@@ -0,0 +1,45 @@
+from setuptools import setup
+from setuptools import find_packages
+
+setup(
+    name='certbot-dns-kas',
+    version='0.1.1',
+    description='All-Inkl KAS DNS Authenticator plugin for Certbot',
+    url='https://github.com/mobilandi/certbot-dns-kas',
+    author='Antigravity',
+    author_email='antigravity@example.com',
+    license='Apache License 2.0',
+    python_requires='>=3.6',
+    classifiers=[
+        'Development Status :: 3 - Alpha',
+        'Environment :: Plugins',
+        'Intended Audience :: System Administrators',
+        'License :: OSI Approved :: Apache Software License',
+        'Operating System :: POSIX :: Linux',
+        'Programming Language :: Python',
+        'Programming Language :: Python :: 3',
+        'Programming Language :: Python :: 3.6',
+        'Programming Language :: Python :: 3.7',
+        'Programming Language :: Python :: 3.8',
+        'Programming Language :: Python :: 3.9',
+        'Programming Language :: Python :: 3.10',
+        'Topic :: Internet :: WWW/HTTP',
+        'Topic :: Security',
+        'Topic :: System :: Installation/Setup',
+        'Topic :: System :: Networking',
+        'Topic :: System :: Systems Administration',
+        'Topic :: Utilities',
+    ],
+    packages=find_packages(),
+    include_package_data=True,
+    install_requires=[
+        'certbot>=1.18.0',
+        'zope.interface',
+        'kasserver',
+    ],
+    entry_points={
+        'certbot.plugins': [
+            'dns-kas = certbot_dns_kas._internal.dns_kas:Authenticator',
+        ],
+    },
+)

certbot_dns_kas-0.1.1/tests/test_dns_kas.py

@@ -0,0 +1,79 @@
+import sys
+import unittest
+try:
+    from unittest import mock
+except ImportError:
+    import mock
+
+# from certbot.plugins import dns_test_common
+# from certbot.plugins import dns_common_test
+# from certbot.tests import util as test_util
+
+from certbot_dns_kas._internal.dns_kas import Authenticator
+
+class AuthenticatorTest(unittest.TestCase):
+
+    def setUp(self):
+        super().setUp()
+        self.config = mock.MagicMock(dns_allinkl_credentials='path/to/credentials.ini')
+        self.auth = Authenticator(self.config, 'dns-allinkl')
+        
+        self.auth.credentials = mock.MagicMock()
+        self.auth.credentials.conf.side_effect = lambda x: 'mock_value'
+
+        self.mock_client = mock.MagicMock()
+        # Mock the _kas_client property or the class instantiation
+        self.auth._kas_client = self.mock_client
+
+    def test_perform(self):
+        self.auth._perform('example.com', '_acme-challenge.example.com', 'token')
+        self.mock_client.add_dns_record.assert_called_with(
+            fqdn='_acme-challenge.example.com',
+            record_type='TXT',
+            record_data='token',
+            record_aux=0
+        )
+
+    def test_cleanup_found(self):
+        # Setup: Mock get_dns_records to return a match
+        self.mock_client.get_dns_records.return_value = [
+            {'name': '_acme-challenge', 'type': 'MX', 'data': 'other', 'id': '99'},
+            {'name': '_acme-challenge', 'type': 'TXT', 'data': 'token', 'id': '123'},
+            {'name': 'other', 'type': 'TXT', 'data': 'token', 'id': '456'},
+        ]
+        self.mock_client._split_fqdn.return_value = ('_acme-challenge', 'example.com')
+
+        self.auth._cleanup('example.com', '_acme-challenge.example.com', 'token')
+        
+        # Verify loop logic found the right one
+        self.mock_client.get_dns_records.assert_called_with('example.com')
+        # Expect _request to be called with ID 123
+        self.mock_client._request.assert_called_with(
+            "delete_dns_settings", {"record_id": "123"}
+        )
+
+    def test_cleanup_not_found(self):
+        # Setup: No match
+        self.mock_client.get_dns_records.return_value = []
+        self.mock_client._split_fqdn.return_value = ('_acme-challenge', 'example.com')
+
+        self.auth._cleanup('example.com', '_acme-challenge.example.com', 'token')
+        
+        self.mock_client._request.assert_not_called()
+
+    @mock.patch('certbot_dns_kas._internal.dns_kas.KasServer')
+    @mock.patch.dict('os.environ', {}, clear=True)
+    def test_get_kas_client(self, mock_kas):
+        self.auth._kas_client = None
+        self.auth._get_kas_client()
+        
+        import os
+        # Verify credentials were used during init (via mock expectation if feasible, or relying on logic below)
+        # But crucially, verify they are GONE after the call
+        self.assertIsNone(os.environ.get('KASSERVER_USER'))
+        self.assertIsNone(os.environ.get('KASSERVER_PASSWORD'))
+        mock_kas.assert_called_once()
+
+
+if __name__ == '__main__':
+    unittest.main()