diff options
author | Seth Vidal <skvidal@fedoraproject.org> | 2007-09-20 21:28:51 -0400 |
---|---|---|
committer | Seth Vidal <skvidal@fedoraproject.org> | 2007-09-20 21:28:51 -0400 |
commit | 8d168259f1cb0af25a7ee342bd1c32cd5bfdd424 (patch) | |
tree | 9c1d80b6da18a902b03ba7b21ec6bd0a60aabbfa /certs | |
parent | a83c4bcc40aae7c8b8058d831667ee1e07a969dc (diff) | |
parent | 98010f591948fb4bf297c1c0c32def42f766edca (diff) | |
download | third_party-func-8d168259f1cb0af25a7ee342bd1c32cd5bfdd424.tar.gz third_party-func-8d168259f1cb0af25a7ee342bd1c32cd5bfdd424.tar.xz third_party-func-8d168259f1cb0af25a7ee342bd1c32cd5bfdd424.zip |
Merge branch 'master' of ssh://git.fedoraproject.org/git/hosted/func
* 'master' of ssh://git.fedoraproject.org/git/hosted/func: (27 commits)
just a friendly reminder
we are not vf_server, change I!*N domain
Add virt module.
Add test code for virt.
add a very simple, very dumb commandline client:
Remove messages.pot from po dir, since its automatically generated
Get rid of extra / in module loading error
pychecker cleanups
Add po dir to git
Prevent XMLRPC server from printing to console.
Catch FuncException when the config file is missing and exit gracefully
Implement a quickie service control module
Removing VF items + misc cleanup
Clean up some speclint warnings
Baseobj bites the dust.
remove all the --debug "try to run from the src tree" crap
debug spew cleanup to protect the unwashed masses from foo poisoning
fix up config_data to use ConfigParser correctly
attempt to let us run with --debug flag to run from src checkout
attempts at letting us run from a installed, or local modules
...
Diffstat (limited to 'certs')
-rw-r--r-- | certs/slave-keys.py | 105 |
1 files changed, 105 insertions, 0 deletions
diff --git a/certs/slave-keys.py b/certs/slave-keys.py new file mode 100644 index 0000000..5ac3227 --- /dev/null +++ b/certs/slave-keys.py @@ -0,0 +1,105 @@ +#!/usr/bin/python -tt +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Library General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# Copyright (c) 2007 Red Hat, inc +#- Written by Seth Vidal skvidal @ fedoraproject.org + +import sys +import os +import os.path +from OpenSSL import crypto +import socket + + +def_country = 'UN' +def_state = 'FC' +def_local = 'Func-ytown' +def_org = 'func' +def_ou = 'slave-key' + +cert_dir = '/etc/pki/func' +key_file = '%s/slave.pem' % cert_dir +csr_file = '%s/slave.csr' % cert_dir + + +def make_cert(dest=None): + pkey = crypto.PKey() + pkey.generate_key(crypto.TYPE_RSA, 2048) + if dest: + destfo = open(dest, 'w') + destfo.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)) + destfo.close() + + return pkey + +def make_csr(pkey, dest=None, cn=None): + req = crypto.X509Req() + req.get_subject() + subj = req.get_subject() + subj.C = def_country + subj.ST = def_state + subj.L = def_local + subj.O = def_org + subj.OU = def_ou + if cn: + subj.CN = cn + else: + subj.CN = socket.getfqdn() + subj.emailAddress = 'root@%s' % subj.CN + + req.set_pubkey(pkey) + req.sign(pkey, 'md5') + if dest: + destfo = open(dest, 'w') + destfo.write(crypto.dump_certificate_request(crypto.FILETYPE_PEM, req)) + destfo.close() + + return req + +def retrieve_key_from_file(keyfile): + fo = open(keyfile, 'r') + buf = fo.read() + keypair = crypto.load_privatekey(crypto.FILETYPE_PEM, buf) + return keypair + +def retrieve_csr_from_file(csrfile) + fo = open(csrfile, 'r') + buf = fo.read() + csrreq = crypto.load_certificate_request(crypto.FILETYPE_PEM, buf) + return csrreq + +def submit_csr_to_master(csrfile, master): + # stuff happens here - I can just cram the csr in a POST if need be + pass + +def main(): + keypair = None + try: + if not os.path.exists(cert_dir): + os.makedirs(cert_dir) + if not os.path.exists(key_file): + keypair = make_cert(dest=key_file) + if not os.path.exists(csr_file): + if not keypair: + keypair = retrieve_key_from_file(key_file) + csr = make_csr(keypair, dest=csr_file) + except: + return 1 + + return 0 + + +if __name__ == "__main__": + sys.exit(main()) + |