diff options
| -rwxr-xr-x | func/certmaster.py | 22 | ||||
| -rw-r--r-- | func/minion/modules/certmaster.py | 65 | ||||
| -rwxr-xr-x | scripts/certmaster-ca | 14 |
3 files changed, 86 insertions, 15 deletions
diff --git a/func/certmaster.py b/func/certmaster.py index b74c8d2..ee9c5f0 100755 --- a/func/certmaster.py +++ b/func/certmaster.py @@ -23,6 +23,7 @@ from OpenSSL import crypto import sha import glob import socket +import exceptions #from func.server import codes import certs @@ -32,9 +33,10 @@ from config import read_config from commonconfig import CMConfig CERTMASTER_LISTEN_PORT = 51235 +CERTMASTER_CONFIG = "/etc/func/certmaster.conf" class CertMaster(object): - def __init__(self, conf_file): + def __init__(self, conf_file=CERTMASTER_CONFIG): self.cfg = read_config(conf_file, CMConfig) fqdn = socket.getfqdn() @@ -157,7 +159,21 @@ class CertMaster(object): hn = hn[:-4] hosts.append(hn) return hosts - + + def remove_this_cert(self, hn): + """ removes cert for hostname using unlink """ + cm = self + csrglob = '%s/%s.csr' % (cm.cfg.csrroot, hn) + csrs = glob.glob(csrglob) + certglob = '%s/%s.cert' % (cm.cfg.certroot, hn) + certs = glob.glob(certglob) + if not csrs and not certs: + # FIXME: should be an exception? + print 'No match for %s to clean up' % hn + return + for fn in csrs + certs: + print 'Cleaning out %s for host matching %s' % (fn, hn) + os.unlink(fn) def sign_this_csr(self, csr): """returns the path to the signed cert file""" @@ -181,7 +197,7 @@ class CertMaster(object): try: csrreq = crypto.load_certificate_request(crypto.FILETYPE_PEM, csr_buf) except crypto.Error, e: - print 'Bad CSR: %s' % csr + raise exceptions.Exception("Bad CSR: %s" % csr) else: # assume we got a bare csr req csrreq = csr diff --git a/func/minion/modules/certmaster.py b/func/minion/modules/certmaster.py new file mode 100644 index 0000000..9ca484f --- /dev/null +++ b/func/minion/modules/certmaster.py @@ -0,0 +1,65 @@ +## -*- coding: utf-8 -*- +## +## Process lister (control TBA) +## +## Copyright 2008, Red Hat, Inc +## Michael DeHaan <mdehaan@redhat.com> +## +## This software may be freely redistributed under the terms of the GNU +## general public license. +## +## You should have received a copy of the GNU General Public License +## along with this program; if not, write to the Free Software +## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +## + +# other modules +import sub_process +import codes + +# our modules +import func_module +from func import certmaster as certmaster + +# ================================= + +class CertMasterModule(func_module.FuncModule): + + version = "0.0.1" + api_version = "0.0.1" + description = "Administers certs on an overlord." + + def get_hosts_to_sign(self, list_of_hosts): + """ + ... + """ + list_of_hosts = self.__listify(list_of_hosts) + cm = certmaster.CertMaster() + return cm.get_csrs_waiting() + + def sign_hosts(self, list_of_hosts): + """ + ... + """ + list_of_hosts = self.__listify(list_of_hosts) + cm = certmaster.CertMaster() + for x in list_of_hosts: + cm.sign_this_csr(x) + return True + + def cleanup_hosts(self, list_of_hosts): + """ + ... + """ + list_of_hosts = self.__listify(list_of_hosts) + cm = certmaster.CertMaster() + for x in list_of_hosts: + cm.remove_this_cert(x) + return True + + def __listify(self, list_of_hosts): + if type(list_of_hosts) is type([]): + return list_of_hosts + else: + return [ list_of_hosts ] + diff --git a/scripts/certmaster-ca b/scripts/certmaster-ca index 867bd04..b3e844a 100755 --- a/scripts/certmaster-ca +++ b/scripts/certmaster-ca @@ -46,7 +46,7 @@ def main(args): errorprint('Must be root to run certmaster-ca') return 1 - cm = func.certmaster.CertMaster('/etc/func/certmaster.conf') + cm = func.certmaster.CertMaster() (opts, args) = parseargs(args) @@ -84,17 +84,7 @@ def main(args): return 1 for hn in args: - csrglob = '%s/%s.csr' % (cm.cfg.csrroot, hn) - csrs = glob.glob(csrglob) - certglob = '%s/%s.cert' % (cm.cfg.certroot, hn) - certs = glob.glob(certglob) - if not csrs and not certs: - errorprint('No match for %s to clean up' % hn) - continue - - for fn in csrs + certs: - print 'Cleaning out %s for host matching %s' % (fn, hn) - os.unlink(fn) + cm.remove_this_host(hn) return 0 |