diff options
author | Endi S. Dewata <edewata@redhat.com> | 2017-04-11 18:04:41 +0200 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2017-04-11 22:34:03 +0200 |
commit | a29888e42c14c9c7e642769b747bb288d39a0809 (patch) | |
tree | 1270ed94c7b05dccc1d3657af39c5725af874a4e /base/server/python/pki/server | |
parent | d8081073d10065987341a6583a6a7e7351b22438 (diff) | |
download | pki-a29888e42c14c9c7e642769b747bb288d39a0809.tar.gz pki-a29888e42c14c9c7e642769b747bb288d39a0809.tar.xz pki-a29888e42c14c9c7e642769b747bb288d39a0809.zip |
Added pki-server <subsystem>-audit-file-verify CLI.
A new pki-server <subsystem>-audit-file-verify CLI has been added
to verify audit log files on the server.
Change-Id: I88e827d45cfb83cf34052146e2ec678f4cd2345f
Diffstat (limited to 'base/server/python/pki/server')
-rw-r--r-- | base/server/python/pki/server/__init__.py | 5 | ||||
-rw-r--r-- | base/server/python/pki/server/cli/audit.py | 91 |
2 files changed, 96 insertions, 0 deletions
diff --git a/base/server/python/pki/server/__init__.py b/base/server/python/pki/server/__init__.py index 112dcbff3..88986548d 100644 --- a/base/server/python/pki/server/__init__.py +++ b/base/server/python/pki/server/__init__.py @@ -389,6 +389,11 @@ class PKISubsystem(object): pki.util.customize_file(input_file, output_file, params) + def get_audit_log_dir(self): + + current_file_path = self.config['log.instance.SignedAudit.fileName'] + return os.path.dirname(current_file_path) + def get_audit_log_files(self): current_file_path = self.config['log.instance.SignedAudit.fileName'] diff --git a/base/server/python/pki/server/cli/audit.py b/base/server/python/pki/server/cli/audit.py index 3bb9d5f0f..0833ca816 100644 --- a/base/server/python/pki/server/cli/audit.py +++ b/base/server/python/pki/server/cli/audit.py @@ -21,7 +21,11 @@ from __future__ import absolute_import from __future__ import print_function import getopt +import os +import shutil +import subprocess import sys +import tempfile import pki.cli @@ -34,6 +38,7 @@ class AuditCLI(pki.cli.CLI): self.parent = parent self.add_module(AuditFileFindCLI(self)) + self.add_module(AuditFileVerifyCLI(self)) class AuditFileFindCLI(pki.cli.CLI): @@ -107,3 +112,89 @@ class AuditFileFindCLI(pki.cli.CLI): print() print(' File name: %s' % filename) + + +class AuditFileVerifyCLI(pki.cli.CLI): + + def __init__(self, parent): + super(AuditFileVerifyCLI, self).__init__( + 'file-verify', 'Verify audit log files') + + self.parent = parent + + def print_help(self): + print('Usage: pki-server %s-audit-file-verify [OPTIONS]' % self.parent.parent.name) + print() + print(' -i, --instance <instance ID> Instance ID (default: pki-tomcat).') + print(' --help Show help message.') + print() + + def execute(self, args): + + try: + opts, _ = getopt.gnu_getopt(args, 'i:v', [ + 'instance=', + 'verbose', 'help']) + + except getopt.GetoptError as e: + print('ERROR: ' + str(e)) + self.print_help() + sys.exit(1) + + instance_name = 'pki-tomcat' + + for o, a in opts: + if o in ('-i', '--instance'): + instance_name = a + + elif o in ('-v', '--verbose'): + self.set_verbose(True) + + elif o == '--help': + self.print_help() + sys.exit() + + else: + print('ERROR: unknown option ' + o) + self.print_help() + sys.exit(1) + + instance = pki.server.PKIInstance(instance_name) + if not instance.is_valid(): + print('ERROR: Invalid instance %s.' % instance_name) + sys.exit(1) + + instance.load() + + subsystem_name = self.parent.parent.name + subsystem = instance.get_subsystem(subsystem_name) + if not subsystem: + print('ERROR: No %s subsystem in instance %s.' + % (subsystem_name.upper(), instance_name)) + sys.exit(1) + + log_dir = subsystem.get_audit_log_dir() + log_files = subsystem.get_audit_log_files() + signing_cert = subsystem.get_subsystem_cert('audit_signing') + + tmpdir = tempfile.mkdtemp() + + try: + file_list = os.path.join(tmpdir, 'audit.txt') + + with open(file_list, 'w') as f: + for filename in log_files: + f.write(os.path.join(log_dir, filename) + '\n') + + cmd = ['AuditVerify', + '-d', instance.nssdb_dir, + '-n', signing_cert['nickname'], + '-a', file_list] + + if self.verbose: + print('Command: %s' % ' '.join(cmd)) + + subprocess.call(cmd) + + finally: + shutil.rmtree(tmpdir) |