summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAdrian Likins <root@grimlock.devel.redhat.com>2008-03-17 17:09:36 -0400
committerroot <root@grimlock.devel.redhat.com>2008-03-17 17:09:36 -0400
commit6146feb4b676ba7e10f5f175bb50149c20c53b18 (patch)
tree7a7bb385fa0d9579295400df748a60908a18aea1
parent006fe254641002b5a2d7cefc9e2b7eb97438bed7 (diff)
downloadcertmaster-6146feb4b676ba7e10f5f175bb50149c20c53b18.zip
certmaster-6146feb4b676ba7e10f5f175bb50149c20c53b18.tar.gz
certmaster-6146feb4b676ba7e10f5f175bb50149c20c53b18.tar.xz
add some basic logging output to certmaster
-rwxr-xr-xcertmaster/certmaster.py22
-rwxr-xr-xcertmaster/logger.py4
2 files changed, 24 insertions, 2 deletions
diff --git a/certmaster/certmaster.py b/certmaster/certmaster.py
index e1a7b36..88ea265 100755
--- a/certmaster/certmaster.py
+++ b/certmaster/certmaster.py
@@ -28,6 +28,9 @@ import exceptions
import certs
import codes
import utils
+
+import logger
+
from config import read_config
from commonconfig import CMConfig
@@ -43,6 +46,10 @@ class CertMaster(object):
mycn = '%s-CA-KEY' % usename
self.ca_key_file = '%s/certmaster.key' % self.cfg.cadir
self.ca_cert_file = '%s/certmaster.crt' % self.cfg.cadir
+
+ self.logger = logger.Logger().logger
+ self.audit_logger = logger.AuditLogger().logger
+
try:
if not os.path.exists(self.cfg.cadir):
os.makedirs(self.cfg.cadir)
@@ -70,9 +77,15 @@ class CertMaster(object):
if method == 'trait_names' or method == '_getAttributeNames':
return self.handlers.keys()
+# ip = self.client_address
+# print ip
+
+# self.audit_logger.log_call(ip, method, params)
+
if method in self.handlers.keys():
return self.handlers[method](*params)
else:
+ self.logger.info("Unhandled method call for method: %s " % method)
raise codes.InvalidMethodException
def _sanitize_cn(self, commonname):
@@ -95,6 +108,8 @@ class CertMaster(object):
requesting_host = self._sanitize_cn(csrreq.get_subject().CN)
+
+ self.logger.info("%s requested signing of cert %s" % (requesting_host,csrreq.get_subject().CN))
# get rid of dodgy characters in the filename we're about to make
certfile = '%s/%s.cert' % (self.cfg.certroot, requesting_host)
@@ -112,6 +127,7 @@ class CertMaster(object):
newsha.update(csrbuf)
newdig = newsha.hexdigest()
if not newdig == olddig:
+ self.logger.info("A cert for %s already exists and does not match the requesting cert" % (requesting_host))
# XXX raise a proper fault
return False, '', ''
@@ -132,6 +148,7 @@ class CertMaster(object):
cert = certs.retrieve_cert_from_file(cert_fn)
cert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
cacert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, self.cacert)
+ self.logger.info("cert for %s was autosigned" % (requesting_host))
return True, cert_buf, cacert_buf
else:
@@ -140,6 +157,7 @@ class CertMaster(object):
destfo.write(crypto.dump_certificate_request(crypto.FILETYPE_PEM, csrreq))
destfo.close()
del destfo
+ self.logger.info("cert for %s created and ready to be signed" % (requesting_host))
return False, '', ''
return False, '', ''
@@ -167,6 +185,7 @@ class CertMaster(object):
return
for fn in csrs + certs:
print 'Cleaning out %s for host matching %s' % (fn, hn)
+ self.logger.info('Cleaning out %s for host matching %s' % (fn, hn))
os.unlink(fn)
def sign_this_csr(self, csr):
@@ -191,6 +210,7 @@ class CertMaster(object):
try:
csrreq = crypto.load_certificate_request(crypto.FILETYPE_PEM, csr_buf)
except crypto.Error, e:
+ self.logger.info("Unable to sign %s: Bad CSR" % (csr))
raise exceptions.Exception("Bad CSR: %s" % csr)
else: # assume we got a bare csr req
@@ -224,6 +244,8 @@ def serve(xmlrpcinstance):
server = CertmasterXMLRPCServer((xmlrpcinstance.cfg.listen_addr, CERTMASTER_LISTEN_PORT))
server.logRequests = 0 # don't print stuff to console
server.register_instance(xmlrpcinstance)
+ xmlrpcinstance.logger.info("certmaster started")
+ xmlrpcinstance.audit_logger.info("certmaster started")
server.serve_forever()
diff --git a/certmaster/logger.py b/certmaster/logger.py
index b2d14ed..3a7e0ad 100755
--- a/certmaster/logger.py
+++ b/certmaster/logger.py
@@ -59,9 +59,9 @@ class AuditLogger(Singleton):
if self._no_handlers:
self._setup_handlers(logfilepath=logfilepath)
- def log_call(self, ip, CN, cert_hash, method, params):
+ def log_call(self, ip, method, params):
# square away a good parseable format at some point -akl
- self.logger.info("%s %s %s %s called with %s" % (ip, CN, cert_hash, method, params))
+ self.logger.info("%s called %s with %s" % (ip, method, params))
def _setup_logging(self):