diff options
Diffstat (limited to 'func/certmaster.py')
-rwxr-xr-x | func/certmaster.py | 29 |
1 files changed, 20 insertions, 9 deletions
diff --git a/func/certmaster.py b/func/certmaster.py index b74c8d2..fe5dcbc 100755 --- a/func/certmaster.py +++ b/func/certmaster.py @@ -23,6 +23,7 @@ from OpenSSL import crypto import sha import glob import socket +import exceptions #from func.server import codes import certs @@ -32,17 +33,13 @@ from config import read_config from commonconfig import CMConfig CERTMASTER_LISTEN_PORT = 51235 +CERTMASTER_CONFIG = "/etc/func/certmaster.conf" class CertMaster(object): - def __init__(self, conf_file): + def __init__(self, conf_file=CERTMASTER_CONFIG): self.cfg = read_config(conf_file, CMConfig) - fqdn = socket.getfqdn() - host = socket.gethostname() - if fqdn.find(host) != -1: - usename = fqdn - else: - usename = host + usename = utils.get_hostname() mycn = '%s-CA-KEY' % usename self.ca_key_file = '%s/funcmaster.key' % self.cfg.cadir @@ -157,7 +154,21 @@ class CertMaster(object): hn = hn[:-4] hosts.append(hn) return hosts - + + def remove_this_cert(self, hn): + """ removes cert for hostname using unlink """ + cm = self + csrglob = '%s/%s.csr' % (cm.cfg.csrroot, hn) + csrs = glob.glob(csrglob) + certglob = '%s/%s.cert' % (cm.cfg.certroot, hn) + certs = glob.glob(certglob) + if not csrs and not certs: + # FIXME: should be an exception? + print 'No match for %s to clean up' % hn + return + for fn in csrs + certs: + print 'Cleaning out %s for host matching %s' % (fn, hn) + os.unlink(fn) def sign_this_csr(self, csr): """returns the path to the signed cert file""" @@ -181,7 +192,7 @@ class CertMaster(object): try: csrreq = crypto.load_certificate_request(crypto.FILETYPE_PEM, csr_buf) except crypto.Error, e: - print 'Bad CSR: %s' % csr + raise exceptions.Exception("Bad CSR: %s" % csr) else: # assume we got a bare csr req csrreq = csr |