# standard modules
import SimpleXMLRPCServer
+import string
import sys
+import traceback
import os
import os.path
from OpenSSL import crypto
-import sha
+
+try:
+ import hashlib
+except ImportError:
+ # Python-2.4.z ... gah! (or even 2.3!)
+ import sha
+ class hashlib:
+ @staticmethod
+ def new(algo):
+ if algo == 'sha1':
+ return sha.new()
+ raise ValueError, "Bad checksum type"
+
import glob
import socket
import exceptions
self.logger = logger.Logger().logger
self.audit_logger = logger.AuditLogger()
+ # if ca_key_file exists and ca_cert_file is missing == minion only setup
+ if os.path.exists(self.ca_key_file) and not os.path.exists(self.ca_cert_file):
+ return
+
try:
if not os.path.exists(self.cfg.cadir):
os.makedirs(self.cfg.cadir)
if os.path.exists(csrfile):
oldfo = open(csrfile)
oldcsrbuf = oldfo.read()
- oldsha = sha.new()
+ oldsha = hashlib.new('sha1')
oldsha.update(oldcsrbuf)
olddig = oldsha.hexdigest()
- newsha = sha.new()
+ newsha = hashlib.new('sha1')
newsha.update(csrbuf)
newdig = newsha.hexdigest()
if not newdig == olddig:
return signed_certs
+ def get_peer_certs(self):
+ """
+ Returns a list of all certs under peerroot
+ """
+ myglob = os.path.join(self.cfg.peerroot, '*.%s' % self.cfg.cert_extension)
+ return glob.glob(myglob)
+
# return a list of the cert hash string we use to identify systems
def get_cert_hashes(self, hostglobs=None):
certglob = "%s/*.cert" % (self.cfg.certroot)
xmlrpcinstance.audit_logger.logger.info("certmaster started")
server.serve_forever()
+def excepthook(exctype, value, tracebackobj):
+ exctype_blurb = "Exception occured: %s" % exctype
+ excvalue_blurb = "Exception value: %s" % value
+ exctb_blurb = "Exception Info:\n%s" % string.join(traceback.format_list(traceback.extract_tb(tracebackobj)))
+
+ print exctype_blurb
+ print excvalue_blurb
+ print exctb_blurb
+
+ log = logger.Logger().logger
+ log.info(exctype_blurb)
+ log.info(excvalue_blurb)
+ log.info(exctb_blurb)
+
def main(argv):
-
+
+ sys.excepthook = excepthook
cm = CertMaster('/etc/certmaster/certmaster.conf')
+ if "--version" in sys.argv or "-v" in sys.argv:
+ print >> sys.stderr, file("/etc/certmaster/version").read().strip()
+ sys.exit(0)
+
if "daemon" in argv or "--daemon" in argv:
utils.daemonize("/var/run/certmaster.pid")
else:
print "serving...\n"
-
# just let exceptions bubble up for now
serve(cm)