projects / certmaster.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
return None for minion only setups to solve following exception;
[certmaster.git] / certmaster / certmaster.py
diff --git a/certmaster/certmaster.py b/certmaster/certmaster.py
index e4a3d17..981efd8 100644 (file)
--- a/certmaster/certmaster.py
+++ b/certmaster/certmaster.py
@@ -16,11 +16,25 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
 # standard modules
 import SimpleXMLRPCServer
+import string
 import sys
+import traceback
 import os
 import os.path
 from OpenSSL import crypto
-import sha
+
+try:
+    import hashlib
+except ImportError:
+    # Python-2.4.z ... gah! (or even 2.3!)
+    import sha
+    class hashlib:
+        @staticmethod
+        def new(algo):
+            if algo == 'sha1':
+                return sha.new()
+            raise ValueError, "Bad checksum type"
+
 import glob
 import socket
 import exceptions
@@ -50,6 +64,10 @@ class CertMaster(object):
         self.logger = logger.Logger().logger
         self.audit_logger = logger.AuditLogger()
 
+        # if ca_key_file exists and ca_cert_file is missing == minion only setup
+        if os.path.exists(self.ca_key_file) and not os.path.exists(self.ca_cert_file):
+            return
+
         try:
             if not os.path.exists(self.cfg.cadir):
                 os.makedirs(self.cfg.cadir)
@@ -121,10 +139,10 @@ class CertMaster(object):
         if os.path.exists(csrfile):
             oldfo = open(csrfile)
             oldcsrbuf = oldfo.read()
-            oldsha = sha.new()
+            oldsha = hashlib.new('sha1')
             oldsha.update(oldcsrbuf)
             olddig = oldsha.hexdigest()
-            newsha = sha.new()
+            newsha = hashlib.new('sha1')
             newsha.update(csrbuf)
             newdig = newsha.hexdigest()
             if not newdig == olddig:
@@ -274,6 +292,13 @@ class CertMaster(object):
 
         return signed_certs
 
+    def get_peer_certs(self):
+        """
+        Returns a list of all certs under peerroot
+        """
+        myglob = os.path.join(self.cfg.peerroot, '*.%s' % self.cfg.cert_extension)
+        return glob.glob(myglob)
+
     # return a list of the cert hash string we use to identify systems
     def get_cert_hashes(self, hostglobs=None):
         certglob = "%s/*.cert" % (self.cfg.certroot)
@@ -323,17 +348,35 @@ def serve(xmlrpcinstance):
     xmlrpcinstance.audit_logger.logger.info("certmaster started")
     server.serve_forever()
 
+def excepthook(exctype, value, tracebackobj):
+    exctype_blurb = "Exception occured: %s" % exctype
+    excvalue_blurb = "Exception value: %s" % value
+    exctb_blurb = "Exception Info:\n%s" % string.join(traceback.format_list(traceback.extract_tb(tracebackobj)))
+
+    print exctype_blurb
+    print excvalue_blurb
+    print exctb_blurb
+
+    log = logger.Logger().logger 
+    log.info(exctype_blurb)
+    log.info(excvalue_blurb)
+    log.info(exctb_blurb)
+
 
 def main(argv):
-    
+   
+    sys.excepthook = excepthook  
     cm = CertMaster('/etc/certmaster/certmaster.conf')
 
+    if "--version" in sys.argv or "-v" in sys.argv:
+        print >> sys.stderr, file("/etc/certmaster/version").read().strip()
+        sys.exit(0)
+
     if "daemon" in argv or "--daemon" in argv:
         utils.daemonize("/var/run/certmaster.pid")
     else:
         print "serving...\n"
 
-
     # just let exceptions bubble up for now
     serve(cm)
 
Fedora's certmaster (https://fedorahosted.org/certmaster/) with multiple CA support