Make the port that certmaster listens on and funcd connects to configurable.

[certmaster.git] / certmaster / certmaster.py

diff --git a/certmaster/certmaster.py b/certmaster/certmaster.py
index 1bf3a2d..e3abf39 100755 (executable)
--- a/certmaster/certmaster.py
+++ b/certmaster/certmaster.py
@@ -90,7 +90,7 @@ class CertMaster(object):
         commonname = commonname.replace('\\', '')       
         return commonname
     
-    def wait_for_cert(self, csrbuf):
+    def wait_for_cert(self, csrbuf, with_triggers=True):
         """
            takes csr as a string
            returns True, caller_cert, ca_cert
@@ -104,7 +104,9 @@ class CertMaster(object):
             return False, '', ''
             
         requesting_host = self._sanitize_cn(csrreq.get_subject().CN)
-        
+
+        if with_triggers:
+            self._run_triggers(requesting_host, '/var/lib/certmaster/triggers/request/pre/*') 
 
         self.logger.info("%s requested signing of cert %s" % (requesting_host,csrreq.get_subject().CN))
         # get rid of dodgy characters in the filename we're about to make
@@ -137,6 +139,8 @@ class CertMaster(object):
             slavecert = certs.retrieve_cert_from_file(certfile)
             cert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, slavecert)
             cacert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, self.cacert)
+            if with_triggers:
+                self._run_triggers(requesting_host,'/var/lib/certmaster/triggers/request/post/*')
             return True, cert_buf, cacert_buf
         
         # if we don't have a cert then:
@@ -149,6 +153,8 @@ class CertMaster(object):
             cert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
             cacert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, self.cacert)
             self.logger.info("cert for %s was autosigned" % (requesting_host))
+            if with_triggers:
+                self._run_triggers(None,'/var/lib/certmaster/triggers/request/post/*')
             return True, cert_buf, cacert_buf
         
         else:
@@ -158,6 +164,8 @@ class CertMaster(object):
             destfo.close()
             del destfo
             self.logger.info("cert for %s created and ready to be signed" % (requesting_host))
+            if with_triggers:
+                self._run_triggers(None,'/var/lib/certmaster/triggers/request/post/*')
             return False, '', ''
 
         return False, '', ''
@@ -172,7 +180,7 @@ class CertMaster(object):
             hosts.append(hn)
         return hosts
    
-    def remove_this_cert(self, hn):
+    def remove_this_cert(self, hn, with_triggers=True):
         """ removes cert for hostname using unlink """
         cm = self
         csrglob = '%s/%s.csr' % (cm.cfg.csrroot, hn)
@@ -183,12 +191,16 @@ class CertMaster(object):
             # FIXME: should be an exception?
             print 'No match for %s to clean up' % hn
             return
+        if with_triggers:
+            self._run_triggers(hn,'/var/lib/certmaster/triggers/remove/pre/*')
         for fn in csrs + certs:
             print 'Cleaning out %s for host matching %s' % (fn, hn)
             self.logger.info('Cleaning out %s for host matching %s' % (fn, hn))
-            os.unlink(fn)         
+            os.unlink(fn)
+        if with_triggers:
+            self._run_triggers(hn,'/var/lib/certmaster/triggers/remove/post/*')
             
-    def sign_this_csr(self, csr):
+    def sign_this_csr(self, csr, with_triggers=True):
         """returns the path to the signed cert file"""
         csr_unlink_file = None
 
@@ -217,6 +229,11 @@ class CertMaster(object):
             csrreq = csr
 
 
+        requesting_host = self._sanitize_cn(csrreq.get_subject().CN)
+        if with_triggers:
+            self._run_triggers(requesting_host,'/var/lib/certmaster/triggers/sign/pre/*')
+
+
         requesting_host = self._sanitize_cn(csrreq.get_subject().CN)        
         certfile = '%s/%s.cert' % (self.cfg.certroot, requesting_host)
         self.logger.info("Signing for csr %s requested" % certfile)
@@ -228,13 +245,58 @@ class CertMaster(object):
         del destfo
 
 
-        self.logger.info("csr %s signed" % (certfile)) 
+        self.logger.info("csr %s signed" % (certfile))
+        if with_triggers:
+            self._run_triggers(requesting_host,'/var/lib/certmaster/triggers/sign/post/*')
+
+        
         if csr_unlink_file and os.path.exists(csr_unlink_file):
             os.unlink(csr_unlink_file)
             
         return certfile
+
+    # return a list of already signed certs
+    def get_signed_certs(self, hostglobs=None):
+        certglob = "%s/*.cert" % (self.cfg.certroot)
+
+        certs = []
+        globs = "*"
+        if hostglobs:
+            globs = hostglobs
+
+        for hostglob in globs:
+            certglob = "%s/%s.cert" % (self.cfg.certroot, hostglob)
+            certs = certs + glob.glob(certglob)
+
+        signed_certs = []
+        for cert in certs:
+            # just want the hostname, so strip off path and ext
+            signed_certs.append(os.path.basename(cert).split(".cert", 1)[0])
+
+        return signed_certs
+
+    # return a list of the cert hash string we use to identify systems
+    def get_cert_hashes(self, hostglobs=None):
+        certglob = "%s/*.cert" % (self.cfg.certroot)
+
+        certfiles = []
+        globs = "*"
+        if hostglobs:
+            globs = hostglobs
+
+        for hostglob in globs:
+            certglob = "%s/%s.cert" % (self.cfg.certroot, hostglob)
+            certfiles = certfiles + glob.glob(certglob)
         
+        cert_hashes = []
+        for certfile in certfiles:
+            cert = certs.retrieve_cert_from_file(certfile)
+            cert_hashes.append("%s-%s" % (cert.get_subject().CN, cert.subject_name_hash()))
+            
+        return cert_hashes
 
+    def _run_triggers(self, ref, globber):
+        return utils.run_triggers(ref, globber)
 
 
 class CertmasterXMLRPCServer(SimpleXMLRPCServer.SimpleXMLRPCServer):
@@ -250,7 +312,12 @@ def serve(xmlrpcinstance):
     """
 
 
-    server = CertmasterXMLRPCServer((xmlrpcinstance.cfg.listen_addr, CERTMASTER_LISTEN_PORT))
+    config = read_config(CERTMASTER_CONFIG, CMConfig)
+    listen_addr = config.listen_addr
+    listen_port = config.listen_port
+    if listen_port == '':
+        listen_port = CERTMASTER_LISTEN_PORT 
+    server = CertmasterXMLRPCServer((listen_addr,listen_port))
     server.logRequests = 0 # don't print stuff to console
     server.register_instance(xmlrpcinstance)
     xmlrpcinstance.logger.info("certmaster started")