requesting_host = self._sanitize_cn(csrreq.get_subject().CN)
if with_triggers:
- self._run_triggers(None, '/var/lib/certmaster/triggers/request/pre/*')
+ self._run_triggers(requesting_host, '/var/lib/certmaster/triggers/request/pre/*')
self.logger.info("%s requested signing of cert %s" % (requesting_host,csrreq.get_subject().CN))
# get rid of dodgy characters in the filename we're about to make
cert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, slavecert)
cacert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, self.cacert)
if with_triggers:
- self._run_triggers(None,'/var/lib/certmaster/triggers/request/post/*')
+ self._run_triggers(requesting_host,'/var/lib/certmaster/triggers/request/post/*')
return True, cert_buf, cacert_buf
# if we don't have a cert then:
print 'No match for %s to clean up' % hn
return
if with_triggers:
- self._run_triggers(None,'/var/lib/certmaster/triggers/remove/pre/*')
+ self._run_triggers(hn,'/var/lib/certmaster/triggers/remove/pre/*')
for fn in csrs + certs:
print 'Cleaning out %s for host matching %s' % (fn, hn)
self.logger.info('Cleaning out %s for host matching %s' % (fn, hn))
os.unlink(fn)
if with_triggers:
- self._run_triggers(None,'/var/lib/certmaster/triggers/remove/post/*')
+ self._run_triggers(hn,'/var/lib/certmaster/triggers/remove/post/*')
def sign_this_csr(self, csr, with_triggers=True):
"""returns the path to the signed cert file"""
else: # assume we got a bare csr req
csrreq = csr
+
+ requesting_host = self._sanitize_cn(csrreq.get_subject().CN)
if with_triggers:
- self._run_triggers(None,'/var/lib/certmaster/triggers/sign/pre/*')
+ self._run_triggers(requesting_host,'/var/lib/certmaster/triggers/sign/pre/*')
requesting_host = self._sanitize_cn(csrreq.get_subject().CN)
self.logger.info("csr %s signed" % (certfile))
if with_triggers:
- self._run_triggers(None,'/var/lib/certmaster/triggers/sign/post/*')
+ self._run_triggers(requesting_host,'/var/lib/certmaster/triggers/sign/post/*')
if csr_unlink_file and os.path.exists(csr_unlink_file):
os.unlink(csr_unlink_file)
return certfile
+
+ # return a list of already signed certs
+ def get_signed_certs(self, hostglobs=None):
+ certglob = "%s/*.cert" % (self.cfg.certroot)
+
+ certs = []
+ globs = "*"
+ if hostglobs:
+ globs = hostglobs
+
+ for hostglob in globs:
+ certglob = "%s/%s.cert" % (self.cfg.certroot, hostglob)
+ certs = certs + glob.glob(certglob)
+
+ signed_certs = []
+ for cert in certs:
+ # just want the hostname, so strip off path and ext
+ signed_certs.append(os.path.basename(cert).split(".cert", 1)[0])
+
+ return signed_certs
+
+ # return a list of the cert hash string we use to identify systems
+ def get_cert_hashes(self, hostglobs=None):
+ certglob = "%s/*.cert" % (self.cfg.certroot)
+
+ certfiles = []
+ globs = "*"
+ if hostglobs:
+ globs = hostglobs
+
+ for hostglob in globs:
+ certglob = "%s/%s.cert" % (self.cfg.certroot, hostglob)
+ certfiles = certfiles + glob.glob(certglob)
+ cert_hashes = []
+ for certfile in certfiles:
+ cert = certs.retrieve_cert_from_file(certfile)
+ cert_hashes.append("%s-%s" % (cert.get_subject().CN, cert.subject_name_hash()))
+
+ return cert_hashes
+
def _run_triggers(self, ref, globber):
return utils.run_triggers(ref, globber)
"""
- server = CertmasterXMLRPCServer((xmlrpcinstance.cfg.listen_addr, CERTMASTER_LISTEN_PORT))
+ config = read_config(CERTMASTER_CONFIG, CMConfig)
+ listen_addr = config.listen_addr
+ listen_port = config.listen_port
+ if listen_port == '':
+ listen_port = CERTMASTER_LISTEN_PORT
+ server = CertmasterXMLRPCServer((listen_addr,listen_port))
server.logRequests = 0 # don't print stuff to console
server.register_instance(xmlrpcinstance)
xmlrpcinstance.logger.info("certmaster started")