projects / certmaster.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 006fe25)
add some basic logging output to certmaster
authorAdrian Likins <root@grimlock.devel.redhat.com>
Mon, 17 Mar 2008 21:09:36 +0000 (17:09 -0400)
committerroot <root@grimlock.devel.redhat.com>
Mon, 17 Mar 2008 21:09:36 +0000 (17:09 -0400)
certmaster/certmaster.py patch | blob | history
certmaster/logger.py patch | blob | history

diff --git a/certmaster/certmaster.py b/certmaster/certmaster.py
index e1a7b36..88ea265 100755 (executable)
--- a/certmaster/certmaster.py
+++ b/certmaster/certmaster.py
@@ -28,6 +28,9 @@ import exceptions
 import certs
 import codes
 import utils
 import certs
 import codes
 import utils
+
+import logger
+
 from config import read_config
 from commonconfig import CMConfig
 
 from config import read_config
 from commonconfig import CMConfig
 
@@ -43,6 +46,10 @@ class CertMaster(object):
         mycn = '%s-CA-KEY' % usename
         self.ca_key_file = '%s/certmaster.key' % self.cfg.cadir
         self.ca_cert_file = '%s/certmaster.crt' % self.cfg.cadir
         mycn = '%s-CA-KEY' % usename
         self.ca_key_file = '%s/certmaster.key' % self.cfg.cadir
         self.ca_cert_file = '%s/certmaster.crt' % self.cfg.cadir
+
+        self.logger = logger.Logger().logger
+        self.audit_logger = logger.AuditLogger().logger
+
         try:
             if not os.path.exists(self.cfg.cadir):
                 os.makedirs(self.cfg.cadir)
         try:
             if not os.path.exists(self.cfg.cadir):
                 os.makedirs(self.cfg.cadir)
@@ -70,9 +77,15 @@ class CertMaster(object):
         if method == 'trait_names' or method == '_getAttributeNames':
             return self.handlers.keys()
         
         if method == 'trait_names' or method == '_getAttributeNames':
             return self.handlers.keys()
         
+#        ip = self.client_address
+#        print ip
+
+#        self.audit_logger.log_call(ip, method, params)
+
         if method in self.handlers.keys():
             return self.handlers[method](*params)
         else:
         if method in self.handlers.keys():
             return self.handlers[method](*params)
         else:
+            self.logger.info("Unhandled method call for method: %s " % method)
             raise codes.InvalidMethodException
     
     def _sanitize_cn(self, commonname):
             raise codes.InvalidMethodException
     
     def _sanitize_cn(self, commonname):
@@ -95,6 +108,8 @@ class CertMaster(object):
             
         requesting_host = self._sanitize_cn(csrreq.get_subject().CN)
         
             
         requesting_host = self._sanitize_cn(csrreq.get_subject().CN)
         
+
+        self.logger.info("%s requested signing of cert %s" % (requesting_host,csrreq.get_subject().CN))
         # get rid of dodgy characters in the filename we're about to make
         
         certfile = '%s/%s.cert' % (self.cfg.certroot, requesting_host)
         # get rid of dodgy characters in the filename we're about to make
         
         certfile = '%s/%s.cert' % (self.cfg.certroot, requesting_host)
@@ -112,6 +127,7 @@ class CertMaster(object):
             newsha.update(csrbuf)
             newdig = newsha.hexdigest()
             if not newdig == olddig:
             newsha.update(csrbuf)
             newdig = newsha.hexdigest()
             if not newdig == olddig:
+                self.logger.info("A cert for %s already exists and does not match the requesting cert" % (requesting_host))
                 # XXX raise a proper fault
                 return False, '', ''
 
                 # XXX raise a proper fault
                 return False, '', ''
 
@@ -132,6 +148,7 @@ class CertMaster(object):
             cert = certs.retrieve_cert_from_file(cert_fn)            
             cert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
             cacert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, self.cacert)
             cert = certs.retrieve_cert_from_file(cert_fn)            
             cert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
             cacert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, self.cacert)
+            self.logger.info("cert for %s was autosigned" % (requesting_host))
             return True, cert_buf, cacert_buf
         
         else:
             return True, cert_buf, cacert_buf
         
         else:
@@ -140,6 +157,7 @@ class CertMaster(object):
             destfo.write(crypto.dump_certificate_request(crypto.FILETYPE_PEM, csrreq))
             destfo.close()
             del destfo
             destfo.write(crypto.dump_certificate_request(crypto.FILETYPE_PEM, csrreq))
             destfo.close()
             del destfo
+            self.logger.info("cert for %s created and ready to be signed" % (requesting_host))
             return False, '', ''
 
         return False, '', ''
             return False, '', ''
 
         return False, '', ''
@@ -167,6 +185,7 @@ class CertMaster(object):
             return
         for fn in csrs + certs:
             print 'Cleaning out %s for host matching %s' % (fn, hn)
             return
         for fn in csrs + certs:
             print 'Cleaning out %s for host matching %s' % (fn, hn)
+            self.logger.info('Cleaning out %s for host matching %s' % (fn, hn))
             os.unlink(fn)         
             
     def sign_this_csr(self, csr):
             os.unlink(fn)         
             
     def sign_this_csr(self, csr):
@@ -191,6 +210,7 @@ class CertMaster(object):
             try:
                 csrreq = crypto.load_certificate_request(crypto.FILETYPE_PEM, csr_buf)                
             except crypto.Error, e:
             try:
                 csrreq = crypto.load_certificate_request(crypto.FILETYPE_PEM, csr_buf)                
             except crypto.Error, e:
+                self.logger.info("Unable to sign %s: Bad CSR" % (csr))
                 raise exceptions.Exception("Bad CSR: %s" % csr)
                 
         else: # assume we got a bare csr req
                 raise exceptions.Exception("Bad CSR: %s" % csr)
                 
         else: # assume we got a bare csr req
@@ -224,6 +244,8 @@ def serve(xmlrpcinstance):
     server = CertmasterXMLRPCServer((xmlrpcinstance.cfg.listen_addr, CERTMASTER_LISTEN_PORT))
     server.logRequests = 0 # don't print stuff to console
     server.register_instance(xmlrpcinstance)
     server = CertmasterXMLRPCServer((xmlrpcinstance.cfg.listen_addr, CERTMASTER_LISTEN_PORT))
     server.logRequests = 0 # don't print stuff to console
     server.register_instance(xmlrpcinstance)
+    xmlrpcinstance.logger.info("certmaster started")
+    xmlrpcinstance.audit_logger.info("certmaster started")
     server.serve_forever()
 
 
     server.serve_forever()
 
 
diff --git a/certmaster/logger.py b/certmaster/logger.py
index b2d14ed..3a7e0ad 100755 (executable)
--- a/certmaster/logger.py
+++ b/certmaster/logger.py
@@ -59,9 +59,9 @@ class AuditLogger(Singleton):
         if self._no_handlers:
             self._setup_handlers(logfilepath=logfilepath)
 
         if self._no_handlers:
             self._setup_handlers(logfilepath=logfilepath)
 
-    def log_call(self, ip, CN, cert_hash, method, params):
+    def log_call(self, ip, method, params):
         # square away a good parseable format at some point -akl
         # square away a good parseable format at some point -akl
-        self.logger.info("%s %s %s %s called with %s" % (ip, CN, cert_hash, method, params))
+        self.logger.info("%s called %s with %s" % (ip, method, params))
 
 
     def _setup_logging(self):
 
 
     def _setup_logging(self):
Fedora's certmaster (https://fedorahosted.org/certmaster/) with multiple CA support