lauri/certidude
1
0
Fork 0
mirror of https://github.com/laurivosandi/certidude synced 2025-10-31 09:29:13 +00:00
Code Issues Activity

cli: Use CERTIDUDE_CONF env variable to load custom configuration

Browse Source
This commit is contained in:
Priit Laes
2015-09-30 11:42:38 +03:00
parent 94469f5416
commit f73885fe70
1 changed files with 14 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
certidude/cli.py
View File

@@ -40,8 +40,6 @@ assert hasattr(crypto.X509Req(), "get_extensions"), "You're running too old vers
# keyUsage, extendedKeyUsage - https://www.openssl.org/docs/apps/x509v3_config.html
# strongSwan key paths - https://wiki.strongswan.org/projects/1/wiki/SimpleCA
config = CertificateAuthorityConfig()
# Parse command-line argument defaults from environment
HOSTNAME = socket.gethostname()
USERNAME = os.environ.get("USER")
@@ -60,6 +58,14 @@ if os.getuid() >= 1000:
else:
FIRST_NAME = gecos
def load_config():
path = os.getenv('CERTIDUDE_CONF')
if path and os.path.isfile(path):
return CertificateAuthorityConfig(path)
return CertificateAuthorityConfig()
@click.command("spawn", help="Run privilege isolated signer processes")
@click.option("-k", "--kill", default=False, is_flag=True, help="Kill previous instances")
@click.option("-n", "--no-interaction", default=True, is_flag=True, help="Don't load password protected keys")
@@ -95,6 +101,7 @@ def certidude_spawn(kill, no_interaction):
os.system("mknod -m 444 %s c 1 9" % os.path.join(chroot_dir, "dev", "urandom"))
ca_loaded = False
config = load_config()
for ca in config.all_authorities():
socket_path = os.path.join(signer_dir, ca.slug + ".sock")
pidfile_path = os.path.join(signer_dir, ca.slug + ".pid")
@@ -638,6 +645,7 @@ def certidude_list(ca, show_key_type, show_extensions, show_path):
click.echo(" | | Key usage: " + j.key_usage)
click.echo(" | |")
config = load_config()
for ca in config.all_authorities():
click.echo("Certificate authority " + click.style(ca.slug, fg="blue"))
# if ca.certificate.email_address:
@@ -699,11 +707,13 @@ def certidude_list(ca, show_key_type, show_extensions, show_path):
@click.command("list", help="List Certificate Authorities")
@click.argument("ca")
@config.pop_certificate_authority()
#@config.pop_certificate_authority()
def cert_list(ca):
mapping = {}
config = load_config()
click.echo("Listing certificates for: %s" % ca.certificate.subject.CN)
for serial, reason, timestamp in ca.get_revoked():
@@ -726,6 +736,7 @@ def cert_list(ca):
@click.option("--overwrite", "-o", default=False, is_flag=True, help="Revoke valid certificate with same CN")
@click.option("--lifetime", "-l", help="Lifetime")
def certidude_sign(common_name, overwrite, lifetime):
config = load_config()
def iterate():
for ca in config.all_authorities():
for request in ca.get_requests():