1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-12-23 00:25:18 +00:00

cli: Use CERTIDUDE_CONF env variable to load custom configuration

This commit is contained in:
Priit Laes 2015-09-30 11:42:38 +03:00
parent 94469f5416
commit f73885fe70

View File

@ -40,8 +40,6 @@ assert hasattr(crypto.X509Req(), "get_extensions"), "You're running too old vers
# keyUsage, extendedKeyUsage - https://www.openssl.org/docs/apps/x509v3_config.html # keyUsage, extendedKeyUsage - https://www.openssl.org/docs/apps/x509v3_config.html
# strongSwan key paths - https://wiki.strongswan.org/projects/1/wiki/SimpleCA # strongSwan key paths - https://wiki.strongswan.org/projects/1/wiki/SimpleCA
config = CertificateAuthorityConfig()
# Parse command-line argument defaults from environment # Parse command-line argument defaults from environment
HOSTNAME = socket.gethostname() HOSTNAME = socket.gethostname()
USERNAME = os.environ.get("USER") USERNAME = os.environ.get("USER")
@ -60,6 +58,14 @@ if os.getuid() >= 1000:
else: else:
FIRST_NAME = gecos FIRST_NAME = gecos
def load_config():
path = os.getenv('CERTIDUDE_CONF')
if path and os.path.isfile(path):
return CertificateAuthorityConfig(path)
return CertificateAuthorityConfig()
@click.command("spawn", help="Run privilege isolated signer processes") @click.command("spawn", help="Run privilege isolated signer processes")
@click.option("-k", "--kill", default=False, is_flag=True, help="Kill previous instances") @click.option("-k", "--kill", default=False, is_flag=True, help="Kill previous instances")
@click.option("-n", "--no-interaction", default=True, is_flag=True, help="Don't load password protected keys") @click.option("-n", "--no-interaction", default=True, is_flag=True, help="Don't load password protected keys")
@ -95,6 +101,7 @@ def certidude_spawn(kill, no_interaction):
os.system("mknod -m 444 %s c 1 9" % os.path.join(chroot_dir, "dev", "urandom")) os.system("mknod -m 444 %s c 1 9" % os.path.join(chroot_dir, "dev", "urandom"))
ca_loaded = False ca_loaded = False
config = load_config()
for ca in config.all_authorities(): for ca in config.all_authorities():
socket_path = os.path.join(signer_dir, ca.slug + ".sock") socket_path = os.path.join(signer_dir, ca.slug + ".sock")
pidfile_path = os.path.join(signer_dir, ca.slug + ".pid") pidfile_path = os.path.join(signer_dir, ca.slug + ".pid")
@ -638,6 +645,7 @@ def certidude_list(ca, show_key_type, show_extensions, show_path):
click.echo(" | | Key usage: " + j.key_usage) click.echo(" | | Key usage: " + j.key_usage)
click.echo(" | |") click.echo(" | |")
config = load_config()
for ca in config.all_authorities(): for ca in config.all_authorities():
click.echo("Certificate authority " + click.style(ca.slug, fg="blue")) click.echo("Certificate authority " + click.style(ca.slug, fg="blue"))
# if ca.certificate.email_address: # if ca.certificate.email_address:
@ -699,11 +707,13 @@ def certidude_list(ca, show_key_type, show_extensions, show_path):
@click.command("list", help="List Certificate Authorities") @click.command("list", help="List Certificate Authorities")
@click.argument("ca") @click.argument("ca")
@config.pop_certificate_authority() #@config.pop_certificate_authority()
def cert_list(ca): def cert_list(ca):
mapping = {} mapping = {}
config = load_config()
click.echo("Listing certificates for: %s" % ca.certificate.subject.CN) click.echo("Listing certificates for: %s" % ca.certificate.subject.CN)
for serial, reason, timestamp in ca.get_revoked(): for serial, reason, timestamp in ca.get_revoked():
@ -726,6 +736,7 @@ def cert_list(ca):
@click.option("--overwrite", "-o", default=False, is_flag=True, help="Revoke valid certificate with same CN") @click.option("--overwrite", "-o", default=False, is_flag=True, help="Revoke valid certificate with same CN")
@click.option("--lifetime", "-l", help="Lifetime") @click.option("--lifetime", "-l", help="Lifetime")
def certidude_sign(common_name, overwrite, lifetime): def certidude_sign(common_name, overwrite, lifetime):
config = load_config()
def iterate(): def iterate():
for ca in config.all_authorities(): for ca in config.all_authorities():
for request in ca.get_requests(): for request in ca.get_requests():