mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-23 00:25:18 +00:00
cli: Use CERTIDUDE_CONF env variable to load custom configuration
This commit is contained in:
parent
94469f5416
commit
f73885fe70
@ -40,8 +40,6 @@ assert hasattr(crypto.X509Req(), "get_extensions"), "You're running too old vers
|
|||||||
# keyUsage, extendedKeyUsage - https://www.openssl.org/docs/apps/x509v3_config.html
|
# keyUsage, extendedKeyUsage - https://www.openssl.org/docs/apps/x509v3_config.html
|
||||||
# strongSwan key paths - https://wiki.strongswan.org/projects/1/wiki/SimpleCA
|
# strongSwan key paths - https://wiki.strongswan.org/projects/1/wiki/SimpleCA
|
||||||
|
|
||||||
config = CertificateAuthorityConfig()
|
|
||||||
|
|
||||||
# Parse command-line argument defaults from environment
|
# Parse command-line argument defaults from environment
|
||||||
HOSTNAME = socket.gethostname()
|
HOSTNAME = socket.gethostname()
|
||||||
USERNAME = os.environ.get("USER")
|
USERNAME = os.environ.get("USER")
|
||||||
@ -60,6 +58,14 @@ if os.getuid() >= 1000:
|
|||||||
else:
|
else:
|
||||||
FIRST_NAME = gecos
|
FIRST_NAME = gecos
|
||||||
|
|
||||||
|
|
||||||
|
def load_config():
|
||||||
|
path = os.getenv('CERTIDUDE_CONF')
|
||||||
|
if path and os.path.isfile(path):
|
||||||
|
return CertificateAuthorityConfig(path)
|
||||||
|
return CertificateAuthorityConfig()
|
||||||
|
|
||||||
|
|
||||||
@click.command("spawn", help="Run privilege isolated signer processes")
|
@click.command("spawn", help="Run privilege isolated signer processes")
|
||||||
@click.option("-k", "--kill", default=False, is_flag=True, help="Kill previous instances")
|
@click.option("-k", "--kill", default=False, is_flag=True, help="Kill previous instances")
|
||||||
@click.option("-n", "--no-interaction", default=True, is_flag=True, help="Don't load password protected keys")
|
@click.option("-n", "--no-interaction", default=True, is_flag=True, help="Don't load password protected keys")
|
||||||
@ -95,6 +101,7 @@ def certidude_spawn(kill, no_interaction):
|
|||||||
os.system("mknod -m 444 %s c 1 9" % os.path.join(chroot_dir, "dev", "urandom"))
|
os.system("mknod -m 444 %s c 1 9" % os.path.join(chroot_dir, "dev", "urandom"))
|
||||||
|
|
||||||
ca_loaded = False
|
ca_loaded = False
|
||||||
|
config = load_config()
|
||||||
for ca in config.all_authorities():
|
for ca in config.all_authorities():
|
||||||
socket_path = os.path.join(signer_dir, ca.slug + ".sock")
|
socket_path = os.path.join(signer_dir, ca.slug + ".sock")
|
||||||
pidfile_path = os.path.join(signer_dir, ca.slug + ".pid")
|
pidfile_path = os.path.join(signer_dir, ca.slug + ".pid")
|
||||||
@ -638,6 +645,7 @@ def certidude_list(ca, show_key_type, show_extensions, show_path):
|
|||||||
click.echo(" | | Key usage: " + j.key_usage)
|
click.echo(" | | Key usage: " + j.key_usage)
|
||||||
click.echo(" | |")
|
click.echo(" | |")
|
||||||
|
|
||||||
|
config = load_config()
|
||||||
for ca in config.all_authorities():
|
for ca in config.all_authorities():
|
||||||
click.echo("Certificate authority " + click.style(ca.slug, fg="blue"))
|
click.echo("Certificate authority " + click.style(ca.slug, fg="blue"))
|
||||||
# if ca.certificate.email_address:
|
# if ca.certificate.email_address:
|
||||||
@ -699,11 +707,13 @@ def certidude_list(ca, show_key_type, show_extensions, show_path):
|
|||||||
|
|
||||||
@click.command("list", help="List Certificate Authorities")
|
@click.command("list", help="List Certificate Authorities")
|
||||||
@click.argument("ca")
|
@click.argument("ca")
|
||||||
@config.pop_certificate_authority()
|
#@config.pop_certificate_authority()
|
||||||
def cert_list(ca):
|
def cert_list(ca):
|
||||||
|
|
||||||
mapping = {}
|
mapping = {}
|
||||||
|
|
||||||
|
config = load_config()
|
||||||
|
|
||||||
click.echo("Listing certificates for: %s" % ca.certificate.subject.CN)
|
click.echo("Listing certificates for: %s" % ca.certificate.subject.CN)
|
||||||
|
|
||||||
for serial, reason, timestamp in ca.get_revoked():
|
for serial, reason, timestamp in ca.get_revoked():
|
||||||
@ -726,6 +736,7 @@ def cert_list(ca):
|
|||||||
@click.option("--overwrite", "-o", default=False, is_flag=True, help="Revoke valid certificate with same CN")
|
@click.option("--overwrite", "-o", default=False, is_flag=True, help="Revoke valid certificate with same CN")
|
||||||
@click.option("--lifetime", "-l", help="Lifetime")
|
@click.option("--lifetime", "-l", help="Lifetime")
|
||||||
def certidude_sign(common_name, overwrite, lifetime):
|
def certidude_sign(common_name, overwrite, lifetime):
|
||||||
|
config = load_config()
|
||||||
def iterate():
|
def iterate():
|
||||||
for ca in config.all_authorities():
|
for ca in config.all_authorities():
|
||||||
for request in ca.get_requests():
|
for request in ca.get_requests():
|
||||||
|
Loading…
Reference in New Issue
Block a user