mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-23 00:25:18 +00:00
Lauri Võsandi
b4d006227a
* Replace PyOpenSSL with cryptography.io * Rename constants to const * Drop support for uwsgi * Use systemd to launch certidude server * Signer automatically spawned as part of server * Update requirements.txt * Clean up certidude client configuration handling * Add automatic enroll with Kerberos machine cerdentials
25 lines
1.0 KiB
Python
25 lines
1.0 KiB
Python
|
|
import click
|
|
import os
|
|
import socket
|
|
|
|
CONFIG_DIR = os.path.expanduser("~/.certidude") if os.getuid() else "/etc/certidude"
|
|
CONFIG_PATH = os.path.join(CONFIG_DIR, "server.conf")
|
|
|
|
CLIENT_CONFIG_PATH = os.path.join(CONFIG_DIR, "client.conf")
|
|
SERVICES_CONFIG_PATH = os.path.join(CONFIG_DIR, "services.conf")
|
|
SERVER_LOG_PATH = os.path.join(CONFIG_DIR, "server.log") if os.getuid() else "/var/log/certidude-server.log"
|
|
SIGNER_SOCKET_PATH = os.path.join(CONFIG_DIR, "signer.sock") if os.getuid() else "/run/certidude/signer.sock"
|
|
SIGNER_PID_PATH = os.path.join(CONFIG_DIR, "signer.pid") if os.getuid() else "/run/certidude/signer.pid"
|
|
SIGNER_LOG_PATH = os.path.join(CONFIG_DIR, "signer.log") if os.getuid() else "/var/log/certidude-signer.log"
|
|
|
|
FQDN = socket.getaddrinfo(socket.gethostname(), 0, socket.AF_INET, 0, 0, socket.AI_CANONNAME)[0][3]
|
|
|
|
if "." in FQDN:
|
|
HOSTNAME, DOMAIN = FQDN.split(".", 1)
|
|
else:
|
|
HOSTNAME, DOMAIN = FQDN, "local"
|
|
click.echo("Unable to determine domain of this computer, falling back to local")
|
|
|
|
EXTENSION_WHITELIST = set(["subjectAltName"])
|