def get_cert_hashes(self, hostglobs=None): certglob = "%s/*.cert" % (self.cfg.certroot) certfiles = [] globs = "*" if hostglobs: globs = hostglobs for hostglob in globs: certglob = "%s/%s.cert" % (self.cfg.certroot, hostglob) certfiles = certfiles + glob.glob(certglob) cert_hashes = [] for certfile in certfiles: cert = certs.retrieve_cert_from_file(certfile) cert_hashes.append("%s-%s" % (cert.get_subject().CN, cert.subject_name_hash())) return cert_hashes
oldsha = hashlib.new('sha1') # @UndefinedVariable oldsha.update(oldcsrbuf) olddig = oldsha.hexdigest() newsha = hashlib.new('sha1') # @UndefinedVariable newsha.update(csrbuf) newdig = newsha.hexdigest() if not newdig == olddig: self.logger.info("A cert for %s already exists and does not match the requesting cert" % (requesting_host)) # XXX raise a proper fault return False, '', '' # look for a cert: # if we have it, then return True, etc, etc if os.path.exists(certfile): slavecert = certs.retrieve_cert_from_file(certfile) cert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, slavecert) cacert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, self.cacert) if with_triggers: self._run_triggers(requesting_host,'/var/lib/certmaster/triggers/request/post/*') return True, cert_buf, cacert_buf # if we don't have a cert then: # if we're autosign then sign it, write out the cert and return True, etc, etc # else write out the csr if self.cfg.autosign: cert_fn = self.sign_this_csr(csrreq) cert = certs.retrieve_cert_from_file(cert_fn) cert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, cert) cacert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, self.cacert)
oldsha = hashlib.new('sha1') # @UndefinedVariable oldsha.update(oldcsrbuf) olddig = oldsha.hexdigest() newsha = hashlib.new('sha1') # @UndefinedVariable newsha.update(csrbuf) newdig = newsha.hexdigest() if not newdig == olddig: self.logger.info("A cert for %s already exists and does not match the requesting cert" % (requesting_host)) # XXX raise a proper fault return False, '', '' # look for a cert: # if we have it, then return True, etc, etc if os.path.exists(certfile): slavecert = certs.retrieve_cert_from_file(certfile) cert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, slavecert) cacert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, self.cacert) if with_triggers: self._run_triggers(requesting_host,'/var/lib/certify/triggers/request/post/*') return True, cert_buf, cacert_buf # if we don't have a cert then: # if we're autosign then sign it, write out the cert and return True, etc, etc # else write out the csr if self.cfg.autosign: cert_fn = self.sign_this_csr(csrreq) cert = certs.retrieve_cert_from_file(cert_fn) cert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, cert) cacert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, self.cacert)