def get_cert_hashes(self, hostglobs=None):
certglob = "%s/*.cert" % (self.cfg.certroot)
certfiles = []
globs = "*"
if hostglobs:
globs = hostglobs
for hostglob in globs:
certglob = "%s/%s.cert" % (self.cfg.certroot, hostglob)
certfiles = certfiles + glob.glob(certglob)
cert_hashes = []
for certfile in certfiles:
cert = certs.retrieve_cert_from_file(certfile)
cert_hashes.append("%s-%s" % (cert.get_subject().CN, cert.subject_name_hash()))
return cert_hashes
oldsha = hashlib.new('sha1') # @UndefinedVariable
oldsha.update(oldcsrbuf)
olddig = oldsha.hexdigest()
newsha = hashlib.new('sha1') # @UndefinedVariable
newsha.update(csrbuf)
newdig = newsha.hexdigest()
if not newdig == olddig:
self.logger.info("A cert for %s already exists and does not match the requesting cert" % (requesting_host))
# XXX raise a proper fault
return False, '', ''
# look for a cert:
# if we have it, then return True, etc, etc
if os.path.exists(certfile):
slavecert = certs.retrieve_cert_from_file(certfile)
cert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, slavecert)
cacert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, self.cacert)
if with_triggers:
self._run_triggers(requesting_host,'/var/lib/certmaster/triggers/request/post/*')
return True, cert_buf, cacert_buf
# if we don't have a cert then:
# if we're autosign then sign it, write out the cert and return True, etc, etc
# else write out the csr
if self.cfg.autosign:
cert_fn = self.sign_this_csr(csrreq)
cert = certs.retrieve_cert_from_file(cert_fn)
cert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
cacert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, self.cacert)
oldsha = hashlib.new('sha1') # @UndefinedVariable
oldsha.update(oldcsrbuf)
olddig = oldsha.hexdigest()
newsha = hashlib.new('sha1') # @UndefinedVariable
newsha.update(csrbuf)
newdig = newsha.hexdigest()
if not newdig == olddig:
self.logger.info("A cert for %s already exists and does not match the requesting cert" % (requesting_host))
# XXX raise a proper fault
return False, '', ''
# look for a cert:
# if we have it, then return True, etc, etc
if os.path.exists(certfile):
slavecert = certs.retrieve_cert_from_file(certfile)
cert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, slavecert)
cacert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, self.cacert)
if with_triggers:
self._run_triggers(requesting_host,'/var/lib/certify/triggers/request/post/*')
return True, cert_buf, cacert_buf
# if we don't have a cert then:
# if we're autosign then sign it, write out the cert and return True, etc, etc
# else write out the csr
if self.cfg.autosign:
cert_fn = self.sign_this_csr(csrreq)
cert = certs.retrieve_cert_from_file(cert_fn)
cert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
cacert_buf = crypto.dump_certificate(crypto.FILETYPE_PEM, self.cacert)
