It would be nice to be able to customize the various bits of the DN that
are hard coded in certs.py. Here is an attempt at providing the ability
to do so.
>From 1fb3379982f634fd6ac7035d58571042cfc77c12 Mon Sep 17 00:00:00 2001
From: John Hickey <jhickey@xxxxxxx>
Date: Sun, 22 Mar 2009 22:04:26 -0700
Subject: [PATCH] Added in a site.conf file for certificate specifics like country, state, etc.
Before these values were hard coded in certmaster/certs.py. Now they
are user configurable in /etc/certmaster/site.conf.
---
certmaster.spec | 1 +
certmaster/certs.py | 21 +++++++++++----------
certmaster/commonconfig.py | 6 ++++++
etc/site.conf | 8 ++++++++
setup.py | 1 +
5 files changed, 27 insertions(+), 10 deletions(-)
create mode 100644 etc/site.conf
diff --git a/certmaster.spec b/certmaster.spec
index e03ec78..ec56a9a 100644
--- a/certmaster.spec
+++ b/certmaster.spec
@@ -78,6 +78,7 @@ rm -fr $RPM_BUILD_ROOT
%dir %{_sysconfdir}/%{name}
%dir %{_sysconfdir}/%{name}/minion-acl.d/
%dir %{_sysconfdir}/pki/%{name}
+%config(noreplace) /etc/certmaster/site.conf
%config(noreplace) /etc/certmaster/minion.conf
%config(noreplace) /etc/certmaster/certmaster.conf
%config(noreplace) /etc/logrotate.d/certmaster_rotate
diff --git a/certmaster/certs.py b/certmaster/certs.py
index 3d8d991..c3c4589 100644
--- a/certmaster/certs.py
+++ b/certmaster/certs.py
@@ -19,11 +19,8 @@ import socket
import os
import utils
-def_country = 'UN'
-def_state = 'FC'
-def_local = 'Certmaster-town'
-def_org = 'certmaster'
-def_ou = 'slave-key'
+from config import read_config
+from commonconfig import SiteConfig
def make_keypair(dest=None):
@@ -38,14 +35,18 @@ def make_keypair(dest=None):
def make_csr(pkey, dest=None, cn=None):
+ # FIXME: paths should not be hard coded here, move to settings universally
+ config_file = '/etc/certmaster/site.conf'
+ config = read_config(config_file, SiteConfig)
+
req = crypto.X509Req()
req.get_subject()
subj = req.get_subject()
- subj.C = def_country
- subj.ST = def_state
- subj.L = def_local
- subj.O = def_org
- subj.OU = def_ou
+ subj.C = config.def_country
+ subj.ST = config.def_state
+ subj.L = config.def_local
+ subj.O = config.def_org
+ subj.OU = config.def_ou
if cn:
subj.CN = cn
else:
diff --git a/certmaster/commonconfig.py b/certmaster/commonconfig.py
index 4be491e..2340fa3 100644
--- a/certmaster/commonconfig.py
+++ b/certmaster/commonconfig.py
@@ -33,3 +33,9 @@ class MinionConfig(BaseConfig):
certmaster_port = IntOption(51235)
cert_dir = Option('/etc/pki/certmaster')
+class SiteConfig(BaseConfig):
+ def_country = Option('UN')
+ def_state = Option('FC')
+ def_local = Option('Certmaster-town')
+ def_org = Option('certmaster')
+ def_ou = Option('slave-key')
diff --git a/etc/site.conf b/etc/site.conf
new file mode 100644
index 0000000..40aec21
--- /dev/null
+++ b/etc/site.conf
@@ -0,0 +1,8 @@
+# configuration for site details
+
+[main]
+def_country = UN
+def_state = FC
+def_local = Certmaster-town
+def_org = certmaster
+def_ou = slave-key
diff --git a/setup.py b/setup.py
index c647170..25fab69 100644
--- a/setup.py
+++ b/setup.py
@@ -39,6 +39,7 @@ if __name__ == "__main__":
packages = ["%s" % NAME,
],
data_files = [(initpath, ["init-scripts/certmaster"]),
+ (etcpath, ["etc/site.conf"]),
(etcpath, ["etc/minion.conf"]),
(etcpath, ["etc/certmaster.conf"]),
(manpath, ["docs/certmaster.1.gz"]),
--
1.6.0.6
_______________________________________________
Func-list mailing list
Func-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/func-list
