14fadeda6d
The __future__ module [1] was used in this context to ensure compatibility between python 2 and python 3. We previously dropped the support of python 2.7 [2] and now we only support python 3 so we don't need to continue to use this module and the imports listed below. Imports commonly used and their related PEPs: - `division` is related to PEP 238 [3] - `print_function` is related to PEP 3105 [4] - `unicode_literals` is related to PEP 3112 [5] - `with_statement` is related to PEP 343 [6] - `absolute_import` is related to PEP 328 [7] [1] https://docs.python.org/3/library/__future__.html [2] https://governance.openstack.org/tc/goals/selected/ussuri/drop-py27.html [3] https://www.python.org/dev/peps/pep-0238 [4] https://www.python.org/dev/peps/pep-3105 [5] https://www.python.org/dev/peps/pep-3112 [6] https://www.python.org/dev/peps/pep-0343 [7] https://www.python.org/dev/peps/pep-0328 Change-Id: I1a658a73efc0753d4728ab72e04b70621927a510
75 lines
2.1 KiB
Python
75 lines
2.1 KiB
Python
#!/usr/bin/python
|
|
try:
|
|
import ConfigParser as configparser
|
|
except ImportError:
|
|
import configparser
|
|
import os
|
|
import sys
|
|
import subprocess
|
|
|
|
CM_SUBMIT_STATUS_ISSUED = 0
|
|
CM_SUBMIT_STATUS_UNCONFIGURED = 4
|
|
|
|
def main():
|
|
if len(sys.argv) < 3:
|
|
return CM_SUBMIT_STATUS_UNCONFIGURED
|
|
sub_ca = sys.argv[1]
|
|
wrapped_command = sys.argv[2:]
|
|
|
|
operation = os.environ.get('CERTMONGER_OPERATION')
|
|
os.environ['CERTMONGER_CA_NICKNAME'] = 'IPA'
|
|
|
|
if operation == 'FETCH-ROOTS' and sub_ca.lower() != 'ipa':
|
|
config = configparser.ConfigParser()
|
|
try:
|
|
with open('/etc/ipa/default.conf') as fp:
|
|
config.readfp(fp)
|
|
except:
|
|
return CM_SUBMIT_STATUS_UNCONFIGURED
|
|
host = config.get('global', 'host')
|
|
realm = config.get('global', 'realm')
|
|
if host is None or realm is None:
|
|
return CM_SUBMIT_STATUS_UNCONFIGURED
|
|
principal = 'host/{}@{}'.format(host, realm)
|
|
os.environ['KRB5CCNAME'] = '/tmp/krb5cc_cm_ipa_subca_wrapper'
|
|
try:
|
|
subprocess.check_call([
|
|
'/usr/bin/kinit', '-k', principal
|
|
])
|
|
except:
|
|
return CM_SUBMIT_STATUS_UNCONFIGURED
|
|
|
|
try:
|
|
data = subprocess.check_output([
|
|
'/usr/bin/ipa', 'ca-show', sub_ca
|
|
])
|
|
except:
|
|
return CM_SUBMIT_STATUS_ISSUED
|
|
|
|
config = {}
|
|
for line in data.split('\n'):
|
|
line = line.strip()
|
|
try:
|
|
key, value = line.split(': ')
|
|
except:
|
|
continue
|
|
config[key] = value
|
|
|
|
if config.get('Name').lower() != sub_ca.lower():
|
|
return CM_SUBMIT_STATUS_ISSUED
|
|
|
|
print(realm, sub_ca, 'CA')
|
|
print('-----BEGIN CERTIFICATE-----')
|
|
certificate = config['Certificate']
|
|
for i in range((len(certificate)/64) + 1):
|
|
print(certificate[i*64:(i+1)*64])
|
|
print('-----END CERTIFICATE-----')
|
|
sys.stdout.flush()
|
|
else:
|
|
os.environ['CERTMONGER_CA_ISSUER'] = sub_ca
|
|
|
|
os.execl(wrapped_command[0], *wrapped_command)
|
|
|
|
if __name__ == '__main__':
|
|
main()
|