add user_name in bootstrap

12 years ago · 399f51a151
parent 2f3df64a61
commit 399f51a151
5 changed files with 39 additions and 30 deletions
--- a/api/server/bootstrap.py
+++ b/api/server/bootstrap.py
@ -20,17 +20,18 @@ import post_request

 from calculate.api.client.cert_func import new_key_req
 from calculate.api.client.function import get_ip_mac_type
+from calculate.api.datavars import DataVarsApi

 from calculate.lib.utils import ip as ip_mod
+import os, hashlib, time

-
-def init(cert, key, cert_path, data_path, certbase, args, port):
+def init(cert, key, cert_path, data_path, certbase, args, port, user_name):
    if check():
        for step in range (2):
            args = change_args(args, step)
            create_server_cert(cert, key, cert_path, args, port)
        
-        create_client_cert(cert, cert_path, data_path, certbase)
+        create_client_cert(cert, cert_path, data_path, certbase, user_name)

 def check():
    return True
@ -50,19 +51,22 @@ def change_args(args, step = None):
 def create_server_cert(cert, key, cert_path, args, port):
    cert_cmd.check_server_certificate(cert, key, cert_path, args, port, auto = True)
    
-def create_client_cert(server_cert, cert_path, data_path, certbase):
-    req_id = create_request(server_cert, cert_path, data_path, certbase)
+def create_client_cert(server_cert, cert_path, data_path, certbase, user_name):
+    client_cert_path = '/home/' + user_name + '/.calculate/client_cert/'
+    req_id = create_request(server_cert, cert_path, data_path, certbase, \
+                            client_cert_path)
    sign_certificate(req_id, cert_path, data_path)
-    get_certificate(cert_path, data_path, certbase)
+    time.sleep(2)
+    get_certificate(cert_path, data_path, certbase, client_cert_path)
    
-def create_request(server_cert, cert_path, data_path, certbase):
+def create_request(server_cert, cert_path, data_path, certbase,client_cert_path):
    server_host_name = 'localhost'

-    key = cert_path + server_host_name + '.key'
+    key = client_cert_path + server_host_name + '.key'
    #csr_file = cert_path + server_host_name +'.csr'
    #pritn 'request file = ', csr_file

-    client_req_file = new_key_req(key, cert_path, server_host_name, auto = True)
+    client_req_file = new_key_req(key, client_cert_path, server_host_name, auto = True)

    ip, mac, client_type = get_ip_mac_type()
    data = open(client_req_file).read()
@ -70,7 +74,7 @@ def create_request(server_cert, cert_path, data_path, certbase):
    req_id = post_request.serv_post_client_request (data, data_path, ip, mac, \
                                           client_type, certbase, cert_path)
                            
-    fc = open(cert_path + 'req_id', 'w')
+    fc = open(client_cert_path + 'req_id', 'w')
    fc.write(req_id)
    fc.close()
    return req_id
@ -87,30 +91,30 @@ def get_ip_mac_type():
            pass
    return ('no_ip','no_mac', 'live')
    
-def get_certificate(cert_path, data_path, certbase):
-    if not os.path.exists(cert_path + 'req_id'):
+def get_certificate(cert_path, data_path, certbase, client_cert_path):
+    if not os.path.exists(client_cert_path + 'req_id'):
        print _("request was not sent or deleted file %s") \
-                %(cert_path + 'req_id')
+                %(client_cert_path + 'req_id')
        return 1
-    fc = open(cert_path + 'req_id', 'r')
+    fc = open(client_cert_path + 'req_id', 'r')
    req_id = fc.read()
    fc.close()

    server_host_name = 'localhost'
    
-    if not os.path.exists(cert_path + server_host_name + '.csr'):
-        print _('Request %s not found') %(cert_path + server_host_name + '.csr')
+    if not os.path.exists(client_cert_path + server_host_name + '.csr'):
+        print _('Request %s not found') %(client_cert_path + server_host_name + '.csr')
        return 1
-    request = open(cert_path + server_host_name + '.csr').read()
+    request = open(client_cert_path + server_host_name + '.csr').read()
    md5 = hashlib.md5()
    md5.update(request)
    md5sum = md5.hexdigest()
    
-    result = post_request.serv_get_client_cert (req_id, request, data_path, \
+    result = post_request.serv_get_client_cert (req_id, md5sum, data_path, \
                                                certbase, cert_path)

-    cert = result[0][0]
-    ca_root = result[0][1]
+    cert = result[0]
+    ca_root = result[1]
    if cert == '1':
        print _('Request to sign is rejected!')
        return 1
@ -124,10 +128,10 @@ def get_certificate(cert_path, data_path, certbase):
    elif cert == '4':
        print _("Request was sent from another ip.")
        return 1
-    fc = open(cert_path + server_host_name + '.crt', 'w')
+    fc = open(client_cert_path + server_host_name + '.crt', 'w')
    fc.write(cert)
    fc.close()
-    os.unlink(cert_path + 'req_id')
+    os.unlink(client_cert_path + 'req_id')
    print 'OK. Certificate save. Your certificate id = %s' %req_id
    
    if ca_root:
--- a/api/server/cert_cmd.py
+++ b/api/server/cert_cmd.py
@ -1048,11 +1048,11 @@ def parse():
        '-r', '--show-request', type=str, dest='req_id', 
        help=_('view clients requests (number or "all")'))
    parser.add_argument( 
-        '--sc', '--server-cert', type=str, dest='cert_id', 
+        '--sc', '--server-cert', type=str, dest='cert_id',
        help=_('view servers certificates (number or "all"). Server not run'))
    parser.add_argument( 
-        '-b', '--bootstrap',  action='store_true', default=False, 
-        dest = 'bootstrap', help=_('bootstrap action'))
+        '-b', '--bootstrap',  type=str, dest='bootstrap_user_name',
+        help=_('bootstrap action'))
    parser.add_argument( 
        '-d', '--dump',  action='store_true', default=False, dest = 'dump',
        help=_('dump (using with -c [ID])'))
--- a/api/server/cl_server.py
+++ b/api/server/cl_server.py
@ -170,8 +170,10 @@ def main(*args, **keywords):
    if args.version:
        print cl_ver
        return 0
-    if args.bootstrap:
-        bootstrap.init(cert, key, cert_path, data_path, certbase, args, port)
+    if args.bootstrap_user_name:
+        bootstrap.init(cert, key, cert_path, data_path, certbase, args, port,\
+                       args.bootstrap_user_name)
+        return 0
    if args.revoke_cert_id:
        cert_cmd.revoke_signed_cert(args.revoke_cert_id, data_path, cert_path)
        return 0
--- a/api/server/post_request.py
+++ b/api/server/post_request.py
@ -122,8 +122,11 @@ def serv_get_client_cert (req_id, request, data_path, client_certbase, \
            # and each word in line
            words = line.split()
            if words[0] == req_id:
-                curThread = threading.currentThread()
-                ip = curThread.REMOTE_ADDR
+                try:
+                    curThread = threading.currentThread()
+                    ip = curThread.REMOTE_ADDR
+                except:
+                    ip = 'localhost'
                if not request == words[1]:
                    fd.close()
                    ft.close()
--- a/api/variables/request.py
+++ b/api/variables/request.py
@ -26,7 +26,7 @@ from os import path
 import OpenSSL

 from calculate.lib.cl_lang import setLocalTranslate
-from calculate.api.cert_cmd import find_id_cert
+#from calculate.api.cert_cmd import find_id_cert
 setLocalTranslate('cl_api',sys.modules[__name__])

 class VariableClReqId(Variable):