Skip to content

Commit

Permalink
Add pki-server ca-crl-ip-find/show
Browse files Browse the repository at this point in the history
The pki-server ca-crl-ip-find/show commands have been added to
make it easier to inspect CRL issuing point configuration.
  • Loading branch information
edewata committed Aug 21, 2023
1 parent f6cc9da commit 989ae51
Show file tree
Hide file tree
Showing 2 changed files with 233 additions and 0 deletions.
197 changes: 197 additions & 0 deletions base/server/python/pki/server/cli/ca.py
Original file line number Diff line number Diff line change
Expand Up @@ -829,6 +829,7 @@ def __init__(self):
super().__init__('crl', 'CA CRL configuration management commands')

self.add_module(CACRLShowCLI())
self.add_module(CACRLIPCLI())

@staticmethod
def print_crl_config(config):
Expand Down Expand Up @@ -904,6 +905,202 @@ def execute(self, argv):
CACRLCLI.print_crl_config(config)


class CACRLIPCLI(pki.cli.CLI):

def __init__(self):
super().__init__('ip', 'CA CRL issuing point configuration management commands')

self.add_module(CACRLIPFindCLI())
self.add_module(CACRLIPShowCLI())

@staticmethod
def print_crl_issuing_point_config(id, config, details=False):

print(' ID: %s' % id)
print(' Description: %s' % config.get('description'))
print(' Class: %s' % config.get('class'))
print(' Enable: %s' % config.get('enable'))

if not details:
return

print(' Allow Extensions: %s' % config.get('allowExtensions'))
print(' Always Update: %s' % config.get('alwaysUpdate'))
print(' Auto Update Interval: %s' % config.get('autoUpdateInterval'))
print(' CA Certs Only: %s' % config.get('caCertsOnly'))
print(' Cache Update Interval: %s' % config.get('cacheUpdateInterval'))
print(' Unexpected Exception Wait Time: %s' % config.get('unexpectedExceptionWaitTime'))
print(' Unexpected Exception Loop Max: %s' % config.get('unexpectedExceptionLoopMax'))
print(' Daily Updates: %s' % config.get('dailyUpdates'))
print(' Enable CRL Cache: %s' % config.get('enableCRLCache'))
print(' Enable CRL Updates: %s' % config.get('enableCRLUpdates'))
print(' Enable Cache Testing: %s' % config.get('enableCacheTesting'))
print(' Enable Cache Recovery: %s' % config.get('enableCacheRecovery'))
print(' Enable Daily Updates: %s' % config.get('enableDailyUpdates'))
print(' Enable Update Interval: %s' % config.get('enableUpdateInterval'))
print(' Extended Next Update: %s' % config.get('extendedNextUpdate'))
print(' Include Expired Certs: %s' % config.get('includeExpiredCerts'))
print(' Min Update Interval: %s' % config.get('minUpdateInterval'))
print(' Next Update Grace Period: %s' % config.get('nextUpdateGracePeriod'))
print(' Publish On Start: %s' % config.get('publishOnStart'))
print(' Save Memory: %s' % config.get('saveMemory'))
print(' Signing Algorithm: %s' % config.get('signingAlgorithm'))
print(' Update Schema: %s' % config.get('updateSchema'))


class CACRLIPFindCLI(pki.cli.CLI):
'''
Find CRL issuing point configurations in CA
'''

help = '''\
Usage: pki-server ca-crl-ip-find [OPTIONS]
-i, --instance <instance ID> Instance ID (default: pki-tomcat)
-v, --verbose Run in verbose mode.
--debug Run in debug mode.
--help Show help message.
''' # noqa: E501

def __init__(self):
super().__init__('find', inspect.cleandoc(self.__class__.__doc__))

def print_help(self):
print(textwrap.dedent(self.__class__.help))

def execute(self, argv):

try:
opts, _ = getopt.gnu_getopt(argv, 'i:v', [
'instance=',
'verbose', 'debug', 'help'])

except getopt.GetoptError as e:
logger.error(e)
self.print_help()
sys.exit(1)

instance_name = 'pki-tomcat'

for o, a in opts:
if o in ('-i', '--instance'):
instance_name = a

elif o in ('-v', '--verbose'):
logging.getLogger().setLevel(logging.INFO)

elif o == '--debug':
logging.getLogger().setLevel(logging.DEBUG)

elif o == '--help':
self.print_help()
sys.exit()

else:
logger.error('Invalid option: %s', o)
self.print_help()
sys.exit(1)

instance = pki.server.instance.PKIServerFactory.create(instance_name)
if not instance.exists():
logger.error('Invalid instance: %s', instance_name)
sys.exit(1)

instance.load()

subsystem = instance.get_subsystem('ca')
if not subsystem:
logger.error('No CA subsystem in instance %s', instance_name)
sys.exit(1)

ids = subsystem.find_crl_issuing_point_ids()

first = True
for id in ids:
if first:
first = False
else:
print()

config = subsystem.get_crl_issuing_point_config(id)
CACRLIPCLI.print_crl_issuing_point_config(id, config)


class CACRLIPShowCLI(pki.cli.CLI):
'''
Show CRL issuing point configuration in CA
'''

help = '''\
Usage: pki-server ca-crl-ip-show [OPTIONS] <id>
-i, --instance <instance ID> Instance ID (default: pki-tomcat)
-v, --verbose Run in verbose mode.
--debug Run in debug mode.
--help Show help message.
''' # noqa: E501

def __init__(self):
super().__init__('show', inspect.cleandoc(self.__class__.__doc__))

def print_help(self):
print(textwrap.dedent(self.__class__.help))

def execute(self, argv):

try:
opts, args = getopt.gnu_getopt(argv, 'i:v', [
'instance=',
'verbose', 'debug', 'help'])

except getopt.GetoptError as e:
logger.error(e)
self.print_help()
sys.exit(1)

if len(args) != 1:
logger.error('Missing CRL issuing point ID')
self.print_help()
sys.exit(1)

id = args[0]
instance_name = 'pki-tomcat'

for o, a in opts:
if o in ('-i', '--instance'):
instance_name = a

elif o in ('-v', '--verbose'):
logging.getLogger().setLevel(logging.INFO)

elif o == '--debug':
logging.getLogger().setLevel(logging.DEBUG)

elif o == '--help':
self.print_help()
sys.exit()

else:
logger.error('Invalid option: %s', o)
self.print_help()
sys.exit(1)

instance = pki.server.instance.PKIServerFactory.create(instance_name)
if not instance.exists():
logger.error('Invalid instance: %s', instance_name)
sys.exit(1)

instance.load()

subsystem = instance.get_subsystem('ca')
if not subsystem:
logger.error('No CA subsystem in instance %s', instance_name)
sys.exit(1)

config = subsystem.get_crl_issuing_point_config(id)
CACRLIPCLI.print_crl_issuing_point_config(id, config, details=True)


class CACloneCLI(pki.cli.CLI):

def __init__(self):
Expand Down
36 changes: 36 additions & 0 deletions base/server/python/pki/server/subsystem.py
Original file line number Diff line number Diff line change
Expand Up @@ -2399,6 +2399,42 @@ def get_crl_config(self):

return config

def find_crl_issuing_point_ids(self):

ids = []

# find ca.crl.<id>.class params
pattern = re.compile(r'^ca.crl\.([^\.]*)\.class$')

for key in self.config.keys():

m = pattern.match(key)
if not m:
continue

id = m.group(1)
ids.append(id)

return ids

def get_crl_issuing_point_config(self, id):

config = {}

# find ca.crl.<id>.* params
pattern = re.compile(r'^ca.crl\.%s\.([^\.]*)' % id)

for key, value in self.config.items():

m = pattern.match(key)
if not m:
continue

name = m.group(1)
config[name] = value

return config


class KRASubsystem(PKISubsystem):

Expand Down

0 comments on commit 989ae51

Please sign in to comment.