1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
samba-mirror/python/samba/tests/bin/getcert
David Mulder fd6df5356b gpo: Test Certificate Auto Enrollment Policy
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-15 19:13:29 +00:00

85 lines
3.0 KiB
Python
Executable File

#!/usr/bin/python3
import optparse
import os, sys, re
import pickle
sys.path.insert(0, "bin/python")
if __name__ == "__main__":
parser = optparse.OptionParser('getcert <cmd> [options]')
parser.add_option('-i')
parser.add_option('-c')
parser.add_option('-T')
parser.add_option('-I')
parser.add_option('-k')
parser.add_option('-f')
parser.add_option('-e')
parser.add_option('-g')
(opts, args) = parser.parse_args()
assert len(args) == 1
assert args[0] in ['add-ca', 'request', 'remove-ca', 'stop-tracking',
'list', 'list-cas']
# Use a dir we can write to in the testenv
if 'LOCAL_PATH' in os.environ:
data_dir = os.path.realpath(os.environ.get('LOCAL_PATH'))
else:
data_dir = os.path.dirname(os.path.realpath(__file__))
dump_file = os.path.join(data_dir, 'getcert.dump')
if os.path.exists(dump_file):
with open(dump_file, 'rb') as r:
cas, certs = pickle.load(r)
else:
cas = {}
certs = {}
if args[0] == 'add-ca':
# Add a fake CA entry
assert opts.c not in cas.keys()
cas[opts.c] = opts.e
elif args[0] == 'remove-ca':
# Remove a fake CA entry
assert opts.c in cas.keys()
del cas[opts.c]
elif args[0] == 'list-cas':
# List the fake CAs
for ca, helper_location in cas.items():
print('CA \'%s\':\n\tis-default: no\n\tca-type: EXTERNAL\n' % ca +
'\thelper-location: %s' % helper_location)
elif args[0] == 'request':
# Add a fake cert request
assert opts.c in cas.keys()
assert opts.I not in certs.keys()
certs[opts.I] = { 'ca': opts.c, 'template': opts.T,
'keyfile': os.path.abspath(opts.k),
'certfile': os.path.abspath(opts.f),
'keysize': opts.g }
# Create dummy key and cert (empty files)
with open(opts.k, 'w') as w:
pass
with open(opts.f, 'w') as w:
pass
elif args[0] == 'stop-tracking':
# Remove the fake cert request
assert opts.i in certs.keys()
del certs[opts.i]
elif args[0] == 'list':
# List the fake cert requests
print('Number of certificates and requests being tracked: %d.' % \
len(certs))
for rid, data in certs.items():
print('Request ID \'%s\':\n\tstatus: MONITORING\n' % rid +
'\tstuck: no\n\tkey pair storage: type=FILE,' +
'location=\'%s\'' % data['keyfile'] + '\n\t' +
'certificate: type=FILE,location=\'%s\'' % data['certfile'] +
'\n\tCA: %s\n\t' % data['ca'] +
'certificate template/profile: %s\n\t' % data['template'] +
'track: yes\n\tauto-renew: yes')
if len(cas.items()) == 0 and len(certs.items()) == 0:
if os.path.exists(dump_file):
os.unlink(dump_file)
else:
with open(dump_file, 'wb') as w:
pickle.dump((cas, certs), w)