From: Christoph Egger Date: Thu, 27 Oct 2016 22:50:42 +0000 (+0200) Subject: place certs into subdirs by service type X-Git-Url: https://git.siccegge.de//index.cgi?a=commitdiff_plain;h=6ed0aaf564dcdcad73151687cd2094bf366c6bde;p=tooling%2Fletool.git place certs into subdirs by service type --- diff --git a/bin/newcert b/bin/newcert index 6817b70..5b5f9a0 100755 --- a/bin/newcert +++ b/bin/newcert @@ -93,11 +93,11 @@ def authorize(sans): return new_authorizations -def get_certificate(cname, sans): +def get_certificate(servicetype, cname, sans): registration, acme_client, account_key = get_client() authorizations = authorize(sans) - with open(os.path.join("certs", cname, "key.pem"), "rb") as keyfd: + with open(os.path.join("certs", servicetype, cname, "key.pem"), "rb") as keyfd: private_key = serialization.load_pem_private_key( keyfd.read(), password=None, @@ -120,7 +120,7 @@ def get_certificate(cname, sans): cert = acme_client.request_issuance(jrequest, authorizations) certs = acme_client.fetch_chain(cert) - with open(os.path.join("certs", cname, "cert.pem"), "wb") as certfd: + with open(os.path.join("certs", servicetype, cname, "cert.pem"), "wb") as certfd: certfd.write(cert.body._dump(OpenSSL.crypto.FILETYPE_PEM)) for cert in certs: certfd.write(cert._dump(OpenSSL.crypto.FILETYPE_PEM)) @@ -143,10 +143,10 @@ def main(): certificate_list = inventory[getfqdn()][args.servicetype] if type(certificate_list) is list: if args.certificate in certificate_list: - get_certificate(args.certificate, [args.certificate]) + get_certificate(args.servicetype, args.certificate, [args.certificate]) elif type(certificate_list) is dict: if args.certificate in certificate_list.keys(): - get_certificate(args.certificate, certificate_list[args.certificate]) + get_certificate(args.servicetype, args.certificate, certificate_list[args.certificate]) else: print("unexpected type: %s", type(certificate_list))