diff --git a/warden3/contrib/warden_ra/warden_ra.cfg.dist b/warden3/contrib/warden_ra/warden_ra.cfg.dist
index 27308d08d398092281b850d8821de09f89a52ab6..09f0604736a45bc84c0cfc3682ea0df9d865595b 100644
--- a/warden3/contrib/warden_ra/warden_ra.cfg.dist
+++ b/warden3/contrib/warden_ra/warden_ra.cfg.dist
@@ -1,10 +1,16 @@
{
- "url": "https://ejbca.example.org/ejbca/ejbcaws/ejbcaws?wsdl",
- "cert": "warden_ra.cert.pem",
- "key": "warden_ra.key.pem",
- "caName": "Example CA",
- "certificateProfileName": "Example",
- "endEntityProfileName": "Example EE",
- "subjectDN_template": "DC=cz,DC=example-ca,DC=warden,CN=%s",
- "username_suffix": "@warden"
-}
\ No newline at end of file
+ "Log": {
+ "filename": "/var/log/warden_ra.log",
+ "level": "info"
+ },
+ "Registry": {
+ "url": "https://ejbca.example.org/ejbca/ejbcaws/ejbcaws?wsdl",
+ "cert": "warden_ra.cert.pem",
+ "key": "warden_ra.key.pem",
+ "ca_name": "Example CA",
+ "certificate_profile_name": "Example",
+ "end_entity_profile_name": "Example EE",
+ "subject_dn_template": "DC=cz,DC=example-ca,DC=warden,CN=%s",
+ "username_suffix": "@warden"
+ }
+}
diff --git a/warden3/contrib/warden_ra/warden_ra.py b/warden3/contrib/warden_ra/warden_ra.py
index deb183ae359385b4c31113080f15d1e551abccc8..15a674fbf8b9d3deb08bd54c668b5725040055e8 100755
--- a/warden3/contrib/warden_ra/warden_ra.py
+++ b/warden3/contrib/warden_ra/warden_ra.py
@@ -21,7 +21,8 @@ import ejbcaws
# usual path to warden server
sys.path.append(os.path.join(os.path.dirname(__file__), "..", "..", "warden_server"))
-from warden_server import Request, ObjectBase, StreamLogger, FileLogger, Server, expose
+import warden_server
+from warden_server import Request, ObjectBase, FileLogger, SysLogger, Server, expose, read_cfg
class EjbcaClient(object):
@@ -98,14 +99,15 @@ class EjbcaClient(object):
class EjbcaRegistry(object):
- def __init__(self, url, cert=None, key=None,
- caName="", certificateProfileName="", endEntityProfileName="",
- subjectDN_template="%s", username_suffix=""):
+ def __init__(self, log, url, cert=None, key=None,
+ ca_name="", certificate_profile_name="", end_entity_profile_name="",
+ subject_dn_template="%s", username_suffix=""):
+ self.log = log
self.ejbca = ejbcaws.Ejbca(url, cert, key)
- self.caName = caName
- self.certificateProfileName = certificateProfileName
- self.endEntityProfileName = endEntityProfileName
- self.subjectDN_template = subjectDN_template
+ self.ca_name = ca_name
+ self.certificate_profile_name = certificate_profile_name
+ self.end_entity_profile_name = end_entity_profile_name
+ self.subject_dn_template = subject_dn_template
self.username_suffix = username_suffix
def get_clients(self):
@@ -124,9 +126,9 @@ class EjbcaRegistry(object):
if user:
raise LookupError("Client %s already exists" % name)
new_ejbca_data = dict(
- caName=self.caName,
- certificateProfileName=self.certificateProfileName,
- endEntityProfileName=self.endEntityProfileName,
+ ca_name=self.ca_name,
+ certificate_profile_name=self.certificate_profile_name,
+ end_entity_profile_name=self.end_entity_profile_name,
keyRecoverable=False,
sendNotification=False,
status=ejbcaws.STATUS_INITIALIZED,
@@ -205,18 +207,52 @@ class CertHandler(ObjectBase):
return [("Content-Type", "application/x-x509-user-cert")], newcert.as_pem()
+# Order in which the base objects must get initialized
+section_order = ("log", "auth", "registry", "handler", "server")
+
+# List of sections and objects, configured by them
+# First object in each object list is the default one, otherwise
+# "type" keyword in section may be used to choose other
+section_def = {
+ "log": [FileLogger, SysLogger],
+ "auth": [NullAuthenticator],
+ "registry": [EjbcaRegistry],
+ "handler": [CertHandler],
+ "server": [Server]
+}
+
+# Object parameter conversions and defaults
+param_def = {
+ FileLogger: warden_server.param_def[FileLogger],
+ SysLogger: warden_server.param_def[SysLogger],
+ Server: warden_server.param_def[Server],
+ NullAuthenticator: {
+ "req": {"type": "obj", "default": "req"},
+ "log": {"type": "obj", "default": "log"}
+ },
+ EjbcaRegistry: {
+ "log": {"type": "obj", "default": "log"},
+ "url": {"type": "str", "default": "https://ejbca.example.org/ejbca/ejbcaws/ejbcaws?wsdl"},
+ "cert": {"type": "filepath", "default": os.path.join(os.path.dirname(__file__), "warden_ra.cert.pem")},
+ "key": {"type": "filepath", "default": os.path.join(os.path.dirname(__file__), "warden_ra.key.pem")},
+ "ca_name": {"type": "str", "default": "Example CA"},
+ "certificate_profile_name": {"type": "str", "default": "Example"},
+ "end_entity_profile_name": {"type": "str", "default": "Example EE"},
+ "subject_dn_template": {"type": "str", "default": "DC=cz,DC=example-ca,DC=warden,CN=%s"},
+ "username_suffix": {"type": "str", "default": "@warden"}
+ },
+ CertHandler: {
+ "req": {"type": "obj", "default": "req"},
+ "log": {"type": "obj", "default": "log"},
+ "registry": {"type": "obj", "default": "registry"}
+ }
+}
+
+param_def[FileLogger]["filename"] = {"type": "filepath", "default": os.path.join(os.path.dirname(__file__), os.path.splitext(os.path.split(__file__)[1])[0] + ".log")}
+
+
def build_server(conf):
- StreamLogger()
- req = Request()
- log = FileLogger(
- req,
- filename=os.path.join(os.path.dirname(__file__), os.path.splitext(os.path.split(__file__)[1])[0] + ".log"),
- level=logging.DEBUG)
- auth = NullAuthenticator(req, log)
- registry = EjbcaRegistry(**conf)
- handler = CertHandler(req, log, registry)
- server = Server(req, log, auth, handler)
- return server
+ return warden_server.build_server(conf, section_order, section_def, param_def)
# Command line
@@ -369,13 +405,6 @@ def get_args():
return argp.parse_args()
-def read_cfg(path):
- with open(path, "r") as f:
- stripcomments = "\n".join((l for l in f if not l.lstrip().startswith(("#", "//"))))
- conf = json.loads(stripcomments)
- return conf
-
-
if __name__ == "__main__":
args = get_args()
config = read_cfg(os.path.join(os.path.dirname(__file__), args.config or "warden_ra.cfg"))