diff options
Diffstat (limited to 'v-i/hostid.py')
-rwxr-xr-x | v-i/hostid.py | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/v-i/hostid.py b/v-i/hostid.py new file mode 100755 index 0000000..d87d3a6 --- /dev/null +++ b/v-i/hostid.py @@ -0,0 +1,73 @@ +#!/usr/bin/python3 + +import argparse +import yaml +import sys +from subprocess import run, PIPE + + +DEFAULT_HOST_CA = "liw.fi/ca/host/v5" +DEFAULT_USER_CA = "liw.fi/ca/user/v5" + + +class HostId: + def __init__(self): + self.user_ca_pubkey = None + self.host_key = None + self.host_cert = None + + def set_user_ca_pubkey(self, value): + self.user_ca_pubkey = value + + def set_host_key(self, value): + self.host_key = value + + def set_host_cert(self, value): + self.host_cert = value + + def to_dict(self): + return { + "user_ca_pubkey": self.user_ca_pubkey, + "host_key": self.host_key, + "host_cert": self.host_cert, + } + + +def sshca(args): + p = run(["sshca"] + args, capture_output=True, check=True) + return p.stdout.decode().strip() + + +def user_ca_pubkey(ca_name): + return sshca(["ca", "public-key", ca_name]).strip() + + +def host_key(hostname): + sshca(["host", "regenerate", hostname]) + return sshca(["host", "private-key", hostname]).strip() + + +def host_cert(ca_name, hostname): + return sshca(["host", "certify", "--ca", ca_name, hostname]).strip() + + +def main(): + parser = argparse.ArgumentParser() + parser.add_argument("--hostname", required=True) + parser.add_argument("--host-ca", default=DEFAULT_HOST_CA) + parser.add_argument("--user-ca", default=DEFAULT_USER_CA) + values = parser.parse_args() + + hostname = values.hostname + host_ca = values.host_ca + user_ca = values.user_ca + + hostid = HostId() + hostid.set_user_ca_pubkey(user_ca_pubkey(user_ca)) + hostid.set_host_key(host_key(hostname)) + hostid.set_host_cert(host_cert(host_ca, hostname)) + yaml.safe_dump(hostid.to_dict(), stream=sys.stdout, indent=4) + + +if __name__ == "__main__": + main() |