v-i/hostid.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

#!/usr/bin/python3

import argparse
import yaml
import sys
from subprocess import run, PIPE


DEFAULT_HOST_CA = "liw.fi/ca/host/v5"
DEFAULT_USER_CA = "liw.fi/ca/user/v5"


class HostId:
    def __init__(self):
        self.user_ca_pubkey = None
        self.host_key = None
        self.host_cert = None

    def set_user_ca_pubkey(self, value):
        self.user_ca_pubkey = value

    def set_host_key(self, value):
        self.host_key = value

    def set_host_cert(self, value):
        self.host_cert = value

    def to_dict(self):
        return {
            "user_ca_pubkey": self.user_ca_pubkey,
            "host_key": self.host_key,
            "host_cert": self.host_cert,
        }


def sshca(args):
    p = run(["sshca"] + args, capture_output=True, check=True)
    return p.stdout.decode().strip()


def user_ca_pubkey(ca_name):
    return sshca(["ca", "public-key", ca_name]).strip()


def host_key(hostname):
    sshca(["host", "regenerate", hostname])
    return sshca(["host", "private-key", hostname]).strip()


def host_cert(ca_name, hostname):
    return sshca(["host", "certify", "--ca", ca_name, hostname]).strip()


def main():
    parser = argparse.ArgumentParser()
    parser.add_argument("--hostname", required=True)
    parser.add_argument("--host-ca", default=DEFAULT_HOST_CA)
    parser.add_argument("--user-ca", default=DEFAULT_USER_CA)
    values = parser.parse_args()

    hostname = values.hostname
    host_ca = values.host_ca
    user_ca = values.user_ca

    hostid = HostId()
    hostid.set_user_ca_pubkey(user_ca_pubkey(user_ca))
    hostid.set_host_key(host_key(hostname))
    hostid.set_host_cert(host_cert(host_ca, hostname))
    yaml.safe_dump(hostid.to_dict(), stream=sys.stdout, indent=4)


if __name__ == "__main__":
    main()